Malwareteks: Forums / Software Support / SecuRom question

Forums

Malwareteks :: Forums :: Technical Support :: Software Support		<< Previous thread \| Next thread >>
SecuRom question


Moderators: ShadowPuterDude, Greg, D3m3nt3d, Brandon, Vmarm, peterparker, siljaline, jholland1964, TurcoLoco, Windsor, JeanInMontana, KZ, RatHat, Jason Amison, MrCharlie

Author

Post

Corum

Sat Dec 15 2007, 10:14PM

Registered Member #110

Joined: Sat Dec 15 2007, 09:28PM
Posts: 5
Thanked 0 times in 0 posts

Is this malware or not? I've seen info saying yes, it's the devils own, and info saying it's harmless. What's your perspective?

ShadowPuterDude

Sat Dec 15 2007, 11:05PM

...the Shadow knows

Registered Member #1

Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 217
Thanked 10 times in 10 posts

SecuROM is a CD/DVD copy protection product, most often used for computer games, developed by Sony DADC. SecuROM aims to resist home media duplication devices, professional duplicators, and reverse engineering attempts. The newest versions (v4 and up) prevent 1:1 CD-R copies from being made. Certain programs can circumvent its protection, but can't duplicate it[citation needed]. The use of SecuROM is somewhat controversial. It installs a shell extension that prevents Windows Explorer from deleting 16-bit executables; while troubling some, 32bit and 64bit executables are much more common.

Latest SecuROM Versions are all 7.x versions which are released and updated continuously.

SecuROM 7.x, if run under a non-admin user account, installs its own service called UAService7.exe, which works in ring 3 of the computer's operating system.
Securom has said: "it has been developed to enable users without Windows™ administrator rights the ability to access all SecuROM™ features" This has been called malware, and users must use 3rd party tools to remove 'protection' after uninstall of product.

Here is a response from SecuROM about Process Explorer and it's registry monitor/file monitor capabilities

Hello,

'Process Explorer' has dumping capabilities as well as registry monitor / file monitor capabilities. This could be used to trace the behavior of SecuROM.

Therefore, we do not allow the game to start when this software is active.

We have no immediate plans to allow this software in the future.

Best regards,

SecuROM Support Team
SecuROM on the web: http://www.securom.com
or via e-mail: -email-

Here's my take. Anything that is installed to a PC without the informed consent of the owner, alters system performance/behavior, and utilizes a RootKit to hide itself from inspection is Malware.

The puported purpose of this DRM/copy protection scheme is to prevent unauthorized copies being made. This flies in the face of the "Fair Use" provisions of copyright law; to which you are authorized to make a backup copy of the media.

[ Edited Sat Dec 15 2007, 11:07PM ]

"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy
Microsoft Most Valuable Professional - Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals - Since 2006
Linux Registered User # 363218

Corum

Mon Dec 17 2007, 01:33PM

Registered Member #110

Joined: Sat Dec 15 2007, 09:28PM
Posts: 5
Thanked 0 times in 0 posts

Thanks. That was my feelings too. I just noticed yesterday that my Spybot S&D resident had been turned off. By SecuRom?
If so, then I am going to get medieval on their asses.

ShadowPuterDude

Mon Dec 17 2007, 05:39PM

...the Shadow knows

Registered Member #1

Joined: Thu Apr 27 2006, 04:52PM
Location: Northern NY
Posts: 217
Thanked 10 times in 10 posts

Possibly, here's the rub; if you uninstall SecROM then you won't be able to play the game.

Corum

Mon Dec 17 2007, 09:47PM

Registered Member #110

Joined: Sat Dec 15 2007, 09:28PM
Posts: 5
Thanked 0 times in 0 posts

I'm going to uninstall it anyway. It's a POS. Neverwinter Nights 2 is nothing like the original.

Thanks for the info.

Edit- I just remembered. Spybot resident is a registry monitor.

[ Edited Mon Dec 17 2007, 09:49PM ]


Jump: Back to top