The reason for the !CAUTION! key is to keep an ignorant user from wiping out his key tokens in the SecuROM subkey. That's why there's an "!" at the beginning; it sorts first in the subkey. So if a user stupidly tries to delete the entire SecuROM key (not realizing that it's his DRM) while his game is installed, or even after he's uninstalled, the first attempted deleted subkey will be the !CAUTION! key and Windows will abort. Thus it is a poor way to keep stupid users from trashing their DRM, not a rootkit.
The undeletable files under the Application Data tree may be protected by the cmdlineext.dll shell extension that is also installed with SecuROM (and gets a lot less fanfare than uaservice7.exe does). In earlier versions of SecuROM, one of the functions of this extension was to prevent you from deleting 16-bit executables (you'd get a sharing violation error if you tried). I've heard that the latest version of SecuROM doesn't do that anymore, but it may have other similar properties or may have its scope narrowed a bit to the so-called sacred files you mentioned.
Note that cmdlineext.dll (and other versions cmdlineext02.dll, cmdlineext03.dll) can be a bit tricky to remove. Since it's registered as a shell extension, and Explorer is invoked during startup, the file will always be in use unless you unregister it:
regsvr32/u cmdlineext.dll
After rebooting, you can then (hopefully) delete the file. Note, however, that the file will be recreated and re-registered the next time you run a SecuROM game, so you have to take some extreme measures if you want to ensure that the file can't come back. I've tried creating a zero-length file and setting the permissions to Deny for all users, as well as setting the file read-only, and that seems to do it for at least some versions of SecuROM.
This functionality is at least as nefarious as the more commonly reported portion of SecuROM, which is indeed a service in the current version and can be stopped like other services.
Anyway, as for the larger question, I didn't buy Civ IV because of SecuROM, and I'm not buying BioShock because of it, either. If 2K decides to capitulate on this issue at some point, I'll reconsider. In any case, it'll give Irrational time to work on a patch for some other issues that have come up.
First I agree. I can not abide condoning corporations that shovel utter crap to customers, just because they can.
BUT after doing a proper uninstall I can find no trace of SecuROM that the TFA talks about. I just ran the Microsoft Rootkit Reveler and besides some issue with my Anti-virus API and default MS entries, I have nothing.
I unregistered cmdlineext.dll as you suggested, and rebooted, but I still can not find these "irremovable SecuROM" files. So either I got rooted for sure, or there is a whole lo
"Gort, klaatu nikto barada."
-- The Day the Earth Stood Still
Not a rootkit (Score:5, Informative)
Thus it is a poor way to keep stupid users from trashing their DRM, not a rootkit.
T
Re:Not a rootkit (Score:4, Interesting)
Note that cmdlineext.dll (and other versions cmdlineext02.dll, cmdlineext03.dll) can be a bit tricky to remove. Since it's registered as a shell extension, and Explorer is invoked during startup, the file will always be in use unless you unregister it:
regsvr32
After rebooting, you can then (hopefully) delete the file. Note, however, that the file will be recreated and re-registered the next time you run a SecuROM game, so you have to take some extreme measures if you want to ensure that the file can't come back. I've tried creating a zero-length file and setting the permissions to Deny for all users, as well as setting the file read-only, and that seems to do it for at least some versions of SecuROM.
This functionality is at least as nefarious as the more commonly reported portion of SecuROM, which is indeed a service in the current version and can be stopped like other services.
Anyway, as for the larger question, I didn't buy Civ IV because of SecuROM, and I'm not buying BioShock because of it, either. If 2K decides to capitulate on this issue at some point, I'll reconsider. In any case, it'll give Irrational time to work on a patch for some other issues that have come up.
Re: (Score:1)
BUT after doing a proper uninstall I can find no trace of SecuROM that the TFA talks about. I just ran the Microsoft Rootkit Reveler and besides some issue with my Anti-virus API and default MS entries, I have nothing.
I unregistered cmdlineext.dll as you suggested, and rebooted, but I still can not find these "irremovable SecuROM" files. So either I got rooted for sure, or there is a whole lo