Posts Tagged ‘drm’

Buying New Games

Monday, July 13th, 2009

As you know, now that I have a proper gaming rig I’m on the lookout for new exciting games to play. I had a blast playing Fallout 3, and I believe I will get many more hours out of this game. But I want to branch out and catch up on things that I have missed in the past. I tried composing a queue of interesting titles. One of the games I’ve been itching to try is Left 4 Dead. I mean, zombies! I love zombies.

But, I just know that with the sequel coming out soon I might as well wait until Valve drops the price. I’m checking steam every once in a while, and as soon as I see a sale, I’m totally getting it.

Other than that I’ve been looking at the following titles that sipped past me:

  • Crysis
  • Bioshock
  • Mass Effect
  • Overlord
  • Assasins Creed (I heard it blows though)
  • Prince of Persia
  • Farcry 2
  • The Witcher (made by Polish people – need to check it out)
  • Dark Messiah of Might and Magic
  • Mount & Blade
  • Mirror’s Edge (I heard it blows too)
  • GTA3 (event though the DIAS game play will kill all the enjoyment of it)

Not necessarily in that order of course. These are just the titles that captured my interest in the past. Feel free to add your suggestions to this list – I’m sure I’m missing some great games here. Of course I’m not getting all of these games at once. This is sort of my game queue right now. Each time I get bored with a title, I would pick another one of this list.

Here is my dilemma though: should I really buy some of these titles? I mean, it’s a silly question, I know. But take my experience with Fallout 3 – I had to bend over backwards to actually get it running. When my brother saw me struggle with actually getting this game to run he was like “WTF dude, why didn’t you just pirate it. I’m sure you wouldn’t have this many problems with it”. And you know what? He is right.

I wanted to support Bethseda and bought the game legally. What did I get for that? A headache, and lots of frustration. And Fallout 3 is one of the least restrictive games out there. According to Bethesda it uses SecuRom only for the disk check or something. Still, every time I’m installing something new on my machine I have to think twice. Does this count as emulation software? Will it trigger SecuROM? Will it lock me out of my game? This is bullshit! I don’t want to go through this type of stuff with each new game. I don’t want to have to worry that some perfectly legal, application will suddenly break my game.

Now look at the two top positions on my list. Both Crysis and Bioshock use SecuROM in it’s super-restrictive mode, along with online activations and install limit. Seeing how I have both Demon Tools and Nero on my machine I don’t even think I will be able to install these titles. If you do some googling, you will see that thousands of people are having issues with these games. Nearly all of them are legitimate customers. You will never see a pirate complaining about SecuROM online. Do you know why? Because pirates never see it.

Can you see the irony of this situation? I have both the money and the inclination to go out and buy a bunch of new video games. What is stopping me is the concern that the anti-piracy measures used by them will cause me endless trouble and frustration. If I buy them, I may need to uninstall bunch of legal applications, install patches and search the web for workarounds.

I asked a friend who really enjoyed Crysis about the DRM issues. Surprisingly he had none, but that’s because he downloaded the game illegally. He said he considered buying it, but then he heard about all the problems and changed his mind. And unlike legitimate customers who pretty much just rent the game, he actually owns his illicit copies of Crysis and Bioshock. As long as he holds on to the disk images, he can install them on new machines.

So we are in a peculiar situation here where DRM is not only ineffective, but counter-productive. It has a directly opposite effect from the one desired. Instead of thwarting piracy, it is actually driving it.

Am I wrong about this? Have you played any of the games on the list? Did you have DRM issues? Or did you obtain DRM free copies and skipped this headache?

Also, please suggest other games that I should add to my queue. Preferably DRM free of course, but if something is really worth the frustration (or a frustration free download) then I’ll consider it as well.

Tags:
Posted in copyfight, games, technology | 23 Comments »

DRM: The Programmers View

Monday, July 6th, 2009

I make my living as a software developer, and this confuses people when they hear me bashing DRM. They are perplexed by the fact that someone who writes software may be so vehemently opposed to copyright protection tools. After all, most musicians, movie makers and book authors seem to support the idea. These tools protect their work from evil pirates who would otherwise download it for free. Whenever I say something critical of DRM schemes they dig out this old chestnut:

Luke, how would you feel if someone pirated your own software?

I’d feel peachy keen actually. My software can’t be pirated because I give it away for free most of the time. The commercial stuff I write, is done on salary or via contract. In other words, I get paid for my software as a service to a given company. Whether or not that software gets pirated or not, does not affect my pay. You see, I removed myself from that equation by refusing to develop and sell commercial products directly to the customer.

This of course doesn’t mean I do not understand their mindset. If I chose too develop and sell a commercial application it would be tempting to try to build in some anti piracy measures. In fact, if you are a small startup and you are selling directly to you users via digital download, this sort of thing may even work.

Some time ago I wrote about Amy Builder and how it’s product remains uncrackable years after the release mostly due to the fact that it is a niche product. Still, I must wonder whether or not this is working for them. You see, their previous version was easily cracked widely available on file sharing websites. Thanks to that fact they have quickly built a critical mass of users.

Now they have a yet to be cracked version, but also a very large user base. A lot of former pirates who are returning to the tabletop gaming hobby may try to find a cracked version, fail and actually buy the product in the end remembering how much they liked it in the past. This means that piracy may have actually helped them in the long run.

But of course the Army Builder is a small application that uses a fairly simple anti-piracy measures. They are complex enough to deter inexperienced crackers, but the application is not notable enough to warrant attention of the big time scene folks who would rather spend their time on popular commercial games or applications. This scheme works for Army Builder because it is a tool designed for a small group of customers: people who play tabletop battle games.

As soon as you gain mainstream popularity you automatically show up on the radar of the more competent crackers. Sooner or later someone will break your copy protection scheme. At that point you can do one of two things:

  1. Re-write the copy protection code and re-release
  2. Ignore it

If you choose the former option, you are going to get yourself into a constant battle between you and the crackers. Each time they crack it, you will analyze their crack, go back to the drawing board and try to outsmart them, fool them and get the upper hand. And then they will crack it again.

Eventually you will realize that you are spending more time writing the copy protection code, obfuscating it and creating traps and red herrings for a potential cracker, than actually maintaining the application itself. I’ve seen this happening, and you really don’t want to do this to yourself as a developer. The only way to win this, is to make your application code so complex, and so tightly coupled with the copy protection code that it ceases to be cost effective to crack it. It will never be cracker proof, but you can at some point get it to be such a headache that it’s just not worth cracking. If the difficulty of the crack far exceeds the glory that can be gained out of it, most people will just give up and leave it alone. But if you get to that point you will realize that:

  1. Your application is now a nightmare to maintain
  2. If you count lines of code, those that deal with copy protection will outnumber everything else
  3. You can no longer normally debug your app
  4. Your sales numbers didn’t change at all
  5. Legit customers are angry because the copy protection code interferes with their normal operation
  6. Pirates are happily running the last cracked version and there are whole communities online devoted towards porting the new contend to that outdated release

Trying to fight with pirates is probably a really great way to develop an ulcer, and experience a genuine mental breakdown.

Of course most of the software these days is not written by lone developers. It is created in teams which must work together and be able to read the code. This means that obfuscation, memory traps and all kinds of clever things that could trip up a potential cracker as he steps through the code in a debugger can’t be used. The code must be readable, maintainable and testable.

So we get to this weird situation where copy protection is now a feature that is created separately from the main product itself. More often than not it is an off-the-shelf product of some sort – like the industry standard SecuROM. And because it is a separate product it is loosely coupled with the application itself. What does that mean?

  1. Firstly, it means that the two products must be integrated – which may take a lot of work, and introduce certain amount of friction in places where the two must interface with each other
  2. Secondly, loose coupling means that the cracker’s job is easier. With a completely custom solution you can litter main application code with your copy protection checks. Anyone wishing to crack it, must then find every single one. With a ready-made solution, a cracker simply must find the spot in the code where the DRM gives control back to the main app and then create some sort of a workaround.
  3. Thirdly, it allows the crackers to specialize. They can go out and study how SecuROM works and become really good at disarming it. Then when you release your app, it they will know exactly what to do to strip it down of DRM.

So you see, being a developer only reinforces my feelings about DRM. Yes, I can put myself in the shoes of a poor downtrodden programmer who is starving because evil pirates stole his code. I can also put myself in the shoes of a cracker who can’t wait to start stripping DRM from a brand new video game. I can see both sides of the coin, and I can tell that DRM is a dead end.

Everyone who paid attention in their computer security or a cryptography class back in college knows this. A working, un-crackable DRM is impossible to create. It is the computer science version of the perpetual motion machine. In fact, you know that anyone trying to create a perpetum mobile is a crackpot who is simply ignoring the laws of physics. Similarly, anyone working on DRM is a crackpot ignoring everything that was ever written about cryptography.

Yup, I said it. No sane, self respecting computer scientist will ever want to work on a DRM related project. Not unless he has to. Who develops DRM then? Well, there is probably a handful of talented crazies who think that their idea can actually work and a lot of people who simply don’t know it can’t. DRM is written by either insane, misguided programmers or talentless hacks. Unsurprisingly, most of DRM products are not only ineffective but also badly written.

Adding DRM to your product, is really equivalent to smearing it with shit. This is why most of modern DRM products has all these issues. This is why I need to run Fallout 3 as administrator under Vista. This is why I had to disable and remove all my emulation tools to even install it.

This is why I hate it. There is nothing hypocritical about it. As a programmer I would never actually want to get into the copy protection war and I would never want to expose my customers to the steaming pile of shit that is SecuROM. Sure, I’d probably not be happy to find out that people are using my software without paying for it. But I’ve been in this industry long enough to know there is nothing that I can do about it. I can’t stop people from pirating my work – it’s just impossible. Trying to accomplish it will only make an ass out of me, alienate my customers and frustrate me even more. The only way to win this battle is not to fight at all.

I said it before, and I’ll say it again: a single CD-check is usually enough to deter casual piracy and sharing between friends and neighbors. And sadly, you can never even hope to accomplish more than that. Or rather, you can hope – but it won’t mean you will ever be successful at it.

Tags:
Posted in copyfight, programming, rant | 10 Comments »