Unbranding the Sheep: If You Wear a Bullseye, Expect To Get Shot

I saw an interesting article Monday on Kotaku that basically proved everything I’ve been saying about DRM right: it was a piece showing the top 10 most torrented video games, courtesy of TorrentFreak. I found it interesting because it shows exactly where piracy stands in this industry.

Let’s take a closer look at this list; I’m going to pick out the one thing that I noticed about a lot of these games:

1. Spore (1,700,000, released Sept. 2008) – SECUROM GAME
2. The Sims 2 (1,150,000, Sept. 2004) – SECUROM GAME
3. Assassins Creed (1,070,000, Nov. 2007)
4. Crysis (940,000, Nov. 2007) – SECUROM GAME
5. Command & Conquer 3 (860,000, March 2007) – SECUROM GAME
6. Call of Duty 4 (830,000, Nov. 2007)
7. Grand Theft Auto: San Andreas (740,000, June 2005)
8. Fallout 3 (645,000, Oct. 2008) – SECUROM GAME
9. Far Cry 2 (585,000, Oct. 2008) – SECUROM GAME
10. Pro Evolution Soccer 2009 (470,000, Oct. 2008)

Of the top ten torrented games of 2008, six of them are SecuROM titles, and even more telling, four of the top five are, and if you go a little bit deeper, even Assassins Creed isn’t exempt, as it was a horrible port that had it’s own DRM, which involved continually calling home to Ubisoft – which, due to the shoddy coding, caused multiple crashes – as well as a myriad of other issues, some of which were fixed by cracking the game. More on this in a bit.

We can read into this multiple ways, but here’s one way I read into it: this is no accident, nor is it just a consequence of these being the top five big-name releases. Left 4 Dead is a big name PC release, but you don’t see it being copied to this extent, and Pro Evolution Soccer 2009 is a large, global phenominon, as shown by the numbers after two months of being released, but it doesn’t have DRM in it, and didn’t get downloaded with the veracity that Spore did.

What this shows is that gamers have smartened up to what’s going on with their PCs, and are waging war the only way they know how: via BitTorrent and message boards. While the ratio of the wise to the ignorant is still too small, it shows that gamers – be it those that truly believe in the movement, or those that just like being a part of a movement, as was hinted at by John Riccitielo in a tremendously insulting interview – are starting to take it to the man, so to speak, and that the numbers are big enough to pay attention to.

I’m personally on record as stating that this is a daft way of handling this; all this is doing in my eyes is justifying to the suits that instead of less DRM, we need more DRM, and that we have to squeeze the throats of the legitimate users and pirates alike to the point where they either suffocate or submit. I think we’re giving them a paddle to spank us with by doing stuff like this, and the comments by EA’s CEO above tell me what they think, ie, who cares about the efforts of the pirates, people are buying the game anyway, now we just have to kill the pirates harder.

But as an internet security engineer by trade, of course I hate programmes like SecuROM (as opposed to Uniloc, which doesn’t install anything), because as I learned from installing the Bioshock demo – that’s right, a DEMO – it installs silently, without consent, calls home whenever it wants to, cannot be removed except with some very technical procedures, and until recently, with some games (Far Cry 2) telling you on the back of the box, and Steam now telling people that games come with third party DRM (sadly, they didn’t do this with that demo), gamers that install these games are installing something that isn’t even mentioned in a shrinkwrap EULA. Think about this: even with something as dubious as “by opening this product, you’re agreeing to let us do whatever we want with this game, despite the fact that you cannot see any EULA without opening the product”, they weren’t even telling people that much! The fact that a large percentage of gamers still accept this – too many threads I saw on various message boards were filled with gamers saying variants of “they can do what they want because it’s theirs, but as long as I can play the game I’m happy” – is baffling to me.

Companies are starting to wise up to this but aren’t quite grasping what we’re trying to say because they’re making great pains to tell us that, while we’re getting SecuROM, it’s not as painful as it was. Bethesda and Rockstar took great pains to tell us how wonderful they made their rootkit; I mean, Fallout 3, all it does is check for the disc! That’s all! And Grand Theft Auto IV? You can install it as many times on as many PCs as you want! It’s limitless! You’re free to do whatever you want as long as you install the programme!

Here’s a question to whoever was the genius that made that decision: if it’s totally free like that, why the hell bother with DRM in the first place? And why is no one understanding that it’s not so much authentication schemes we’re angry about as it is software on our PCs? Steam is popular. I’ve had few problems with Uniloc (though there have been some problems with certain games). Stardock’s Impulse and GamersGate’s download manager all seem competent, Why stick with SecuROM?

Most damning of all is probably the statement of fact that no one – developers, mainstream games media, reviewers, etc. – wants to admit, but it’s out there, and it further proves that this isn’t a problem that’s going away: pirated copies often work better than retail copies. For proof of that, all it takes is a few trips to communites dedicated to The Sims 2. There are very in-depth, dedicated FAQs letting all members know what the deal is, detailed, technical instructions on how to get rid of it and not get it back, and in too many threads I’ve seen to mention, recommendations to just use a “no CD” crack to get around half the problems this game’s software causes with legitimate programmes such as PowerDVD, Daemon Tools or any sort of software that either allows virtual drives or virtual machines. They’re literally telling their peers to crack their own games to get around problems caused by DRM software that does nothing for the consumer but limit their rights to their legally purchased games.

So why, despite everything that I’ve written about here, everything more prominent sites have written, everything hard statistics are telling us, and everything common business economics tell us, are companies still putting Baby’s First Rootkit into our games? I think I’ve figured it out, and it’s the same reason we have to do stupid shit at airports like going through the detectors barefoot, not bringing on nail files and generally feeling violated by the time the boarding process is complete: it’s Security Theatre. I see this in my industry all the time: some high powered executive with a $1,000 suit and a $10 IQ reads something from some mainstream source that software pirates, most of them teenage boys, are taking over the industry and costing companies a large, usually poorly added sum of money. The executive freaks, and asks his developers what they’re going to do about it. His developers state that there’s not much they CAN do about it; the hardest schemes, from instruction booklet passages to code wheels to installed software have all been broken within days of a game’s release. That’s not good enough to the executive; after all, he got where he was by defying all rules of logic, and he wants something done, and he wants it done now. The developers, knowing that it’s hopeless but that they need something to appease this moron who inexplicably holds their livelihoods in his soft, non-calloused hands, decide to go with the most well-known, popular option, knowing that SecuROM has the advantage of a word-of-mouth reputation, and that any protests will die down eventually because of the sheep-like nature of most gamers. This pleases the PHB (Pointy-Haired Boss) and allows these people to move onto something that doesn’t make their heads hurt. The more I hear someone I’m working with tell me that while my professional opinion is very likely solid, they’re doing it their way anyway because some banker who refers to Internet Explorer “the internets” said to, the more I believe this to be the likely option, or at least the only one that makes sense according to any rule of Earth logic.

It’s sad, because this crap is driving me out of the PC gaming market almost as quickly as I entered it. I can’t name all of the games that Alex and I – just the two of us – have turned down because they use SecuROM – I know my latest one that I was slated to review but ended up turning down was Ubisoft’s The Price is Right, a $20 game that would ultimately be overpriced as a $10 XBox Live Arcade download – but the number is easily into double digits. Furthermore, even notwithstanding reviews, there are a lot of PC games that I would love to play if it wasn’t for SecuROM. I will never own Bioshock, Far Cry 2, Crysis, either of the Command and Conquer games or Neverwinter Nights because they use SecuROM, and I regret buying the 360 versions of GTAIV and Mass Effect before their PC counterparts came out, using the software. I’ve become paranoid about any PC game I decide to buy, double checking on Steam (if applicable) and Google to make sure there won’t be any DRM problems to make absolutely sure that I’m not shelling out $50 on a game that’s going to ignore the commands and settings of a trained professional, and at this point, about the only company I feel comfortable buying from is Stardock. This crap is running me out of the PC gaming market because while I refuse to pirate a game to make a petulant “statement”, I also will not sacrifice the security and integrity of my system just to play a game when I have thousands of others that can just as easily pass my time.

The only positive to this is that CEOs are starting to figure out that this is the case for a significant amount of people, and while they haven’t quite grasped it yet, I have confidence that as long as we keep our collective feet on the pedal, they will eventually get it, realize that there are better alternatives – why companies insist on SecuROM when it comes to Steam games is beyond me, as Steam is a highly competent way to validate a game is legit – and make this issue less and less significant as time goes by. Because if the TorrentFreak numbers prove anything, companies that use SecuROM are painting a large bulls-eye on themselves, and unlike negative PR, it has become obvious that the consequences of this are tangible and legitimate.






One response to “Unbranding the Sheep: If You Wear a Bullseye, Expect To Get Shot”

  1. […] arguments have been made that the mere presence of SecuROM makes the game it’s involved in a bigger target for pirates. Every game with a CD check has been cracked in the exact same way, by reverse engineering the […]

Leave a Reply

Your email address will not be published. Required fields are marked *