The ever unpopular PC DRM that Ubisoft forces on gamers is once again under fire. This time, though, it's not about poor save game management, or always-on internet connections, or the necessity of draconian DRM in the first place, but rather simple, basic security.
Something, apparently, that uPlay - Ubi's network/DRM tool - is rather lacking in, apparently.
Atomic regular Orcone pointed me to Rock, Paper, Shotgun's rather excellent coverage, and it's linkage of the most essential kind. It reports that a heretofore unknown browser plug-in that installs alongside uPlay is the culprit. Essentially, this plug-in's vulnerable to possible malicious code, which can be installed on just about any site you could visit.
Essentially, as described here, with the right piece of code any website can call up a Uplay window and from that might be able to slip a program install or launch of their choice onto your PC. Were someone with malevolent intent to inject the code onto a commonly-visited website, they might be able to gain control over any number of PCs – or install keyloggers, viruses and the like, or just plain old wipe your hard drive.
The recently updated article has full details on the exploit and the best ways to secure your system. Ubisoft has just updated uPlay, but hasn't really answered any of the issues being raised. RPS' advice - and ours, for what it's worth - is to just uninstall uPlay entirely until Ubisoft properly addresses the issue.
