I saw this while looking at news today.

It appears someone is passing Malware in their payware products.

Check it out

Have you bought their products?

https://www.rockpapershotgun.com/2018/02/19/flight-sim-group-put-malware-in-a-jet-and-called-it-drm/amp/

Hi,

it appears their "CEO" has now back-tracked on this after too much uproar from the base regarding this so-called DRM.
If interested see the respective forum post by him:
https://forums.flightsimlabs.com/index.php?/announcement/10-a320-x-drm-clarification/

Well, anyway while I can understand the wish to inhibit software piracy of their product, the method they chose leaves a very bad taste to put it mildy.
Spying on customers in the hope of gaining personal information they can use for identification in a future legal fight hmmmm..

Of course FSL say the software only executes with piracy-associated serial numbers , but it makes you wonder if they ever thought about stuff like false positives and so on..

Kind regards

Flapsfull

I fully appreciate the need for DRM and Anti-Piracy measure but what they did possibly violated Federal Law and FCC rules. Here is an analysis on the implications to users:

https://www.fidusinfosec.com/fslabs-flight-simulation-labs-dropping-malware-to-combat-piracy/

I posted this in the Ickie's NewsHawks as this came up my radar on Youtube and my Youtube is mostly game consoles and music.... Not the time to landing on the radar of consoles gamers with the lootbox rage going on. I can see some consoles gamers taking some rage out on Flight Sim Labs.

Than there is the matter of Google will probably be all over Flight Sim Labs. Maybe the US Feds and FCC. Oh yeah there is the EU as well... Flight Sim Labs better lawyer up and make sure its international lawyer up...

its not the first, orbx did a sleeper in a library update a few yrs back and if it found any pirated software it apparently wiped all the orbx software from the HD both paid and pirated versions

its not the first, orbx did a sleeper in a library update a few yrs back and if it found any pirated software it apparently wiped all the orbx software from the HD both paid and pirated versions
It's not the same case Matt. Here We are talking about malware which recolect users and passwords. That's illegal in USA, EU and Australia.
That's a huge security breach in legal users computers.
Confidence of FlightsimLabs is highly damage.
IMHO, they wont' see my money. I cannot trust a company which add malware in his installers.

its not the first, orbx did a sleeper in a library update a few yrs back and if it found any pirated software it apparently wiped all the orbx software from the HD both paid and pirated versions

As I understood it at the time, the ORBX installer just looked for a specific registry entry which was associated with pirated ORBX software and no data was collected to be sent back.

The statement by FSL that the file (test.exe) was only temporarily installed and then deleted if a legitimate serial number was used is beside the point. No matter how briefly the file was on your system, they are still responsible for installing malware. What's worse, last year when someone pointed out that their antivirus had flagged up the offending file they were told to disable their antivirus for the installation as it was a false positive! I've always been very suspicious of companies that ask you to disable antivirus software during the installation of their products and this simply justifies my concerns. Quite apart from the ethical questions, there are a number of legal ones. As unpalatable as it seems, even criminals have rights in most Western counties and even if you suspect someone of pirating your software, you cannot then collect their personal data without either their consent or a court order, neither of which FSL appears to have obtained. They have, therefore, broken the law. I'm amazed that some people on other forums seem to be supporting (or, at the very least, accepting) this action by FSL - what they are doing is just as bad legally, if not worse, than what the original software pirates did.

What if you accidentally miss-type your genuine serial number and trigger the data collection? Other developers seem to have systems in place which simply (and legally) just stop the installation if rogue serial numbers are detected. How could you ever trust a company that thinks that this unsavoury method of achieving the same thing would ever be thought acceptable? FSL have now released new installers which do not contain the malware but only because they've been caught.

Here's a link to the FSLABS forum where there is a post explaining what happened and why.

https://forums.flightsimlabs.com/index.php?/announcement/11-a320-x-drm-what-happened/

Here's a link to the FSLABS forum where there is a post explaining what happened and why.

https://forums.flightsimlabs.com/index.php?/announcement/11-a320-x-drm-what-happened/
The fact that they are calling it "DRM" and not what it actually is, malware, is pretty damn telling. Doesn't seem like they are sorry at all, only sorry that they got caught.

A couple decades ago, back in the days of Napster, the RIAA, and the big trading of MP3 music, the company I worked
for had hundreds of thousands of installs of the pay version of our product all using the same few keys. There was talk
at one time of putting infected copies up on the file trading sites. Of course we never did :untroubled: but when losing
$30 an install the desire to combat it is some way is definitely there.

DRM is fine and we used the Microsoft created version but you need to ensure that the servers will be available forever.
I have hundreds of DRM tracks from testing for that company that are just taking up space now because there is no
server out there anymore to authenticate them.
:ernaehrung004:

Here's a link to the FSLABS forum where there is a post explaining what happened and why.

https://forums.flightsimlabs.com/index.php?/announcement/11-a320-x-drm-what-happened/
I just read this and I don't have any issue with what they did. Having worked many many years with three FS
developers -- whose products have all been pirated (in one case despite the use of DRM measures) -- there is a lot
of lost revenue. If you had any idea what some of the free apps on your smartphone are doing you wouldn't even
blink at this.
:ernaehrung004:

...If you had any idea what some of the free apps on your smartphone are doing you wouldn't even blink at this.


.... Truth


.

I just read this and I don't have any issue with what they did. Having worked many many years with three FS
developers -- whose products have all been pirated (in one case despite the use of DRM measures) -- there is a lot
of lost revenue. If you had any idea what some of the free apps on your smartphone are doing you wouldn't even
blink at this.
:ernaehrung004:

I don't have words that I can post here for such BS that I bold highlighted... Best look at ce_zeta post below.


It's not the same case Matt. Here We are talking about malware which recolect users and passwords. That's illegal in USA, EU and Australia.
That's a huge security breach in legal users computers.
Confidence of FlightsimLabs is highly damage.
IMHO, they wont' see my money. I cannot trust a company which add malware in his installers.

If the statement released by FSLabs bears the truth, the tool was aimed at a specific user's passwords, not any user's. However, I'd still like to have this investigated by a third party to be absolutely sure.

If FSL catches the perpetrator who managed to circumvent their copy protection system, the might want to hire that person to design an updated system. Hackers make the best security experts.

Very disturbing. Two wrongs do not make a right.

FLS should at least have had the decency (not to say honesty) to say upfront what they were doing. The goal is to combat piracy. So make it well known to all. Plaster it all over the website and any associated forums. Prevention is far better than cure.

If it was only triggered (as FLS claims) if it detected a pirate copy, and customers knew that it was within the Installer at time of purchase, so be it.
The honest buyer can then make a decision if they still wanted to purchase the FLS product, and those who use pirated copies would (perhaps) think again.

. -- whose products have all been pirated (in one case despite the use of DRM measures) -- there is a lot
of lost revenue. .
:ernaehrung004:

Just saying .... I do remember - and I think it was Orbx's boss (?) - saying something along the lines of - "that the majority of those people that are pirating wouldn't be purchasing the product anyway."

The financial loss is, sort of unknowable really - just saying

Microsoft have used information collected from users' computers to identify and prosecute companies using their software illegally, so have other high-profile companies - usually those selling expensive engineering software.

The passwords part of this is the only thing that could possibly be illegal - identifying software installed on a user's computer, including serial numbers and user names, has been tested in court and is apparently entirely acceptable. Lefteris has definitely messed up here, but for all the outrage, most of that information can be gained by any website you visit from the cookies stored on your computer - which will also include a lot more personal information than you think.

As usual, for all the hyperbole and ranting in public, people haven't actually looked at what they're already giving out personal information wise - especially TO Google!

Ian P.

How dare they do the NSA's job! :a1310:

FLS should at least have had the decency (not to say honesty) to say upfront what they were doing. The goal is to combat piracy. So make it well known to all. Plaster it all over the website and any associated forums. Prevention is far better than cure.

Plastering warning signs across and around a mouse trap might work for a mouse, but a big "Hey, we're trying to catch this specific software pirate with some software in our installers! Don't worry!" post in the forums will definitely not for a human whose cunning is sharpened by years of working around DRM media.




The passwords part of this is the only thing that could possibly be illegal - identifying software installed on a user's computer, including serial numbers and user names, has been tested in court and is apparently entirely acceptable.

It is?


As usual, for all the hyperbole and ranting in public, people haven't actually looked at what they're already giving out personal information wise - especially TO Google!

Especially to any big IT company.

If devices and software can be locked down in terms of privacy, any user out there should do so. Although I fear that, without millions of voluntary personal data donors out there, users running a tighter security policy will have a harder time protecting their data. If the easy to get to resource runs dry, animals will turn to the one that's more difficult to reach as well.

I don't have words that I can post here for such BS that I bold highlighted... Best look at ce_zeta post below.
Sorry, just an opinion.
:ernaehrung004:

Just saying .... I do remember - and I think it was Orbx's boss (?) - saying something along the lines of - "that the majority of those people that are pirating wouldn't be purchasing the product anyway."

The financial loss is, sort of unknowable really - just saying
Yep. That is true and repeated every time we have a discussion about pirating in the forums.
:ernaehrung004: