Bethesda, you screwed up..

Bethesda Softworks, you’ve really screwed it up. You managed, in less than two days, to turn a large group of hardcore fans against your company. How? By requiring a rootkit to be installed in order to play a game from a famous franchise. See here: https://www.reddit.com/r/Doom/comments/gjzi01/why_you_should_remove_doom_eternal_denuvo/

I’ve been a fan of the Doom franchise since I first played the game way back in the mid-90s. I played on everything from my first P133 through to my current behemoth machines. I thoroughly enjoyed Doom3 in spite of its monster closets. I spent a lot of time looking forwards to the newest iterations of the franchise, and Doom2016 was not a disappointment even though my graphics card at the time very much was.. Then Doom Eternal came out as I was in Zurich for work, and I did not have a gaming PC..

I got the Deluxe edition on steam to have for when I would be reunited with that gamin PC. Then, given I was requested to stay longer on the work contract I built up a new gaming PC here, and I had Doom Eternal installed and ready to play after I was to complete The Witcher 3 first.

I saw that Doom Eternal had an update on Steam. Taking a closer look, I noted that this update required the installation of Denuvo Anti-Cheat. A little investigation of this software package shows it’s a rootkit, designed around a Ring-0 level driver (root level for those that *nix) that gave unfettered and uncontrolled access to the computer to an untrusted third party.

That’s a hard no-no from me. No software package like a game needs to have *anything* that runs in ring-0.

More investigation shows that even after the uninstallation of the Denuvo malware, it gets reinstalled if the game is attempted to be run again. That’s a definition of malware.

Given that Doom Eternal is a single player game, there’s no need for any anti-cheat to be running at all, and even if there was a large online community of people playing the multiplayer aspect, then the measures should be server-side and not client-side. That’s basic operational security – you don’t trust the client.

So, I’ve requested a full refund from Steam, as it’s not legal to change what I bought after the fact in such a manner. Installation of a ring-0 driver in order to play a game triggers my security systems, and as such I’m now unable to play the game I’ve paid for, so the game is no longer fit for purpose. It remains to be seen if Steam have the common sense to comply.

It’s really useful to note that the version of this game available on the high seas is actually more trustworthy, and is performing better, than the “official” release.

I’ll reconsider the purchase of this game once all of the Denuvo crap has been removed.

Comments are closed