Slashdot Mirror

← Back to Stories (view on slashdot.org)

World of Warcraft's Brand New Rootkit

Posted by CmdrTaco on from the well-isn't-that-secure dept.

Captain Kirk writes "We all know that World of Warcraft has checked for hacks to ensure a safe game environment for all players. The latest version of these checks goes beyond anything seen so far in that what is being checked is now completely encrypted. Obviously this hits bot writers as can be seen from these complaints, But it also strikes at the privacy of all users. Now Blizzard has a tool that is encrypted and can run any type of scan, transfer any file or edit any document on your computer. That can't be right."

19 of 576 comments (clear)

  1. Recommendation for online gaming by ackthpt · · Score: 5, Insightful

    1 computer for gaming
    1 computer for everything else

    Sorry if you can't afford a second, but that's how I do it.

    --

    A feeling of having made the same mistake before: Deja Foobar
    1. Re:Recommendation for online gaming by ByOhTek · · Score: 5, Informative

      wow works great in Wine.

      use a very restricted account when running it in wine. Problem solved.

      --
      Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
    2. Re:Recommendation for online gaming by EvilMonkeySlayer · · Score: 5, Funny

      But how would I make gold from selling clam meat then?

    3. Re:Recommendation for online gaming by ArsonSmith · · Score: 5, Funny

      Become a pimp?

      --
      Paying taxes to buy civilization is like paying a hooker to buy love.
    4. Re:Recommendation for online gaming by Admiral+Ag · · Score: 5, Insightful

      That's probably the best option. I'm a strong advocate of privacy myself, but I don't see Blizzard's actions as being particularly unreasonable. You aren't being compelled to play the game, and it's up to each individual to decide how much they trust Blizzard with this. If you don't trust them, don't play. It's quite common for people to be asked to reveal personal information in a voluntary exchange (like when you apply for a job or a bank account) and there is always the possibility that this information could be misused or abused, or that the power you give another person to access such information could be misused or abused. But these types of transactions are always voluntary, and it's really a case of caveat emptor. If you don't trust the company, then don't give them your money and your privacy will remain intact.

      Having said that, people like the author of TFA are free to object to Blizzard's policy and to attempt to persuade them to change it (like they did with the issue of gay-friendly guilds a while back). If it annoys enough of the playerbase, then it will go.

      I'm a recovering WoWaholic myself, and although I loved the game, the one thing that really bothered me (other than warlocks) was cheaters. I worked hard at the game, spent a lot of time grinding and crafting, and spent inordinate amounts of time learning the game and getting to know good people so that I could join a decent guild and progress. If cheating isn't aggressively policed, it ruins the sense of achievement for legitimate players by allowing others to free ride. I'd personally be willing to risk it to have less cheaters in the game, but YMMV.

      --
      "by that I mean people who don't sit on slashdot all day wondering why everyone else isn't building robots" DECS
  2. "That can't be right." by RandoX · · Score: 5, Insightful

    Then don't play. It really IS that simple. If you're having too big of a problem with that, put the mouse down and go join a support group.

    1. Re:"That can't be right." by nacturation · · Score: 5, Funny

      A strange game. The only winning move is not to play.

      --
      Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  3. Privacy? by Debello · · Score: 5, Funny

    You've already given up your life when you start playing WoW. What do you have to keep private?

  4. This is a non-issue, as it stands by krog · · Score: 5, Insightful

    Summary of TFA: WoW Warden now selects one of many hash algorithms and uses it in server communication. Blog author gets his panties in a bunch because Blizzard could replace one of these hash algorithms with something that collects PRIVATE PERSONAL DATA, and NO ONE WOULD EVER KNOW. A misleading Slashdot headline and poorly-written blurb is generated, and the rest is academic.

    --
    Cretin - a powerful and flexible CD reencoder
    1. Re:This is a non-issue, as it stands by Goldberg's+Pants · · Score: 5, Insightful

      The article is absolutely retarded. It never ceases to amuse me when such grandiose claims are made about customers etc... Of the 7 million WOW account holders, I would bet that 6.999 million don't even know about Warden. And I'd bet that same number, if you made them aware, still wouldn't give a toss. He's probably just a disgruntled bot author, dressing up his complaints in the guise of the public service. I can understand being paranoid to a degree, but this is just ridiculous. The author clearly has delusions of grandeur, and ideas far FAR above his station.

      This articles headline is INCREDIBLY misleading, and whoever wrote it needs a slap for their melodramatic endeavours.

  5. Define rootkit by ajs · · Score: 5, Insightful

    So, now a "rootkit" is any program that does something we're not sure of?

    I thought a rootkit was a program designed to take control of a system remotely or offer access to that system? This is just an obfuscated program (encrypted is a bit strong for something that is "decrypted" on your own system where you can watch its behavior).

    Seriously, if this is the worst that Blizzard does, I'm a happy camper. They really do have serious problems with their users being exploited, and detecting these problems early is all good. In my case, they'll see everything that's in my virtual Windows environment under Wine.

    Now, if someone proves that they're reading personal files out side of the Windows system directory or the WoW installation, then we can talk. Until then, this is a non-issue.

  6. How is this a root kit? by Bryansix · · Score: 5, Insightful

    Does the thing hide itself? Can't you just uninstall WoW? (Maybe you can't but maybe you need mental help.) Ya, you don't know what it is doing but you don't know what most programs are going unless you reverse engineer them. I think this is just the cheaters getting their panties in a twist. Especially because it means the end to a real source of income for those who harvest gold and sell it in the real world.

  7. A bit sensationalistic by Zuato · · Score: 5, Insightful

    I play World of Warcraft. As a subscriber that plays this game I am ok with Warden as it stands. I want to play a game where hackers and cheaters are caught and banned. I know a lot of people despise the speed hacks and of course the gold farmers, so I don't see what the fuss is all about.

    The likely hood of Blizzard hacking or stealing personal data is very small. They know that they could lose their cash cow by doing anything malicious with this information/software.

    For those that fear credit card and personal information being lifted, I'm a little baffled. When you sign up for an account you enter most of the same personal info that is going to be on your PC anyway, and unless you are using game cards they already have at least one of your credit cards on file. All information that subscribers gave up willingly.

    That aside, I did read the article and find the technology fascinating.

  8. Duh... what's new? by mortonda · · Score: 5, Insightful

    Now Blizzard has a tool that is encrypted and can run any type of scan, transfer any file or edit any document on your computer.

    You do realize that *any* software you install on your computer can do this? Unless you have read the full source code and compiled it yourself (Ignoring the possibility of a trojan'd compiler) there is a possibility that a program could do these things. So what's new?

  9. Re:What is worse? by Cheesey · · Score: 5, Informative

    Steam games have "Valve Anti-Cheat" (VAC), which is similar in principle to the Blizzard Warden. Other games use Punkbuster, which uses the same strategy to detect cheats. All of these programs scan your machine's memory and look for the signatures of known cheats. The mechanism used to carry out the scanning and report the results is deliberately obfuscated to make it difficult to reverse engineer the process and send fake results. All three of these programs are spyware. But you agree to the use of each within the EULA of whatever game you are playing.

    Warden has always had the ability to be updated with arbitrary code as you play. The observations of this article are nothing new: Blizzard has always been able to access files on your computer, just by sending the appropriate program to Warden. It seems that they have recently been sending more complex programs, generated for each client, so the current generation of programs that spy on Warden no longer work. The arms race continues.

    --
    >north
    You're an immobile computer, remember?
  10. Re:Unbelivable by ajs · · Score: 5, Interesting

    I canceled when they started adding things to their detection kit. When I saw it reading registry keys (regmon) it had NO business reading, I canceled. Did it need to read the activation keys for Windows? Absolutely not. I'm sorry to hear that.

    Out of curiosity, how would you go about detecting keyloggers and/or bots without reading the registry? Or do you just feel that Blizzard shouldn't attempt to detect abuse? Myself, I'm a player and I WANT Blizzard to look for such abuse. If someone finds that Blizzard's bot is doing something that's actually wrong (e.g. sending personal data back to home base, not just reading the registry), then I'll be the first to pressure them to fix it. However, if they're just scanning for malicious software that doesn't actually seem like a problem.

    It is CERTAINLY not a rootkit according to any definition I've ever heard.
  11. Re:Or... by nuzak · · Score: 5, Funny

    > why not organize and complain to Blizzard?

    Players: "Blizzard, your malware sucks, and you suck for using it!"

    Blizzard: "What? Sorry, these piles of money you keep forking over to us every month kind of muffle the sound in here."

    --
    Done with slashdot, done with nerds, getting a life.
  12. Re:Unbelivable by Dachannien · · Score: 5, Insightful

    I can't believe I'm forgoing a full complement of mod points to respond to you, but I get tired of seeing people go ape-shit whenever they use tools like regmon and filemon without having clue one as to what they're seeing.

    Pretty much any program will make tons of accesses to registry keys that would at first glance appear to have nothing to do with that program, because the program loads a bunch of Windows libraries that access those registry keys whenever they're loaded. The same goes for IE cookies, for any program that uses the IE rendering libraries to render HTML (including things like the frontend patchers for games like EverQuest), because those libraries go through your cookies just the same as IE does when it first loads.

    Sorry that you felt it necessary to cancel your WoW account because you didn't understand how your computer works, but at least it gives you a lot more spare time for making tin-foil hats.

  13. Re:Or... by Elemenope · · Score: 5, Insightful

    This was from my post:

    Now, this is "just a game", and so it is reasonable for people to only put as much effort into salvaging it as pleasure they get out of it; it's not like fighting for your rights or anything. I just have a really hard time comprehending the general attitude around here...

    And this was from yours:

    This is a video game. Finding another MMO to take up your excess time is a matter of $50 at worst, since just about all of them worth playing give free trial periods. Your friends that you met in WoW will still be your friends when you stop playing if they are real friends and not merely aquaintances. There is such a thing as instance messenger and voice chat. Gain some perspective.

    I've got perspective (tm). It is only a game, and as such, like I said, people who have a problem with how it is provided should raise a stink only so far as the enjoyment they get from the game is worth it to them. Since, after all, it is their money, and not yours or mine. Me, I prefer to read books, watch movies, chat (in meatspace) with friends, and post to /. for my entertainment. That's what brings me enjoyment. These folks, who like WOW, like other things than I do and spend money in ways consummate with that enjoyment. If one were to look at the publishing industry with a magnifying glass, one would see all sorts of hideous warts; the way they treat most authors is abominable, their editorial policies are groupthink L.C.D. crap, etc. etc.. And yet, I think it would be plainly idiotic to suggest to a person that they should just stop reading books because there are problems with the way books are provided as a product. There are other, better ways. They are harder, less self-satisfyingly smug, and not always successful. And yet, they are the ways that actually make things better, as opposed to the prevailing message which seems only to suggest that one try to insulate oneself from the world as it goes to shit around you.

    Look, the way in which people think and how they act when it comes to trivial matters reflects very well how they tend to react to important ones. People whose first reaction is cut and run from every negative thing tend to do so not just in MMO-land but also in politics. People complain a great deal about political apathy, but apathy comes from the mindset that the other methods I have been speaking about (e.g. organize, petition, complain) are ineffective and are thus never tried. Of course they fail; nobody does them. In many cases, they've forgotten how. The mindset here reflects the mindset in the wider landscape, and so if you think I fail to have perspective because it's "just a game", that may be because this attitude is corrosive wherever it appears and I find that way of thinking to be destructive in areas of life where it matters a damn well lot.

    --
    All the techniques ever used to make men moral have been themselves thoroughly immoral... (Nietzsche)