Sysinternals Homepage
Forum Home Forum Home > Sysinternals Utilities > Process Explorer
  New Posts New Posts RSS Feed - SecuROM: Why they hate Process Explorer...
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

SecuROM: Why they hate Process Explorer...

 Post Reply Post Reply Page  12>
Author
Message
Matts_User_Name View Drop Down
Senior Member
Senior Member
Avatar

Joined: 10 August 2006
Location: USA
Status: Offline
Points: 687
Post Options Post Options   Thanks (0) Thanks(0)   Quote Matts_User_Name Quote  Post ReplyReply Direct Link To This Post Topic: SecuROM: Why they hate Process Explorer...
    Posted: 07 June 2007 at 1:45pm

I wrote SecuROM the following email:
Quote
would like to know why your company has implemented functions in your SecuROM protection software for detection of Microsoft's Process Explorer (specifically its kernel driver PROCEXP100.sys) and if detected the software fails to run.

I have this problem with the C&C3 game, in which I bought and installed a legit copy, although it will refuse to run if Process Explorer has been loaded and its driver into memory.

It is very difficult to deal with this since there are only 2 solutions:
1. Unload the driver by restarting the computer everytime you want to play while not loading MS's Process Explorer.
2. Install a rootkit on your computer to hide a specific Kernel module drivers. (Easier said than done)

I am just wondering why you have your software set up in a way of refusing to run the actual code from the developer if a legit tool like Microsoft's Process Explorer is loaded.
You might as well have it install a low level keyboard filter driver to prevent any user from press Ctrl Alt Del to bring up the standard windows Task Manager.

I can see how you would be concerned with various exe debuggers, but why a task manager? How does this pose a threat to your security routines?
Do you plan on ever fixing this, or will you continue to block more Microsoft's tools to better manage your system or corporate network?

In my opinion this kind of security restriction just promotes others to bypass functions and subroutines in the packed security executable (via methods of debugging and disassembling the code), by use of debuggers,  just so others can continue to have a stable system and clean of malware.

I really think you should provide a security patch to your SecuROM software allowing various [currently blocked] and LEGIT Microsoft tools to run in the background so one can better manage how the system operate.

In truth, do you really think someone who bought the software and has a legit copy is going to try to "hack and bypass" security options by use of Microsoft's monitoring tools?




Here is their response:
Quote
Hello,

'Process Explorer' has dumping capabilities as well as registry monitor / file monitor capabilities. This could be used to trace the behavior of SecuROM.

Therefore, we do not allow the game to start when this software is active.

We have no immediate plans to allow this software in the future.

Best regards,

SecuROM Support Team
SecuROM on the web: http://www.securom.com
or via e-mail: support@securom.com



That is just stupid, "trace the behavior of SecuROM" many apps can monitor data.


Hmm any ideas you think I could write in response to perhaps have them change their mind?




Edited by Matts_User_Name - 07 June 2007 at 1:52pm
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Status: Offline
Points: 17516
Post Options Post Options   Thanks (0) Thanks(0)   Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 07 June 2007 at 1:54pm
Google securom.
 
First hit:
Quote CD-Rom copy protection solution by Sony DADC. SecuROM offers online encryption and in-house testing.
 
Can you think of any reason Sony won't play nice with Sysinternals' utilities? Disapprove
 
 
Daily affirmation:
net helpmsg 4006
Back to Top
namrehto View Drop Down
Senior Member
Senior Member


Joined: 23 June 2005
Location: Scotland
Status: Offline
Points: 3876
Post Options Post Options   Thanks (0) Thanks(0)   Quote namrehto Quote  Post ReplyReply Direct Link To This Post Posted: 07 June 2007 at 2:00pm
Originally posted by SecuROM SecuROM wrote:

'Process Explorer' has dumping capabilities as well as registry monitor / file monitor capabilities
Aren't they talking about Process MonitorConfused
Gil
Back to Top
Matts_User_Name View Drop Down
Senior Member
Senior Member
Avatar

Joined: 10 August 2006
Location: USA
Status: Offline
Points: 687
Post Options Post Options   Thanks (0) Thanks(0)   Quote Matts_User_Name Quote  Post ReplyReply Direct Link To This Post Posted: 07 June 2007 at 2:25pm
Originally posted by namrehto namrehto wrote:

Originally posted by SecuROM SecuROM wrote:

'Process Explorer' has dumping capabilities as well as registry monitor / file monitor capabilities
Aren't they talking about Process MonitorConfused


Initially that is what I thought. But I think they are talking about the open "Handles and Dlls"

As for the dumping, they might think the process Stack and Memory read is considered dumping.

I wrote them back asking how the driver is dangerous if the PE exe is not running. And if so I ask them if they could elaborate on what it does exactly when PE is completely shut down.

Im curious to see what they have to say about that.

Ill post it once they respond.


...... Yea gee I wonder why they dont like Mark R. perhaps because he found their rootkit. lol
Back to Top
EP_X0FF View Drop Down
Senior Member
Senior Member
Avatar

Joined: 08 March 2006
Location: Russian Federation
Status: Offline
Points: 4753
Post Options Post Options   Thanks (0) Thanks(0)   Quote EP_X0FF Quote  Post ReplyReply Direct Link To This Post Posted: 08 June 2007 at 6:17am
Most funny in this situation is that such kind of "defense" by banning several tools in order to keep behavior of "defense" in a secret - just pain for usual users of these tools. Peoples who interested in SecuRom "behavior" will trace it though in the end.
Back to Top
Wwhat View Drop Down
Newbie
Newbie


Joined: 03 August 2006
Location: Belgium
Status: Offline
Points: 12
Post Options Post Options   Thanks (0) Thanks(0)   Quote Wwhat Quote  Post ReplyReply Direct Link To This Post Posted: 25 August 2007 at 6:13pm
Isn't it obvious? they don't want the tech press (and litigators) to be on their ass for including a sony rootkit with a game and have evidence for it.


Back to Top
noks View Drop Down
Newbie
Newbie


Joined: 17 August 2007
Status: Offline
Points: 4
Post Options Post Options   Thanks (0) Thanks(0)   Quote noks Quote  Post ReplyReply Direct Link To This Post Posted: 27 August 2007 at 3:48am
God, why is this even happening...

I think most of this has also started happening since the newly released game Bioshock came implemented with its SecuROM DRM features.  I think I will hold off buying it now; I do not want any DRM crap on my computer. And limiting installs to 5 computers or whatever? Or even having the cheek to even think about limiting it to X computers? I'm sorry, but I bought the damn thing, and I can install it whereever I want, how many times I want.

They're making people resort to piracy [by bypassing and removing it] to play their own damn game.  That is, regardless of the fact they might only install it on one computer in their lifetime. I certainly dont want DRM limiting any number of installs or it even installed on my computer.

And if will prevent me from running Process Explorer? All the more reason to turn to some program that gets rid of it.  If I want it running, I want it running!

Steam, the game distribution platform, allows you to buy Bioshock and tie it in to your account.  It has its own DRM feature; you need to log in to play a game, or have the account info saved to your computer so you can play it offline.  Trouble is...this also comes implemented with the DRM "version".  Arrrggghhh!!

Get rid of this useless, and franky annoying DRM stuff Sony.  I want to meet the guy who programmed it...t**t!


Edited by noks - 27 August 2007 at 4:04am
Back to Top
Fedhax View Drop Down
Newbie
Newbie


Joined: 31 August 2007
Location: United States
Status: Offline
Points: 1
Post Options Post Options   Thanks (0) Thanks(0)   Quote Fedhax Quote  Post ReplyReply Direct Link To This Post Posted: 31 August 2007 at 5:37pm
Piracy won't even let you bypass SecuROM on this particular issue.  (Disclaimer:  I am not promoting it or condoning it)

There is a recently released crack for Bioshock that has hit the torrent networks, and I ran across one user that has having this problem with the Bioshock crack.  It wasn't until the user pasted this link that I knew that this problem could occur with PC games:

http://www.securom.com/message.asp?m=module&c=5024

In some wicked kind of irony, the crack lets you bypass activation, SecuROM installation, and the use of a valid software key.  However, it does not prevent you from dealing with this kind of issue.  Protecting your software and IP is one thing, but doing so in such a zealous manner that it will refuse to run with system/admin software installed on your system is just plain wrong.
Back to Top
JolietJake View Drop Down
Newbie
Newbie


Joined: 26 July 2007
Location: United Kingdom
Status: Offline
Points: 10
Post Options Post Options   Thanks (0) Thanks(0)   Quote JolietJake Quote  Post ReplyReply Direct Link To This Post Posted: 01 September 2007 at 5:10pm
SecuROM's corporate advertising blurb-'GET MORE CONTROL'. 

Tells you all you need to know really.
Back to Top
Aztek View Drop Down
Newbie
Newbie


Joined: 22 September 2007
Status: Offline
Points: 11
Post Options Post Options   Thanks (0) Thanks(0)   Quote Aztek Quote  Post ReplyReply Direct Link To This Post Posted: 25 September 2007 at 5:55am
Their answer to the closed process explorer

Quote Dear Customer.

Thank you for your reply. The driver can be used by every application, not only Process Explorer. It is not possible to determine if there is any program using the driver.
Therefore we do not allow this potential "dangerous" driver. Please reboot your computer to play the game.

Thank you for your understanding.

Best regards,

SecuROM Support Team
SecuROM on the web: http://www.securom.com
or via e-mail: support@securom.com


why not just add a simple way to rename the driver :D


Edited by Aztek - 25 September 2007 at 5:56am
Back to Top
 Post Reply Post Reply Page  12>
  Share Topic   

Forum Jump Forum Permissions View Drop Down