DRM and Anticheat work in different areas.. I wouldn't put them in same basket.

If you mean "Anticheat" instead of "DRM" in "any DRM free multiplayer solution", then there was UAA (Urban Terror Admins Alliance), which goal was to review the manually captured demo of suspicious player.

Its possible to detect quite an array of hacks by replaying the demo with some existing debugging options. But there were four serious problems:
- its still not very reliable
- it requires a lot of manpower
- still many cheats will go undetected
- banning was on IP basis and more damaging than reliable

I think the DRM-free Anticheat is possible.
First, making as less client checks as possible,
second generate some multipart GUID based on various hardware and software things,
third do create some checking layer within client, that can feed checking instructions from server.

Ofc, its possible to design the client - although this might be the hardest part of challenge, which will limit the checks within binary (to prevent exploits with malicious servers), but how the checks are run should be secret and decided by server. If client is correctly written, then issue with malicious servers manipulating client (reverse cheat, per se) should be impossible.

This thread is still going, huh?

No need for french, german will do, i.e. your own computer. Select any of your files, right-click => properties, go to the security tab, choose Modify => Add. You will be presented with a window where you can type which users you want to add to the security ACL. Click "Advanced". You can search for security principals here. You can restrict your search to builtin security principals only if you click the "Type" button. Then, click search and you will see a bunch of security principals, among which is "Everyone". There are still principals missing however, such as TrustedInstaller, for some reason I don't know.
Pointers could be interesting indeed, but don't spend too much time on it, I may find it by myself after all.
I don't think so. The only places where they should not be is the game installation directory. However, I don't like them being in %PROGRAMDATA% or %PUBLIC% (as you noticed once), since those are not user-specific places.
Exactly. That's mostly when the saves/game parameters are in the game installation directory, which many developers still do (the big ones don't any more though, afaik). That's why GOG changes the NTFS ACLs for most (if not all) of the new games they add to their library... But even in that case it's possible to have the game running properly with no excessive rights, thanks to UAC Virtualisation.
Yes of course, it's the installers.

They really screwed around heavily, changed everything again.....time to do some cleaning (but after a backup ;) )
Will try ;)
I tried sometimes to change it, but for some of them it went really badly. I just don't like it on my C, games are normally (with saves) on my D....
You do remember the time when games did ask you for the save path during install? :O
And game running properly.....I don't know when you sometimes read what they screw up ;) (only talking about rights)
So, time to open a ticket or a new thread? Or both?

They changed the rights knowingly, it's not something that can be done by mistake, and there are indeed games that non tech people won't be able to get running without adding those rights. Moreover, Steam does that systematically too and Uplay "only" adds full control to the Users group.

It's a general trend towards customers who don't know that much about computers and who care more about having things run immediately than they do about their system's integrity. I'm not convinced opening a ticket about this would lead us anywhere :-)

hm, would be interesting to find out (or if somebody would tell us) if Galaxy does the same?
And after thinking about first point, I think I agree ;) (can't think of a another way as the installer is doing it, and the installers are GOGs)

Theoretical everyone could ask for the money back for all games affected, unless they apply a patch. Having a security issue makes a game unplayable. It can be described as malware.

(for steam: I haven't found a single one, but I only have 20 games :P )

Imho I personally consider a DRM something that can potentially forbid the player who owns a legit copy of a game/movie, etc, to play it entirely or in part.

Which could be the case of Gog Galaxy if it is actually required to play online (which is a portion and a feature of the game who you own and you have all the rights to use or not).... and, since Gog Galaxy has not a linux version and it is not sure that it can work on wine/proton, than it means that Gog Galaxy could potentially forbid the player to have access to the multiplayer features of the game, so he is forbidden to be use game he owns at full potentials - at least for linux audience)

GOG has a "sister site", FCKDRM.com.

Let's see what they have to say (accessed just now): In addition, FCKDRM.com has a note at the bottom of the page about how: (all emphasis mine)

The plain reading of this is that the standard put out by FCKDRM.com, and therefore, by GOG itself, is "100% DRM-free". Not the excuses that people keep making for them to this day. For instance, the standard is not "at least the singleplayer portion is DRM-free". The standard is not "yeah so what if it doesn't have LAN or hotseat, but who uses that anyway, join the rest of us in 2019 already" 'DRM-free'. Rather, the standard is 100% DRM-free.

There are many games on GOG that REQUIRE the Galaxy client to access multiplayer. This should not be. Multiplayer, including online modes of multiplayer, can be done 100% DRM-free. One can speculate on GOG's motives as to why the Galaxy use has been increasingly "pushed" on customers over the years. It certainly doesn't seem any different to me than the way other services try to "lock in" users.

In any case, the bleeding obvious conclusion is that games that require Galaxy, or any client, including third party clients or accounts for multiplayer (coughcoughPARADOXcoughcough) should NOT be sold on a 100% DRM-free store, since clearly these games are NOT 100% DRM-free. It is simple law of identity, Logic 101, anyone with even a basic ability to reason can see why this is so obvious.

I consider the old GOG downloader to be "Galaxy done right." It feels a lot more "optional" too.

If you guys and gals have any doubt on the DRM free approach of GoG, you can always test it like
i test it with every game i buy here.

GoG is DRM free, Galaxy is fully optional to use, you even can download offline installers.


How to test, you may ask? Simple if you bought a game, you can test the standalone functionality
simply by starting the game via the game exe in the folder where you installed it.

The game will start completely standalone and without I Net connection.
Neither will Galaxy start when you start the game that way, which is the proof that there is no
"hidden" DRM. If you are suspicious about the GoG Services, you always can ask the support about it.

But since you can "cut" any communication with the GoG Servers and the Game starts and works anyways
this has nothing to do with any DRM functionality at all.

Hope that helps to clarify o7

PS: If that ever changes, i ll be one of the first guys to abandon this platform, i buy exclusive on GoG
because Galaxy is completely optional and the games start and work absolute standalone.

To me, Galaxy is a "necessary evil".

Developers nowadays don't give a fuck about lan/ip multiplayer, so we have to use clients to play online.

It sucks, but between no mp or use galaxy for this, i prefer the latter.

Just don't support those developers. Don't support DRM.

That's not exactly true that Galaxy is optional and that Galaxy is not-DRM, because as others have rightly pointed out, Galaxy is not optional for the multiplayer portions of many GOG games.

So the posters who are saying that Galaxy is DRM for the multiplayer portion of many GOG games are 100% correct about that point.

Moreover, some GOG games have a serial key that must be input in order to use the multiplayer portion, and/or require you to make an account with a third party service to play multiplayer, both of which are also forms of DRM.

However, unlike other posters who state correctly that Galaxy is multiplayer DRM in many cases, I don't agree that GOG should not feature those games, even though their multiplayer portions are DRM-gated. Because if GOG were to do that, then there would be even less good games available on GOG, even though there are too few good games on GOG already, as it is now, with them looking the other way in regards to the DRM'ing of many multiplayer games.

But I do think GOG should stop marketing themselves as being 100% DRM-free, given the fact that many of their Galaxy-only multiplayer games are not.

Weird it doesn't say "no client" on there, my friend. ;)

Anyway, they just mentioned elsewhere recently they're soon releasing new offline installers, so I wouldn't worry too much. I don't think delivering those installers through the client would be "DRM," but I don't think they plan to do so anyway.

This is not true is it? That's only true because they introduced their own multiplayer service which requires the use of Galaxy.

Sure, without it, given GOG's size many companies wouldn't bother creating a workable service of their own 'just' to release on GOG, but if GOG were ever to take the nr 1 spot that would probably have happened.

As it is however, that never will because it makes more sense to use Galaxy and Galaxy requires the client. There's definitely a contrast here that such a service is not completely in line with their ethics on DRM, though few people will argue managed multiplayer will not result in a better service, that service is still managed, by GOG. If the service goes down, so does your multiplayer.

If you want to argue DRM I'd actually argue the client itself is not to so much the DRM as the notion that you can not use the multiplayer without linking an account that owns that game to it. That ownership check is in no way required for the system to work. Granted it again is probably better for managing the multiplayer experience so cheaters and pirates can't create multiplayer accounts for nothing, but it's again, still a managed service.