When it comes to protecting their investment, how much copy protection is going too far?

Last week I installed the Flaming Cliffs demo. Today I found out that along with the demo a copy protection program called 'StarForce' was installed onto my system without my knowledge OR consent. This was not a retail game, but a freely downloadable demo.

What makes it even worse is that even if you uninstall this demo the copy protection remains operational on your system.

No big deal right? read on.

Security Holes, System Instability, Performance Degradation - oh my.

On November 8 2004 Security Focus reported "StarForce Professional Software Protection is reported prone to a local privilege escalation vulnerability". This means that the software has opened a hole that would allow an attacker to access the operating system with full privileges. Obviously this is NOT a good thing. While there is currently no worm or virus that exploits this vulnerability, it has presented another attack surface to virus writers. As of today, there is no fix for that exploit reported at Security Focus.

A quote from the online security site hints at another issue:

"Why are drivers installed on my PC?
Some versions of StarForce Copy Protection will install dedicated drivers on your PC. Those drivers are necessary for the StarForce specific CD/DVD checking procedure, only. They do not include any hidden functionality. The drivers are active only at execution of the protected application. StarForce constantly improves their drivers to keep them compatible with the latest versions of Windows operating systems."

If Microsoft decides to release a windows update that fixes one issue but renders the copy protection dysfunctional the Starforce copy protection will no longer work correctly - will the software simply stop you from using that software or will something unexpected occur?.

What if the person experiencing the issue is a home user with your average Joe technical skills? Will he attempt to rebuild his system to solve the issues he is now having? will he pay a local computer store? will their long suffering technician family member spend their time first troubleshooting and then backing up their data before rebuilding the machine? For me it's usually a weekend job when one of my relatives needs their systems rebuilt as they tend to have systems they actually use.

It has been widely reported that this software is responsible for system instability and performance degradation. Broadband reports - a reputable IT site - writes "Users report that the software gobbles up computing cycles, slows CD drive read-times, creates CD-R read errors even after removal, and is responsible for a number of device conflicts - particularly with external USB drives. Users who have tried to remove the product manually have often damaged their systems to the point of needing a fresh OS install." ( Full article here ).

Update: these issues were proved beyond a doubt. Starforce causes 'read errors' which the windows operating system attempts to counter by reducing the operation mode of the drive until it reaches rock bottom performance - called PIO mode. In this mode drives are incapable of burning or reading CD's reliably. Some drives have been reported to fail completely if operating in PIO mode for extended periods.

Developers trying to protect their retail software is understandable - but they should do so in a responsible manner. To have included this software with a free demo that does not include any physical media is just plain negligent. To have done so without informing the user or asking their permission is inexcusable.