Any thoughts on the whole Doom Eternal/surprise Denuvo thing?
I get the feeling it’s Bethesda trying to patch things up with Denuvo.
Because if you didn’t know, Doom Eternal shipped in a weird state. The game’s always had Denuvo, but if you installed it through the Bethesda.net launcher, it included a folder called “original” that included a raw, drm-free executable for the game, from a time before they applied Denuvo.
Just like how Sonic Mania went from 200mb down to 7mb, the Denuvo-less Doom Eternal executable was less than a tenth of the DRM-stuffed version.
This also isn’t the first time this has happened. RAGE 2 also shipped with the exact same “original” folder that contained a no-denuvo executable. These incidents were probably accidents, though it’s a bit weird to make the same mistake twice.
But now Doom Eternal has updated to require the most recent version of Denuvo, the most aggressive version yet, which runs as a kernel-level driver. For those of you out there who don’t know what “kernel-level” means, there are many layers of security in Windows, and it all depends on which execution level the program is allowed to run. The less security, the more a program is allowed to do, and it can do it faster. But less security also means it’s easier to conceal nasty processes as a byproduct of the software having more freedom. More freedom means more chances to cause serious damage to a system by doing something that’s normally safeguarded.
“Kernel-level” execution is about as close to bare metal (read: zero security) as Windows will let you get. Kernel-level execution is usually reserved for, like, very important hardware drivers (your graphics card, etc.) and ultra-essential core Windows functions.
A video game is not meant to run at a “kernel-level.” There isn’t really a need for it. It would be like sneaking in to Area 51 to hook up a PS4 to one of their TVs. Absolutely, absurdly unnecessary.
The argument could be made that a lot of piracy and cheating software also executes at the kernel-level now, and that may be true. But that’s often a one-time process during installation. Denuvo is just on, all the time, while you play the game. It’s constantly checking, every few minutes, just to make sure you aren’t doing anything naughty, even though it’s already checked 200 times.
In even the best case past scenarios, Denuvo had a performance impact. It uses a very complex system of data decryption so the executable can’t just be hacked to remove DRM checks. Decryption isn’t “free” in terms of computation, and will drag system processing speed down. Going back to Sonic Mania as an example, that game is so simple a toaster could run it, but Denuvo running in the background would still cause my recordings to stutter.
Now that the new Denuvo is kernel-level, it is effectively going right to the heart of Windows and squeezing all of its blood out. In other terms, thanks to this new version of Denuvo, users are reporting significant losses to performance, because your computer is too busy dedicating all system resources to Denuvo’s “guilty until proven innocent” way of doing business.
But Bethesda probably “has” to do this, because including two DRM-free versions of their past games was probably a breach of whatever contract they have with Denuvo, so this is them trying to repent by doubling down with an even nastier version of the software. It sucks, but there’s parts of Bethesda that also seem to suck, so the shoe fits.
And none of this even touches on the fact that letting software like Denuvo root around in the Windows kernel is probably an outrageously bad idea in general and a huge security risk. It effectively means that the security in Windows is only as good as Denuvo’s. If Denuvo’s security isn’t absolutely 1000% air tight, it becomes way easier for other people to gain kernel access to Windows, and that would be very bad for Microsoft, Denuvo, and Bethesda. Kernel access for software like this is a big risk.
I should also point out that the inventors of Denuvo also invented SecuROM, another DRM scheme, and one that has actually broken hundreds of games on Windows 10. Essentially, whatever loophole SecuROM used to maintain its anti-piracy DRM was closed by Windows 10, and now, even if you have legitimate game discs, they cannot be installed because the SecuROM check will always, always, always fail.
Denuvo is a ticking timebomb waiting to explode, essentially.
The thing is, I feel like this is how the DRM song and dance also goes, though. All of the nastiest anti-piracy DRM always reaches a kind of boiling point and then falls out of favor. I mean, nobody remembers StarForce these days, do they? I feel like we’re on the road to Denuvo going away, though that only makes it suck even harder when things like this happen.