VMProtect Accuses Denuvo Of Using Unlicensed Software In Its Antipiracy DRM

from the irony-thy-name-is-denuvo dept

To date, the most remarkable aspect of the Denuvo story was the very brief stint it had as a successful DRM. Brief is the operative word, of course, as the past six months or so have seen Denuvo's vaunted status devolve into one more typical of DRM stories, with defeats for the security software coming at rates measured in days and weeks of a game's release.

But now things have taken a turn towards the ironic. A security software firm called VMProtect, which makes software to protect against reverse engineering and developing cracks of applications, is accusing Denuvo of having used its software without properly licensing it. This is the kind of thing that folks who support DRM tend to call piracy. And, thus, Denuvo may have "pirated" another company's software to make its anti-piracy DRM.

According to a post on Russian forum RSDN, Denuvo is accused of engaging in a little piracy of its own. The information comes from a user called drVanо, who is a developer at VMProtect Software, a company whose tools protect against reverse engineering and cracking.

“I want to tell you a story about one very clever and greedy Austrian company called Denuvo Software Solutions GmbH,” drVano begins. “A while ago, this company released a protection system of the same name but the most remarkable thing is that they absolutely illegally used our VMProtect software in doing so.”

drVano goes on to detail the story to a degree that seems legitimate. Denuvo had met with VMProtect about using the latter's software, but had wanted to do so under the common and cheap $500 license offered publicly as a "personal license." Rolling that software into a distributed DRM obviously fell outside of that sort of personal use license, leading VMProtect to ask for much more in the way of money if Denuvo wanted to move forward. Denvuo declined, but then apparently went ahead an bought a personal license anyway and began rolling out the software in Denuvo DRM. VMProtect revoked the license due to Denuvo's breach of the license conditions, but Denuvo kept up its distribution anyway.

Which lead VMProtect to go on offense.

VMProtect then took what appears to be a rather unorthodox measure against Denuvo. After cooperation with Sophos, the anti-virus vendor agreed to flag up the offending versions of Denuvo as potential malware. VMProtect says it has also been speaking with Valve about not featuring the work of “scammers” on its platform.

“Through our long-standing partners from Intellect-C, we are starting to prepare an official claim against Denuvo Software Solutions GmbH with the prospect of going to court. This might be a very good lesson for ‘greedy’ developers who do not care about the intellectual property rights of their colleagues in the same trade,” drVano concludes.

The irony here is delicious. The precipitous fall of DRM, once claimed to be the end of software piracy entirely, culminates in what may be piracy on the part of that same company. All while the effectiveness of that DRM has dropped to essentially zero.

If the gaming industry were ever going to learn that DRM is a failed concept, Denuvo ought to be the teacher of that lesson.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: denuvo, drm, piracy
Companies: denuvo, grey box, vmprotect


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Ninja (profile), 7 Jun 2017 @ 3:42am

    "The irony here is delicious."

    But not unheard of. We've seen plenty of these stories before. And plenty of stories of labels, studios, publishers etc pulling all sorts of stunts to avoid paying artists. Just like the pirates they despise. With the added fact that many pirates end up contributing with the artist in other means (such as shows, direct donations and merchandising).

    link to this | view in thread ]

  2. icon
    PaulT (profile), 7 Jun 2017 @ 3:46am

    "This is the kind of thing that folks who support DRM tend to call piracy. And, thus, Denuvo may have "pirated" another company's software to make its anti-piracy DRM."

    Indeed, but I'd add this - losses due to this kind of "piracy" are much more realistic and quantifiable than "losses" due to file sharing.

    Basically, it's impossible to accurately quantify losses when it's end users sharing the game. There are numerous situations where no additional money would be forthcoming if a particular copy of a game was not pirated. These range from a user testing a game out (but will not blind buy if a "demo" was not available) to people pirating a non-DRM copy of the game they have actually bought (likely in this case due to the documented performance problems caused by Denuvo). Nobody can accurately state how many copies led to lost sales and how many had no effect.

    However, in the case of an unlicensed component, the calculation is realistic and easy to work out - number of unlicensed copies used have a documented figure that the licence should have cost. There's the lost profit to the creators of the original.

    Add to that, this kind of "piracy" is actually worse because it's part of a commercial product. People downloading a free copy of the game just play that game - no profit motive involved. In the case of commercial infringement such as this, Denuvo have either inadvertently or deliberately refused to pay suppliers in order to increase its own margins.

    So, if true, it's not only a case where Denuvo are participating in the very behaviour their product is meant to prevent, they are doing so in a much more insidious manner than the people they're paid to stop.

    "After cooperation with Sophos, the anti-virus vendor agreed to flag up the offending versions of Denuvo as potential malware."

    I really, really like this. DRM, by definition, is malware, so it's nice to see it classified as such for once.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 7 Jun 2017 @ 4:35am

    Deserved it

    The heart of their software bought (or not), no wonder the engine never changed after the first crack.

    I don't feel too bad for either VMProtect or Denuvo. After all, they both engage in unethical behavior, because they are agents of the content mafia and are pursuing the commerical-unfree-software business model.

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 7 Jun 2017 @ 4:49am

    Don't you just love it when copyright law is enforced?

    link to this | view in thread ]

  5. icon
    Ninja (profile), 7 Jun 2017 @ 4:49am

    Re:

    I used to pirate cracked games because I didn't have money to buy mostly and then to recover some games I had but couldn't run due to DRM (or the DRM was annoying like having to put the media in the drive). Nowadays I don't bother pirating nor buying those DRMed games. God bless GOG.

    link to this | view in thread ]

  6. identicon
    Anonymous Howard II, 7 Jun 2017 @ 4:58am

    DRMception

    Permission to laugh my arse clean off?

    link to this | view in thread ]

  7. icon
    PaulT (profile), 7 Jun 2017 @ 5:16am

    Re: Re:

    "the DRM was annoying like having to put the media in the drive"

    Yeah, the primary reasons I ever went to the seedier sides of the web were to look for no CD cracks for games. I've happily pirated games where the DRM was to enter codes from manuals, etc. and that wasn't practical/possible. It's a big reason I laugh at anyone who tries to pretend that every download is a lost sale - no I'm not paying full retail for a game I already own, no matter how much you believe I'm wrong for downloading a copy I can access properly.

    "Nowadays I don't bother pirating nor buying those DRMed games"

    There were other reasons (such as moving to Linux desktops full time and not having enough resources to keep up the hardware upgrade cycle after emigrating). But, a large part of the reason why I abandoned PC gaming entirely in favour of consoles was the silly battles with DRM. Sure, consoles have DRM too, but I've never encountered something that actively prevents me from playing a game I purchased.

    "God bless GOG."

    Seconded.

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 7 Jun 2017 @ 5:26am

    Lions Eating Hyenas

    Their ravening predations, having temporarily depleted the naturally available prey, the fell beasts set to ruthlessly devouring one another much to the amazement and joy of the onlooking populace.

    link to this | view in thread ]

  9. icon
    Roger Strong (profile), 7 Jun 2017 @ 5:42am

    Reporter: "How long do you think it'll take to break Denuvo?"

    Lawyer: "Ten..."

    link to this | view in thread ]

  10. icon
    ShadowNinja (profile), 7 Jun 2017 @ 5:52am

    Re: DRMception

    Sorry the DRM won't permit you to do as you please with your arse. Otherwise everyone would pirate their arses instead of buying it from the arse manufacturer.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 7 Jun 2017 @ 5:56am

    I just did a search to find out if this is why Arkham: Knight wont run on my computer. Seems likely.

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 7 Jun 2017 @ 6:13am

    Re: DRMception

    Granted soldier! Permission indeed, to point AND laugh at all of the copyright fanboys who will avoid this thread like a vampire avoids a cross shaped garlic pizza.

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 7 Jun 2017 @ 6:37am

    Re:

    "How long do you think it'll take to break Denuvo?"

    As long as it takes VMProtect to reverse the code back to readable form and hand it over to the crackers for them to "do their work" on it.

    link to this | view in thread ]

  14. identicon
    Machin Shin, 7 Jun 2017 @ 6:50am

    Total consperacy theory but....

    This company provides a solution for obscuring your code to make it harder to crack. They got shafted by Denuvo and went so far as to get Sophos to block Denuvo.

    So really seems rather reasonable to think they either helped the crackers break Denuvo, or they might even have the cracker on their staff.

    Really would be a genius solution for a company like them. "Here is some anti-cracking software, it will do great protecting your code. If you cheat us though..... This is Bob, he wrote that code and he will crack the shit out of yours faster than you can blink."

    link to this | view in thread ]

  15. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 7 Jun 2017 @ 7:18am

    Re: Re: DRMception

    Ok, come on, you are a TechDirt Mean Girl! "Like a vampire avoids"..? You're a Mean Girl, I think that was a quote directly from the movie! Gotcha, Mean Girl!

    link to this | view in thread ]

  16. icon
    PaulT (profile), 7 Jun 2017 @ 7:59am

    Re: Total consperacy theory but....

    Moral of the story: don't shaft your suppliers if your entire product depends on what they're supplying.

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 7 Jun 2017 @ 8:19am

    The copyright cartel is total hypocrite.

    link to this | view in thread ]

  18. icon
    Roger Strong (profile), 7 Jun 2017 @ 8:30am

    Re: Re: Total consperacy theory but....

    A computer program is a set of instructions. By definition - even for DRM - it's easy to reverse-engineer. Just look at what the instructions do. There are programs that'll turn them back into editable code.

    And so the actual DRM in a DRM system is almost an afterthought. The bulk of the effort is in obfuscating the code so it can't be reverse engineered.

    Which is where VMProtect's anti-reverse engineering software came in. Without it, this latest version of Denuvo's software was cracked almost instantly.

    The impression I get is that Denuvo's system didn't just depend on VMProtect's product. The key part of it - the bulk of it - *WAS* VMProtect's product.

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 7 Jun 2017 @ 8:45am

    Re:

    But not unheard of. We've seen plenty of these stories before. And plenty of stories of labels, studios, publishers etc pulling all sorts of stunts to avoid paying artists.

    True, but in many of those cases they apply a (very thin) veneer of legitimacy by using a laughably one-sided contract that specifically grants them extremely wide discretion to determine how much to pay the author. They then abuse that discretion to the greatest extent they can, so that when they honor the letter of the contract, they owe nothing (or almost nothing). This is part of the reason they get away with it so often and for so long: collecting a realistic sum requires getting a court to decide that the contract is so absurd it cannot be enforced, or that the studios' conduct is so egregious that not even the absurd contract terms can excuse it. Outside of those scenarios, the only way to stop them is for the author to have so much bargaining power that he/she can demand terms that are more difficult to evade (e.g. the whole "gross percentage instead of net percentage" bit). That power is typically vested only in very well-known celebrity performers.

    Here, Denuvo apparently didn't even bother pretending to comply with a contract. They embedded the code knowing up front that they had no approval to use it in that manner, not even misinformed approval of a one-sided contract.

    link to this | view in thread ]

  20. icon
    Roger Strong (profile), 7 Jun 2017 @ 8:45am

    Re: Re:

    Yup. But it doesn't seem they've needed to so far. I expect Denuvo to play the "VMProtect didn't work anyway" card.

    The "Ten..." joke aside, VMProtect's legal battle against Denuvo will last far longer than the DRM. We're finally seeing the payoff of the legal battles against Prenda, but it took years - just as Ken "Popehat" White warned years ago. "The wheels of justice turn slowly, but they do turn."

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 7 Jun 2017 @ 8:59am

    Re: Re: Re: DRMception

    You keep using that word. I don't think it means what you think it means.

    Hey, guess what, the rest of us can quote movies out of context and without contributing to the discussion. But it seems you're the only one brimming with pride about that ability...

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 7 Jun 2017 @ 9:02am

    DRM

    Don't Run Me

    link to this | view in thread ]

  23. identicon
    Anonymous Coward, 7 Jun 2017 @ 9:03am

    Re: Re: Re: Re: DRMception

    I think Mike could make a packet selling "I'm a TechDirt Meangirl" t-shirts and hats.

    link to this | view in thread ]

  24. identicon
    Anonymous Coward, 7 Jun 2017 @ 9:03am

    VMProtect and Sophos deal should be the bigger issue

    i'm surprised that this article doesn't make a much bigger deal out of the deal between VMProtect and Sophos. To me that seems to be the much more sketchy, much more dangerous behavior.

    And of course,
    GOG for the win!

    link to this | view in thread ]

  25. identicon
    Anonymous Coward, 7 Jun 2017 @ 9:18am

    Re: VMProtect and Sophos deal should be the bigger issue

    Yeah this caught my eye as well. Even though I feel like more DRM is closer to malware than not, I'm not too comfortable having non-malicious code flagged as malware. If private companies can negotiate that, what about nations that could prevent a company like Sophos from doing business in their borders?

    I'm sure Hollywood would be very interested if they could flag pirated versions as malware, then use something like the CFAA against pirates for spreading malware.

    link to this | view in thread ]

  26. icon
    Roger Strong (profile), 7 Jun 2017 @ 9:24am

    Re: VMProtect and Sophos deal should be the bigger issue

    I disagree. The DRM is anti-user software. It acts against rather than for the user, slowing down their system and causing other problems. Unwanted and unexpectedly included with something else.

    While we're at it, we should also be calling encryption "Digital Rights Management." Which it is, of course. It's only a matter of who manages the rights to the encrypted data.

    That way, powerful people who have declared jihad against encryption would be declaring jihad against DRM.

    link to this | view in thread ]

  27. icon
    Roger Strong (profile), 7 Jun 2017 @ 9:34am

    Re: Re: VMProtect and Sophos deal should be the bigger issue

    I'm not too comfortable having non-malicious code flagged as malware.

    The Sony Root Kit was non-malicious, but I'd certainly call it malware.

    Most malware writers insist that their software isn't malware. When a game sends back your contacts list and other personal information for resale, they'll describe it as simply part of their business model. When an unrequested browser add-in redirects your home page and search links to their own site, they're doing it as a service to be helpful.

    link to this | view in thread ]

  28. identicon
    Anonymous Coward, 7 Jun 2017 @ 9:37am

    Re: Total consperacy theory but....

    I have no evidence it happened like this, but here's a few hunches:
    It's very likely Denuvo was legitimately cracked, without help from VMProtect.
    VMProtect was suspicious of Denuvo after the latter bought a "personal" license.
    VMProtect must have found out that Denuvo was using their stuff after analyzing a few cracked games.
    They (VMProtect) probably tried to contact Denuvo multiple times to arrange something only for Denuvo to refuse.

    link to this | view in thread ]

  29. identicon
    Anonymous Coward, 7 Jun 2017 @ 9:42am

    Re: Re: Re:

    Too bad they often turn too slowly to be of much help to the victims. At least you'd hope they help establish a precedent so it doesn't repeat.

    link to this | view in thread ]

  30. identicon
    crashsuit, 7 Jun 2017 @ 9:47am

    Ironic, isn't it?

    Have you heard the tragedy of Denuvo Software Solutions GmbH the wise?

    link to this | view in thread ]

  31. identicon
    Thad, 7 Jun 2017 @ 10:45am

    Re: Re: Re:

    At the moment, I'm trying my hand at being a Linux gamer. And sure, there are a lot of games that won't run, or require some tricky WINE configs, or don't perform as well as in Windows...but y'know what? I've realized that there are enough good native Linux games that I don't need to bother with the Windows ones.

    (There are, of course, plenty of Linux games that use DRM. I buy DRM-free when I can, and just-plain-Steam DRM is benign enough that I can't say I've had issues with it. If there's third-party DRM, though, that's a "nope.")

    link to this | view in thread ]

  32. identicon
    Thad, 7 Jun 2017 @ 10:46am

    Re: Re: Re: Re: DRMception

    Hey, guess what, the rest of us can quote movies out of context and without contributing to the discussion.

    Obviously you are not a golfer.

    link to this | view in thread ]

  33. icon
    discordian_eris (profile), 7 Jun 2017 @ 10:49am

    Just another reminder that there is no honor amongst thieves. Or digital restrictions management providers.

    link to this | view in thread ]

  34. identicon
    Machin Shin, 7 Jun 2017 @ 10:54am

    Re: Re: VMProtect and Sophos deal should be the bigger issue

    This kind of thing happens regularly. If you download some pirated software it will not take long to notice the AV going crazy and attacking the cracks for the software.

    Really annoying when your AV deletes something and then tells you "That was a cracking program", well yeah.... I know... now leave it alone so I can crack this game.

    link to this | view in thread ]

  35. icon
    guntherpea (profile), 7 Jun 2017 @ 10:58am

    Re: Re: Re:

    "God bless GOG."

    Indeed.

    I've always avoided pirating games, but I've been a big user of NO-CD cracks for a long time because I hate keeping a big book of game CDs with me, swapping discs, risking the discs being scratched/ruined, installing Sony malware, etc, etc. Now, if we're honest, Steam has managed to be a mostly seamless DRM platform. But GOG and their DRM-free values are clearly the ideal.

    Long live GOG.

    link to this | view in thread ]

  36. identicon
    Scote, 7 Jun 2017 @ 11:36am

    Techdirt misses the lede: Sophos falsely tags disputed IP as malware

    "After cooperation with Sophos, the anti-virus vendor agreed to flag up the offending versions of Denuvo as potential malware."

    Normally, Techdirt would be all over the offense of Sophos being used to settle IP claims.

    But because this story involves Denuvo DRM getting some comeupance, Techdirt ignores the much bigger deal, which is that Sophos agreed to tag an **IP dispute** as malware.

    link to this | view in thread ]

  37. identicon
    Thad, 7 Jun 2017 @ 11:40am

    Re: Re: Re: Re:

    I love GOG but I wish their Linux support was better.

    link to this | view in thread ]

  38. icon
    Roger Strong (profile), 7 Jun 2017 @ 12:25pm

    Re: Techdirt misses the lede: Sophos falsely tags disputed IP as malware

    An IP dispute over software that acts against rather than for the user, slowing down their system and causing other problems. Pirated, unwanted and unexpectedly included with something else. If it's not malware, it's indistinguishable from it.

    Techdirt may not have made a big deal of the malware label issue, but they didn't ignore it. It's reported in the story.

    link to this | view in thread ]

  39. identicon
    Scote, 7 Jun 2017 @ 12:46pm

    Re: Re: Techdirt misses the lede: Sophos falsely tags disputed IP as malware

    "An IP dispute over software that acts against rather than for the user, slowing down their system and causing other problems."

    You are missing the point, too. Sophos didn't decide to flag DRM as malware. Sophos, according to VMProtect, only flagged the allegedly pirated installs of VMProtect IP as malware, leaving regular installs of VMProtect unflagged.

    You, like Techdirt, are so eager to see DRM get its comeuppance that you are missing the bigger issue, which is that Sophos is falsely flagging *disputed IP* as malware.

    If Sophos flagged *all* DRM, and all installs of VMProtect, as malware then you'd have a point. But they don't. They are taking sides in an *IP dispute* and falsely flagging software as malaware because of copyright claims.

    link to this | view in thread ]

  40. icon
    Roger Strong (profile), 7 Jun 2017 @ 1:20pm

    Re: Re: Re: Techdirt misses the lede: Sophos falsely tags disputed IP as malware

    Again, ignore the IP dispute and there's STILL good reason to flag it as malware. But there's also the issue of trust:

    There are shareware and open source programs like WinZip and 7-Zip that I trust, but that trust ABSOLUTELY DEPENDS on where I download them from.

    You don't trust software unless it comes from a legitimate source. Denuvo is not a legitimate source for VMProtect.

    link to this | view in thread ]

  41. identicon
    Someone, 7 Jun 2017 @ 1:28pm

    Re: Re: Re: Techdirt misses the lede: Sophos falsely tags disputed IP as malware

    > If Sophos flagged *all* DRM, and all installs of VMProtect, as malware then you'd have a point. But they don't. They are taking sides in an *IP dispute* and falsely flagging software as malaware because of copyright claims.

    On the contrary, IMO the fact that an entity can negotiate with an AV vendor to flag another entity's product as malware is concerning. This can lead to anti-competitive behavior, as most users tend to trust the AV vendor more.

    I'll have no problem if Sophos flag all DRM as malware, but in this instance, it flag a particular product at the request / negotiation with a vendor, with the vendor is on record having problems with the creator of the said product.

    When I read about this in the article, all I can think of is "reverse zero-rating" an app.

    link to this | view in thread ]

  42. icon
    Roger Strong (profile), 7 Jun 2017 @ 2:19pm

    Re: Re: Re: Re: Techdirt misses the lede: Sophos falsely tags disputed IP as malware

    On the contrary, IMO the fact that an entity can negotiate with an AV vendor to flag another entity's product as malware is concerning.

    But that's not what they've done.

    They negotiated with an AV vendor to flag THEIR OWN product as malware. That is, an unauthorized and therefor untrusted copy of their own software.

    The latest Denuvo DRM version, without VMProtect, (and cracked immediately) would be a different story. But that's not being flagged as malware.

    link to this | view in thread ]

  43. icon
    Vikarti Anatra (profile), 7 Jun 2017 @ 9:24pm

    Re: VMProtect and Sophos deal should be the bigger issue

    I used VMProtect (personal license) for my needs long ago and it was my understanding that it was their stated policy 'you leak license key or use it for bad things, we send AV Vendors unique signatures how to detect code signed by YOUR key'(Why? because it was used for many viruses).
    It's very interesting why it's ONLY Sophos right now.

    link to this | view in thread ]

  44. icon
    MrTroy (profile), 7 Jun 2017 @ 9:28pm

    Re: Re: Re: Re: Techdirt misses the lede: Sophos falsely tags disputed IP as malware

    Again, ignore the IP dispute and there's STILL good reason to flag it as malware. But there's also the issue of trust:

    The point, as I see it, that Scote seems to be raising is that ignoring the IP dispute is exactly the wrong thing to do.

    Just like you should champion any bad guy who is being denied due process (to extent that he should be allowed due process), I agree with Scote that anti-virus has no place in an IP dispute. Saying that behaviour is ok is like saying using the DMCA to censor content online is ok as long as you don't like the content.

    link to this | view in thread ]

  45. icon
    MrTroy (profile), 7 Jun 2017 @ 9:41pm

    Re: Re: Re: Re: Re: Techdirt misses the lede: Sophos falsely tags disputed IP as malware

    They negotiated with an AV vendor to flag THEIR OWN product as malware. That is, an unauthorized and therefor untrusted copy of their own software.

    Those are not the same thing. Either they are flagging a competitor's software, or they are using a third party as leverage in a licensing dispute. Neither of these situations is something to applaud.

    link to this | view in thread ]

  46. icon
    Vikarti Anatra (profile), 7 Jun 2017 @ 9:49pm

    It's not fully clear what exactly happen (RSDN thread says they planned to do something but... ). VMProtect's site has blog post from 6th June http://vmpsoft.com/20170606/vmprotect-and-denuvo-gmbh/
    Does it mean they settled?

    link to this | view in thread ]

  47. icon
    Roger Strong (profile), 7 Jun 2017 @ 9:50pm

    Re: Re: Re: Re: Re: Techdirt misses the lede: Sophos falsely tags disputed IP as malware

    As Vikarti Anatra says above:

    I used VMProtect (personal license) for my needs long ago and it was my understanding that it was their stated policy 'you leak license key or use it for bad things, we send AV Vendors unique signatures how to detect code signed by YOUR key'(Why? because it was used for many viruses).

    Again, ignore the IP dispute and there's STILL good reason to flag it as malware. It's now software that you shouldn't trust.

    link to this | view in thread ]

  48. identicon
    Anonymous Coward, 7 Jun 2017 @ 9:52pm

    the torrentfreak article linked has an update that says that Denuvo has permission to use vmprotect.. but their site is down for me at the moment so here's an archive link:

    https://web.archive.org/web/20170607162145/vmpsoft.com/20170606/vmprotect-and-denuvo-gmbh/

    link to this | view in thread ]

  49. icon
    Roger Strong (profile), 7 Jun 2017 @ 9:56pm

    Re: Re: Re: Re: Re: Re: Techdirt misses the lede: Sophos falsely tags disputed IP as malware

    They are not flagging their competitor's software. They are flagging THEIR OWN software being redistributed by an untrusted source. Denuvo DRM *without* VMProtect is not being flagged.

    link to this | view in thread ]

  50. icon
    MrTroy (profile), 7 Jun 2017 @ 10:19pm

    Re: Re: Re: Re: Re: Re: Re: Techdirt misses the lede: Sophos falsely tags disputed IP as malware

    So you'd be ok with a vanilla flavoring company issuing a food safety recall on Vanilla Coke if Coca Cola failed to pay its bills, as long as they didn't go after any other flavors of Coke?

    This is not a trust issue. It is a licensing issue, pure and simple. Paying for something does not make it trustworthy, and failing to pay for something does not make it untrustworthy. The only thing that changes is whether or not it's used with a valid license. Paying a bill can't possibly change the trustworthiness of the software in question, surely?

    Using anti-virus to sidestep or add leverage to a licensing dispute is absolutely, heinously, the wrong thing to do. No matter how much you agree with the result, it is not the correct way to go about business, and it sets a terrible precedent if allowed.

    link to this | view in thread ]

  51. icon
    Vikarti Anatra (profile), 7 Jun 2017 @ 10:56pm

    Re: Re: Re: Re: Re: Re: Re: Re: Techdirt misses the lede: Sophos falsely tags disputed IP as malware

    >So you'd be ok with a vanilla flavoring company issuing a food safety recall on Vanilla Coke if Coca Cola failed to pay its bills, as long as they didn't go after any other flavors of Coke?

    It worked for Amazon (issue with Kindle and 1984 which they couldn't sell, yes, they refunded customers but how refund matter here)?
    https://www.techdirt.com/articles/20090717/1559425587.shtml

    It also worked for Amazon and Disney https://www.techdirt.com/articles/20131216/16292925583/you-dont-own-what-you-bought-disney-amazon-pl ay-role-grinch-taking-back-purchased-film.shtml (This time Disney just decided they don't want Amazon to offer movie (If we believe 1st version of Amazon's response))

    link to this | view in thread ]

  52. icon
    MrTroy (profile), 7 Jun 2017 @ 11:32pm

    Re: Re: Re: Re: Re: Re: Re: Re: Re: Techdirt misses the lede: Sophos falsely tags disputed IP as malware

    Again, not quite the same thing. Working with the other party and getting the unlicensed product removed from the market is exactly the correct thing to do, if negotiations fail to produce a valid license in a reasonable timeframe.

    The difference here is that VMProtect didn't work with Denuvo; they worked with Sophos to effect the recall. Anti-virus is not supposed to be a license enforcement tool, and everyone is less safe if that becomes the norm.

    link to this | view in thread ]

  53. icon
    Roger Strong (profile), 8 Jun 2017 @ 12:35am

    Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Techdirt misses the lede: Sophos falsely tags disputed IP as malware

    One more time, as Vikarti Anatra says above:

    I used VMProtect (personal license) for my needs long ago and it was my understanding that it was their stated policy 'you leak license key or use it for bad things, we send AV Vendors unique signatures how to detect code signed by YOUR key'(Why? because it was used for many viruses).

    Suppose you write a remote access tool for doing tech support. And then someone else - without consulting you - uses it to commit crime. The FBI may arrest you and the DOJ may prosecute you. YOU are held responsible for not policing its use.

    Yes, that's goddamned insane and stupid. But it's reality, and it's not at all hard to imagine VMProtect's writers ending up in the same situation.

    Often the only defense against such BS charges is being able to show "Look, we tried. Here's how...." Working with the anti-virus companies to treat unauthorized use as malware might do that.

    The difference here is that VMProtect didn't work with Denuvo;

    The story says otherwise. VMProtect tried to work with Denuvo, but...

    Denvuo declined, but then apparently went ahead an bought a personal license anyway and began rolling out the software in Denuvo DRM.

    link to this | view in thread ]

  54. icon
    MrTroy (profile), 8 Jun 2017 @ 12:53am

    Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Techdirt misses the lede: Sophos falsely tags disputed IP as malware

    Yeah, I forgot about that story.

    I still say that even though VirtualVM's actions may have been necessary, that doesn't make it ok. And, that trying to make it ok is plastering over the symptom while ignoring the problem.

    I still say that asking virus scanners to enforce license agreements makes everyone less safe.

    link to this | view in thread ]

  55. identicon
    Wendy Cockcroft, 8 Jun 2017 @ 5:21am

    Re: Re: Re: Re: Re: DRMception

    Well since asking awkward questions got me labeled one, I'll have to buy it when it's available for sale.

    link to this | view in thread ]

  56. identicon
    Anonymous Coward, 8 Jun 2017 @ 6:03am

    Re: Ironic, isn't it?

    It's not a story the copyright fanatics would yell you.

    link to this | view in thread ]

  57. icon
    Bergman (profile), 8 Jun 2017 @ 7:53am

    Re: Re:

    What's really absurd about this, is that if VMProtect did that, they'd be guilty of a crime in some countries -- nowhere in most anti-circumvention laws does it say that the anti-circumvention code must not be stolen.

    link to this | view in thread ]

  58. identicon
    William, 18 Dec 2017 @ 8:29pm

    Re:

    It is working right now: http://vmpsoft.com/20170606/vmprotect-and-denuvo-gmbh/
    Maybe the pirates DDOSed their site when you were reading?

    link to this | view in thread ]

  59. identicon
    Eisberg, 26 Jan 2018 @ 3:42am

    Why didn't this article write do his/her due diligence in finding out the facts. 1 day before this article was released VMProtect came out and said that rumor was false.
    http://vmpsoft.com/20170606/vmprotect-and-denuvo-gmbh/

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.