back to article Ubisoft assassinates Uplay flaw, denies DRM rootkit

A bit of holiday fun for Google security researcher Travis Ormandy left Ubisoft scrambling to fix a gaping flaw in its Uplay gaming application on Monday morning. "While on vacation recently I bought a video game called 'Assassin's Creed Revelations,' he posted on the Full Disclosure mailing list. "I noticed the installation …


This topic is closed for new posts.
  1. David Taylor 1

    "The issue is not a rootkit. The Uplay application has never included a rootkit. The issue was from a browser plug-in that Uplay PC utilizes which suffered from a coding error that allowed systems usually used by Ubisoft PC game developers to make their games," it said.

    What a terrible coding error -- Ubisoft PC game developers should never be allowed to make games.

  2. Chad H.

    So why exactly does a GAME need a BROWSER plug in?

    1. LinkOfHyrule

      Because gamers are bitches in the eyes of Ubisoft execs?

  3. Anonymous Coward
    Anonymous Coward

    >While this is an effective form of DRM<

    Really? Which game hasn't been cracked?

    1. asdf


      > an effective form of DRM

      Yep by pwning your computer they could decide what you get to run or not.

  4. banjomike

    had a patch out within 90 minutes...

    ... obviously after the same level of comprehensive testing as the original plug-in.

    1. Fred Flintstone Gold badge

      Re: had a patch out within 90 minutes...

      Another possible interpretation is that they knew they had done something dodgy and kept this in reserve in case someone found out..

    2. PyLETS

      Re: had a patch out within 90 minutes...

      obviously after the same level of comprehensive testing as the original plug-in.

      Depends upon whether they have an automated test suite. If they do, then it's very likely that both versions of the plugins passed exactly the same set of tests.

  5. Simon2


    How about just not installing the plug-in in the first place or removing it after installing the game. Easy enough in Firefox.

    1. asdf

      Re: Plugin

      not sure but probably means you can't play game if you remove the plugin. lame.

      1. Ceiling Cat

        Re: Plugin

        @ASDF : "not sure but probably means you can't play game if you remove the plugin. lame."


        Actually, I'm just going to patch, disable the plugin, and then try playing ACR ....

        back soon

        1. Ceiling Cat

          Re: Plugin

          Just disabled the plugin and fired up ACR . . . game works fine without the plugin. Happy stabbing!

          1. This post has been deleted by its author

          2. asdf

            Re: Plugin

            Wow typical DRM then all it does is piss off the paying customers who don't always have a high level of geek tech ability to get rid of the annoyance. FAIL like all DRM eventually (hows that DRM working out for ya Sony now you are 1/5 the size of your heyday).

            1. asdf

              Re: Plugin

              And yes I know Xbox has DRM also but Sony is directly and indirectly responsible for funding and creating most of the DRM schemes out there. They are also the biggest proponent of it by far. Their media studio first f__k the customer attitude is much of the reason they have been in the red for over five years straight.

  6. BernieC


    This is precisely why I haven't bought any Ubisoft games for years. They don't deserve customers the way they constantly pull these ridiculous stunts.

    1. ColonelClaw
      Thumb Up

      Re: Whatever.

      I'm totally with you on this. I've never bought a Ubisoft game, and until they remove their DRM I never will, even if it means missing the occasional great game. I'm a pretty prolific game buyer, to boot.

      I would even take this further by emailing a photo to Ubisoft of the money I would have spent on one of their games, followed by another showing exactly how else it was spent. (Most likely in the pub, but I leave this up to your imagination)

  7. Martin 50

    less and less control over my pc

    I was forced to install this Uplay thing to play my new steam game "from dust". I wasn't told what I was installing - I didn't realise it was a whole environment - I thought it was just going to be a registration for them to grab my email address and spam me with email - something I've finally got grudgingly used to. And I was most surprised when Firefox reported it was disabling a 'Uplay plugin' due to a security risk. That's a plugin that won't be getting turned back on (unless it turns out my game doesn't play without which case I'll have to decide if my face needs my nose or not). Thanks for this article, it filled in the gaps.

  8. DryBones

    A brief search suggests that the DRM has already been hacked around, and such solutions are easily available for those that choose to look for them, once again proving that the only ones inconvenienced by such things on the medium to long term (or however long such takes to patch around), are those that don't try to pirate them. Also notable is the fact that several of them say 'crack only', which naturally implies that it's only for folks that bought the game. No-CD crack, meet No-Net crack. Here comes the new boss, same as the old boss.

    Please note, not espousing not paying for product, just that the benefit/drawback ratio for this sort of DRM is likely a fractional term.

  9. Vladimir Plouzhnikov

    It's about time

    To make all DRMs illegal because for all intents and purposes every such system can be classified as malware.

  10. Anonymous South African Coward Bronze badge

    DRM vs DRM-free

    Is there any advantage to be had by including (or forcing) DRM with your software? You do need to pay for DRM development etc, and to counter any bugs/hacks/cracks as they appear.

    Or do you rely on people's goodwill not to copy/pirate your stuff and leave DRM out? No need to pay any extra for DRM development etc...

    1. Vladimir Plouzhnikov

      Re: DRM vs DRM-free

      I would also add that you don't put off your potential customers and don't encourage them to seek better alternatives to your DRM-crippled products...

  11. vmistery

    Perhaps Ubisoft could just use steam? Its effective, most of the people I know use it and it protects their game but no Ubisoft seem hellbent on penalizing their paying customers rather than the pirates.

    What the game industry needs to do is agree on a common DRM system which is created for the benefit of both customers and companis. Perhaps then they could spend dev time on 'small' things such as customer security and being able to play an offline game whilst on an unstable broadband connection...

    1. Anonymous Coward
      Anonymous Coward

      Benefit of customers ?

      Are you insane ?

  12. Crisp

    To paraphrase the article

    Don't buy Ubisoft software. Their games will bugger up your machine, and in the event that they don't, you'll be lucky if the games don't implode and stop working anyway.

  13. Arachnoid
    Thumb Down

    "had a patch out within 90 minutes"

    Which suggests to me anyway ,that they already knew about the issue and had the patch sat in the wings.

    1. ColonelClaw

      Too bloody right

      Alas I can only upvote you once for this suggestion. You hit the nail bang on the head

  14. TraceyC

    There's no lack of games on the market. I have plenty more choice in games than time to play them. There is no hardship for me whatsoever to avoid Ubisoft and other companies taking the DRM cool aid. Realistically, it's quicker & easier for me to pay for games that don't include ridiculous DRM than to take the time to crack games I have purchased. It's also much more personally gratifying.

    Ubisoft & others - really, why do you keep insisting on this model that does nothing to prevent piracy and only punishes people who want to give you money for what you produce?

  15. despairing citizen
    Big Brother

    Interesting Statement

    "The issue is not a rootkit. The Uplay application has never included a rootkit."

    Noted the above part of the statement, and that it was not "We/Ubisoft don't use rootkits"

    Given that rootkits, installed without the expressed informed consent of the computer owner, would be a criminal offence (CMA90)

  16. Anonymous Coward
    Anonymous Coward

    Ubisoft DRM

    So Ubisoft goes out of business, and all the games you paid cold hard cash for, are now junk.

    (so where the goods they sold fit for purpose?)

    Given the lack of an ongoing revenue stream, their sales/drm model does look remarkably like a Pyramid scheme

    (there are rules about Pyramid schemes)

    If Ubisoft's internet connection/servers go down, how much compensation do they have to pay their customers? (given any EULA "you cant sue" contract terms are covered by the Unfair Contracts Terms directive)

    Currently waiting for Ubisofts DRM to upset a bored and/or pissed off barister, will then book tickets for the court case.

This topic is closed for new posts.