-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
Capcom acknowledges they sent out rootkit in update for SFV as "security risk"
- Thread starter Tripon
- Start date
No, you don't get it. Htsysm is the signature of a known rootkit creation program. Its presence means that they deliberately used a malware tool to create capcom.sys. But even if they'd used a different tool, no, capcom.sys was a rootkit and rootkits are malware. It deliberately opened up a security hole bigger than Rufus' belly on your computer, all so that it could run a program to protect their transactions, something that every software design principle from the last quarter-century will tell you should have been fixed server-side, was succesfully detected as such by several anti-virus programs, only the reaction of both Capcom and many players was to say SF5 should be allowed to run despite triggering the warnings designed to prevent such a program to ever run.Ucchedavāda;218600534 said:
UcchedavÄda
Member
Do you have a source for that?
I know it is a rootkit. I said as much in my previous posts.
A rootkit exploits security holes to give itself higher privileges and access parts of the computer that wouldn't normally be accessible.
In the case of capcom.sys, this is pretty much what it does: https://www.reddit.com/r/Games/comm...c_update_is_accessing_kernel_level_in/d7z4eev
A rootkit is a type of malicious software (malware) that tries to gain the highest level access possible ("root") on a PC, while also going undetected. As rootkits are designed to be undetectable, they're also pretty hard to remove once a system is compromised with them. This particular rootkit that Capcom used basically had full control over the entire PC, which is of course really really bad.
Friggin' idiots. DOA5 devs (futilely) asked PC users not to create mods that would "upstage" their own DLC costumes, whilst Koei-Tecmo would go on to charge highway-robbery prices for said DLC-packs.
And yet they never resorted to this kind of fuckery in the name of securing sales.
And yet they never resorted to this kind of fuckery in the name of securing sales.
UcchedavÄda
Member
I am afraid that there does not appear to be a way to browse Malwarebytes database online, so I'll have to see when I get home.
SinCityAssassin
Member
Ucchedavāda;218601422 said:
Isn't it a program?
UcchedavÄda
Member
It is. Presumably it has an associated signature database that you can either browse through the program or perhaps mine manually. Otherwise I am not sure how Chev would know that Htsysm is a known signature for malware that is included in that database, unless they have previously encountered this signature, prior to the Capcom debacle.
Dick Justice
Banned
Get fucked, Capcom. Feigning ignorance over this is an insult to anyone who bought this game.
It's almost comical just how much Capcom seems to be intent on fucking up their SF franchise with this game.
On topic, yeah, that crap was clearly intentional and not some random dev going nuts in their spare time. You don't deploy a Capcom.sys file to system directories and disable most of Windows' defense mechanisms just for fun. That entire software was specifically designed, a concentrated effort to grab a foothold in the affected systems without any input from the user or admin. You just don't fart that stuff out in an afternoon. It takes quite a bit of research and determination. Several people had to suggest this course of action, implement it or sign off on it, and frankly, I'd like to see them punished - and not by a mere slap on the hand, mind. Shit's serious.
On topic, yeah, that crap was clearly intentional and not some random dev going nuts in their spare time. You don't deploy a Capcom.sys file to system directories and disable most of Windows' defense mechanisms just for fun. That entire software was specifically designed, a concentrated effort to grab a foothold in the affected systems without any input from the user or admin. You just don't fart that stuff out in an afternoon. It takes quite a bit of research and determination. Several people had to suggest this course of action, implement it or sign off on it, and frankly, I'd like to see them punished - and not by a mere slap on the hand, mind. Shit's serious.
That is some closely worded PR. I hope whoever that implemented this at Capcom is punished and this shit never happens again. Now back to playing Urien again! He is so good. I think Capcom actually made his SFV version of him look better than his SF3 counterpart and that's saying something as SF3 has beautiful animations.
sixteen-bit
Member
yep
Yeah it seem it was intentional. That's why the PR wording is like that. They have to be careful, since misswording in regards to this is liable to be sued.
Head.spawn
Junior Member
For some reason I thought Steam would be able to catch stuff like this. I guess they really just allow people to release anything.
Shill
Na Urien is pretty dope in this game. I didn't think I'd like him nearly as much as I do.
I think the point is why the hell you bringing Urien up in this thread.
thehillissilent
Member
This is all I have to say to Capcom:
I would not be surprised about future lawsuits.
I would not be surprised about future lawsuits.
I didn't and who cares?
I know you didn't. But that's the point why that guy called out the original person who did brought up Urien as a shill.
SatelliteOfLove
Member
"This PC place is a den of pirate scum!"
*sets up a shop that sells cultasses and jolly roger flags*
*sets up a shop that sells cultasses and jolly roger flags*
This thing still ain't gaining traction compared to not meeting expectations.
GoldandBlue
Member
So do I need to bother if I already uninstalled SFV and deleted the capcom.sys?
Son Of Sparda
Member
The guy who brought up Urien was defending rootkits in an earlier thread regarding this shit storm. He just desperately tries to defend Capcom or change subject.
SixMachine
Member
I think this whole situation brings up a lot of questions and worrying implications. Capcom sent the Capcom.sys file to thousands of users rather easily over steam. The reason it got caught is because the game does have a dedicated user base that is willing to data mine files and knowledgeable enough to know what they are looking at. Imagine if this was an indie game where people don't take that effort or have that knowledge. This kind of malware could potentially be spread easily and unnoticed. The only thing that can protect consumers in this case is if they were both knowledgeable and vigilant, which is extremely hard with how large the steam user base is and that not everyone is strong in this area of computer security, especially since this is something that is above the average computer user.
MikeZ (creator of Skullgirls and Indivisible) was on Super Desperation Radio and he was going over this whole debacle. Steam doesn't have any certification, since it allows developers to consistently update and patch their games at their own pace, unlike Sony and Microsoft. It is mostly a rather good and convenient thing, but this whole issue really makes people worried what shady stuff could potentially sneak in, especially since not all developers can be trusted, since this shit show happened because of Capcom who has been in business for decades and at least had some resemblance of goodwill before the incident. It's very unlikely according to the podcast that the burden of security will be on Valve over this, because honestly it's not their fault that a developer can be so incompetent to do something that already has hit the court and found to be illegal within the Sony scandal.
edit:SDR podcast with MikeZ
https://www.youtube.com/watch?v=IcH89Eh_KDU
uncredited male
Member
The old incompetence or malice game. Where we never win.
I hope antimalware/anticheat/antivirus software starts checking for Capcom.sys... I mean, it's tiny, it's signed, it gives kernel level execution privileges - this thing is perfect for black hatters or cheaters.
Trying to sneak-install a rootkit to secure your own game and instead opening a huge backdoor that allows anyone to cheat at any game, including yours. Brilliant move, Capcom.
Not sure how I feel about a batch file in 2016. I mean, sure, even nowadays I'm writing some of those for personal use because I'm a kid of the DOS era and don't want to dive into the intricacies of Powershell/WSH scripting for a quick and dirty task, but I'm not Capcom, and I didn't just get caught with my pants down and my hand in the cookie jar. Kinda low effort, that.
Trying to sneak-install a rootkit to secure your own game and instead opening a huge backdoor that allows anyone to cheat at any game, including yours. Brilliant move, Capcom.
Not sure how I feel about a batch file in 2016. I mean, sure, even nowadays I'm writing some of those for personal use because I'm a kid of the DOS era and don't want to dive into the intricacies of Powershell/WSH scripting for a quick and dirty task, but I'm not Capcom, and I didn't just get caught with my pants down and my hand in the cookie jar. Kinda low effort, that.
I have rarely seen someone so blatantly missing the point, that I wonder if it is on purpose.
The way you phrase it it looks like you are arguing against Tripon, while actually you don't.
Son Of Sparda
Member
Oh, yeah. I'm definitely not arguing against Tripon. I'm actually agreeing with him. So, sorry if the wording looks a bit off.
stan423321
Member
No, all this thing is supposed to do is deleting capcom.sys.
SeeNoWeevil
Member
How did Steam install Capcom.sys into System32 without Admin access?
Steam didn't, Steam only did the update for the game. The game/Capcom itself asked for admin level permissions to install the rootkit after the update. People went "WTF" (and rightly so because a game shouldn't have to ask for admin level permissions EVER) and poked around.
It also asked to give you permission every time you played, AND was a random file name each time, just like a Virus.
Capcom intentionally put this thing out because they didn't want people cheating on their game. Did they know it was malware/rootkit? No, because as Mike Z said in that podcast link, it's what a novice would do. It's an embarrassment, and I don't think Capcom quite understands the gravity of the situation or how it's going to negatively affect their business going forward, and not just for Street Fighter 5, either.
I saw the 5gb update and decided to delete the game instead of installing the patch.
I'm lucky that I did and I sure as shit won't be reinstalling. They've lost my trust and I don't even play the game. What a massive fuck up.
I will be very hesitant to purchase a contemporary release from Capcom on PC. They'll do it again if they're that incompetent.
I'm lucky that I did and I sure as shit won't be reinstalling. They've lost my trust and I don't even play the game. What a massive fuck up.
I will be very hesitant to purchase a contemporary release from Capcom on PC. They'll do it again if they're that incompetent.