Ever since the Sony Rootkit debacle, I’ve been pretty paranoid about adware and viruses. I manually update my Norton Antivirus about 3 times a week (although they only seem to update about once a week), and run Spybot S&D and AdAware almost daily.

Well, today I have a new product to watch out for : Star Force. Have you recently installed a game or application in Windows, and for no known reason it required you to reboot? It didn’t install DirectX, and it’s not a device driver, so why would you have to reboot? Well, StarForce is why. It operates as a hidden device driver in Windows, and from what I can tell it wreaks all kinds of havoc on most systems. BoyCott Starforce has the details, but it seems it does everything from plain old system instability to rendering CD/DVD Writers useless by causing IDE errors & intermittent slowdowns. From their site:

For example, here’s one of the common problems brought by Starforce: under Windows XP, if packets are lost during the reading or writing of a disk, XP interprets this as an error and steps the IDE speed down. Eventually it will revert to 16bit compatibility mode rendering a CD/DVD writer virtually unusable. In some circumstances certain drives cannot cope with this mode and it results in physical hardware failure (Most commonly in multiformat CD/DVD writer drives). A sure sign of this step down occurring is that the burn speeds will get slower and slower (no matter what speed you select to burn at). Starforce, on a regular basis, triggers this silent step down. Until it reaches the latter stages most people do not even realise it is happening.

It gets better…

Moreover, the Starforce drivers, installed on your system, grant ring 0 (system level) privileges to any code under the ring 3 (user level) privileges. Thus, any virus or trojan can get OS privileges and totally control your system. Since Windows 2000, the Windows line security and stability got enhanced by separating those privileges, but with the Starforce drivers, the old system holes and instabilities are back and any program (or virus) can reach the core of your system by using the Starforce drivers as a backdoor.

Bingo Bango Bongo.. it’s the Sony DRM Rootkit Fiasco all over again. Uninstalling the driver is near-impossible, without the secret tool from StarForce (which the guys on the boycott site have, thank goodness). And of course, removing this unwanted piece of junk will render the software useless on a good day, turn your computer into a paperweight on a more likely day. Great…

I can’t say for certain, but I’m willing to bet it’s not on the box either: “Deluxe Edition, with StarForce! For your Protection!”

Update Just checked my PC at home, and I’ve got it. Don’t know from where, the only game I’ve played in their list is Prince of Persia: The Two Thrones, and that was almost 2 months ago. Neither Norton nor any of my Spyware tools picked up on it, so it seems there’s really no automatic detection methods working for it. I downloaded the Uninstall tool and it seems to have removed it.. I’ll post more if I find any more problems..

Update #2 Just to give a “clear and balanced” picture here (and to avoid getting sued for libel), the same guy (Mark Russinovich) who exposed Sony’s DRM was evidently tasked with checking StarForce and and No Root-kits found. Evidently Star-force even has a contest running with $10000 to the first person to find & demonstrate the destruction of a CD/DVD burner. So maybe it’s all bunk & overreacting, but I still take issue with anything installing Ring-0 Device Drivers without my knowledge. If said drivers can actually elevate priviledges, seems like it’s just asking for a virus like the Backdoor.IRC.Synd to exploit it.

Be Sociable, Share!