Gears of War DRM screwup makes PC version unplayable

By Shamus Posted Sunday Feb 1, 2009

Filed under: Video Games 29 comments

Looks like a software bug has locked people out of their copy of Gears of War for the PC. Says a rep in the forums:

We have been notified of the issue and are working with Microsoft to get it resolved. […]Sorry for any problems related to this. I’ll post more once we have a resolution.

Sure, it’s a terrible thing to lock legit customers out of a product they own, but, it’s all worth it because it stopped people from pirating the game, right guys?


EDIT: As pointed out below, this isn’t so much a “bug” as “idiotic design and failure to plan ahead.”

EDIT 2, Electric Boogaloo: Looks like the failure was on the part of the anti-cheat, not the DRM. I do not consider this an improvement, but it’s an important distinction.


From The Archives:

29 thoughts on “Gears of War DRM screwup makes PC version unplayable

  1. Patrick says:

    There’s really not much to say about that one. It just plain sucks. (First post!)

  2. Kalil says:

    Heh, love the last line of that article: “Those who pirated the game, as usual, continue to play with no issues.”

  3. This may be an evil thought… but imagine doing a DDoS on game activation servers. It would be fairly easy to cause more episodes like this, and possibly get even the most apathetic gamers to think twice before buying a title with ongoing activation.

    I can’t in good conscience encourage anybody to do this. But in the interest of full disclosure I have to say that if someone were to carry this out they would be my hero.

  4. Kimari says:

    What’s even more idiotic is that you can fix it by setting the clock back a few days. Why would a certificate’s expiration date work based on the date of the computer if the user can change it at will?
    Why would you even have an expiration date boggles the mind.

    Or in other words: Stupid, stupid, stooopid.

  5. ehlijen says:

    Yes, DRM is stupid, especially most the forms it takes these days. But I don’t think that’s the real issue that needs to be condemned here.

    The fact that the DRM system is at fault is just an unlucky coincidence, there have been plenty of times games have been released with just as serious flaws in other areas.

    The main problem here is that game companies are seemingly unwilling to test their products enough, or worse yet, knowingly release them in an incomplete stage.

    Btw, who wants to buy a car with 3 wheels and half an engine? I’ll mail the missing parts (at your cost) later!

  6. Sydney says:

    Alex Ponebshek: I completely and totally agree.

  7. Greg F says:

    A thought: if Day Zero piracy is the biggest problem that DRM works to prevent, why not just release a patch that’ll disable the DRM, say, a month or two after the game comes out? The pirates may not even bother cracking it, so you get all those critical early sales, and you placate the DRM Haters. The big security risk is just to avoid leaking the patch.

    (I must admit I’m not a DRM Hater myself, nor do I follow it too much, since the DS is my main platform at the moment.)

  8. Nentuaby says:

    Greg F:

    Most DRM-heavy games do get it disabled by a patch within about six months, for more or less that reason. Unfortunately, you never know, because they refuse to discuss with any given game whether they’re going to do this; they don’t want to discourage early purchasers. And, unfortunately, early on is when DRM is most likely to screw over your legitimate customers, when your activation servers are deluged and largely untested.

    Oh, and your assertion that pirates might not even bother cracking it is… Well… Frankly ludicrous. It’s an e-penis thing; the crackers would take pride in providing a freeware game the day before its release, let alone cracking the DRM a few months before it was removed.

  9. modus0 says:

    Saw this a few days ago, and (as a Gears PC owner) would have been annoyed at this, except the last time I tried to install the game on my computer Windows Live wouldn’t even respond to me trying to enter the serial, so I couldn’t access my Live account.

    And if I can’t gain achievements (local accounts have those disabled, at least on the PC version), I’m not going to play the game.

    Epic really screwed the pooch on Gears PC (second buggiest game I’ve got after Temple of Elemental Evil), so maybe it’s better that they’re not porting Gears 2…

  10. rumleech says:

    Quelle surprise!

  11. if Day Zero piracy is the biggest problem that DRM works to prevent, why not just release a patch that'll disable the DRM, say, a month or two after the game comes out? The pirates may not even bother cracking it, so you get all those critical early sales, and you placate the DRM Haters.”

    Zero day piracy is based around who can get the software out there the quickest, so the incentive doesn’t go down if you say you’re going drop the DRM after a month or two: by that time, the race is long over.

    I think that video games are simply the wrong place for DRM. Casual copying may have been an issue in the days of the floppy disc (and even the early days of the home CD-Recordable drive), but these days you need to get a cracked copy to get around most copy protection mechanisms…which means risking your PC contracting malware. For those who just want to share a game with their (possibly poor) friends, they’re pretty much prevented from easily making a copy (at least with free software).

    If you play multiplayer games, you need to have some form of anti-cheating software to prevent people from destroying your game experience, and this acts as a de facto form of DRM for many games, even if there’s an offline portion of the game that is not affected.

  12. Xavin says:

    Mark Rein (apparently co-founder and Vice President of Epic) says in a forum post (post #89 on this page) that the problem is not related to DRM.

  13. Anaphyis says:

    @ehlijen: You are behind the curve. I think community patches (i.e. make your customers work for you to improve your product, for free of course) are the big new thing for lazy/greedy developers these days.

  14. JKjoker says:

    Software bug ? the ability to lock you out after a certificate expires is not a bug, its an intended “feature”, in fact i see no “bug” it works as designed, the only mistake is either they forgot to update the certificate or they put the dead line at 2009 instead of 2010

  15. A Different Dan says:

    According to the update in the article you linked, Shamus, the problem is not DRM-related.

  16. Danath says:

    Not much consolation, it still works fine for pirates.

  17. Lazlo says:

    @Kimari: It shouldn’t rely on the local PC time for security (at least, not security from the user of the PC), and the fact that it does exposes a different sort of flaw, but…

    The reason it has an expiration date is because of standardization. I’d be willing to bet that it’s an X.509 certificate, and an expiration date is a required piece of that standard. That can be frustrating, but it’s generally good that they did it that way, as it’s part of the overall security. Coupled with certificate revocation lists, it limits the exposure from a compromised certificate. In this instance, who cares? But if they don’t want to have to deal with expiration dates, they have to either break the x.509 standard with their implementation, or they have to roll their own certificate standard (I guess that’s two ways of saying the same thing, but you get the idea…) That’s a lot of work for not much return.

    I’ve faced this same quandary, designing a protocol for a former employer. It was even worse, as the libraries we were using used a 32-bit signed time_t, so we got boxed in on both ends: if the system created certs that were valid for 1 year, it would start breaking in one year. If the system created certs that were valid for 30 years, then the system would break when the date hit 1970 plus 2^31 seconds minus 30 years, also known as 2008.

    Yes, it sucks, but it’s a situation that parallels one of my favorite metaphors: If you have a mouth full of hot soup, the next thing you do will be wrong.

  18. Mart says:

    Crap! That post caused my sarcasm meter to implode on itself!

  19. Kalil says:

    @A Different Dan:
    Anti-cheat is still DRM. It’s /acceptable/ DRM, but it’s still DRM, in that it’s monitoring and controlling what the players are and aren’t allowed to do with the game they purchased.
    That this little oops happened with Good DRM rather than Bad DRM doesn’t blunt the moral of the story in the least.

  20. MechaCrash says:

    A thought: if Day Zero piracy is the biggest problem that DRM works to prevent, why not just release a patch that'll disable the DRM, say, a month or two after the game comes out?

    That only solves a little of the problem. For instance, I own UFO: Afterlight and Supreme Commander plus expansion. In October, I got a new computer, but I still haven’t installed them, and I won’t install them. They have official patches that disable the disc check, and in fact both Supreme Commander and Forged Alliance got the disc-check disabled after a week. But that doesn’t matter to me because I’d still be infected with SecuROM. And that stuff will not come out cleanly or quietly.

    Hopefully I used the blockquote tags right…

  21. Daemian Lucifer says:

    Let me tell you a little story about a car trouble(sort of)that my father had:

    We bought a new car,and after a few month one gauge went crazy.The shop tried to solve the problem,and it seemed like they did.But after a few days,the problem repeated.This has happened once more,and then we found that it was a problem with the gauge itself.It was made wrongly straight in the shop.So,audi decided to inform all the customers that bought that batch about the problem,gave them a free replacement once it was fixed,and gave everyone extended waranty(on the whole car,not just that part)for every day that passed between the purchase of the care to the day the part was replaced.Plus,in order to cover my dads expenses,the shop gave him a few presents as well(a GPS unit was one).This was done for a few thousands of people.Free of charge.

    A small problem,that didnt even affect your driving(it wasnt any of the major gauges in the first place),and the manufacturer solved it in a few months,and appologised to the customers for the inconvinience of having to look at one small flashing light for a few days.And what do the people scorned by this major slip have for their huge problem of not being able to use their product at all get?Just a lousy “We know it sucks,and we are sorry”.Thats not how you run a serrious bussiness.

  22. Bonedancer says:

    Daemian – That *is* how you run a serious business when you know that a.) most consumers don’t know or care about who publishes what game, and b.) your product isn’t as interchangeable as cars are.

    Within their class and price bracket, most cars are going to be pretty much okay for most consumers so Audi presumably decided they had to make people happy or they won’t get much repeat business.

    Games, by contrast, are generally viewed as special little snowflakes – however derivative they may end up being – so people don’t think “Oh, this is a [say] EA game – it’s bound to suck and/or cause me problems.” Yet.

    I don’t like it any more than anyone else, but they do this because they know they’ll get away with it.

  23. Kevin says:

    This could almost be seen as an advertisement FOR pirating games.

  24. Jansolo says:

    The funniest:

    As the result of the xbox’s GOW2 release, many shops sell now GOW for PC at 45€

    Of course, you could have the game for free. And without problems with the appropriate crack, I presume.

    So, how much did the certificate cost and how much piracy has avoided and, the very best, how many legal buyers have been affected (and how much will cost to help them)?


  25. Shinjin says:

    So, how much did the certificate cost

    The cert specifically – it’s likely self-signed so nada other than the minutes it took the dev to generate a new one (which will expire some *other* time in the future).

    The cost to generate and distribute the patch is another question. Never mind the fleeting ill-will of the gamers.

  26. Jansolo says:


    A digital certificate implies a development process (design, codification, tests and so on) for a URL connection (that it isn’t necessary for a single PC program, a game in this case)

    For how long? Maybe minutes or hours or even days (for a useless effort). How many developers are involved? Maybe one, or two, even a tester.

    There is an additional issue: to manage the validity (expiration dates and so on) for the certificate chain (a solo certificate in this case) using the appropriate logs, alerts or something like that.

    After all, you have to considerate that there is a potential (in fact, actual) risk of having inoperative software due to certificate problems, so you HAVE TO foreseen certain cases.

    Building software is a complicate process.

  27. NeilD says:

    @21: That would cause me to seriously consider how much the company was soaking me up front for the cost of the vehicle, that they could do that so casually. I don’t know anything about these things myself, but it’s possible that the gaming software industry doesn’t have quite as much profit margin as the auto industry (or Audi specifically).

    But don’t get me wrong — I love a good customer service story; it helps restore my faith after a series of C.S. nightmares last year. I’m just saying.

  28. TickledBlue says:

    Looking at the article page now I noticed an edit at the end that says:

    “Update Mark Rein has released a statement clarifying that GoW’s anti-cheat technology is to blame for this issue, and not the game’s DRM.”

    So I’d humbly suggest an edit on your part too Shamus.

  29. Jansolo says:

    The technology to blame is different, the [idiocy] blindness
    is the same.

Thanks for joining the discussion. Be nice, don't post angry, and enjoy yourself. This is supposed to be fun. Your email address will not be published. Required fields are marked*

You can enclose spoilers in <strike> tags like so:
<strike>Darth Vader is Luke's father!</strike>

You can make things italics like this:
Can you imagine having Darth Vader as your <i>father</i>?

You can make things bold like this:
I'm <b>very</b> glad Darth Vader isn't my father.

You can make links like this:
I'm reading about <a href="">Darth Vader</a> on Wikipedia!

You can quote someone like this:
Darth Vader said <blockquote>Luke, I am your father.</blockquote>

Leave a Reply

Your email address will not be published.