On
30th January 2006,
Boing Boing, a popular
weblog, labeled StarForce as
malware [4], alleging several problems associated with the protection system, including
disk drive performance degradation, weakening of
operating system security and stability. A day later on
31 January 2006 Boing Boing received an email from StarForce
[5], threatening legal action and stating that the article was "full of insults, lies, false accusations and rumors".
CNET also ran a similar story, and has received similar email.
[6] However, Protection Technologies has never
proven these claims are false.
StarForce (all version known until August 2006) creates a real security problem when installed. The
access control list of the drivers are set such that any user, including those without administrative rights, are allowed to change the association with the executable.[
citation needed] Exploitation is simple: The user changes it to point at any arbitrarily chosen executable, which is executed with full system privileges on next reboot.[
citation needed] This can be verified with the security tool "srvcheck2", which detects such potentially insecure driver configurations.
On
5th March 2006, a StarForce employee posted a link
[7] to an illegal download source of
Galactic Civilizations 2, a game developed by
StarDock which does not use mandatory copy protection. StarForce later issued an apology for this act after it received a great deal of attention on the Internet.
[8]
On
24th March 2006, Christopher Spence filed a class complaint on behalf of himself and other gamers against
Ubisoft.
[9] As a result of that complaint, Ubisoft dropped Starforce.
[10]