Slashdot Mirror
BBC Tells World About The Warden
Anonymous Cowpat writes "The BBC is running a story about the Blizzard title World of Warcraft. Specifically an article about, 'The Warden', Blizzard's highly-invasive anti-cheating software, which some, including The EFF have labelled as spyware. Most of the people around here have probably heard of it by now, but it's interesting to see the story in the mainstream press and (at time of writing) on the front page of the BBC's technology news section, no less." From the article: "The watchdog program, called The Warden by Blizzard, has been known about among players for some time. It makes sure that players are not using cheat software which can, for example, automatically play the game and build up a character's qualities. However, knowledge of it crossed to the mainstream thanks to software engineer Greg Hoglund who disassembled the code of The Warden and watched it in action to get a better idea of what it did."
This is a comment from someone who has dissected the Warden client:
The warden then uses the GetWindowTextA function to read the window text in the titlebar of every window. These are windows that are not in the WoW process, but any program running on your computer. I watched the warden sniff down the email addresses of people I was communicating with on MSN, the URL of several websites that I had open at the time, and the names of all my running programs, including those that were minimized or in the toolbar. Once these strings are obtained, they are passed through a hashing function and compared against a list of 'banning hashes' - if you match something in their list, I suspect you will get banned.
In college, really poor, need a flatscreen.
I really fail to see how this is any different from what other companies have done before. Half Life's Valve Anti-Cheat system scanned the whole system. Punkbuster, etc. also scanned the system (but were third-party add-ons). The only difference here is that Blizzard didn't disclose that they would be probing further, but I don't see further probing as evidence that Blizzard is doing anything wrong.
Goes right along with needing a Credit card for a "free trial".
A legit reason for a credit card is to make it harder for someone to just continue to get free trials by utilizing different e-mail accounts.
I mod down so you can mod up. Your welcome.
Because the online version of BBC news is getting better and better, and they have decent technology news, like NY Times and unlike CNN.
By definition, spyware sends back personal information concerning the user. Warden does no such thing, even going by the analysis of Hoglund (the author of a rootkit.com article, and a developer of cheat software for WoW). Hoglund uses FUD to scare the reader into believing that WoW is snooping around their e-mail addresses and IM friends list, but in actuality, the first thing Warden does when it scans a string is to hash it, thus removing all personally-identifiable information. It compares the hashes to a list of hashes sent from Blizzard's servers, and sends a notification to Blizzard if a hash matches one on the list. That's the only information it sends back.
Yes, it does scan window titles, and yes, coincidentally, those window titles may contain URLs or e-mail addresses. But Warden only works with hashes of those strings and doesn't phone them home. The paranoid can easily close other windows while running WoW (or, for that matter, uninstall), but the majority of the game-playing public wants anti-cheat measures in place.
Note that this anti-Warden crusade is perpetrated by people who will benefit financially if Blizzard is humiliated into discontinuing the use of Warden. The folks over at WoW!Sharp, the most well-known cheating/botting program for WoW, were selling subscriptions to their software, right up to the point where Warden caught them using their cheat software and led to them being banned. They realized that if they continued selling subscriptions to their software, they could be sued, so they released it as open-source, essentially to shove the problem of liability off onto their users.
If Warden were discontinued, they would, quite literally, be back in business.
SOE's problem was that they didn't notify the players about any sort of scanning. The WoW EULA includes notification, in all caps and in easy-to-read language, that they will perform these scans when you play the game. Since SOE's woes, gold selling (i.e., selling in-game gold for real cash) has become a pox upon MMOGs, and players are much more acutely aware of the misdeeds of other people in the game because of it, to the point where most players are happy to let Blizzard run these scans if it means that cheaters will be caught and banned.
Blizzard does say they will probe your computer.
From Terms of Use:
=================
In order to assist Blizzard Entertainment to police users who may use "hacks," or "cheats" to gain an advantage over other players, you acknowledge that Blizzard Entertainment shall have the right to obtain certain information from your computer and its component parts, including your computer's random access memory, video card, central processing unit, and storage devices. This information will only be used for the purpose of identifying "cheaters," and for no other reason
=================
So they can look at anything in RAM, or even your hard drive. And you agree to this. As other posters note, you can either not play, or not run other apps, since they don't seem to scan your drives.
I, for one, think Blizzard is doing something positive here, and the complainers are probably cheaters or farmers -- or non-players. Cheating ruins the experience for honest customers.
You know, they have these things called disposable credit card numbers now... Create a number, set the limit to $0.01 and freely give it out for "free trials". Even if they try to run it, the transaction fees will put them in the red.
1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcf
1. Not very. They use cryptographic hashes, and the chances of an accidental hash collision (i.e., you're not trying to cause one) are negligible (depending on the size of the hash, of course). The rumor is also that Blizzard doesn't ban based solely on the outcome of the scan, but has a GM monitor you in-game to determine what action should be taken.
2 4).
2. No, Warden only runs while WoW is running.
3. Yes. There is a default version of Warden that is part of the patched version of the game. When you run WoW, Blizzard can push another version of Warden to your machine that exists in memory only while you are playing the game. When you uninstall WoW, the basic Warden software is deleted along with it.
4. You can still use a proxy to monitor what data is sent across the connection, and such a proxy (as long as it doesn't try to alter any data) is pretty much undetectable. Blizzard has made general statements about their monitoring, but they haven't given any specifics on what is transmitted. The cheat authors, however, have been fairly verbose about what Warden does. (See http://www.wowsharp.net/forums/viewtopic.php?t=70
5. Hard to say. Warden is polymorphic, and a new version can be pushed from the server at arbitrary times while you play, so it's fairly slippery. It's tough enough to beat that the WoW!Sharp developers decided that continued development and sales of their software was too risky, after they got caught. I suspect that Warden faces the same set of challenges that virus scanning programs face. At the same time, the cheat authors, because their game accounts are on the line when they test their software, could potentially get socked for $50 every time they get caught - and while a little cheating here or there doesn't damage the game too much, Blizzard only has to nail the cheat developers once in order to ban them. (And Blizzard can always take extra steps to try to prevent them from resubscribing.)
I believe poker sites like PartyPoker does something similar.
Adidas To Bring Back Sneakernet
http://www.simon.com/giftcard
(Disposable Visa cards) Used them for years with no problems, and they'll mail you the card if you can't go pick one up.
Just google on "Visa Gift Card" and you'll find any number of others doing the same.
You do understand how The Watcher works don't you?
It looks at the name of the title bar of each program that is currently running and hashes it. Then, without transmitting anything over the internet, it compares the generated hash list with a hash list of known cheat programs.
Now, here's the beautiful part... if it finds a match, something is transmitted back to Blizzard HQ: A flag on your account. An employee of Blizzard will then keep an eye on your character to look for any suspicious activity.
If that's spyware...it's the poorest excuse for Spyware I've ever heard!
Lag - Some of them chain run so many instances that they are generating an abnormal amount of lag due to resource useage.
In-game Economy is adversely affected by the accelerated entrances of items into the economy. Only solution is to reduce the drop rates which hurts regular players far more than the farmers.
Spawn Camping - Some of the best areas are farmed 24/7 by hundreds of these people collecting gold and goods. This adversely affects players who are forced to move elsewhere or fight for it.
It dumps all text strings from running programs (actually, anything starting with 'MZ', which signals the start of PE headers), not merely titlebars. It opened his GPG keyring, among other things per his report. And I'm more inclined to believe him than you because he's actually run this program to spy on their program (the source of which I was just looking over) and you have not even claimed to have ever played WoW.
So you might want to read the actual report on which things it accesses more carefully, rather than drawing quick conclusions from an incomplete BBC blurb.
-----
This post's captcha: humbled.