It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
avatar
GOG.com: To that end we will be removing the mentioned archive protection from the select Windows installers that had it until a better solution, both technically and philosophically, is ready.
(emphasis shifted by me)
Don't get me wrong, this is a good thing, overall. But there's still no guarantee that something different (and worse) may come up in it's place.

I honestly want to celebrate and drag out the wallet like the rest of you, but until this better solution is implemented, I can't really trust what will happen anymore. No more purchases at all.

Get burned enough and it's difficult to trust again. GOG, I'll still be watching and waiting. Please consider the technical solutions written on these forums. It could only improve your bottom line to adopt a platform-independent and open source method of checking your files.

I'm not saying this just for the peace of mind of we Linux users, but for Windows and Mac users, too.

Edited for some clarity.
Post edited January 07, 2015 by llirium
avatar
GOG.com: As the topic of password protected archives included inside some of our Windows game installers sparked some heated discussions, we’d like to address some misunderstandings around this topic and let you know that changes will be made.

Password protection appeared in selected multi-part Windows installers, about 30 games from our catalogue that had large install files, over 6 months ago. We implemented it for various other reasons as well, many of which have been mentioned in previous posts. One of them was streamlining installation for the less tech-savvy users to avoid the issue of “broken” games after not using the installer to install them (you more proficient tinkerers have proven that it was a trivial barrier against the more advanced users).

We’ve heard your concerns regarding this solution and we do agree it could have been better. Although the same could probably be said about many other answers to this problem, it doesn’t mean we shouldn’t try to do better for our community. To that end we will be removing the mentioned archive protection from the select Windows installers that had it until a better solution, both technically and philosophically, is ready. Please continue sharing your suggestions regarding such a solution in this topic - your feedback is very appreciated.

On a side note, we’d also like to invite Captain Obvious here for a moment to remind that GOG offers and supports games compatible with specific operating systems and prepared to be installed on a given system using our included installer for a reason. This is, from the very first day, our way of offering a hassle-free, user-friendly and welcoming experience for millions of our users, no matter what their technical skill level may be.

That is why we cannot guarantee that our installers will never change and will forever remain compatible with each of such unsupported tools. However, it never was and our goal to purposely break compatibility with some third-party extraction tools or emulators used by some of our customers - and, rest assured, it never will be.

GOG.com Team
I want to express my most sincerest thanks to the GOG team for listening to the concerns of their customers and taking it to heart. I do realize that you can't focus on ensuring your installers wok on unsupported platforms, and I am very thankful that you actually keep such compatibility in mind. GOG has been the game distributor of choice for a lot of Linux gamers because of your DRM-free stance as well as how easily your installers have been working in Wine.

This is a point that I personally believe you deserve credit for.

My issue with the new installers were simply what for me seemed like a new restriction in the software that was not there previously. Your response has reaffirmed my faith in your stance regarding DRM and unnecessary restrictions.
avatar
Trilarion: - use checksums during download and during installations to check for integrity (you probably already do)
avatar
MasterS.249: During download is like how Steam verifies cache? What if alternative downloader is used? During installation is understandable.
Using checksums in their official downloader is already done - do keep in mind though that the downloader downloads installers (that can - and do - check themselves), not direct game files. Of course GOG cannot support any method of download beyond the official ones: browser and official downloader, and only the latter of those can do checksums, just as they cannot support people installing the games by simply extracting the files or using third-party tools, that doesn't mean third-party downloaders don't work.
Thanks GOG! :)
Thanks GOG, you have once again proven that you value your community. :-)
Thanks GOG. Now i can play (buy) games in peace :)
Thanks! :-)
avatar
Gowor: Hello,

-Rars are used for convenience, as they have some features that the old archives lack. For example when making a test build of the game, it's faster for us to update the archives than to repack them from scratch when making small changes for testers.

-Watermarking the installers with username is not planned. One, for ideological reasons, two it's not really technologically feasible.

-Yes, the archives are password-protected. Here's why:

The supported way of installing the games is by using the Installer, which apart from unpacking the files, also creates registry entries, shortcuts, compatibility fixes etc. We want to avoid having the situation, when user will see a unprotected rar file, download and unpack it, and get a "broken" installation, because he didn't use the installer.
There were situations, when users would download just a single part of the installer, or try to unrar it manually (because apparently some browsers detect our new archives as rar files), or even try to open the .bin files with the VLC Video Player.
In such a situation I think it's better to give immediate "it won't work that way" message, rather than allow someone to make a "partial" installation, which may or may not work, without any information.

Another reason - I want to avoid the situation where someone tampers with the archives (let's say adding malware, or some illegal content), and uploads the modified version on torrents. I don't want the GOG Installer installing anything else than it was supposed to, and it doesn't matter how it was obtained.

The Installer is designed mostly for reliability and ease of use for any user. And it's intentionally designed as it is.

Mind you - if you are using the supported installation mode, you don't have to enter the password anywhere. Nor is it in any way dependent on username, or hardware, or anything else. It's more or less hardcoded into the installer (I see you guys already figured out how), as much as the decompression algorithm. You can still use the installer exactly as you could since the beginning of GOG, and install your games wherever, whenever, and however many times you want. It doesn't detect where was it downloaded from either. That hasn't changed at all.

We don't really support installing the game by manually unpacking the archives (for whatever reason you do that). On the other hand, I see you already figured out the algorithm for obtaining the password, so you are still able to do as much. I'm not going to say "Hey, good job hacking into our software guys!", but I'm not going to try and make the password harder either.
Why the hell would you not want to use the GOG installer. It's the best thing ever. Leaving little impact on the registry and somehow knowing what the game save files are. Not sure if this happens on the Linux version but still. I really like the GOG installer. I with more companies used it.
avatar
GOG.com: As the topic of password protected archives included inside some of our Windows game installers sparked some heated discussions, we’d like to address some misunderstandings around this topic and let you know that changes will be made.

Password protection appeared in selected multi-part Windows installers, about 30 games from our catalogue that had large install files, over 6 months ago. We implemented it for various other reasons as well, many of which have been mentioned in previous posts. One of them was streamlining installation for the less tech-savvy users to avoid the issue of “broken” games after not using the installer to install them (you more proficient tinkerers have proven that it was a trivial barrier against the more advanced users).

We’ve heard your concerns regarding this solution and we do agree it could have been better. Although the same could probably be said about many other answers to this problem, it doesn’t mean we shouldn’t try to do better for our community. To that end we will be removing the mentioned archive protection from the select Windows installers that had it until a better solution, both technically and philosophically, is ready. Please continue sharing your suggestions regarding such a solution in this topic - your feedback is very appreciated.

On a side note, we’d also like to invite Captain Obvious here for a moment to remind that GOG offers and supports games compatible with specific operating systems and prepared to be installed on a given system using our included installer for a reason. This is, from the very first day, our way of offering a hassle-free, user-friendly and welcoming experience for millions of our users, no matter what their technical skill level may be.

That is why we cannot guarantee that our installers will never change and will forever remain compatible with each of such unsupported tools. However, it never was and our goal to purposely break compatibility with some third-party extraction tools or emulators used by some of our customers - and, rest assured, it never will be.

GOG.com Team
Kudos to GOG, your user friendly policies are why I stopped buying games on Steam. Now you guys just got to get Torchlight 2 so I can get my brother in law in on the DRM-Free revolution.
avatar
GOG.com:
Thank you! ;D
avatar
GOG.com: As the topic of password protected archives included inside some of our Windows game installers sparked some heated discussions, we’d like to address some misunderstandings around this topic and let you know that changes will be made.

...
GOG.com Team
Just wanted to join the chorus: thanks for listening to your customers
avatar
Maighstir: browser and downloader: only the latter of those can do checksums
If GOG provided the checksums in the download area (like Daily/Indie Royale do), some browser tools let you give them a hash digest when you start the file download, allowing them to check it was downloaded correctly. e.g. DownThemAll.
avatar
xyem: If GOG provided the checksums in the download area (like Daily/Indie Royale do), some browser tools let you give them a hash digest when you start the file download, allowing them to check it was downloaded correctly. e.g. DownThemAll.
GOG's multi-part installers provide a verification option under the installation options. The single-file installers are inherently self-verifying (the installer typically detects a broken state, and an imperfect download will not have a valid digital signature).
avatar
Arkose: GOG's multi-part installers provide a verification option under the installation options. The single-file installers are inherently self-verifying (the installer typically detects a broken state, and an imperfect download will not have a valid digital signature).
I know, I was just correcting Maighstir saying browsers can't do checksums.
avatar
Rixasha: Well, there was this one, but I guess it got forgotten.
avatar
shmerl: Did you see this thread? A lot of suggestions were also voiced in this thread too. If you didn't spend time reading it, it doesn't mean that they weren't.
avatar
ssokolow: I've already provided a large selection of suggestions over in the "Technical discussion only. No politics." counterpart to this thread.
Oops.

Have GOG.com Team noticed it? They haven't mentioned it (and checking the thread - haven't yet made a post there). Maybe they can make it the Official Suggestions Thread then? And raise more awareness of it (including through their posts)? The thread was active just 4 days.

To those aware: let's put the link in our Thanks posts, so they (and those who haven't seen it) see it!

avatar
Maighstir: Using checksums in their official downloader is already done - do keep in mind though that the downloader downloads installers (that can - and do - check themselves), not direct game files. Of course GOG cannot support any method of download beyond the official ones: browser and official downloader, and only the latter of those can do checksums, just as they cannot support people installing the games by simply extracting the files or using third-party tools, that doesn't mean third-party downloaders don't work.
A note: depending on the size, it's either just installers or installers with corresponding data packs (in multipart RAR format, as mentioned before).

Both official and third-party downloaders are supposed to download the same official files. So after these files are downloaded - they are to be dealt with. So installers do check themselves? If third-party downloaders consistently download tampered-with files (which should be indicated by installers issuing warnings) - their developers should be contacted.

EDIT:

avatar
Arkose: GOG's multi-part installers provide a verification option under the installation options. The single-file installers are inherently self-verifying (the installer typically detects a broken state, and an imperfect download will not have a valid digital signature).
Ah, I see.
Post edited January 08, 2015 by MasterS.249