DRM (Digital Rights Management) is being used more and more. Although the idea of anti-piracy is good, many implementations cause problems for the legitimate end users. It has not been that long ago that Sony released audio CD’s with DRM software on it. When a legitimate user would access the audio CD on her computer, the DRM software was installed, where the DRM processes where hidden by Rootkit technology.

After lots of public noise and media-coverage, Sony has abandoned the Rootkit usage and made removal software available. But in the end, the legitimate end-user, who is not the actual target of these DRM implementations, has to face the problem. Her system has been tampered with.

A company that is known to create DRM software for the gaming industry is company StarForce (http://www.star-force.com). Earlier this week it was discovered that their implementation will in fact install a driver at the highest level in the system (ring0). At that level, the driver will always be loaded and running, regardless if you are playing a game that is protected by StarForce’s DRM software. A driver running at this level has complete control over your system and can do basically anything as it runs with administrator privileges.

Installation of StarForce could be blocked by antivirus software that also pays attention to the installation of potential Rootkits. In their FAQ StarForce is acknowledging that ‘inconvenience’ and suggests to even disabling your security for the time being:

Is StarForce CD-R 3.0 compatible with anti-virus software?

During the installation of the protected application it is recommended to shut down all anti-virus monitors, because an anti-virus program can prevent writing of a protection library to the hard disk or change it. There are no troubles encountered during running a protected application with working anti-virus monitors.

If you do allow StarForce to install its drivers anyway, at the moment the DRM software is detecting suspicious behavior that may copy the protected software, the DRM software will make your system reboot. It is reported that they are doing it in the most destructible way: not a normal shutdown so any non-saved work is stored, but a harsh instant reboot where all non-stored data is lost. Imagine a situation where the software is misjudging behavior and thinks an illegal copy is being attempted. KABOOM!

The StarForce DRM software will prohibit access to its drivers (typical for Rootkits) and has been reported to slow down the system as well.

Anti StarForce

On the internet, a community has been formed battling the actions of StarForce DRM. This community has their own website to fight against StarForce. On this website you can find a complete list of software that is protected with StarForce DRM software, ways to detect the presence of the StarForce DRM software and a way how to remove it.

Norman advises its customers to stay away from software using these kinds of DRM protections.
The advice to temporarily disable your security software is NOT an advice that should be followed UNLESS it is given by the manufacturer of the security software to solve some issues. At any other time, advice like this has to be considered ill advice and be treated with the required skepticism.