World of Warcraft's Brand New Rootkit

Captain Kirk writes "We all know that World of Warcraft has checked for hacks to ensure a safe game environment for all players. The latest version of these checks goes beyond anything seen so far in that what is being checked is now completely encrypted. Obviously this hits bot writers as can be seen from these complaints, But it also strikes at the privacy of all users. Now Blizzard has a tool that is encrypted and can run any type of scan, transfer any file or edit any document on your computer. That can't be right."

Re:Unbelivable

[ajs]

I canceled when they started adding things to their detection kit. When I saw it reading registry keys (regmon) it had NO business reading, I canceled. Did it need to read the activation keys for Windows? Absolutely not. I'm sorry to hear that.

Out of curiosity, how would you go about detecting keyloggers and/or bots without reading the registry? Or do you just feel that Blizzard shouldn't attempt to detect abuse? Myself, I'm a player and I WANT Blizzard to look for such abuse. If someone finds that Blizzard's bot is doing something that's actually wrong (e.g. sending personal data back to home base, not just reading the registry), then I'll be the first to pressure them to fix it. However, if they're just scanning for malicious software that doesn't actually seem like a problem.

It is CERTAINLY not a rootkit according to any definition I've ever heard.

Re:Unbelivable

[MarcoAtWork]

If you had a WoW account, you would already voluntarily have given Blizzard your full name, snail address, email address, and credit card number.

when I was playing wow I used prepaid game cards exactly for this reason... or aren't prepaid cards available anymore?

Re:Define rootkit

[AvianM]

A rootkit is a piece of software that hides itself from the operating system, hiding running processes or files. It doesn't really matter if its malware or not, just the fact that not even the OS can see it while it's running makes it a rootkit. The wow system checker I don't believe hides itself, it just has to run or the game won't.

Re:And all because they pooched their architecture

[Cheesey]

The purpose of Warden is not just to detect cheats but also automated players ("bots").

Bot prevention is an extremely hard problem. Warden gives Blizzard a way to send arbitrary code to the player's computer in order to carry out any "test for a bot" that they like. If the set of available tests were restricted to a defined interface, then bot authors would be able to fake the test results, and according to TFA, this is actually what happened: "previously, roughly 318 permutations of Warden existed per patch". Presumably the bot code would detect which version of Warden was in use, and use the appropriate Warden-faking code for that version.

Now, many more permutations exist, so this type of attack is much more difficult. I find it particularly interesting to point out that Warden doesn't actually have any new capabilities: it has always had the ability to accept arbitrary code from Blizzard, and all that has happened here is that Blizzard have made their "test for a bot" more difficult to fake.

Re:And all because they pooched their architecture

[MarcoAtWork]

all nice in theory, but workable only if your clients could all have 10ms latency. When you start designing games to be playable with 400+ms latency you need to make compromises, and it becomes REALLY difficult to get things working well (I know, in a previous life I've been a games network programmer for an fps, it was quite challenging).

In wow (and fps games in general) player movement is not predictable, at any point a player can stop and turn with no inertia (so it's not like, say, a space sim game where you can do dead reckoning at even fairly high latencies and make things look decent) and if you've seen any wow pvp you know it consists of a lot of jumping around and running through each other to try to get behind the other player. Also several abilities need to be used with very tight timings, there is the gcd to take care of etc. etc. etc.

You need to have some things running on the client side to make the game playable for as many people as possible (for example oceanic players on US servers), and the problem is what you do when the client and the server disagree on where you are and what you are doing: tilt the balance too much towards the client and you have easy exploits, tilt the balance too much towards the server and the game will start to feel 'sluggish' and sometimes outright broken (I was right on top of the other player, why did I get 'out of range').

It's not an easy problem to solve for a game as complex as wow, if it was do you think that with all the money they're raking in they wouldn't have fixed it yet?

Can I return it now?

[campnic]

If they have just changed Warden and I'm no longer happy to agree to their terms of service, can i return wow and BC for a full refund? Don't I agree to let them run what software is in the box when i agree to the ToS? If they change the software can't i change my mind?

Re:A bit sensationalistic

[Sparr0]

Bots are not just for leveling up. There are PLENTY of other extremely tedious parts of the game. When I still played WoW for fun, before I started farming gold full time, I used single-purpose "bots" to automate most of the tedious parts of the game. Travel (30 minutes of walking and waiting for boats/zepplins is not fun), harvesting trade skill resources (find minerals, right click, wait 10 seconds, repeat), and combat (both as a melee fighter and as a healer. bots make great healers, especially in raids), all good targets for automation.