PC Game Piracy Examined
[Page 9] Copy Protection & DRM (Pt.2)
The first protection system to truly fall afoul of user anger is StarForce. Developed around ten years ago by a Russian company called Protection Technology, it was in common use in a range of games, and still is in the Russian version of several recent games such as STALKER: Clear Sky. Complaints about potential StarForce-related issues had been brewing for years, much the same as virtually any other protection system. However something happened in 2005 to change the way in which StarForce would be viewed forever: StarForce became extremely difficult to crack due to the methods that Version 3.0 of StarForce started employing. As we've already discussed, these methods meant that the StarForce-protected UbiSoft title Splinter Cell: Chaos Theory released in March 2005 remained uncracked for over a year. As if by coincidence, towards the end of 2005 with StarForce 3 still uncracked a determined public hate campaign suddenly sprang up, lobbying UbiSoft in particular to permanently remove StarForce.
Interestingly enough, there's very little in the way of actual evidence that StarForce does anything harmful. The Boycott StarForce Site tries to clumsily summarize the case against StarForce, the most damning indictment apparently being that it installs a 'hidden device driver'. This is supposed to prove the sinister nature of StarForce, however it neglects to mention that commonly-installed third party tools like SpeedFan also install such device drivers (Speedfan.sys) without the user's explicit consent or knowledge. In fact the Speedfan device driver is known to have security vulnerabilities. However as some people will quickly point out, StarForce's drivers have Ring 0 access, but as StarForce themselves point out a large range of other software also installs drivers at Ring 0. StarForce has made the reason for requiring Ring 0 access quite clear, it's a necessity in providing protection against emulation software used to run pirated games:
The matter is that all of known emulators install ring 0 drivers. Obviously, the only way to prevent emulation is to work on the same level and that is the reason our copy protection installs drivers.
Other evidence against StarForce includes a few unverified stories which state that StarForce slowed down their systems, caused crashes, or even damaged their optical drives; the Boycott StarForce site shows a picture of a shattered CD for example to emphasize this last point, despite there never being evidence that it does this. To cap off this wave of negative publicity, in 2006 a $5m Class Action Lawsuit was launched against UbiSoft, based on the allegations above. What is not so publicized is the outcome of the lawsuit; two years on it appears the case was dropped. UbiSoft insiders reveal that when the plaintiff in the StarForce case brought the example of his system being infected and ruined by StarForce, UbiSoft's first submission was a 12,000 end-user survey which it had carried out showing none of the sampled users had any such issues.
There's no question that StarForce, much like other protection methods, does introduce extra variables into the equation which can cause problems on some systems. Just as graphics drivers or other system drivers can cause crashes, I have no doubt some system issues were due to StarForce. In particular there were two perfectly valid and verified claims against the StarForce drivers at the time: that they weren't uninstalled when certain StarForce protected games were uninstalled from the system; and that they didn't offer 64-bit support or Vista support. Of course back in 2005-06, 64-bit usage was incredibly low, and Vista wasn't around, however this issue was never resolved for games using StarForce older than version 3.05. As for uninstallation of StarForce, this was rectified in most newer games, and StarForce eventually issued a Driver Removal Tool on their site to further address this problem.
In most other cases though, the stories of StarForce-related issues when examined closely are wildly speculative. The problem is that as soon as people experienced any BSODs, crashes or hardware failures - something which happens on any system for a multitude of reasons - upon visiting a support forum for example they were instantly told by uninformed forumgoers that all their problems were due to StarForce. This is particularly true of the Ubisoft forums at the time, when anti-StarForce sentiment had reached fever pitch. Most PC users have very little technical knowledge and readily accepted such explanations, indeed they often moved on to other forums and quickly spread the same advice to others, namely that any software or hardware problems are being caused by StarForce. The spreading of false advice is unfortunately extremely common in the PC world, overnight a single piece of false advice can spread like wildfire to hundreds of websites and forums. I've seen this sort of thing many, many times while researching different game issues for my guides over the years.
Shamefully, I have to confess that at the time, I too believed all the StarForce stories a little too easily. I never experienced, nor directly saw on any PC under my control, or in my role as a guide-writer or forum troubleshooter, any evidence that StarForce causes serious problems. However trusting that so many people couldn't all be wrong, I used to write warnings in my guides that StarForce was harmful and should be avoided. It was only recently upon taking the time to sit down and research this topic properly, that I've considered the evidence of the causality between StarForce's ability to actually prevent piracy and the sudden ramping up of the hate campaign against StarForce. Again, this is not to say StarForce doesn't cause any problems, simply that most of the wild accusations being thrown around about it were almost certainly untrue.
To make matters worse, StarForce didn't handle the hate campaign very well. For obvious reasons they can't exactly lay open the secrets of their protection methods as it would completely destroy their business which is based on maintaining secrecy against the pirates. They tried explaining things to users, they even tried running a competition asking people to prove that StarForce damages optical drives, but unsurprisingly no-one inside or outside Russia took them up on the offer, nor posted concrete evidence on the Internet, probably because no actual evidence existed beyond the anecdotal kind. Out of desperation they turned to some ill-advised actions, such as threatening a popular blog with legal action, and providing links to a pirated version of a non-StarForce protected game to prove it was being pirated.
By 2006 it was too late. With no real evidence whatsoever, but under the weight of public opinion, UbiSoft decided to smooth things over with their customers by dropping StarForce from their games. In Western countries now StarForce's name is synonymous with 'mud' - only Russian versions of games carry StarForce protection. This is a testament to the power of conjecture and hearsay on the Internet. Ultimately however all this hysteria was utterly pointless, because UbiSoft simply moved from StarForce to using SecuROM protection, and for a while user complaints died down. Until SecuROM started presenting more robust barriers to being cracked, at which point the misinformation campaign has been fired up once again, and a lawsuit against SecuROM's use in Spore has been launched on much the same flimsy basis as that against StarForce - as we examine below.
The SecuROM protection system has been in use in various forms for many years, stretching back to games like Diablo II, Alien vs. Predator 2 and Unreal Tournament 2004 all the way up to recent titles such as BioShock, Crysis Warhead and Command & Conquer: Red Alert 3. Just like StarForce, as the latest Version 7 of SecuROM has started becoming much more effective in preventing day-zero piracy, primarily through new online activation measures, it too has fallen under a mountain of uninformed criticism and deliberate scaremongering. That's not to say it doesn't have legitimate problems. Let's start by looking at the verified problems with SecuROM:
Although annoying, and certainly not something users should be happy about, these issues are not particularly sinister and in general are easily rectified. In my many years of experience in both using SecuROM-protected games, and reading feedback on SecuROM, the above list covers the vast majority of the legitimate problems which some people have with SecuROM. Recently however, SecuROM incorporated an online Product Activation method which is used in offline-only single-player games like BioShock, Mass Effect, Crysis Warhead and GTA IV. As discussed earlier, this is a key tool in combating 'day-zero' piracy. The precise protection method varies by game, but essentially it connects to a special server to verify ownership of the game after installation and during updates. In some cases, it also determines how many concurrent installations of the game are allowed. This addition to SecuROM has caused the greatest controversy of all, because it's seen as pure DRM rather than just copy protection.
To address concerns over the installation limit, as detailed here and here, more recent SecuROM implementations in games like Far Cry 2 and GTA IV now automatically revoke an activation when a game is uninstalled while online, but should you have any problems, you can use a manual revoke tool instead. Thus the limitation of installing a game on 3 or 5 machines at any one time is not entirely unreasonable when given appropriate revoke tools to manage those installations and ensure they're not wasted. This step isn't enough for some people though. They argue that they own a game and should therefore have the right to do whatever the hell they want with it. This is an unrealistic demand in the current environment of rampant piracy and is also technically incorrect. The End User License Agreement (EULA) which all gamers agree to before installing their game specifically states that the user is only licensed to use a copy of the game under certain terms and conditions, and does not ever own that game. This has always been the case, so in theory customer rights are unaltered. In practice, while it does seem overly restrictive, unfortunately the entire system of Product Activation becomes useless as a protection method if people are given unlimited installs with no check.
However if you ask a person who is anti-SecuROM what the real problem with it is, the above issues fade into insignificance when they tell you that "SecuROM is spyware and a rootkit!" Aside from the fact that the people who so often quote this line usually have no idea of what genuine spyware or rootkits actually are or how they work, what they're alluding to are two separate things: Ring 0 access and hidden Registry entries. This is also the basis for the recent Spore Class Action Lawsuit against Electronic Arts in their use of SecuROM.
I've already touched on the issue of Ring 0 access in the StarForce discussion further above. For one thing, it hasn't even been proven that SecuROM has Ring 0 access, however even if it turns out that it does, a wide range of third party programs will install device drivers as a normal part of their behavior, some of which have Ring 0 access. In fact some of them even have known security vulnerabilities, as we saw with SpeedFan. A search of the trusted security advisory site Secunia doesn't show any past or present listed security vulnerabilities in SecuROM, while other third party drivers, even older versions of protection methods such as SafeDisc have had such vulnerabilities in the past, though they are usually patched quickly. However rather than getting into a confusing technical debate about this issue here, let me instead point you to this discussion on the official Daemon Tools forums, conducted between one of the parties involved in the Spore class action lawsuit (username sblade), one of the developers of Daemon Tools (username LocutusofBorg), and a knowledgeable person with verified experience in the field (username evlncrn8). I direct your attention in particular to this post in which he (evilncrn8) counters the vague, deliberately misleading and unverifiable claims against SecuROM. As he states, after conducting extensive research and debugging of SecuROM on his own, he can't find any evidence that SecuROM does anything malicious, nor that it does any of the things that the other anti-SecuROM so-called experts claim it does:
It appears you guys didn't really do your research properly and are spreading misinformation, no other ulterior or secret motive... I know the protections, pretty much all of them, I've debugged them, I've cracked them in the past.. and nothing you've posted so far matches up.
The developer of Daemon Tools backs him up:
With all respect, please stick to FACTS that you can write down and show everyone before make such claims - at least here at our forum. It's total different if you dislike Securom or love it OR to write informations that are not based on facts... What concerns evlncrn8, rest assured that this guy knows what he wrote, even if you dislike it.
This is the heart of the issue: people with no real knowledge of SecuROM are deliberately and systematically creating and then perpetuating absolutely unverifiable, often patently false claims against such protection systems, more to debase and undermine the protection system's credibility in the eyes of the public than anything else. Even a quick check of Wikipedia's SecuROM article shows that the entire article is flagged with the heading: 'The neutrality of this article is disputed' and 'This article may contain original research or unverified claims.' Facts are taking a back seat to hysteria and a clear agenda to demonize SecuROM.
In terms of the hidden Registry entries which SecuROM creates and may not uninstall, there hasn't been any evidence that there's anything devious involved. Sony explain this themselves in this FAQ Entry:
As part of the SecuROM DRM system, certain license information is stored within this "!CAUTION! NEVER DELETE OR CHANGE ANY KEY" registry key, contained in HKEY_CURRENT_USER\Software\SecuROM and/or HKEY_LOCAL_MACHINE\Software\SecuROM. The reason for naming this key in this way is to prevent users from inadvertently deleting keys/values stored beneath that key, which would prevent SecuROM from working properly. Newer SecuROM versions store the license information in a registry key named “License information”, similarly contained in HKEY_CURRENT_USER\Software\SecuROM and/or HKEY_LOCAL_MACHINE\Software\SecuROM.
In any case these Registry entries don't consume any resources or spy on your system. They're hidden because aside from preventing accidental deletion, they're used by SecuROM to track their protected game licenses. Since some anti-malware programs such as RootkitRevealer mistakenly flag them as suspicious, they've come to be seen as a sign that SecuROM is a rootkit or spyware. As it stands, there's never been any genuine evidence presented anywhere to show that SecuROM is a rootkit or spyware, or does any harm to performance or system stability; only conjecture and not surprisingly, a lot of misinformation deliberately created by crackers and perpetuated by piracy-related websites. SecuROM does have confirmed issues, I've posted them further above. However there is no evidence that SecuROM is conducting any harmful or mischievous activity on your system.
Here's the best part though: although there's never been any real indication that StarForce or SecuROM are rootkits or malware of any kind, the same can't be said for the most popular tools used to bypass copy protection: Alcohol and Daemon Tools. When Mark Russinovich, noted techie and author of various SysInternals tools such as Process Explorer and AutoRuns, took a close look at these popular emulation utilities, he concluded that:
There’s no proof that Alcohol and Daemon Tools use rootkits to evade DRM, but the evidence is compelling. If they do their usage is clearly unethical and even potentially runs afoul of the US Digital Millennium Copyright Act (DMCA). In any case, there’s no reason for these products, or any product as I’ve stated previously, to employ rootkit techniques.
So if the same standard of evidence and logic that StarForce and SecuROM have received is applied to Alcohol and Daemon Tools, we see that these tools are indeed rootkits, and hence supposedly lay a system open to malware attacks. Furthermore, if users are genuinely concerned about introducing malware into their system which can compromise security and stability, then you'd think they'd avoid downloading pirated material. It's well known that one of the most common ways in which people pick up malware is through file sharing, because torrents in particular are saturated with fake files deliberately designed to infect a system with trojans, viruses, spyware and yes, even genuine rootkits. Not surprisingly however, no campaign to boycott torrents, or Alcohol, or Daemon Tools will ever gain any momentum, despite the potentially greater threat they represent to the security of users than SecuROM or StarForce ever will.
As it stands, I want to repeat the fact that both StarForce and SecuROM, not to mention SafeDisc, Tages and a range of other protection methods all have various legitimate, verified problems and glitches. Purely from a consumer's point of view, they are without a doubt an unnecessary imposition and an annoyance. I certainly don't like any of them myself. However I hope I've explained why they are a necessary evil in the current climate of rampant piracy, and demonstrated that not only do they actually work, especially in preventing day-zero piracy, but more importantly, what you may read or hear about these systems is more often than not complete and utter nonsense.
Steam is a combination of a digital software distribution platform and a DRM technology developed by Valve Corporation. It was developed in 2002, but picked up pace in 2003 and its usage became commonplace from late 2004 onwards with the release of Half Life 2 which incorporated Steam for updates. But before we get ahead of ourselves, let's go back to the early days of Steam and consider how it was received by consumers. Back in 2003, negative attitudes towards Steam such as the ones in this article and this thread were rife, with comments such as:
I used to be all optimistic about it, but now [Steam] seems the stupidest thing to disgrace my harddrive next to spyware and viruses. If it didn't have the Valve logo in the corner, I would swear it was made by Microsoft. Screw you Steam! I'm off to play Wolf: ET.
Jumping ahead to 2004 and people were still sharing 'horror stories' with regards to Steam, such as in this thread, with some people even considering boycotting HL2 because of it: "The fact that you can't play HL2 without it might very well be the reason why I might not buy HL2." In fact an online petition was started entitled Say No to Steam and reached almost 30,000 signatures, with comments such as "This delivery system is evil. Valve is evil for using it." and "Steam is the worst program ive ever used." By 2005, Steam was still being hated by some, as witnessed in this thread:
Personally I HATE steam. I love HL2 I can't get enough of Counter Strike: Source but all in all steam causes nothign but frustration. I hate how it starts up on startup. I hate how it failes to connect to server ar adds all the extra hastle into connection. It is to much extra baggage and very much of a pain.
Even to this day, as recent comments in this blog post show, there are still people who resent Steam. However for the most part, the vast majority of people have now apparently come to love Steam, making it a massive commercial success for Valve.
So essentially, Steam has all the elements which would make it a prime candidate for users to complain endlessly about unnecessary resource usage, potential performance problems, being spied upon without their knowledge, unwanted restrictions on access to their games, rootkits, and so forth. Yet why did Steam go on to be so incredibly successful despite the initial years of user anger, while StarForce and now SecuROM have had a massive hate campaign waged against them? I contend that it's due in large part to the substantial fan base for Valve's CounterStrike and Half Life games who have unquestioningly supported Valve in virtually every move it makes. I'm not suggesting that Steam is a bad piece of software, and of course Valve has also implemented various improvements to Steam over the years. However at its core Steam is still DRM and still imposes various restrictions very similar to something like SecuROM. And while SecuROM has its drawbacks, so too does Steam. For example:
Steam does have a range of benefits as well, including removing the disc check component for all games, allowing users to login to their Steam account anywhere in the world and thus download and play their Steam games on any machine, as well as community features which many Steam gamers enjoy. Of concern however is the way in which gamers have almost blindly embraced Steam the same way they've decided to blindly hate SecuROM. Both forms of DRM have their advantages and drawbacks, however I suspect that a combination of Valve being a popular developer combined with their persistence to ride out the initial years of the negative hate campaign against Steam paid off in the end. At the very least it certainly demonstrates that DRM can become accepted, even loved, if presented in the right way. It seems perceptions rather than facts are often the key to success.
In terms of combating piracy, Steam has worked quite well, but not just because it's a superior technological solution, rather because it deters casual piracy through its online-focused features, much like multiplayer-only games. Put simply, Steam raises the risks of piracy because the Steam client is constantly verifying ownership details online. Pirating a steam game isn't necessarily harder than pirating a non-Steam game, the problem is that by using a Steam crack on their system, pirates risk losing access to any legitimately purchased Steam-based games as well if the crack is detected. Those using Steam cracked versions of games also can't access official game servers, which means they get to play on less populated unofficial servers, further reducing the attractiveness of pirating online-only Steam games. This is the reason why Steam works so well as a DRM platform.
One last point: some people are in such a mad rush to insist that Steam is somehow the solution to every aspect of piracy and DRM, they fail to consider that by giving Valve a monopoly in digital games distribution, this will only help keep game prices high. Digital distribution should logically be about reducing prices due to lower production costs, and yet Steam's prices remain on par with retail sales, primarily to prevent them from undercutting the retail market. If Valve is serious about getting digital distribution to truly take off it needs to insist that publishers sell their games for a much lower price on Steam. However I believe it will take the presence of a decent competitor in the digital distribution market before Valve takes such steps.
DRM and the Future
Consider one last example of a protection method which has been subject to similar levels of hysteria and misinformation, and which every legitimate Windows user has installed on their system right now: Windows Product Activation. It was introduced in 2001 as part of Windows XP despite massive opposition, and again in 2007 in Windows Vista, and once again to be included in Windows 7 in the near future. If it's been a failure in protecting Windows against casual piracy, then Microsoft certainly hasn't shown any signs of dropping it. Back in 2001, sensationalist articles such as this one not only proclaimed this feature to be 'fiendish' and that it would allow Bill Gates to "...spy on your machine", they also called it "a step too far". Suffice it to say that all these years later, product activation has been proven not to be spyware, is not overly problematic, and the various fantastic scenarios people cooked up to somehow suggest we'd be activating our machines every second day and eventually being locked out of them for no good reason have all been debunked. The truth is that it works just fine, Microsoft still has an almost 90% market share with their Windows OSes, and users have become completely used to Windows Activation; all the hysteria and lies regarding it were proven completely false in the end.
Reading this section, it should become obvious to most people that the DRM debate is not as clear-cut as some would have you believe. By playing on the lack of tech knowledge among the general population, particular individuals and groups with vested interests in piracy have deliberately generated and perpetuate a range of falsehoods with regards to the major copy protection and DRM methods, most recently the SecuROM system. In truth because no-one really likes DRM, no-one has any real incentive to genuinely research the sensationalist claims made against these protection methods. Most people are more than happy to accept completely unsubstantiated lies regarding the impact of various DRM, if only because they would much rather it didn't exist.
Should we be happy about DRM? Of course not. But let's be clear about the chain of cause and effect here: piracy has forced increasingly intrusive DRM upon us. No-one likes it, but it's here to stay so long as people pirate things rampantly under a range of excuses. If you want to be outraged about DRM, direct a lot of that anger towards the pirates who've made it necessary.
What about addressing the shortfalls of DRM? Years ago, when it was announced that Windows Vista would be released with a severe limit on how many times it can be transferred between PCs, I didn't rant, rave or start a misinformation campaign. I wrote this article on Paul Thurrott's site and suggested that the transfer limit be raised to something reasonable. In other words I considered the problem and came up with a practical compromise, not an unrealistic wishlist. Shortly afterwards, Microsoft announced that the transfer limit would be removed altogether, so clearly they were receptive to constructive feedback and went even beyond my suggestion. Similarly, problems in current DRM implementations need to be resolved through intelligent user feedback, backed up with evidence and reason and a rational debate, not childish tantrums, sensationalism, scaremongering and lies. Games companies have already started evolving their use of DRM to remove some of its biggest inconveniences, such as the provision of revoke tools to manage install limits, and the removal of disc checks on some DRM-protected games. What we need to do is help DRM evolve into something that's both more effective against piracy and less troublesome for legitimate users, similar to the way Steam evolved to where it is today. EA President Frank Gibeau has made it clear that they're receptive to such moves:
We're willing to evolve our policy to accommodate our consumers. But we're hoping that everyone understands that DRM policy is essential to the economic structure we use to fund our games and as well as to the rights of people who create them. Without the ability to protect our work from piracy, developers across the entire game industry will eventually stop investing time and money in PC titles
The issue has been confused somewhat because a few smaller companies such as CD Projekt and Stardock are carving out a niche selling games which have no DRM. These games appear to have specific markets with lower levels of piracy, so while removing DRM is a practical approach for them, the broader games market is not necessarily subject to the same approach. Furthermore, upon closer examination we can see that the Stardock case is not as clear-cut as people want to imagine. Firstly Stardock uses another method to reduce piracy: constantly releasing updates for their software which must be obtained through their Impulse digital distribution channel. In effect this is a lot like Steam, so of course they don't need the same sort of overt DRM measures that major offline-only games require. However more importantly, Stardock recently released a Consumer Report (PDF) which specifically outlines what it believes are legitimate and illegitimate complaints regarding DRM, and in no way does the document do anything other than endorse precisely what we've been discussing above. Some examples from the document demonstrate this clearly:
There is no solution to the issue of protecting intellectual property (IP) that will satisfy all parties. There are customers who will accept nothing less than publishers acquiescing to a quasi-honor system for purchasing software [i.e. removal of all protection]. That doesn’t work.
At the other end of the spectrum, there are publishers who want customers to have an always-on Internet connection to play a single-player game. They have every right to require this if they want, but it will cost them tremendously in terms of goodwill and sales.
So what are the issues people have with DRM?
[Some examples below of customer complaints against DRM that Stardock considers 'legitimate' and 'illegitimate':]
Legitimate complaint: They don’t want the copy protection to interfere with their enjoyment or use of the software or game.
Illegitimate complaint: DRM is just wrong in principle, you buy something, you own it and should be able to do whatever you want. This is a view held by some but the person who makes the thing has the right to distribute it how they want. If I spend $5 million making a game, someone paying $50 doesn’t “own” it. There has to be some middle ground on serving customers and protecting IP holders. Users who disagree and want to stick with this principle have my respect but we believe a balance needs to be made that is satisfactory to most users and most publishers.
Like it or not, in the face of rampant piracy, some form of effective protection or DRM is an inevitability for many types of PC games, especially offline-only single-player games, and is here to stay. Steam is one solution, but I've warned that it isn't necessarily the cure-all that some people would like to believe, and still has notable drawbacks. The various DRM methods must evolve to the point where they are both more effective at reducing day-zero piracy, and also less intrusive and problematic for legitimate users. Gamers can assist in this process by making sure that only verified and truthful information regarding these systems is discussed. Hysterical misinformation is not the appropriate approach and will only lead to either more intrusive DRM or worse - as we see in the next section as the article draws to a conclusion.
Update: As expected, given the continued hysterical misinformation regarding DRM, the dramatic increase in PC game piracy, and the failure of the DRM-free approach in recent games such as Prince of Persia (see previous page), Ubisoft has announced in early 2010 that it is taking a new approach: all games, whether single or multiplayer, will now have to be run in constant online mode, requiring an Internet connection for ongoing verification of the game during gameplay. The practical implementation of the Ubisoft protection system is covered in detail here.
Update: Electronic Arts has also implemented a similar system for Command & Conquer 4: Tiberian Twilight.
Update: CD Projekt, a developer which is also often mistakenly thought of as having a soft-on-piracy stance, has also come out and said that despite their latest game The Witcher 2 not having any DRM, they will vigorously pursue pirates by legal means. CD Projekt says:
Of course we're not happy when people are pirating our games, so we are signing with legal firms and torrent sneaking companies. In quite a few big countries, when people are downloading it illegally they can expect a letter from a legal firm saying, 'Hey, you downloaded it illegally and right now you have to pay a fine.'
A prominent games lawyer believes that CD Projekt's effort with The Witcher 2 marks the beginning of a crackdown that's set to become more intense, saying: "Piracy is a serious legal and financial issue for the games industry, which is responding with a range of measures from DRM to legal action against illegal downloaders."
In early 2012 CD Projekt backed down on its threats of directly identifying and prosecuting pirates. However in the face of damning figures showing that their extremely popular PC-exclusive The Witcher 2 game was pirated at least 4.5 million times in comparison to only 1 million legitimate sales, despite having all DRM removed in an early patch and receiving almost universal praise from gamers, they had this to say about piracy:
Let's make this clear: we don't support piracy. It hurts us, the developers. It hurts the industry as a whole. Though we are staunch opponents of DRM because we don't believe it has any effect on reducing piracy, we still do not condone copying games illegally. We're doing our part to keep our relationship with you, our gaming audience, a positive one. We've heard your concerns, listened to your voices, and we're responding to them. But you need to help us and do your part: don't be indifferent to piracy.
Thus in 2012 The Witcher 2 example continues to prove that giving gamers what they ostensibly seem to demand: a well-crafted and highly popular PC exclusive game, lacking intrusive DRM, from a small independent developer, is still not sufficient to prevent an 80%+ piracy rate.