Starforce enforces DRM by instant reboot (without warning)
Despite all the problems DRM has been causing lately, it seems like companies involved in copy protection just keep trying to create more dangerous copy protections. Originally, they were more of a nuisance causing compatibility issues, installing wanted software, etc. Next came Sony Rootkits which used cloaking to hide its DRM processes and files, but with the side affect of being able to cloak spyware & viruses, thus causing a serious security risk. More recently, the Settec Alpha-DVD protection has been reported to cause DVD writers to malfunction.
Now, Futuremark* has uncovered a very dangerous anti-piracy system Starforce is now using. This copy protection system installs a driver that runs at the highest level of access on the system, which gives it low level access to the PCs hardware and any drivers and processes. This driver runs regardless of whether the game runs; keeping an eye out for any suspicious activity such as attempting to copy a protected disc. If something suspicious is detected, it forces the PC to make an immediate reboot, regardless of any other applications running and whether or not the user has any unsaved work.
To make matters worse, this copy protection interferes with DPM readings from software that is designed to allow the playback of copied game discs, which means that any game backups that rely on this Data Protection Manager will no longer play with the Starforce protection driver in place. Finally, as the Starforce protection has been found to interfere with certain device drivers, some drivers will run in legacy PIO mode instead of DMA, which not only slows down the PC by hogging CPU resources, but also slows down the data transfer to the affected hardware.
With the reported side effects of this copy protection system, this is one thing I would not trust on any system. For example, if one wanted to make a copy of a disc and didn’t realise they had a Starforce protected game in their DVD-ROM drive, their PC is rebooted without even being given a chance to save any work! Worse still, this is likely to give some people a major headache trying to figure out why one or more of their device drivers are acting up, certain hardware cause the PC to run sluggish when used and so on. However, for those who get affected or lose several hours of unsaved work due to an unexpected reboot, chances are that they are not going to get any compensation or sympathy from Starforce or the game publishers using the copy protection.
* Update: According to a news post by Futuremark, apparently they have not carried out any research or uncovered anything relating to StarForce, however this discovery was made by users who posted about this on their public discussion boards.
Despite all the problems DRM has been causing lately, it seems like companies involved in copy protection just keep trying to create more dangerous copy protections. Originally, they were more of a nuisance causing compatibility issues, installing wanted software, etc. Next came Sony Rootkits which used cloaking to hide its DRM processes and files, but with the side affect of being able to cloak spyware & viruses, thus causing a serious security risk. More recently, the Settec Alpha-DVD protection has been reported to cause DVD writers to malfunction.
Now, Futuremark* has uncovered a very dangerous anti-piracy system Starforce is now using. This copy protection system installs a driver that runs at the highest level of access on the system, which gives it low level access to the PCs hardware and any drivers and processes. This driver runs regardless of whether the game runs; keeping an eye out for any suspicious activity such as attempting to copy a protected disc. If something suspicious is detected, it forces the PC to make an immediate reboot, regardless of any other applications running and whether or not the user has any unsaved work.
To make matters worse, this copy protection interferes with DPM readings from software that is designed to allow the playback of copied game discs, which means that any game backups that rely on this Data Protection Manager will no longer play with the Starforce protection driver in place. Finally, as the Starforce protection has been found to interfere with certain device drivers, some drivers will run in legacy PIO mode instead of DMA, which not only slows down the PC by hogging CPU resources, but also slows down the data transfer to the affected hardware.
This latest identified threat by Futuremark* is one that relates to a driver being installed on your computer that gains RING0 access (the highest level of access to your computer). The installation requires Administrator level access to install the driver, which runs all of the time regardless of whether or not you're playing a game with Starforce DRM.
With such a high level of processor access (sharing the same levels the operating system enjoys), the Starforce driver can do anything to your computer at any time. This very ability is demonstrated, since the Starforce driver will force a reboot (not a shutdown) when it thinks it has discovered suspicious activity related to copying. The reboot occurs instantly, and any and all unsaved data could be lost.
With such a high level of processor access (sharing the same levels the operating system enjoys), the Starforce driver can do anything to your computer at any time. This very ability is demonstrated, since the Starforce driver will force a reboot (not a shutdown) when it thinks it has discovered suspicious activity related to copying. The reboot occurs instantly, and any and all unsaved data could be lost.
With the reported side effects of this copy protection system, this is one thing I would not trust on any system. For example, if one wanted to make a copy of a disc and didn’t realise they had a Starforce protected game in their DVD-ROM drive, their PC is rebooted without even being given a chance to save any work! Worse still, this is likely to give some people a major headache trying to figure out why one or more of their device drivers are acting up, certain hardware cause the PC to run sluggish when used and so on. However, for those who get affected or lose several hours of unsaved work due to an unexpected reboot, chances are that they are not going to get any compensation or sympathy from Starforce or the game publishers using the copy protection.
* Update: According to a news post by Futuremark, apparently they have not carried out any research or uncovered anything relating to StarForce, however this discovery was made by users who posted about this on their public discussion boards.
