NCSoft to Roll Out Hackable Anti-Hack Software

Greyzone writes "NCSoft is preparing to use a security product to protect the Lineage II game process from user hacks while running on a user PC. Unfortunately, this product has serious flaws of its own. Securityfocus.com explains the serious flaws and the possible hacks that can be used against user PCs that have installed this software." From the article "It is true that even with this vulnerability the user must still be tricked into running a malicious application that exploits it. However, in South Korea, where the Gameguard service is widely used, net cafes have become part of the social fabric. These machines are ripe fruit for damage."

nProtect, not just another Anti-Hack software.

[PiratSS]

nProtect is not a sure way to eleminate hackers, but it's a pretty good at detecting if any hacks are running. If you used nProtect before, you will know what I mean. I used to run a TSearch and a debugger program for my C++ applications, and nProtect wouldn't allow me in any of it's protected games. I remember a few ways of patching old versions of nProtect, but they are eleminated now, and it's pretty hard to stop for an AVERAGE programmer.

Re:nProtect, not just another Anti-Hack software.

[gl4ss]

well. but this is not about hacking the software that is protected by the nProtect software.

rather, it's about nProtect getting hacked - causing your computer to be OWNED. sure, your lineage might be protected but how about your banking?

Even bigger problem

[Cipster]

The main problem with nProtect is that it will do nothing to stop cheaters. The most popular bot for L2 does not even use the game client but runs as a complete standalone app. The protocol the game uses to communicate with the game servers has been completely hacked to pieces and the bots can emulate it perfectly. All this will do is install a bad piece of software on legit users' machines while the botters will bypass it completely.
Once again chinese botters/hackers > NCSoft (the most popular bots/hacks are made by chinese programmers and are used by the workers of the companies that sell in-game currency for cash).

Re:That's just sad.

[Scrameustache]

you can't block every hole in security. Sometimes you just have to hope, right?

How's about not introducing new holes? That would be a good start.

Yes and no

[Pan+T.+Hose]

Still, you can't block every hole in security. Sometimes you just have to hope, right?

Yes, you can. No you don't. Software is just an applied form of discrete mathematics. "Beware of bugs in the above code; I have only proved it correct, not tried it," as Donald Knuth once said. It is possible to present a formal proof of correctness for any algorithm. It is nearly impossible and certainly impractical when you have a big mess of spaghetti code like with most of software that is utter crap, but it is possible nonetheless when you know what are you doing and design appropriately, with very clean, small and isolated parts of your system responsible for enforcing its security policies. Take a look at such operating systems as KeyKOS and EROS. E.g. read Verifying Operating System Security paper by J. S. Shapiro and S. Weber: "This paper presents a proof of correctness of the EROS operating system architecture with respect to confinement." Read some essays by Norman Hardy, especially those on Capability Theory. This is hardly a new idea, see GNOSIS: A Prototype Operating System for the 1990s paper by Bill Frantz, Norm Hardy, Jay Jonekait and Charlie Landau, written more than 25 years ago. The bottom line is: it is certainly possible to have a 100% secure system, but developers don't bother because users don't care.