Slashdot Mirror
BBC Tells World About The Warden
Anonymous Cowpat writes "The BBC is running a story about the Blizzard title World of Warcraft. Specifically an article about, 'The Warden', Blizzard's highly-invasive anti-cheating software, which some, including The EFF have labelled as spyware. Most of the people around here have probably heard of it by now, but it's interesting to see the story in the mainstream press and (at time of writing) on the front page of the BBC's technology news section, no less." From the article: "The watchdog program, called The Warden by Blizzard, has been known about among players for some time. It makes sure that players are not using cheat software which can, for example, automatically play the game and build up a character's qualities. However, knowledge of it crossed to the mainstream thanks to software engineer Greg Hoglund who disassembled the code of The Warden and watched it in action to get a better idea of what it did."
The watchdog program, called The Warden by Blizzard, has been known about among players for some time. It makes sure that players are not using cheat software which can, for example, automatically play the game and build up a character's qualities.
... if you can!
Yes, but who watches the watchers?
For those worried by what The Warden does, Mr Hoglund has produced a program called The Governor that reports on what it is watching.
Oh.
Well in that case, who watches the watchers of the watchers? Hmmm? Answer me that
I'm tired of losing to the poker robot overlords.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
so if you dont like it -- DONT PLAY THE FUCKING GAME YOU MORONS. when enough people dont play the game, blizzard will get the message. real good.
In the next patch, all WoW character models will be updated with black suits bearing an individual number.
This is the same sort of nonsense that almost sunk Everquest, except the Everquest API only scanned the task manager for names. This does that and also scans for running process "signatures". Yet another reason not to play WoW. Goes right along with needing a Credit card for a "free trial".
Food not Bombs is a nice platitude but it breaks down when you notice that the Bombees are usually well fed
This is a comment from someone who has dissected the Warden client:
The warden then uses the GetWindowTextA function to read the window text in the titlebar of every window. These are windows that are not in the WoW process, but any program running on your computer. I watched the warden sniff down the email addresses of people I was communicating with on MSN, the URL of several websites that I had open at the time, and the names of all my running programs, including those that were minimized or in the toolbar. Once these strings are obtained, they are passed through a hashing function and compared against a list of 'banning hashes' - if you match something in their list, I suspect you will get banned.
In college, really poor, need a flatscreen.
I hope your character isn't a Night Elf named Illidan Stormrage.
I really fail to see how this is any different from what other companies have done before. Half Life's Valve Anti-Cheat system scanned the whole system. Punkbuster, etc. also scanned the system (but were third-party add-ons). The only difference here is that Blizzard didn't disclose that they would be probing further, but I don't see further probing as evidence that Blizzard is doing anything wrong.
GameGuard used by NCSoft in Lineage2 is very similiar when it seems to create more problems then it solves.
In fact GameGuard does not block one single hack I know of for Lineage .....
Offtopic, I know.
The executable randomly pops up an excel spreadsheet and forces you to manage the finances of Blizzard's nefarious illegal schemes and the only way you can escape is through a sewer line.
BBC Tells World About The Warden
Why is BBC telling the world about my girlfriend..
[alk]
Blizzard shouldn't be using anything invasive, we all know that. People shouldn't be cheating, we all know that. World of Warcraft churns out a lot of money and people are relying on the software team to make sure that people's time spent playing can actually mean something to that person. Some people play the game pretty seriously and put a lot of time into their character. These people should not feel their efforts are for naught. On the flip side, Blizzard has no right to monitor what software I have on my (or anyone else's) computer. I am pretty sure that if someone wanted to bring this to a court, Blizzard would be paying for it.
Blizzard sucks because they didn't prevent cheating in Diablo 2!
Waaaah!
Blizzard sucks because they prevent cheating in World of Warcraft!
Waaaah!
I'm torn between my love for sticking it to cheaters, and my hate for spyware. I suffered through the speedhacks and scripters in UO, and every time the developers thought about a process scanner the players went nuts and the idea was dropped. In WoW you sign the terms of conduct each time there's a new patch, so technically you agree to let this warden thing run in the background. Is WoW a better game because of it? Probably.
There are already some big problems with ebay gold farmers.. I'd rather they had to sit at the computer to make their gold, rather than just running a script.
This is my post. See sig above ^
of more than one multiplayer online game, I have to say, cheaters playing the same game as you suck. Have you ever played CS with cheaters? Really doesn't make it fun at all. Although I'm not 100% thrilled at HOW they're preventing cheaters, so far, they have proven to be not-that-evil(TM). For now, maybe because I like WoW so much, I will give them the benefit of the doubt.
AirSpeak - http://itunes.com/apps/AirSpeak
http://www.rootkit.com/blog.php?newsid=358
This is where I originally heard about this, from Greg's blog. I don't see this link on the BBC article, so I figured I'd post it.
Skip Franklin
It's always darkest just before it goes pitch black. -- despair.com
The sad thing is, this whole deal was started because one of the WRITERS for the very programs that the Warden was sniffing around for discovered how he kept getting caught and started to whine loudly and constantly.
Consider the source.
I know they are a god like organization here on /., but them calling this anti-cheating software "spyware" is just plain stupid. You don't like the software? It ain't all that hard to cancel you subscription and uninstall the software. There, you aren't being spied on. You can't tell Blizzard what to do with their servers just because you don't like it. Either use the free market and don't use the software or shut up.
Monstar L
...is lack of notification. Blizzard should just be upfront about the fact that the Warden watches everything else your machine is doing while the game is running, and that people who are worried about privacy should (a) not run anything else while the game is running or (b) not play the game.
Should have been named the Panopticon. A warden can watch only one person at a time. The Panopticon was designed to watch all prisoners at all times, without that prisoner's knowledge.
Either way, F that. Either the software makers tells me exactly what the hell they're doing within very well-defined boundaries, or their anti-cheat code never gets installed. So what's allowable? Watch the gameplay for typical cheats/exploits? Yeah, sure. Take snapshots of the video buffer? Yeah, for the game window. Snapshots of the whole desktop? NO way. Keylogger? Hell no.
Of course, this is going on faith (or what the game maker tells us) since, without reverse engineering (surely a violation of DMCA?) no one but the maker knows what the code can do and there's no technological way to enforce limits on the roles the software performs.
DotNet has some degree of component permissions but nothing this fine-grained. I want more control over my PC. Not less. I want each app playing in it's own well-controlled sandbox.
In short, on my system I want to be The Warden, to prevent apps like "The Warden" from watching *me*.
I play Second Life exclusively online, so I don't run into this sort of thing. There's no leveling, etc, so running a cheat bot is kinda dumb. On the other hand there's a lot of intrigue and politics in the exchange of Linden dollars that kills the atmosphere of SL for me sometimes. Most if not all cheating for advancement is for monitary gain. It's always funny when real world politics and cash corrupts a purely fantastical plane that doesn't even exist. Does that speak to eternal human nature, or is this just a product of the times we live in?
Luck favors the prepared, darling.
It added that the Blizzard could get away with using The Warden because information about it was buried in licence agreements that few people read.
"Warden" instead of "the warden" is a grey zone, but it's definitely not "the Blizzard"
When will "The Warden" get released for my iMac?
Actually, in all seriousness, I assume this is built into the Mac version as well? Overall, I don't care. I'm glad there's no (less?) cheating and I don't run anything else when I play anyhow.
FTA: "[The EFF] added that the Blizzard could get away with using The Warden because information about it was buried in licence agreements that few people read."
Didn't read the license agreement? Sorry, but that's not Blizzard's problem. It would be nice if Blizzard had made it more obvious that they would be doing this.
But you know what? Tough titties, you agreed to it.
That said, it's good that people are drawing attention to this -- maybe next time around, Blizzard will be faced with losing revenue should they try to implement the same kind of solution.
What MMORPGs need to do is implement better server-side analysis to identify cheaters. Difficult? Yes. Expensive? Yes. But probably less difficult and less expensive that losing craploads of clients, and hiring craploads of lawyers. Then they won't need to have the invasion clause in the license for their games.
Spread the word, and maybe we won't have to deal with this next time.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
By definition, spyware sends back personal information concerning the user. Warden does no such thing, even going by the analysis of Hoglund (the author of a rootkit.com article, and a developer of cheat software for WoW). Hoglund uses FUD to scare the reader into believing that WoW is snooping around their e-mail addresses and IM friends list, but in actuality, the first thing Warden does when it scans a string is to hash it, thus removing all personally-identifiable information. It compares the hashes to a list of hashes sent from Blizzard's servers, and sends a notification to Blizzard if a hash matches one on the list. That's the only information it sends back.
Yes, it does scan window titles, and yes, coincidentally, those window titles may contain URLs or e-mail addresses. But Warden only works with hashes of those strings and doesn't phone them home. The paranoid can easily close other windows while running WoW (or, for that matter, uninstall), but the majority of the game-playing public wants anti-cheat measures in place.
Note that this anti-Warden crusade is perpetrated by people who will benefit financially if Blizzard is humiliated into discontinuing the use of Warden. The folks over at WoW!Sharp, the most well-known cheating/botting program for WoW, were selling subscriptions to their software, right up to the point where Warden caught them using their cheat software and led to them being banned. They realized that if they continued selling subscriptions to their software, they could be sued, so they released it as open-source, essentially to shove the problem of liability off onto their users.
If Warden were discontinued, they would, quite literally, be back in business.
You think thats bad. Try buying quake4, choosing not to install punkbuster on installation. Finishing the game (after the game kills my Ti500, btw radeon 9800 works nice and its dualhead). Deciding to play online. Find out you cant join without punkbuster. Cant find punkbuster install. Find a line in a the help file that reads like this:
"To install punkbuster you need to uninstall and reinstall quake 4."
Sry pal. Thats 4 cds, I rather not spend another hour re-installing it.
This is why I got into win32 app dev. So that I had some idea of wtf programs im running on my computer are doing (excluding linkages that i cant control). Sry, MMORPG is flawed because people cheat, people will look to cheat, and people enjoy cheating. MMORPG includes people. QED.
I rather run a safe box offline and play a single player title with an excellent story. Because, game developers, story is important not graphics.. makes we want to break out ff6 or chronotrigger and give 'em another go.
I am under the impression that most EULA prohibits disassembly of the software binaries. Whether or not the EULA is enforceable however is another matter..
ELOI, ELOI, LAMA SABACHTHANI!?
Hoglund noted that the text strings in title bars could easily contain credit card details or social security numbers.
Since when would a site submit a URL in the title? I assume this is for sites which don't have a <TITLE> tag, and just display the URL as the title. Even in that case, any website that submits a document with such information in the GET string is asking for trouble. It would allow it, among other things, to be viewed in the document history etc.
We need to stop jumping every perceived violation. There seems to be a witch-hunt on for privacy/security violators, and often the assumptions of what 'could' create a security risk falls into the realm of pretty silly...
The software in question checks a lot of things, none of which are known to the user. From TFA:
I watched the warden sniff down the email addresses of people I was communicating with on MSN, the URL of several websites that I had open at the time, and the names of all my running programs, including those that were minimized or in the toolbar.
Now, if this thing told you up front that it was doing all of this, it would be simply an anti-cheating program. But it doesn't. It does all of this without notifying the user. Therefore, it is spying on you actions without your knowledge. Software + spying = spyware.
Weaselmancer
rediculous.
Whatever happened to the good ol' days of Diablo 1 online when I had to use a hack for the sole purpose of disabling everyone else's hacks around me?
Perfecting Discordia
www.stevenvansickle.com
This is why you don't use download cheating programs, you make them yourself and don't share them so that the name of your program isn't in their hash.
"For every complex problem, there is a solution that is simple, neat, and wrong." - H.L. Mencken
2 feet behind me I have two computers running a meph bot on diablo ^-^.
A cheater-robot gets caught because it plays a game better than any human could... right? So then, the real challenge for a human player is to be mistaken for a machine... a kind-of reverse Turing test...
Seeing bad movies only encourages them. Watch responsibly
Y'know, I'm real fuzzy on why users can't use bots to do the endless level grind. I mean, Progress Quest would be way, way, way less fun if I had to click on a little box for every enemy I slew...
Laws do not persuade just because they threaten. --Seneca
Blizzard does say they will probe your computer.
From Terms of Use:
=================
In order to assist Blizzard Entertainment to police users who may use "hacks," or "cheats" to gain an advantage over other players, you acknowledge that Blizzard Entertainment shall have the right to obtain certain information from your computer and its component parts, including your computer's random access memory, video card, central processing unit, and storage devices. This information will only be used for the purpose of identifying "cheaters," and for no other reason
=================
So they can look at anything in RAM, or even your hard drive. And you agree to this. As other posters note, you can either not play, or not run other apps, since they don't seem to scan your drives.
I, for one, think Blizzard is doing something positive here, and the complainers are probably cheaters or farmers -- or non-players. Cheating ruins the experience for honest customers.
Lisa: Yes, but who will police the police? Homer: I dunno. Coast guard?
This post cannot be rebroadcast without the express written constent of Major League Baseball.
Of course when people are not available to play 24/24 they don't want to be idle, they want to progress in the game. Forbidding botting is absurd. They should instead INCLUDE botting in the game by providing scripting facilities to players when they are away. Of course you'll tell me, not everyone knows how to write script... that is true. But many scripts could be exchanged between players, software that produce script with a wizard could appear etc. They should embrace it, not fight it.
\u262D = \u5350
This is what PHP programmers have known for a LONG time.
Just as you can hack some javascript to prevent validation, what makes them think we can't run some remote control software whose client happens to run on... *GASP* your own machine!
But what are they gonna do next? Introduce captchas into the game every 5 minutes?
No, sir. The answer is changing THE GAME RULES (the equivalent of validating user input in the server, not the client) so that quick advancement is not done. i.e. restrict repetitive training to N hours, and such.
Trying to control the client is nonsense.
What effect would The Warden have when playing WoW via Transgamings Cedega under Linux. Wouldn't it just not show any running processes? What does The Warden do then?
What I can barely understand is: how hard can this be to dodge?
Warden strategy: hash window titles.
Defeated by randomizing the window title.
Warden strategy: hash running processes' file image.
Defeated by modifying the executable during launch.
Seriously, assuming blizzard is unwilling to demand that all running processes be terminated before play, how can they possibly expect to beat the cheaters. Frankly, I don't understand why the cheaters don't just try about 10% harder, they'd be unbeatable.
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
Your logic and insight are not welcome here!
Don't you know that this is Slashdot, everyone has to go off half-cocked and just condemn Blizzard for trying to stop anything like cheating.
Next you'll hear that some of the authors of the cheat codes put the code into open-source, so that Slashdot will have a headline "Blizzard against open source!"
This is Slashdot dude...don't try to explain things to these idiots because they've already made up their mind and their minds say "Blizzard Bad! Bad Blizzard!".
"Leo Fender was in a 'state of grace' when he designed the Stratocaster." -- Paul Reed Smith
Mr Hoglund noted that the text strings in title bars could easily contain credit card details or social security numbers. ... even though he knows that - in the astonishingly massive world of Windows commercial software, shareware and freeware - there's not a single program out there that does this.
Mr. Hoglund is an idiot.
I was quite excited to see Blizzard bring WoW to the Mac. Does this mean that this spyware is one of the first targetted at Macs? Or does this mean that all cheaters should switch to Mac to avoid "The Warden?"
Some more insight into how Warden works (and how it caught the WoW!Sharp developers) is available here.
"Mr Hoglund noted that the text strings in title bars could easily contain credit card details or social security numbers."
are you joking me? sure title bars COULD contain that data, but i think anyone here would be hard pressed to find an actual example of that happening.
if some company website or program is too ignorant to keep a CC or SSN off the title bar, they probably have a lot more problems on their hands.
ALSO, is it just me or is the EFF going a little nuts here? i'm a firm believer in freeing up information for the benefit of the consumer, but i think this is stupid. maybe they should try playing in a world (of warcraft) where there are no cheat protections.
there have been hacks for games as long as i've played them, and they always ruin the game. well, unless i'm the one doing it! [myg0t]tehwebguy pwnz j00!1
-- lol pwned
What about if you play WoW using Wine or Cedega? I assume that "The Warden" would be limited in some way if not totally crippled. Does anyone who knows more than I do have any thoughts? And what about Macs?
Ceci n'est pas une sig.
The whole point of cheating is to piss off as many people as you can. That being said, I don't cheat in the normal sense of the word. I don't use bots or scripts or any kind of hacks. In UT2k4, for example, I team kill as much as possible and fuck with the vehicles. Why? Because I am an asshole.
Interesting point there, although it has to be said, yet again, that just because the motivations of someone telling you something important are suspect, it is not necessarily a reason to discard what they're saying out of hand.
Is it possible that something like Warden is acceptable? Here are what I consider to be some relevant questions:
1. How likely is Warden to give a false positive? If you happen to have a Word window open with a document's name in the title bar that happens to match a cheating tool, what happens?
2. Does Warden run when WoW isn't running? Programs are "allowed" to start up extra processes as part of their running, but are supposed to vanish from memory when the program is shut down. Sony's recently-discussed rootkit-ish DRM software soaks up system resources even when you're doing something that has nothing to do with sharing music.
3. When you uninstall World of Warcraft, does Warden get uninstalled too? Secret software pieces like this tend to get left behind by various programs.
Consider this to be #4, although I know the answer already:
4. Warden DOES appear to snoop around a user's machine, thus using his hardware for purposes against him. Who is to know exactly what Warden sends back to the mothership, without an in-depth disassembly? We know that if it finds something suspecious, Blizzard will probably know about it; isn't that intrusion upon privacy right there? Software has been used for this for quite some time now (expiring software, shareware nag screens, all flavors of DRM, Windows activation codes, all these are different permutations of it), but this is quite definitely a disturbing new step.
And a quick #5:
5. Now that details of Warden are known, how easily will hackers be able to get around it? That is to say, is its protection scheme trivial to defeat for anyone looking out for it?
It seems like Guild Wars is the only thing I post about sometimes. :P
But why doesn't GW use/need a program like The Warden? There are no cheats that I know of, apart from exploiting in-game bugs, and even those get fixed within a couple of days.
Botters are reported by players, monitored by GMs and then banned.
Was Guild Wars just designed better?
The US Army: promoting democracy through unquestioned obedience
Obviously this isn't just a problem with Blizzard. Is there anything that the gaming community would be okay with concerning anti-cheating software?
Cause everyone wants a free Xbox360
I can see how it might not matter with WoW because they already have the information like credit card numbers. But Warden has now been ported to Diablo 2 a 5 year old game. The eula for that game dosnt say one thing about warden when you install the program.
Some of the people that still play Diablo 2 do so because thats all their computer can play. The specs for the game are real low like a pentium 233 and 64 megs of ram and dial up connection, and thats for the optimum settings. Since the patch that installed Warden there has been a ton of lag. Blizzard claims it has nothing to do with warden , but there wasnt as much lag before it was added to the game.
Im all for stoping cheating. But this is going just a little to far when it is added to a game that is 5 years old.
I trust Microsoft as far as I could comfortably spit a dead rat
What you'd really like to do is move all the data processing off the gamer's PC, so that the PC never needs to receive any more information than the person behind the KB "deserves" according to game logic.
The biggest problem with this, of course, is that you're shifting the computational burden from the client PC to the server, which means you need more horsepower on the server side while simultaneously failing to utilize the computing power on the client side.
So here's my back-of-the-napkin concept: have the gamer's PC doing the processing for a different gamer's PC. You'll have far fewer cheaters if the cheats only benefit a randomly-selected person somewhere else on the server.
Obviously, you can't just have a one-to-one exchange like that for a variety of reasons, but if you think about it sort of like a massive distributed computing project, I think it could be reasonably implemented.
As I'm sitting here thinking about it, several problems leap to mind. For example, video processing, in many cases, has to be done client-side. Also, you're comparatively penalizing owners of powerhouse systems relative to owners of low-end boxes. You'd have to have a way of ensuring that critical data don't get lost because someone drops off the net. And a few other problems, also.
But everything I'm coming up with seems to me like a technical limitation that could be addressed by people cleverer than me, rather than fundamental flaws with the idea.
Reality has a conservative bias: it conserves mass, energy, momentum...
It takes what you are running/have in RAM, hashes it, and compares the *hash* to hashes of known cheat programs.
Even if they send the data back to WoW, it isn't really the data, it is the hash. And the whole point of hashes it that it is tough to reverse-engineer the hash back into the original data -- which is why Unix and Windows both store your password as a hash. I can't comment on the strength of this hash because I don't know what they're using.
As it is, they don't appear to send any personal data back to WoW. The DLL may find that data, but it just hashes it and compares it to a database of known cheats. Is there really any legitimate chance that your private data, in hash, matches a cheat app's hash?
Have you played many online FPS's? Because if you get to be any good at all, people will all the time accuse you of being a bot.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Note, I'm not saying anything Blizzard is doing is nefarious, only that no one really knows for sure and a lot of people would rather not blindly trust all the software manufacturers and random shareware they grab from the internet. I certainly hope these technologies become common kit soon, because I'm tired of waiting for decent security against malware, trojans, etc. Sooner or later remote exploits will become hard to do, and we'll need security against this type of vector.
There are lots of stupid users. Really stupid users. I bet somewhere in the world, someone named a file with their credit card number or SSN as all or part of the title. I bet its even happened more than once, in the course of human history.
Now if you open that file in say, notepad or MSword or I believe even open office, there the filename with the 'sensitive information' is in the title bar.
Thats one example off the top of my head. I could probably think of more.
But yeah Mr. Hoglund's argument is pretty weak.
"1. How likely is Warden to give a false positive? If you happen to have a Word window open with a document's name in the title bar that happens to match a cheating tool, what happens?"
Nothing, it wouldn't.
"2. Does Warden run when WoW isn't running? Programs are "allowed" to start up extra processes as part of their running, but are supposed to vanish from memory when the program is shut down. Sony's recently-discussed rootkit-ish DRM software soaks up system resources even when you're doing something that has nothing to do with sharing music."
It doesn't.
"3. When you uninstall World of Warcraft, does Warden get uninstalled too? Secret software pieces like this tend to get left behind by various programs."
I haven't checked this, but there's no reason for them to code this in. I significantly doubt that Blizzard would waste their time with this as you're not utilizing their servers or providing them any money for doing so.
Actually, as a North American myself, I would beg to differ. Most North American news sources have an agenda - either political or corporate or altogether removed from the preferred presentation of unbiased news. Granted this happens the world over. Granted also, there is a great deal of good information out there, but I prefer having access to multiple sources of good repute. Surely a more complete picture of issues and happenings is a positive thing?
And besides, WoW is an international game, is it not? Well then, it seems that the Brit gaming community is just as concerned as those across the pond.
The parrent is referring to the Prisoner, a TV show, where the Warden was one of the main characters... This is a funny post, not a troll...
Welcome to posting the same biased drivel as everyone else. Worse than that, the bias is clearly misinformation, as Hoglund's full report discloses further how the program doesn't really do anything interesting or wrong. Instead, he uses his rootkit article to set some truly phenominal spin on the capabilities of Warden in order to (successfully) stir up morons who don't bother to do their own research (or even read his original documentation).
It's FUD of the best kind. One day, I really do hope that journalists won't base stories on work that is, at best, pure deception.
Yeah, maybe it's a silly question. But *anything* we install on our systems could be reading this stuff. Heck, my tax software reads my SSN yearly. Excel reads my monthly income, well... monthly. But what does The Warden do with this information? Does it send it back to Blizzard? Or just report cheating violations? I'd sure as heck like cheaters kicked. It's a pain in the butt to get these characters to level 60. (I wouldn't mind being able to create level 60s outright tho... then I could run instances with my friends more.)
Oh, come on. That's stretching a bit, dontcha think?
It's a bit drafty in here after Hogland's credibility broke the window on its way out.
1. Not very. They use cryptographic hashes, and the chances of an accidental hash collision (i.e., you're not trying to cause one) are negligible (depending on the size of the hash, of course). The rumor is also that Blizzard doesn't ban based solely on the outcome of the scan, but has a GM monitor you in-game to determine what action should be taken.
2 4).
2. No, Warden only runs while WoW is running.
3. Yes. There is a default version of Warden that is part of the patched version of the game. When you run WoW, Blizzard can push another version of Warden to your machine that exists in memory only while you are playing the game. When you uninstall WoW, the basic Warden software is deleted along with it.
4. You can still use a proxy to monitor what data is sent across the connection, and such a proxy (as long as it doesn't try to alter any data) is pretty much undetectable. Blizzard has made general statements about their monitoring, but they haven't given any specifics on what is transmitted. The cheat authors, however, have been fairly verbose about what Warden does. (See http://www.wowsharp.net/forums/viewtopic.php?t=70
5. Hard to say. Warden is polymorphic, and a new version can be pushed from the server at arbitrary times while you play, so it's fairly slippery. It's tough enough to beat that the WoW!Sharp developers decided that continued development and sales of their software was too risky, after they got caught. I suspect that Warden faces the same set of challenges that virus scanning programs face. At the same time, the cheat authors, because their game accounts are on the line when they test their software, could potentially get socked for $50 every time they get caught - and while a little cheating here or there doesn't damage the game too much, Blizzard only has to nail the cheat developers once in order to ban them. (And Blizzard can always take extra steps to try to prevent them from resubscribing.)
Thanks to the saviour of the community Mr Hoglund for saving us from the evil Blizzard!
Oh, did Mr Hoglund also tell you he writes BOTs to play WoW and exploit the game code where possible? No, I thought not.
They ought to just develop a World/Server where all the hacks can play against each other and see who hacks best. Even the people with the hacks themselves might find that more interesting.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
I created a copy/paste response for the Blizzard forums because of the morons over there propegating this, but I'll write it a little more politely for the people over at /.
The warden scans your active window titles. Thats it. I know Hoglund IMPLIED that it is scanning websites and email addresses, but if you read what he said carefully, its GETTING this information ONLY from reading window titles, it doesn't scan any files or look at anything else.
It then HASHES the text it scans. You guys mostly know what a Hash is, so I'll leave out the explanation that I gave to the WOW forums.
It then compares that HASH with the built-in list of hashes. If you are using a program that matches the name of one on the list, it sends an alert to Blizzard. If you are NOT, then no information is transmitted, no data is sent.
The other thing this article left out is who Greg Hoglund is. Hoglund is a developer for a piece of software called WoWSharp. Look it up. Its outdated now, so don't bother trying to use it, but its a program specifically designed to HACK World of Warcraft. Thats right, the guy who wrote the anti-warden propeganda was actually a programmer who USED to write software to hack the game Warden protects. Guess why he only USED to write the software?
Warden beat him. He COULD NOT stop it. He couldn't figure out how to stop warden from blocking him all the time. He gave up, and this "article" was actually part of his "goodbye" letter.
Alterior Motive? You betcha!
but let them be if no harm is done. I've been playing MMOs and various other online games ever since i got my first DSL connection (about 5-6 years ago). I've been through all the crap of Diablo 1, D2, Ragnarok Online, Maple Story, GunBound, and others. Hacking/botting ruins the game. It got to the point in D1 that you pretty much had to either have an anti-hack hack or only play with people you knew didn't cheat (which kinda defeated the whole purpose of online play). Some of those games made valiant efforts to stop cheating but most of the time it just bugged the non-hackers and the hackers were mostly unaffected. New patch that stops the latest cheating software? 30 min later it was already bypassed (this happend almost daily at some points in maple story). I think that as long as this program doesn't transmit anything more then a "oh noes! this player is cheating message!!1!1!!11one!" there shouldn't be any problem. In fact we should be thanking Blizzard for making an anti-cheat program that actualy works and doesn't mess up your computer. But, as always, It is always prudent to keep an eye on what ever anti-hacking measures Bliz takes.
Speaking is NOT communication
One problem... nematodes will feast on the Gorilla. Nematodes are the only Worms that thrive in the coldest of desert environments (even GNU HURD); and I mean Antarctica and Arctic continents! Search Nematodes in this Google cache USA TODAY article
We all know what Nematodes did to Bikini Bottom. None would suspect the nematodes... To arms!
without prejudice
That pretty much all seemed to agree with what I expected. It definitely seems like with a little more work they could have dodged the warden. As long as Blizzard isn't willing to really lock down the users computer in a painful way, it will be hard to defeat bot writers.
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
I rather have an Warden that makes sure all the L33T uber rz0r pwn 0ur Azz people abides by the same rules that us normal people do. I am tired of good games like DAoC be destroyed by RADAR. EQ1 suffered from similar things too. If you don't like it .. QUIT fucken playing the game. Really, we won't miss you that much. WoW is NOT perfect but it is still one hell of a game. And to keep it that way, if Bliz needs to monitor that some low life who can't even play a fucken game without cheating then I am all for it.
This fake sense of privacy is really really annoying. If you have a credit rating you don't have privacy, GET USED to it.
Now if Bliz decides to abuse my trust, I would be the first one to thrust my foot up their ass so far that their head pop out their neck. Until then make my WoW please.
Taking into account this warden software 'only' computes a hash of the running program and the effects are narrowed to WoW players, I think the software Sony installs on windows computers while running one of their DRM protected CD's is more troublesome. More info can be found at http://www.sysinternals.com/blog/2005/10/sony-root kits-and-digital-rights.html
I just can't help but wonder if there isn't a market for the kinds of data the Warden is looking at. Things like web history, register entries, email addresses, cookie data, personal data like credit card numbers, that kind of stuff. Naaaaaa; No decent person would want to buy that kind of stuff.
Okay. Now, what the Warden seems to be doing according to the article and other sources is invasive by nature, but the information doesn't appear to be moving anywhere it shouldn't. The only Call-Home ability it posesses is the 'ban flag', which it sends to Blizzard if it discovers a process that it doesn't approve of. Not such a big deal, unless it's actually sending this information to Blizzard as it updates. (Then it most definitely could be considered spyware.)
The real issue here is the fact that, given WOW's track record, there's no doubt in my mind that there's at least one way to exploit the Warden in order to glean information off of players while they play WOW. (Which is likely when they're most vulnerable - they won't notice a thing!) Just as an example, let's imagine that somebody wrote a virus and attached it to, let's say, an image or something on a popular WOW site or through a WOW mailing list. (Any highly accessable medium will do.) This virus is designed to attach itself to the Warden and send the information the Warden gathers to a third party. Whenever WOW starts and the Warden goes to work, the virus activates.
The information gathered isn't exactly benign. If a third party gathered player E-mail address books, for example, it could be sold to spammers. If any personal information is gathered, it could be used to perpetrate an act of identity theft or fraud. However, I feel that this isn't bad enough, so I'll play the devil's advocate. Let's say this virus in question here modifies the operating parameters of the Warden to gather more and more detailed information in the same manner it harvests data from running programs. The problem just got bigger. Now we can start throwing browsing habits, passwords, credit card numbers, and other lovely stuff into the mix. (Maybe even an opportunistic strain of the virus that can snag your credit card info from Blizzard's site if you access their services while playing WOW!) Fun, huh? That's gotta suck.
I'm not aware of any security attached to the Warden, so the probability of this being immediately possible can not be determined. This is, after all, only a theoretical situation. I would like to see someone investigate the Warden with greater detail, however, and see if there aren't any security holes in the Warden or WOW that someone could exploit. The issue here shouldn't be the invasive nature of the Warden; it should be what someone else could do with that information to royally fuck your day up. A data mining scheme involving 4.5 million individual people could be very profitable for an interested party or parties, so now that this is out in the open, we should be on the lookout for any instruments that could take advantage of what the Warden already does.
It's really that simple. You do have a choice.
I'd rather see Blizzard dispatch a group of burly men to fuck you in the ass whenever the Warden detects cheating. By GOD, get some real deterrence in there.
Don't want burly men to fuck you in the ass? Don't play the game.
Bullshit response. Just because the data's hashed doesn't mean it can't be reconstructed. Yes, there are multiple source data that can yield a given hash value, but if you get the hash value 0xB29AF45E taken from a window title, it's a fair bet that the title was more likely to have said "http://blizzardareassholes.org/", and not "?*(2Bks*81(y3Ddn39@*&1nzb82".
Schwab
Editor, A1-AAA AmeriCaptions
Use Sony's Ring0 rootkit to hide your WoW-cheat
5 1
Heh.
http://www.wowsharp.net/forums/viewtopic.php?t=72
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
"The 'didn't read the EULA; tough luck' argument doesn't sit right with me. When Gator (or whatever it was called) got installed with certain P2P apps, and was specifically mentioned in the EULA, people were upset. In this case, (many / most?) people aren't. You can't have it both ways."
I don't want it both ways. I sincerely believe that if you don't agree to the terms of the EULA, don't sign it. If you don't understand the terms of the EULA, then don't sign it. If you don't understand the implications of the terms of the EULA, then don't sign it.
There are quite a few pieces of software I would have installed, except I felt the EULA was overreaching, and would leave me vulnerable, and I did not trust the source. I returned WoW without installing it for this very reason. There is other software that I installed, despite my misgivings about the EULA, because I fully trusted the source.
Caveat Emptor. Or, rather, Caveat Installor.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
I submitted a story a week ago about the Warden client in WoW and it was rejected. But now that a news organization is posting basically the same thing I submitted, it is worthy of being posted on Slashdot?
Oh dear, it seems as if my "in-joke" has been disastrously misinterpreted. That'll teach me for not using tags.
The real issue is to create a game that has good gameplay, not the rather sordid and boring task of collecting "Super Vampire Slayer Sword +3", only to find out a week later that there's now a "Super Duper Vampire Slayer Sword +4 that also makes coffee in the morning", which, btw, costs 3 times as much. Coincidently, tomorrow, all mobs (mobiles, otherwise known as monsters or nasty things out to kill or abuse you) will only be attackable by +4 weapons....
That's the crap that makes MMORPGs boring and prone to cheating. Well, that and the endless camping (sitting around waiting for a mob to spawn, ie, reappear) so you can kill a mob again and again, ooo - what fun! Or, and these are my favorites, "quests" that involve a minimum of 8 hours of continuous online time so that you can travel from point A to B to retrieve an arbitrary piece of crap to deliver to C to retrieve another arbitrary piece of crap so you can hike back across the entire planet 3 times to get your +1 dagger gilded, so there are now 59,142 +1 gilded daggers in the world.
So, how to fix it? First off, electronic real estate is essentially free. Therefore, why do houses, castles, or Ogre swamps keep going up in value with time? MMORPGs are mostly fantasy worlds, use a little fantasy and fix the core issue. (If I have to explain this, you shouldn't be dabbling in fantasy...)
Secondly, if game play becomes the attractant, and the collection of equipment etc becomes secondary, then you'll have a truly decent world without ebay gold miners, because there won't be any point to it. To make most equipment even less attractive, some breakage rules and such should be instituted. Since it's a fantasy world, make every change of ownership degrade the eq in question, in some way, perhaps raising its "breakability" rating. People would want to get their own eq, as you could never be sure how far down the hand-me down chain the eq has survived.
Lastly, if the game is properly setup, you can't "cheat". RPGs aren't inteded to be FPS's, so server driven play isn't necessarily "bad". The graphics et al can be handled on the client side, with the server controlling all portions of it. For user server networks, using an MD5 routine to generate a hash based on client requested specifics could be used for authentication? (This could also be gotten around, but it gets harder, basically, user controlled servers always put security at greater risk than hosted systems.) A trusted registration system could also be used, with automatic downloads of code snippets that would modify an executables signature to verify that the executable truly is unaltered. This would be harder and not be 100% user based, but is a possibility.
You should note I love the concept of RPGs, but the execution of most games falls far short of what RPGs are meant to be. These are just some rambling thoughts that've gathered over the years.
The cesspool just got a check and balance.
Wait, wasn't that investigation/quote from someone who is part of the hacking/exploit/game play disrupting/etc community?
OH NOES, THEY ARE WATCHING HIM! The poor little h4xx0r like others just wants to cheat and disrupt the online game play of others, why is Blizzard and other game developers picking on them????!!!
If this somehow got into a court, a lot of the legal questions involved would boil down to reasonableness tests. Blizzard could point to the record re. cheating in Diablo 2 online and earlier games to show what sort of problems they were addressing with this software, and could easily show how proportionately many customer complaints this heads off in the newer game. So it would be reasonable in the eyes of the court for them to be using this overall type of software for the stated goal. The hash function part of the design means it is equally reasonable to say Blizzard has tried to avoid possible abuses by their own employees or 3rd parties, so most of the legal precidents from recent distributed filesharing program cases wouldn't be remotely applicable to Blizzard. The EULA issue would be equally easy - it's reasonable that most consumers could fully understand that anti-cheating software was included in the EULA's definitions and still agree, since there's a sizable userbase that has complained about past cheating.
Legal complaints would thus be pretty limited. Instead of complaints that Blizzard failed to inform consumers of the very existence of the "anti-cheat" software, they'd be complaints the Blizzard failed to really spell out, in sufficient detail to satisfy the complainant, secondary aspects of the programs. Even if that stood up in court, with the judge siding totally with the complainant, Blizzard would be unlikely to have to pay damages OR remove the software - instead, their penalty at the very worst might be to add a little more explanation to the EULA, or they might have to put stickers saying something like "Contains cheat-detection software which must be installed with the game" on the unsold boxes, or something like that. I won't say there's no real issues here, but they simply are not on the level of most "your rights online" cases.
Who is John Cabal?
If you visit sites or use programs that display this personal information in the TITLE BAR, then you are stupid.
Sounds like this guy is preying on people's ignorance of technology to get all eyes pointed to Blizzard.
I'd like to see the program/website that displays such confidential info right up there in the title bar...
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
The Warden runs in enemy territory so it can be altered just like WoW can be altered. It will not solve anything. All hacks I know of are warp and dupe which can only truly be fixed on the server. Log scanning can indentify bots.
Blizzard is making tons of money, the least they can do is come up with a real solution. The Warden just provides piece of mind for those who dont realize it too can be hacked. So in the end all the are really doing is installing spyware.
You can't trust the client. They are attempting to trust the client, and they'll eventually get tricked.
OTOH, if RIAA/MPAA get their way... Nah, they won't.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Part of the Virtual Property guilds, selling Titles to virtual and information property on eBay for equally fictitious UNITED STATES currencies, is to run automated navigation and turring programs to mimic a physical end-user. All the intellectual properties seized or assumed in the virtual environment is then scrutinized for its value to others.
Quickening -- I could see another program, we'll call it This Warden, incercepting the Microsoft API GetWindowTextA [or by whateve sneak of the day is used] and simply returning the title of the program making that library request. The Warden(TM) has now defeated that Warden. It could be further improved by virtualizing the Win32 API to mis-report the available RAM for allocation, so to prevent any direct requests of data in areas a program had not allocated -- in other words, we have a fucking Windows XP multi-user multi-tasking operating system that isn't worth a shit when programs aren't run with a fine-grain clean-room optimization. This like IPC with X on POSIX, or re-implementing the wheel Group in an already POSIX group wheel, and everyone uses the artifice of non-system libraries to compel a form of security over such internal standards. I think it somewhat in likeness of user-mode device drivers -- shame.
The next thing they'll do is have you answer a riddle in the game, and while your keyboard is locked-out and your virtual NPC is being violated, you have no choice but answer the riddle; because in the past, developers have done such as request a certain word of a certain page in the program documentation, or mach a symbol in a mini-game of memoery, et al.
You've opened the box and installed the program and created an account. You can't return it now, and if you don't agree with the EULA and don't want to use the software, you're out $50 because you can't return it (stores will NOT accept returns on opened Online games with account keys). And Blizzard sure as hell isn't going to give you the time of day.
The cheaters in these games are the only normal ones. The way these games are all set up, the only way to do really good is play 8 hours a day or more, every day, every week, all year long. Normal people just don't have that kind of time to give to a game, so they cheat, with an idle bot, or power level with the help of others. They should install a system where it averages how many points per hour you are gaining, and auto give you 80% or so of that while you are away. That way you could take a few days off, go on vacation without getting way behind, and there would be a lot less reason to cheat. Since you would only be gaining 80% of what you gained while playing, people who actually played more hours would still be rewarded for their extra effort.
A good idea might be to have servers where the invasive software is required, and servers where it is not. Players will then have the choice between less cheaters or greater privacy.
A better idea would be to design a game where mindless repetitive behaviour is not rewarded. It is easy to create scripts for and rarely fun anyway. I say this without knowing how repetitive this particular game is, as I haven't played it.
I for one am glad that /. users are showing some common sense and not just screaming 'WITCH!' at Blizzard.
If you dont like their methods, dont freakin play the game. I dont want to play with bots myself, so if they need access to hashes of processes running on my WoW terminal, more power to em.
Maybe, but do you really think that Blizzard is putting resources into reconstructing strings from hashes when the value of the recovered data will in almost all cases be negligible?
Here's an md5 hash of a string: ab4d9e92ac8645abd68c26970bb3e965
If you can tell me what string created that hash, then I'll believe it's trivial to easily yield the hashed data.
I'm betting that it's not as trivial as you're asserting.
Z...
So what you're saying is, no matter what, "Blizzard good! Blizzard good!" Great. Thanks for that. Why don't you keep your blunt wit to yourself or actually contribute to the conversation like the parent poster. Wanker.
Essentially Blizzard has properly installed a Trojan with WoW.
There is strictly nothing to prevent Blizzard to get more information than they say they do, nothing to prevent them from processing this information for any other purpose than prevent cheating, nothing to prevent an unscrupulous Blizzard employee to sell this information to spammers or any kind of criminal. All this could happen without your knowledge.
And worse, WOW servers will now be targeted by all possible hackers. The first one who succeeds will be instantly rewarded with a goldmine of information and the largest botnet he could ever dream.
I don't think that Blizzard has realized the risk they are taking with The Warden. At the first incident Blizzard will get hell in the press and in court, EULA or not EULA.
I think part of the reason this is getting so much attention, is because of non-players. Well I am a gamer. Games are optional software. There is nothing forcing you to play them. They are entertainment. When I play a competitive game, that I pay a monthly fee for, I like to make an agreement with the company. The agreement is that they will put forth a certain minimal amount of effort to prevent cheats. For my part of the agreement, I agree not to cheat. If it means that anonymous hashes of information stored on my computer is sent to Blizzard, so be it. If I did not agree to this, (and this is key here) I would not play the game.
I for one, applaud Blizzard on their pro-active approach to preventing cheats. There was nothing covert about this program. It was clearly stated in the EULA/TOS/Whatever you agree to whenever a new patch is released. If you are concerned about the EULA contents, read it instead of skipping over it. If you do not agree to it's contents, click decline and cancel your account.
Simple.
What if someone gets banned because they have a program the has the same name as a program blizzard claims is a cheating program?
The Kruger Dunning explains most post on
No, I think you've got the bullshit response.
The nature of hash functions, real hash functions, is the same as a one-way cipher. It takes an arbitrarily long string and turns it into an arbitrarily short string in a fashion that cannot be reconstructed. This is how passwords are stored securely. It's proven, documented, and usually open technology. There are flaws in some hashes (Schneier's writing on some right now actually on his blog), but generally most hashes are thought to be secure, and even the vunlerabilities he's concerned about are with respect to hash collisions, not reversability. Nobody sane questions tha hashes are irreversible.
For more information, please read what a hash function is before posting.
So with the Sony DRM rootkit installed it should be possible to rename the process of any cheap program to be $sys$(cheap program) and the Warden will not be able to see it...
Offtopic:
Star Trek the Next Generation - "Who watches the watchers?"
Featuring Leland from Twin Peaks....."You are....The Picard!!"
That's pretty lame anti-cheating code, all you would have to do is run SetWindowText([hwnd for window], "Fsck you") to change the title bar.
I wonder if the presence of watcher is why there isn't/wont be, a linux client for WoW? If cheaters use a linux box and cedega, will they be exempt from warden's probing?
I believe poker sites like PartyPoker does something similar.
Adidas To Bring Back Sneakernet
The warden then uses the GetWindowTextA function to read the window text in the titlebar of every window. These are windows that are not in the WoW process, but any program running on your computer.
I'm not really familiar with how The Warden works, but if all it is doing is checking the titlebars of windows, wouldn't someone just make the title bar of their app say "Document1 - Microsoft Word" instead of "7337 G0ld Farm B0t Script"?
So go read the EULA on their website before you buy the game.
Here's the link: http://www.worldofwarcraft.com/legal/eula.html
There, I saved you $50.
Slackware
As someone who played WoW extensively for months after its launch... wtf are people still playing for? It really isn't that interesting a game. Really. It's definately not worth having some program sit on your computer and sniff what you're doing, to report back to the mothership.
Vote with your feet. There have GOT to be better things to do with your time than playing a game which is simply "EQ done right."
As a long time EQ player, and a former end-game WoW player, THIS GAME HAS NOTHING WORTHWHILE TO OFFER. It is crap. It is far less original than many of the MUDs out there; it simply has a (dated) 3d interface.
Walk away from the game; walk away. Don't log in for a week. YOU CAN BREAK THE HABIT.
Your life will thank you. And blame it on "The Warden" if it helps.
It compares the hashes to a list of hashes sent from Blizzard's servers, and sends a notification to Blizzard if a hash matches one on the list. That's the only information it sends back.
Not quite. If they send back a hash of something on your machine and it matches a hash they have on file, then that IS personally identifiable information. Is they know uberhaz0r@msn.com is a big time cheater and they get a hash of that email address from your computer, then they know you talk to him....sounds personally identifiable to me!
What if they hashed the word "kiddie pr0n" and put it on their giant list, and a hash that matched came from your machine. Game over. How about they hash every word in the english language and keep it on their server? Then it basically becomes a form of enrcyption....BAD.
With the first link, the chain is forged.
According to the Transgaming website, WoW runs great under Cedega on Linux. I wonder if anyone has tested it with the new Warden software. If they have, I have a couple questions;
1) Does it run at all?
2) Does the Warden software function?
3) If the Warden software functions, can it read what you might be running in another Linux Window? (I suspect not)
Official Heretic from the "Church of Global Warming". Proven right thanks to whistle blowers. AGW = Flat Earth Theory
It's cat and mouse. The difference is they have massive amounts of revenue and much greater cause to continue the fight than your average cheat developer. This is unfortunately the situation that has befallen any game company that wants to have a cheat-free online game. See: Punkbuster, Valve Anti-cheat.
So what you're saying is, no matter what, "Blizzard good! Blizzard good!" Great. Thanks for that. Why don't you keep your blunt wit to yourself or actually contribute to the conversation like the parent poster. Wanker.
No, didn't say anything about that. Nor did I hide behind an anonymous coward post. I was referring to the mentality here at Slashdot that no matter how intelligent or insightful the parent poster tried to explain things, there would always be idiots like yourself that won't be swayed in their crowd-mentality.
"Leo Fender was in a 'state of grace' when he designed the Stratocaster." -- Paul Reed Smith
OK, finally found it, on the terms of use page under "Acknowledgements", which I didn't read becasue I didn't think that's what would be there.
13. Acknowledgments.
You hereby acknowledge that:
A. WHEN RUNNING, THE WORLD OF WARCRAFT CLIENT MAY MONITOR YOUR COMPUTER'S RANDOM ACCESS MEMORY (RAM) AND/OR CPU PROCESSES FOR UNAUTHORIZED THIRD PARTY PROGRAMS RUNNING CONCURRENTLY WITH WORLD OF WARCRAFT. AN "UNAUTHORIZED THIRD PARTY PROGRAM" AS USED HEREIN SHALL BE DEFINED AS ANY THIRD PARTY SOFTWARE, INCLUDING WITHOUT LIMITATION ANY "ADDON" OR "MOD," THAT IN BLIZZARD ENTERTAINMENT'S SOLE DETERMINATION: (i) ENABLES OR FACILITATES CHEATING OF ANY TYPE; (ii) ALLOWS USERS TO MODIFY OR HACK THE WORLD OF WARCRAFT INTERFACE, ENVIRONMENT, AND/OR EXPERIENCE IN ANY WAY NOT EXPRESSLY AUTHORIZED BY BLIZZARD ENTERTAINMENT; OR (iii) INTERCEPTS, "MINES," OR OTHERWISE COLLECTS INFORMATION FROM OR THROUGH WORLD OF WARCRAFT. IN THE EVENT THAT WORLD OF WARCRAFT DETECTS AN UNAUTHORIZED THIRD PARTY PROGRAM, BLIZZARD MAY (a) COMMUNICATE INFORMATION BACK TO BLIZZARD ENTERTAINMENT, INCLUDING WITHOUT LIMITATION YOUR ACCOUNT NAME, DETAILS ABOUT THE UNAUTHORIZED THIRD PARTY PROGRAM DETECTED, AND THE TIME AND DATE THE UNAUTHORIZED THIRD PARTY PROGRAM WAS DETECTED; AND/OR (b) EXERCISE ANY OR ALL OF ITS RIGHTS UNDER SECTION 6 OF THIS AGREEMENT, WITH OR WITHOUT PRIOR NOTICE TO THE USER.
You really do need to sit down for 30-60 minutes and carefully read through these things.
It is in section 13 (acknowledgments) of the Terms of Use (linked from the EULA). I never would have guessed it would be there of all places. Oh well. Guess that's why IANAL. And it also shows why people don't read theses things. It takes 30 minutes of reading to get there. Thank goodness board games don't come with EULAs like that. Can you imagine the agreement for just a deck of cards?
Unless you're a terrorist or a kiddy porn cowboy, no one cares about you.
Sure, a sneaky marketer could grab a hold of your 'desktop habit's', but then again WHO CARES.
You hippies.
In order to facilitate in cutting down on (name your favorite piece of mischief here), you acknowledge by reading this, that (name your favorite company here) reserves the right to peek your RAM, peek your harddrive or any other storage medium connected to your computer. This information will only be used to cut down on (name your favorite person that performs a piece of mischief here).
For all it matters they could have said that when caught cheating, they own the house you live in.
In my PC however, they do not have the right to dictate what their program wants to see.
Anti-cheating software is, although noble in design, stepping on a turf that is already occupied by all the spyware we have seen lately.
Every program that is spyware contains similar stuff like the above in their EULA, but that does not make it legal nor just.
Apart from that, EULA's like this are not legally binding in most countries (!US), making their software seem even more questionable.
Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd
Can anybody say whether "The Warden" could detect anything if WoW would run inside a virtual machine and the forbidden tools would run outside this virtual machine? It could probably not do anything, while a well programmed tool could peek inside the vm-memory, detect what's going on and deliver key presses and mouse clicks invisbly, rendering all of Blizzard's efforts moot, right? So, is there already such a tool there?
I guess if the object of someone's game play is to have the most level 60 characters, then using augmentations like 'bots makes perfect sense. I much prefer just playing the game - it is, after all, what I am paying for...
NCsoft has a similar program for their games (Lineage 2, etc)... It runs when you run the game client, and can really hose up a Windows 2003 system good since it tries to be a service without any privs to do so. Of course, the cheaters don't run the official game client.
Net effect on players = really bad.
Net effect in cheaters = zero, none, nada.
Just another example of all the game companies missing the point completely.
- Adam L. Beberg - The Cosm Project - http://www.mithral.com/
Two things:
1) Any game that is a glorified Skinner Box deserves to be scripted. It obviously doesn't require human interaction. A game that is actually interesting won't be scripted because you'd miss the experience. Mindless hack 'n' slash and gold farming is not a basis for a game, it's a basis for kiddie crack.
2) The Warden is very easy to get around, via any method that compartmentalizes the game install.
Bonus item:
The only way to make sure your game experience is exactly the way you want is for you to control it. Of course, it loses a lot of flavor, much as if you could magically control every event in your life. (Just like Quake in God mode, it gets old pretty quick because there is no challenge, or because it's too predictable, obviating the main purpose of your brain: as a future-predictor.)
That said, the only way to really get around "cheating" is for each person to have hir own personal MMORPG instance with "good" AI. For practical purposes, people who can spend much more time playing than you or are much more skilled in real life have an unfair advantage, and hence, from your viewpoint, are cheating, because they can do things you can't! The only way to make things "fair" is to have an entire copy of the game tailored to each individual that adjusts itself to present you with only level-playing-field competition from AIs.
There's a general agreement that there is a lot of cheating on the online poker sites. There people are playing for real money, sometimes substantial amounts. Any word on how this technology coould be used there? Perhaps it's already being used.
I really don't understand this mentality. For me, the fun of an MMO is the journey. Sure, it gets repetitive sometimes. But the game designers are still groping towards the right balance, and I am willing to cut them some slack.
I've often said that buying an MMO character (or goods) on eBay is like paying a stranger to make love to your wife. Automating the game play is like buying a robot to make love to your wife.
I had forgotten how much cooler teenagers look when they are smoking. Oh, wait
Actually, since Patch 1.11, Warden is also part of that game to aid catching Maphacks better.
Beware: In C++, your friends can see your privates!
yeesh we're gettin sick a' this. you, he, she, it and they cannot ever "shall" anything. only i and we can shall. attornies you dickwads! my bill is in the mail. :)
You have to have a number of things done on the client, otherwise it just gets too slow. One of the mandidates for a game like this is that it works over nearly all connections, including those with very high latency and very low bandwidth. That being the case, if you take a pure "don't trust the client" approach, you find that you can't effectively communicate what you need to for the game to work.
You can see this in old games like QuakeWorld. Your client does very little other than render the graphics, it relies on the server for constant, timely updates for everything. If you try to play on a modem, you discover that you have to aim not at your target but at where you think your target is based on the latency. So if it takes data 200ms to get from the server to you, or vice versa, you have to adjust your shots by almost half a second. Where you see people will be 200ms behind where they are, according to the server, and they will have moved for another 200ms by the time it registers your shot.
All this is for just like 20 players too. It's made much worse in a game with thousands per server.
So, to cope with this, the client has to start doing things, and has to be trusted for some things. It sucks security wise, but if you don't you'll be religating your game to the low-latency, high bandwidth folks only and that really cuts your market down.
But they are both cheating, and make the game totally unfun for the average user, sitting for hours , killing rats while someone pumps you up with spells to keep you alive so you can be strong enough to actually do something other than kill rats, shows how poorly designed these games are. Powerleveling and bots do excatly the same thing, they let you advance in the game with out having to make the game your life. Developers of these games need to figure out that most players don't want to spend x months getting a player to level 60, only to have to spend another x months to get a player of another race to level 60, hince the bots and powerleveling crap. If they would just put in a couple of simple tweaks to allow you to change race/class/etc without the major hit of having to start over, and let your char continue to live/gain experience while you weren't playing, 99% of the reason to cheat would go away.
It dumps all text strings from running programs (actually, anything starting with 'MZ', which signals the start of PE headers), not merely titlebars. It opened his GPG keyring, among other things per his report. And I'm more inclined to believe him than you because he's actually run this program to spy on their program (the source of which I was just looking over) and you have not even claimed to have ever played WoW.
So you might want to read the actual report on which things it accesses more carefully, rather than drawing quick conclusions from an incomplete BBC blurb.
-----
This post's captcha: humbled.
"ACs are modded -6. I don't read you, I don't mod you, I don't see you."
(rolling eyes)
A pimple on the butt of the video games won't see this whooooooo! That's gotta hurt!
"This is the only method to stop cheating, and thats to be invasive."
I think its easier, but game companies are lazy.
1) Encrypt the conversation between the client and the server using PKI
Okay. Now I've secured the data channel
2) Design the program so that when it starts, it runs in a VM of some sort. Grab the source for VMWare, as its GPL'd and mod it to suit as one suggestion. There may be simpler answers if you think about it for 15 minutes.
Okay. Now I've secured the program
3)Design the server so that it runs specific checks on the client so that if the client or surrounding VM are hacked, then it exits
Okay. Now I've secured the program against hacks.
Note that I didn't put in a lot of frivilous checks to secure an environment that can not be secured (i.e. Windows). I simply created a good environment, checked that the environment is as I created it, and then secured the data.
I realize this kind of development doesn't lend itself to the kind of hit-and-run programming that these guys like to do, and it requires these guys to think of architecture, which sounds like a 4-letter word to these companies.
Its not hard. But it requires you to think of what you're doing first.
Okay, now I've isolated the program from the influence
You were mistaken. Which is odd, since memory shouldn't be a problem for you
Why don't they just name the window title: "Slashdot: News for [...] - Mozilla Firefox"?
There: Something at a specific location.
Their: Owned by someone.
Please make sure your english compiles.
I'm sure the metamods will take care of it.
I really hate Dan Patrick.
True story,
:P
I recently used the rootkit from Sony's release 'Get Right with the Man' CD to hide my upper HID device drivers that type and click happily for me during the wee hours of the morning. My inventory and auto-sale php scripts also take advantage of the rootkit.
Thank you Sony for making my world an easier and automated place.
>>> WoW has the right to deny you access to THEIR private property
>
> That's reasonable as far as it goes, but it fails to take into account
> that Blizzard is also refuses to permit competitors to exist.
Really? So when did they shut down Ultima Online and Everquest?
Sure, the only way to play World of Warcraft is via Blizzard, but the only way to get an Apple computer is via Apple. There's plenty of competition---other games/MMORGs or computers, as appropriate---unless you're using some radically different definition of the term I'm not familiar with?
How challenging is a game that can be played by a script? If that's the kind of exploit the Governor is supposed to prevent, then WoW can't be much of a challenge. Maybe game designers should concentrate on creating games that are subtle enough so that characters can't benefit by mindless, repetitious actions, instead of installing spyware.
Great men are almost always bad men--Lord Acton's Corollary
Has Blizzard gone on a hiring-binge of disgruntled NSA employees who were ready, willing, and able to steal technology which if it existed would be the holy grail of the agency? Or are you just talking out of your hindquarters? Two gold pieces say its #2.
Help poke pirates in the eyepatch, arr.
Really this kind of invasive scanning should not be possible for a user space application. You should need administrator rights to do this. (And then we should have a some way that prevents companys for requireing a program to run as adminstrator - unless that software is security software itself...) Well the point is a game should not be allowed to have this much control over your system and your information, and that should be enforced by law so that the company does not have the option of makeing scaning your computer a requirement of thier ELUA. (I do understand the technical challanges involved in this, and the ever greater challange of making lawmakers understand how a computer works well enough to properly document and enforce the rights of an individual human being(as in somthing differnt from a corperate entity) should have in regards to computers and the privacy of their data stored on their computers.)
Police need a warent to listen in on my phone, but Blizzard can examine all the personal data on my computer just becuase of some leagalise and something as trival as people cheating in a video game? They should not have the right to require I give them the right to access my data!
Now lets say we trust Blizzard.. ok, do you trust ever single person at blizard who has access to modify the code of warden? Do you trust thier safeguards for checking that that code does only what is intended. The possibiliy of a disgruntaled employee sending that information to an outside locationa and useing it for nefarious purposes does exist. A small risk but the potential damage is large.
I've submitted a couple stories on warden and blizzard, including when warden was first disscected. It's quite nice knowing it FINALLY made it to /.
;)].
;)
Oh, it's also implemented into Diablo II and i think Starcraft. That always seems to get overlooked though.. probably because it is a second generation game and not as many people play it, since it isnt new anymore.. [but still fun as hell
This goes out to everyone who is looking at warden who isnt just on WoW, but on DII and Sc and others... keep researching, keep up the good work
~Neo~
visitor from www.slashdot.jp
I hate spyware as much as the next guy, but I love the Warden. I have agreed to install this program, just like Blizzard's other four million users, and it makes my WoW experience better. For everyone that didn't catch it in the article, WoW players have been aware of this spyware for sometime without a problem, and there is only a fuss about it now that news of it has leaked to the mainstream.
If you have problems with this software, there is a good chance you a) do not play WoW or don't mind the experience going to shit, b) cheat in some fashion, c) are wearing a tinfoil hat.
Please don't assume the BBC is unbiased though.
I'm a little surprised at the lack of insight at the BBC in this article.
Anyone who has enjoyed online games will have already made a decision on this issue.
Its fairly simple.
Cheaters generally ruin an online game.
Just think of the Diablo games or Counter Strike or online poker.
It is never fun to play against a cheater.
Serverside cheat detection does not always work because of macro programs that play within the rules of the game mechanics.
So game companies must do something to ensure minimal anticheat protection on the clientside.
This obviously involves looking for modifications to the client program.
And that information will be communicated to the servers.
It is a slight invasion of privacy, but it is well worth the results.
Expect these anticheat programs in all decent online games.
And expect cheaters if these anticheat programs do not coexist with the game.
Please don't assume the BBC is unbiased though. I dont. I'm more of the belief that several biased news sources, when compared, each provide pieces of the picture. Average it all out, and you get a good approximation of what really happened.
You buy the game, and agree to the EULA. Unlike most of these agreements, this one is pretty clearly worded. The bit where it says you can't "bot" is in all caps, is dead obvious, and if you missed it that's your own stupid fault.
.NFO, and hunt for known keygens during registration.
There are regular posts on the WoW forums on the subject too. You're not allowed to run external programs that interact with the game, it's that simple. Programs that walk you places, kill things for you, whatever, are all clearly against their rules.
Now this is the bit that shits me the most: if you play a game of basketball, you agree to abide by a bunch of rules. There are a lot of these rules, but you can't be stuffed reading the manual (equivalent to an EULA). Fortunately the main rules are common knowledge and obvious enough for you to survive. Of course, you can't dribble to save your life. It's a hassle, because you can run a lot faster if you just carry that ball. So you don't bother dribbling. What happens next do you think?
Everybody knows where to find the EULA for WoW. They all know that botting is against the rules of the game. But no, they're too lazy to actually play the game so they cheat. Then they get caught. Then they get sent off the court.
Another important thing to understand: most of these articles about how the "Warden" is spyware, about how it sends personal information to Blizzard, are written by paranoid, ignorant conspiracy freaks. The Warden takes a hash of a bunch of attributes of your computer - window titles, memory locations, filenames, etc. A HASH. This is Slashdot, so I shouldn't have to explain this, but the very definition of a HASH is that it is non-reversable. That hash is then compared in-memory to a list of known "bad" hashes. It finds a match, and presumably that hash gets sent back to Blizzard. I dunno, because I don't cheat so I haven't triggered this end of the process.
So Blizzard gets this hash once you cheated, but for the sake of the tin-foil-hats out there let's assume that every 15 seconds the Warden is actually sending the hashes back regardless of whether or not you were found cheating. Window title, memory location, DLL listing. For every window. Think about the traffic. Seriously, think about it for just one second. You have maybe 50 "windows" open at a time on a Windows PC. Again, I shouldn't have to explain this but the term "window" does not just refer to applications visible in the task bar. All those tray icons have windows associated with them, not to mention tons of other invisible programs. Every 15 seconds all this data gets pushed to Blizzard from your machine. That's a lot of data. So they use a hash instead. They take this big chunk of data (one chunk per window), hash it down to a smaller size, and either process it in memory or send it.
Still, can Blizzard use that hash for anything? Can they extrapolate your credit card number from it, or your bank balance? If you believe they can, then you might be better off reading CNN because Slashdot isn't the place for you. Hashes are non-reversable. Duh.
Finally, the Warden is not spyware. It does not get to you unannounced - it's clearly explained in the EULA (even down to roughly what it scans). It is not left behind if you uninstall WoW. If you block WoW from talking to the Internet, the Warden stops working. It does not "spy" on you, because it doesn't send any useable information back to it's owners. No demographic data, no browsing habits, no credit card numbers, and no - it won't even reveal to your mother that you spend half your evening browsing through kiddie pr0n sites. Spyware? Not bloody likely. It's part of the game you idiots, and this isn't the first time companies have used this technology. PunkBuster has been around a whole lot longer and does roughly the same thing. Microsoft do something like this for product activation. They do it for Microsoft Update. DVD-XCopy used to scan window titles for
I know it's fun to sling shit at "the man", b
I like how the article refers to Blizzard as "The Blizzard." I also like how the author claims its common for an open program to have your ssn or cc number in the titlebar. Ignoring the fact that no webpage I've ever been on since I first got online ever put my cc info or SSN in the titlebar. In this paticular instance the company that might "steal" your cc number already has it. It's a bit like giving someone a copy of your test after you finish, but then being afraid that they might look over your shoulder at the answers they already have. Paranoia at it's best.
...back when life was simple and cheating only involved sniffing packets with a spare linux box. You didn't have to worry about spyware or invasive programs on your client PC... Can't say I blame Blizzard with policing their users. Worst case scenario, a few serious cheaters can exploit the game and ruin it for everyone.
This is exactly the same bullshit "logic" that we once saw from the gmail critics, who were apparently shocked by the fact that gmail algorithms were scanning their emails in order to serve them targeted ads. What those people don't think about is that there are already thousands of other algorithms which are going through the text of your mails, starting with the mail server which has to receive it and store it...
Here, the case is the same - there are already many other algorithms going through the data which this program accesses, starting with MS Windows code... What do I care if an algorithm is reading my data? As long as it doesn't send enough information to Blizzard for them to recover that same data (in this case it probably only sends a boolean value saying CHEATING or NOT CHEATING), I don't care! Algorithms are not people...
The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F