Originally posted by SCE_Spetsdod:

Originally posted by X_Deadmeat_X:

I'm afraid I disagree. I'm as happy to pile onto vendors who ram their content full of DRM and crappy protection mechanisms as the next person, but as long as they are legitimate you can't then hold them responsible for what a piece of third party software decides to flag and/or remove. That's between you and your AV vendor. And if you don't like EDs use of DRM or any other of their business practices then vote with your wallet and don't buy.

You can disagree all you want. If ED is using DRM to protect their software / intellectual property, I have no problem with it. When that DRM is being flagged by MULTIPLE people, with several different AV programs, there is a problem. I can't play the game because the DLL is being flagged and removed so the game won't launch (because it shows up as out of date).

We can and should hold them responsible for using a DRM solution that results in their software not working. I could vote with my wallet, if the question was whether or not to buy more ED products, but in this case, we're talking about something that wasn't an issue a month ago, and now it is. I'm not buying something new, something I already bought has broken due to something ED did (or implemented, if in fact the issue is a DRM module in their application).

Originally posted by X_Deadmeat_X:

Also, where it is flagging an actual virus and not just a Potentially Unwanted Program as many of these recent alerts are, it's possible the issue is that YOUR PC is already infected and changing the files...

Did you bother to read the original post? It is tagged as a virus, not as a PUP. Yes, it is possible that the issue is my PC is already infected and changing the files, except... It isn't. If my PC was infected, my AV would have most likely flagged it, or at a minimum some other files would be getting changed and flagged. It is ONLY this one file in the DCS directory that gets flagged. And I have scanned my PC with several different tools, and guess what? ZERO infections or PUPs. Comes up completely clean. I don't download random crap, and I don't install unknown software / pirated software etc.

So, then, to the original point. Something changed a month or so ago, that resulted in a piece of expensive software failing to work due to something the vendor has done. If this was something that was only affecting one person, I would agree that the responsibility lies on that person to ensure that their computer or configuration is not to blame. But when the same, or virtually identical, situation is occurring for dozens (or maybe hundreds) of people, it ceases to be the reasonable or likely answer that they are the ones at fault.

And you didn't read my posts. I've replied in the wider context of the many posts we've had on this subject, hence mentioning PUPS.

Your argument is inconsistent. DRM by it's very nature is an unwanted or malicious program as it prevents an application running and acting as it would otherwise be expected to. Thus you can't complain when a completely separate third party's software that is designed to detect such things flags an application that is not running and acting as it would otherwise be expected to...

They can't tell magically tell the difference between a newly released encrypted (or encrypting) file that acts in the same way a virus doing, say, a ransomware attack does. An initial detection is based on known hashes of code within previously seen malicious applications and/or the behaviour of the binary. Oddly enough malicious software contains the same sort of code (e.g. encryption libraries) and acts in similar ways (interacting with files via that encryption) as DRM does.

AV vendors need to wait until the file is released, flagged, reported, analysed and at that point then they MIGHT make a guess as to whether the file is safe or not based on the source, and finally update their definition list to ignore it. But as I said, it costs them nothing to flag a file that's acting in a way you have asked them to identify by installing their software, since, as you are proving, users blame the application not the AV!.

You cannot blame ED for another vendor breaking their software by deleting files anymore than you can complain they didn't stop you deleting files manually yourself! That does not mean the DRM is not working as designed, it is.

And you do realise that ED do not own the aircraft modules that are being flagged? These are all Razbam modules. And what "changed a month ago" was Razbam and ED getting into a legal spat leading to RB ceasing support and development of their modules. Due to changes in the core game, and I suspect a certain level of F.U. from RB with dead mans switches embedded in their code, core game change patches are leading to bugs that ED may be trying to patch themselves. That will almost certainly lead to incompatibilities and clashes with RB owned DRM checks.

So your comment about being left with a non-functional module due to ED changing something is completely erroneous. ED do not own the module (Razbam do), and if you purchased through Steam then ED did not sell you the module, Steam did.

So you are about to find out the hard way what an End User Licence Agreement is. Razbam have ceased support, any come back from that is covered under their EULA, and likely amounts to "tough luck sucker". Steams EULA has already been confirmed to be "no refunds for DLC".

So as I said your choices are basically:

1) Trust the DCS software is being falsely flagged (or uninstall it if you trust your AV vendor more).

2) Don't buy or use DRMed products.

3) Don't buy further products from Razban and show other vendors that following their actions will result in long term financial loss .

4) Don't buy products via Steam without understanding the many implications of that choice (up to and including that you could lose all access to that software if Steam go bust or even just decide to pull support for it).

The excuses and justifications from people for ED/DCS on this is poor.
i have many games that dont throw AV issues that i can play, i dont need DCS so bad as to run a risk like this. i mean this is basic PC security to question such things, no one (or dev/publisher) is above scrutiny.

ED: sort it out and respond to your customers

I don't think anyone is justifying it, we're just stating why things are the way they are. Everyone here is absolutely hoping ED and RB sort out their differences but that looks like it is becoming increasingly unlikely without a trip to court and, that being the case, probably means a complete breakdown of their relationship in the long term with the obvious implications for the modules concerned...

Originally posted by cs_280zx:

The excuses and justifications from people for ED/DCS on this is poor.
i have many games that dont throw AV issues that i can play, i dont need DCS so bad as to run a risk like this. i mean this is basic PC security to question such things, no one (or dev/publisher) is above scrutiny.

ED: sort it out and respond to your customers

This is my point as well and as soon as russia is mentioned the door gets slammed shut and your post deleted/locked/banned.

Originally headquartered in Moscow, Russia, it is now headquartered in Villars-sur-Glâne, Switzerland.

Like being located in switzerland makes a difference as to the safety of their product since russian spies were inside the US for decades. Some of them being US citizens. Hanson for example, aldritch.

Deadmeat above says this:

AV vendors need to wait until the file is released, flagged, reported, analysed and at that point then they MIGHT make a guess as to whether the file is safe or not based on the source, and finally update their definition list to ignore it.

As if ED are going to give some AV company the source to their product which they guard so closely here. Forget it. Wont happen. So this file will forever more throw up flags and not one soul here on the forums can guarantee that the file is safe. So no change from before then.

I've had no issues with DCS updates until the last one off Steam in June. This highlighted an issue showing in The Mirage 2000C and Heatblur Jester

E:\SteamLibrary\steamapps\common\DCSWorld\Mods\aircraft\F-4E\bin\HeatblurJester.dll

PUA:Win32/Packunwan

And

E:\SteamLibrary\steamapps\common\DCSWorld\Mods\aircraft\M-2000C\bin\M2KC_CPT.dll

PUA:Win32/GameHack

Have searched the forums and seems to be something quite a few people are reporting currently. Not really knowledgeable enough on the subject to know whether it's advisable just to add to an ignore list and carry on as if nothing happened or what here.

PUA:Win32/Packunwan is a generic detection of potentially unwanted program that uses software packing.

AKA your AV vendor doesn't like the file likely due to the way it is packaged, i.e. it could be using DRM that also has the potential to be used maliciously. Note that this warning does not mean that this is the case, just that it might be.

PUA:Win32/GameHack is a heuristic detection designed to generically detect a Potentially Unwanted Program.

Same deal, it doesn't know what it is but it might be "something bad".

In both cases these are required game files. If you do a file check of DCS and that comes back ok then you have what the module developer delivered via Steam (i.e. it isn't infected or replaced by something else).

If you don't trust Steam or the module vendor then your only option is to remove the module.

X_Deadmeat_X - Thanks for your breakdown. When isolated the file related to the Mirage caused DCS not to Authorise the license for the Module. As for the other one, unsure as to what effect that causes if quarantined.

UPDATE :
27-07-2024:
it installed and updated without triggering an AV alarm for me today.
dcs patch/update successful installed