SecuROM: Why they hate Process Explorer...

I wrote SecuROM the following email:

would like to know why your company has implemented functions in your SecuROM protection software for detection of Microsoft's Process Explorer (specifically its kernel driver PROCEXP100.sys) and if detected the software fails to run. I have this problem with the C&C3 game, in which I bought and installed a legit copy, although it will refuse to run if Process Explorer has been loaded and its driver into memory. It is very difficult to deal with this since there are only 2 solutions: 1. Unload the driver by restarting the computer everytime you want to play while not loading MS's Process Explorer. 2. Install a rootkit on your computer to hide a specific Kernel module drivers. (Easier said than done) I am just wondering why you have your software set up in a way of refusing to run the actual code from the developer if a legit tool like Microsoft's Process Explorer is loaded. You might as well have it install a low level keyboard filter driver to prevent any user from press Ctrl Alt Del to bring up the standard windows Task Manager. I can see how you would be concerned with various exe debuggers, but why a task manager? How does this pose a threat to your security routines? Do you plan on ever fixing this, or will you continue to block more Microsoft's tools to better manage your system or corporate network? In my opinion this kind of security restriction just promotes others to bypass functions and subroutines in the packed security executable (via methods of debugging and disassembling the code), by use of debuggers,  just so others can continue to have a stable system and clean of malware. I really think you should provide a security patch to your SecuROM software allowing various [currently blocked] and LEGIT Microsoft tools to run in the background so one can better manage how the system operate. In truth, do you really think someone who bought the software and has a legit copy is going to try to "hack and bypass" security options by use of Microsoft's monitoring tools?

Here is their response:

Hello, 'Process Explorer' has dumping capabilities as well as registry monitor / file monitor capabilities. This could be used to trace the behavior of SecuROM. Therefore, we do not allow the game to start when this software is active. We have no immediate plans to allow this software in the future. Best regards, SecuROM Support Team SecuROM on the web: http://www.securom.com or via e-mail: support@securom.com

That is just stupid, "trace the behavior of SecuROM" many apps can monitor data.


Hmm any ideas you think I could write in response to perhaps have them change their mind?




Edited by Matts_User_Name - 07 June 2007 at 1:52pm

Originally posted by SecuROM 'Process Explorer' has dumping capabilities as well as registry monitor / file monitor capabilities

Aren't they talking about Process Monitor? 

Most funny in this situation is that such kind of "defense" by banning several tools in order to keep behavior of "defense" in a secret - just pain for usual users of these tools. Peoples who interested in SecuRom "behavior" will trace it though in the end.

God, why is this even happening...

I think most of this has also started happening since the newly released game Bioshock came implemented with its SecuROM DRM features.  I think I will hold off buying it now; I do not want any DRM crap on my computer. And limiting installs to 5 computers or whatever? Or even having the cheek to even think about limiting it to X computers? I'm sorry, but I bought the damn thing, and I can install it whereever I want, how many times I want.

They're making people resort to piracy [by bypassing and removing it] to play their own damn game.  That is, regardless of the fact they might only install it on one computer in their lifetime. I certainly dont want DRM limiting any number of installs or it even installed on my computer.

And if will prevent me from running Process Explorer? All the more reason to turn to some program that gets rid of it.  If I want it running, I want it running!

Steam, the game distribution platform, allows you to buy Bioshock and tie it in to your account.  It has its own DRM feature; you need to log in to play a game, or have the account info saved to your computer so you can play it offline.  Trouble is...this also comes implemented with the DRM "version".  Arrrggghhh!!

Get rid of this useless, and franky annoying DRM stuff Sony.  I want to meet the guy who programmed it...t**t!


Edited by noks - 27 August 2007 at 4:04am

SecuROM's corporate advertising blurb-'GET MORE CONTROL'. 

Tells you all you need to know really.