As others explained, it could be achieved without using any passwords or even RAR format. That was one of the listed reasons, and not really a good one too. The DRM related reason was about torrents / malware thing.

Well either...

The game is Windows only :

On Steam : you have to run Steam Windows client on Wine/Windows, download and install the game then copy the installed files.

On GoG : Download the game, use the script in this thread to extract the password, or using Wine/Windows to install the game and extract the files.


The game is Linux compatible:

On Steam : Download the game using Steam linux client.

On GoG : Download the Linux packages.


I would say that both are similar except that I am pretty sure that it will probably be easier to extract the files from the GoG installer one way or another rather than having to run Steam Windows client on Wine to download it.

Please, don't be so simple. Do you honestly think pirates care about digital signatures? I'm willing to bet most of them can't tell between a signed and unsigned file and the little popup that comes up on Windows they will click "continue or yes" just to get to the installer, they barely read it or know what it's referring to, let alone worry.

That's because they are RAR files. I wonder which browser we are talking about here -- I can't think of any that cannot be persuaded to skip content sniffing given the right set of HTTP headers.

Installing Steam on Wine and downloading the games is something most people can do.

Downloading the GoG installer, searching for the game id, extracting the MD5 to extract the files is something not everyone can do.

I don't see how you could say GOG would be easier.

Where do you want to copy the installed files and why?

No, Steam runs quite fine with WINE. Those GOG installers don't. Getting that decryption key is too much work. Steam gets more attractive for linux users than GOG. Period.

Hopefully innoextract will include that, so it will be rather easy (again demonstrating the nonsencial nature of this password). Except I think it should be a special gog case, since innosetup isn't used by GOG only. Something like gogextract I guess.

This discussion has been somewhat pointless for quite some time now.

Most arguments in favour of this practise are irrelevant now, since the passwords can be obtained fairly easy. And not only by us, the legitimate customers, but also by anyone else.
The only other purposes not affected that I can see would be the prevention of misunderstandings (accidentally extracting the archives), and the prevention of the embedding of malicious software (which is pointless anyway). Both issues, especially the first one, could be tackled with other technical systems. There are good examples in this thread already.

So please, remove these restrictions.

Edit: By the way, I won't buy games in the near future either, unless some things change around here. These passwords aren't so bad all on themselves, but along with the introduction of regional pricing and a few other issues it's just... too much.

I'm kind of surprised that the discussion is revolving around pirated copies. It was a ridiculous argument on GOG's side, and served to derail the discussion on the actual matter at hand.


I sure hope you're not suggesting this as a viable solution.


EDIT: added missing word

Subscribed (and voted on shmerl's wishlist) to see how this plays out.

I'm a little worried by this.

I'm really angry at GOG about this situation.


Dear GOG, If you're reading this please know that:

I've always had the assumption that I own the games I buy from you and I always believed them to be DRM-Free. Now my library has games encrypted with a password that you silently decided to add for a reason that doesn't make any sense.

Should you decide to remove this password I'll have to spend a lot of bandwidth and hours into downloading all the affected games and since most of my library is backed up on DVD's it also means I'll have to spend a lot more hours into re-burning discs again, needless to say that good money may go to waste cause of this.

As you can probably see, you've created quite a mess for me. As it currently stands I won't buy any Windows games from you, I can't trust you anymore.

In my 3 years since I joined, I've rarely been disappointed even with your mistakes that have left many people disappointed and angry. It really burns me up that such a great company promoting DRM-Free goes to put a password where not needed. You could have executed this idea in a better way.

I can't help but feel betrayed by the trust I've placed in you.


Regards

Let's see, it's a solution that works, is free, doesn't have any compatibility issues, is not hard to use even if you have limited knowledge... well yes it is a viable solution.

I got the impression that Gowor found "ordinary Windows users can bypass the installer just by renaming the BIN to RAR" to be an unacceptably high risk of unnecessary support calls.

Hence, I was proposing something that's still reasonably easy to future proof but requires more specialized work to unpack.
Because Gowor seems to have explicitly ruled that out, so I was presenting a compromise I consider acceptable.

@DragoonPL had an interesting comment in the wishlist: The bottom line - to prevent users from erroneously opening that in the browser or running it with VLC (what else should be prevented, users flashing their devices with those bin files instead of firmware anyone?) there is no need to use some uniquely generated passwords or any passwords at all for that matter. Just use some other format which is still possible to extract with existing tools.
It's not a free solution since it relies on Windows. And installing Windows in VM just to unpack the package is just insane.

No, it's DRM when they artificially and pointlessly put roadblocks in the way of my taking the resources from that x86 game and using them in an ARM-compiled copy of ScummVM or DOSBox or what have you.

The key word being "artificially".

We are also in 2014 where Windows checks digital signatures on EXE files. It's more robust to have the signed InnoSetup EXE do a hash check on the RAR and that requires no password.

Again, ineffective at the claimed purpose and puts artificial roadblocks in front of legitimate buyers.