Check out our Monthly Survey Page to see what our users are running.
We do often include affiliate links to earn us some pennies. See more here.
GOG has begun using encrypted RAR files in their Windows installers for various games to enhance their security. This however has caused problems for some Linux users.

The new installer format uses password protected RAR files that are encrypted to stop pirates from adding malware to the installer and then spreading that package throught torrents to users. The password protection is also meant to prevent user stupidity where the user would unpack the RAR file without running the installer like it's meant to (on Windows) thus breaking the installation package.
Source

The problems arise when Linux users attempt to use the extraction utility innoextract to unpack the installers of the games without having to use Wine. This is useful when using some versions of Wine that don't support GOG's installers or when you only want to access the game's data files to use them with an alternate game engine. The password protection put in place by GOG effectively prevents innoextract from extracting the package, making users reliant upon GOG's own installers which, like I said, might not work in Wine.

Some users consider this behaviour DRM-ish and against GOG's promise of being a DRM-free game store and they have put up a wishlist entry on GOG to make them revert back to the old installers. You can vote and add your comments here: https://www.gog.com/wishlist/site/dont_slip_into_drm_swamp_stop_using_password_protection_on_installer_packages

Known affected games include games such as Assassins Creed, Wasteland 2, Heroes of Might and Magic 5 and The Bard's Tale along with other games. Note that this doesn't affect Linux packages of the Linux supported games, only the Windows installers. You can also check the full list of games that are affected and also report your findings here:
https://github.com/dscharrer/innoextract/issues/37#issuecomment-67915715

Some Thoughts

The line between DRM and no DRM might not always be absolutely clear. In this case the password protection doesn't prevent you from making copies of your games, as you can just copy the installers around, but it does prevent you from messing around with the installer and makes you depend on their own installer.

But in any case I do side with the crowd against these measures. The way I see it, they are trying to protect pirates from malicious pirates and users from themselves which I find quite ridiculous. Normal user who purchases a game from GOG (on Windows) will most likely go for the big file that contains words like “setup” or “installer” instead of clicking random .bin files. And protecting pirates? Now that is just plain silly. Prevention of malware is of course good but if you are going to pirate games you have to be ready to pay the price of potentially installing something nasty on your system and many pirates are aware of this and throw their anti-virus scanners at every piece of warez they download.

Is preventing legitimate customers that use Linux from playing the games worth saving a couple of minutes of support time and the computers of a handful of pirates? Article taken from GamingOnLinux.com.
Tags: DRM, GOG
0 Likes
About the author -
author picture
I'm a Linux gamer from Finland. I like reading, long walks on the beach, dying repeatedly in roguelikes and ripping and tearing in FPS games. I also sometimes write code and sometimes that includes hobbyist game development.
See more from me
The comments on this article are closed.
28 comments
Page: «2/3»
  Go to:

Ivancillo Dec 30, 2014
Quoting: BomyneThis is why I only buy games on Steam... Let the Steam client do the installing.

You seem to not really understand what the topic really is.

GoG supported Linux games are easy to install. That's not the problem.

The thing is about those Windows games that still wern't supported in Linux by GoG but Linux users try to make so by manually extract the assets and running another alternative Linux game engine.

Think about gemRB, scumwm or such.
ssokolow Dec 30, 2014
Quoting: hardpenguin
QuoteIs preventing legitimate customers that use Linux from playing the games worth saving a couple of minutes of support time and the computers of a handful of pirates?
Legitimate? Just pointing out that those 'legitimate' ones want to play games that are not in any way supported for Linux...

What about Unreal Tournament? While not a GOG-supported use, buying the Windows version for the resource files and then downloading the Linux port's binaries is a legal, developer-approved way to play it natively on Linux.

(As long as you're willing to take responsibility for writing wrapper scripts to work around things like the original Unreal engine assuming that the CPU's clock speed will remain fixed.)
ssokolow Dec 30, 2014
I should also mention that the RAR password protection is ineffective at protecting against malware.

It's symmetric crypto, so anyone who can gain knowledge of the password (eg. because they know how to breakpoint a file without debugging symbols or they learned to disassemble binaries to write cracks and keygens) can generate a RAR with added malware.

I've already suggested to Gowor that a better approach would be to have the (already signed) EXE do a signature or hash verification check on the RAR. (One of the stated goals was enabling rapid iteration, so maybe embedding a public key in the signed EXE and storing a cryptographically-signed manifest of expected contents in the RAR so it could be updated without rebuilding the EXE)

I also suggested that a much less controversial way to prevent user stupidity would be to replace the 7-byte identifying prefix on the RAR header with some other 7-byte string, since they're already using a modified unrar.dll anyway. (eg. replacing the "Rar!" portion at the beginning with "GOG!")

That way, WinRAR wouldn't recognize it but they could be converted into ordinary RARs by us more technical users with a single line of Python code.

(And, of course, someone else pointed out that, if VLC trying to open BIN files is really that much of a problem, they can come up with their own file extension too.)
Bomyne Dec 30, 2014
Quoting: Ivancillo
Quoting: BomyneThis is why I only buy games on Steam... Let the Steam client do the installing.

You seem to not really understand what the topic really is.

GoG supported Linux games are easy to install. That's not the problem.

The thing is about those Windows games that still wern't supported in Linux by GoG but Linux users try to make so by manually extract the assets and running another alternative Linux game engine.

Think about gemRB, scumwm or such.

I run two versions of Steam on my Linux box. The native version, that is responsible for my Linux installs. That version is not the version I am referring to.

The version I am referring to is the one located in a Crossover bottle. My statement still stands. Steam, running under Crossover (Wine) manages the install automatically for me. I have had great success with running Steam in this way, and I do not have to deal with encryption and DRM. Steam manages that... For the most part. Still no luck with UPlay games.
Ignis Dec 30, 2014
Quoting: neffoAnd by all accounts it's a trivial matter to bypass. (Why wasn't this mentioned in the post?)
DRM is ineffective, news at 11. Does not mean it's not DRM.
oldrocker99 Dec 30, 2014
View PC info
  • Supporter Plus
As a long-time GOG customer, I will say that this does seem a little DRM-ish to me. Just my two cents' worth.
Hamish Dec 30, 2014
Quoting: neffoThis all seems like a confected outrage. This isn't DRM. And by all accounts it's a trivial matter to bypass ... it just seems like a bizarre change, yes, but the response is completely overblown (like every linux gaming issue).

You do realize that under my country's insane copyright laws bypassing this could be considered just as illegal as pirating the content itself?

Quoting: Copyright Modernization ActBill C-11 prohibits the circumvention of any access control installed on a work, performer’s performance fixed in a sound recording or a sound recording, even if the work subject to the digital lock is legally acquired.

That alone makes this a very serious issue that GOG is going to have back away from.
Liam Dawe Dec 30, 2014
I don't think anything is being overblown here.

This does smell like small scale DRM, altough it may have good intentions, it doesn't change what it is.

Not impressed by this.
Shmerl Dec 30, 2014
The password method was already discovered by the community. This doesn't make it any better however. Tomorrow they can easily change that method without warning. This is DRM in some way.
Ivancillo Dec 30, 2014
Nevermind.
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
The comments on this article are closed.