[The Orange]

Edit:

Seems to have been patched already, so update Uplay and it should be ok:

Originally Posted by iNvidious01:

Original OP content below:

http://news.ycombinator.com/item?id=4311264

The important bit of that post:

Quote:

Ubisoft installs a backdoor that allows any website to take over your computer. The Sony BMG rootkit was also DRM and required product recall when it was discovered.

The original post for the hack:

http://seclists.org/fulldisclosure/2012/Jul/375


Fixes before people start going crazy:

Originally Posted by SparkTR:

You want to fix this? Disable the plug-in in your browser. Done. People talking about reformatting their PCs are making me facepalm.

Quote:

Google chrome users: You can go to "about:plugins" and disable this and all other things that might expose you to extra security risks such as "Microsoft Office" (even "Native Client") or any other plugins that exposed in there by 3rd party without any confirmation.

[Yagharek]

Megaton.

Wonder why it took so long to prove it was rootkit?

[Corky]

So if I once installed uplay on my pc I can't get rid of all it's traces?

[flipswitch]

There goes me buying Watchdogs on PC.

[Ryoku]

Fuck Ubisoft on their stance on PC games.

[GrizzNKev]

Damn. ACIII PC delayed for an extra year?

[mclem]

Thought one: There was a Just Dance 3 on PC?

Thought two: Anno isn't listed. Omission, or is it actually exempt?

[GoncaloCCastro]

Well this is crap! I bought the Assassin's Creed Pack on steam's sale!

[TyrantGuardian]

Lol, fuck Ubisoft. Bought Anno and Driver on the Steam sale. Guess I'm never installing either once I build my new PC.

[blamite]

I once installed and then uninstalled From Dust on Steam. Should I kill may laptop before it kills me?

[JaseC]

Originally Posted by GrizzNKev:

Damn. ACIII PC delayed for an extra year?

When it comes to Ubi and delaying PC releases, any excuse will do.

[Sethos]

Looks like it's time to re-install Windows, thanks UbiShaft - Delay some more PC titles while your at it :)

[SirIgbyCeaser]

Isn't this the first step in getting it banned from products? Good news???

[endresults]

BOOM goes the dynamite. Ubi gets all that's coming their way this time.

[trinest]

The only thing good from this is when it crumbles and Ubisoft patches out Uplay.

[Game Guru]

And this is why companies need to just use Steam's DRM if any. Seriously, Valve would've never had something like this.

[EightBitNate]

Wow, so that explains why Watchdogs looks so good. It's actual footage.

[Cisce]

Now I'm glad that I actually missed out on Anno 2070's Steam sale. Otherwise, I'd be re-installing my PC right now.

[HP_Wuvcraft]

Done on purpose or not (which I highly doubt it was), this is an extremely stupid fail.

[Maxwood]

Ubicrap takes a whole new meaning.

[reptilescorpio]

Jeez and I wasn't far off installing Driver San Fran too! Also already have a copy of AC3 paid for on GMG. Hopefully they clear this up nice and fast to avoid the shit hitting the fan for them.

[fabricated backlash]

Why am I not surprised... this shit is depressing.

[SparkTR]

Uplay sucks, but the title is misleading.

[Des0lar]

FUCK I just bought from Dust during the Steam sale. I knew it was a fucking bad idea to buy a Ubi game....

[Ryoku]

Originally Posted by Game Guru:

And this is why companies need to just use Steam's DRM if any. Seriously, Valve would've never had something like this.

No. No DRM at all would be lovely. Valve worship is something I don't get. Great company, but the worship is not needed.

[GrizzNKev]

Originally Posted by JaseC:

When it comes to Ubi and delaying PC releases, any excuse will do.

All Ubi PC games delayed to 2015 while new, more restrictive DRM is invented.

[Omikaru]

Well fuck. Glad I never installed uPlay on my newest machine.

Almost did though. Was very close to buying the Assassin's Creed pack on Steam.

[Enco]

Originally Posted by TyrantGuardian:

Lol, fuck Ubisoft. Bought Anno and Driver on the Steam sale. Guess I'm never installing either once I build my new PC.

Anno has a 3 activation limit. Why the fuck would you buy it?

Lol Ubi you piece of shit. No AC3 for me.

[Iceblade]

Can anyone explain what this means? Like, Ubisoft's DRM allows anyone to get into your PC? Or just Ubisoft itself?

[-Cade]

So what's the easiest way to fix this? Bought SC:C last Steam sale and played it a few times.

[EscoBlades]

Aye caramba!!

[Zevenberge]

I don't really understand it. Basically installing a Ubisoft game enables random sites to hack your PC? If so, why on earth would a company do that?

[SparkTR]

Originally Posted by Iceblade:

Can anyone explain what this means? Like, Ubisoft's DRM allows anyone to get into your PC? Or just Ubisoft itself?

People are exaggerating. Uplay just installs a web browser plug-in that has poor security standards. There's nothing to suggest it can be used to alter protected Windows processes or Ubisoft games. You want to fix this? Disable the plug-in in your browser. Done. People talking about reformatting their PCs are making me facepalm. This is more down to incompetence than malicious intent, and I don't expect competence from Ubisoft.

[Jintor]

Well fucking shit.

[TemplaerDude]

This is not going to go over well.

[GoofsterStud]

I am glad that Uplay has been outed as the rootkit it is. I only hope they come up with a way to completely remove all traces for their loyal customers.

[MNC]

Well, fuck. There goes me playing any Ubisoft game on my PC.

[Haunted]

wow!

Ubi will be getting a shitton of backlash for that, if true. And it'll definitely have a visible negative impact on PC sales (and deservedly so) if they continue to do so.

[Ryoku]

Originally Posted by Zevenberge:

I don't really understand it. Basically installing a Ubisoft game enables random sites to hack your PC? If so, why on earth would a company do that?

You can disable it through your web browser. People get pissed at terrible service from Ubisoft on the PC front, and this just adds to their reasons.

[areal]

Originally Posted by EightBitNate:

Wow, so that explains why Watchdogs looks so good. It's actual footage.

Connection is power...

[Game Guru]

Originally Posted by Ryoku:

No. No DRM at all would be lovely. Valve worship is something I don't get. Great company, but the worship is not needed.

Well, I said if a company must use DRM... I would prefer it if Steam's games didn't have DRM either.

[Lemonte]

Now I regret even more buying Driver San Francisco. Game doesn't even work properly.

[Tomat]

More like Ufail am I right?

I'll be here all week, I've got nothing better to do.

[Ryoku]

Originally Posted by Game Guru:

Well, I said if a company must use DRM... I would prefer it if Steam's games didn't have DRM either.

You do realize that you don't own the games that you pay money to buy on Steam, and that they can be taken from you at anytime, right?

[Visualante2]

Mother fuckers. No mention of this in the EULA at all?

Guessing this breaks some EU law and would require a recall if not, as with the Sony products.

e. I think you're over reacting when it comes to the 'rootkit' comparison. It's a browser plugin, surely you can just disable the browser plugin? Or is there some deep seeded authorisation given to the plugin on your computer's hardware?

[-Cade]

Originally Posted by SparkTR:

People are exaggerating. Uplay just installs a web browser plug-in that has poor security standards. There's nothing to suggest it can be used to alter protected Windows processes or Ubisoft games. You want to fix this? Disable the plug-in in your browser. Done. People talking about reformatting their PCs are making me facepalm. This is more down to incompetence than malicious intent, and I don't expect competence from Ubisoft.

You're a gentlemen and a scholar, thanks.

[TheD]

Uhh, I don't see how this is a rootkit.

This just looks like a normal exploitable software flaw.

[Frankie Williamson]

Ubisoft is just such a dreadful company. Thankfully, I have not installed any of the games listed.

[Iceblade]

Originally Posted by SparkTR:

People are exaggerating. Uplay just installs a web browser plug-in that has poor security standards. There's nothing to suggest it can be used to alter protected Windows processes or Ubisoft games. You want to fix this? Disable the plug-in in your browser. Done. People talking about reformatting their PCs are making me facepalm. This is more down to incompetence than malicious intent, and I don't expect competence from Ubisoft.

Thanks, nice to see some level-headedness amongst all of the silly quickfire reactions in here.

[Dingotech]

Originally Posted by SparkTR:

People are exaggerating. Uplay just installs a web browser plug-in that has poor security standards. There's nothing to suggest it can be used to alter protected Windows processes or Ubisoft games. You want to fix this? Disable the plug-in in your browser. Done. People talking about reformatting their PCs are making me facepalm. This is more down to incompetence than malicious intent, and I don't expect competence from Ubisoft.

Thanks just diabled the addins.

Will UPlay still run with the addins disabled? I'd like to play more Driver at some point...