Ubisoft now claims they have patched the bug and all is good as long as people upgrade to the latest version of UPlay (Version 2.0.4). This means that when you buy that brand new Ubisoft game from the store you will need to upgrade the game and the DRM to make sure you are good to go. Ubisoft maintains that this issue was not a rootkit and never was one. Considering that the issue could be mitigated by disabling two browser plug-ins we have to agree with them here. Having dealt with a number of rootkits they are much harder to remove from a system than this.
Still the issue should not have been there and shows a common problem in IT and software development. This is a tendency not to check to make sure you are not building in exploits when you put together a system. The five lines of code in the UPlay plug-in allowed anyone to launch whatever they wanted. Ubisoft left them open intentionally because they were looking to make things easier for developers to work with their DRM tools. Unfortunately leaving these lines in allowed people to use the same command line arguments to launch what they wanted including malicious code. It was a bit of laziness on the part of Ubisoft which has opened a significant number of computers to potential attack.
Ubisoft now faces an issue that many companies face; getting people to actually install the patch. Ubisoft might have fixed the issue, but as we have seen in the past not everyone rushes to put the fix in place. It is a very common trend for people not to run updates and patches because they do not want to take the time to do so. Many companies have had this issue long before Ubisoft (how many of you have multiple updates waiting on your phone, tablets, or even desktops?) and the issue will remain a long time after this one. What Ubisoft might need to do is take advantage of their own exploit to push this one out to anyone launching UPlay just to be sure they hit the whole user base; or they could scrap the whole idea of always on DRM and find a better way to get things done. After all as studies have shown, DRM only affects and hinders legitimate consumers and has almost no effect on piracy.
Discuss this in our Forum