Slashdot Mirror
The State of Security in MMORPGs
Anonymous writes "Security researchers Greg Hoglund and Gary McGraw poked around in World of Warcraft and other online games, finding vulnerabilities and exploiting the system using online bots and rootkit-like techniques to evade detection. Their adventures in online game security became fodder for the book,
Exploiting Online Games. McGraw
discussed with securityfocus the state of security in modern video games, cheating and anti-cheating systems, how the market for cheats, exploits, and digital objects is growing, what we could learn from the design of these huge systems, and how game developers react to submissions of security vulnerabilities."
When in a MMO game you can exploit rules and get an easy way in life of your caracter (evolving) its like some people exploiting laws for profit to get an easy way of life.
When in a MMO that person gets banned its like people who get caught in real life.
The more tight the rules/law the harder to exploit them. But making a full proof rule/law system? We dont even have that in real life!!
The market for cheats and exploits is so large primarily because of the "make it a grind!" trap that most MMORPGs fall into. If you're into a MMORPG, and you "need" cash for a certain item, or to recoup your costs for the last big raid, or what have you, you seem to get one of two choices. You can grind away whatever playtime you have in order to get the cash legitimately, you can buy it from someone that is grinding away (or perhaps using exploits), or you can turn to exploits/hacks/whatever yourself.
I understand that some percentage of the playing population is going to cheat, hack, or use an exploit simply because they can. But if game design didn't make it so attractive to so many people to reap the rewards that go along with it, it would be a pretty minor problem. In my opinion, as soon as you're killing the 3,000th slightly different textured mob for his toe...or running a dungeon you could do in your sleep just to make sure a fellow guild members armor is a little bit different color so you have a shot at the next dungeon, MMORPGs start losing some of their fun. I don't know of too many people that really enjoy running things that are on "farm" status, but there's a necessity to grind it out built into the games.
I know it keeps people hooked longer, but it also keeps the temptation to play...creatively...in people's mind.
"It is a miracle that curiosity survives formal education." -Albert Einstein
They don't care if their games are rotten with farmers and trading of game assets/currency.
All they will do is buy external software like GameGard, whose primary function is to hob resources of the customer's PC and make it less stable.
Thus, the low-end PHB will be able to claim to his boss he is actively fighting the problem, with GameGard's monthly invoice in hand for proof.
Meanwhile the players will lament about the enormous parasitic-like farmer population, detrimental to the game itself, and in plain view of anyone who actually logs in the game.
Well after reading the article, following links, and such its obvious the biggest thing they exploited with WOW during the course of writing and selling their book is the name. In other words, unless they had referenced WOW their book would be relegated to the dust bins of book sellers.
These two seem hell bent on FUD with Blizzard in regards to Warden. I haven't connected the dots but it appears these are either the same people who flew off the handle when Warden changed or are in the same group. Basically take something and use choice wording and catch phrases to imply sinister behaviour where none really exists. IOW - 911 conspiracy hacks read from the same play book. These guys just seem to be on some damn fool crusade against Warden that it borders on silly. The very same people probably don't blink when it comes to handing over their CC/Debit card to someone behind the counter freak out over a company that actually has to take steps to protect the data the players voluntarily entered when subscribing!
As for WOW itself, location hacks exist as the client and server are not always in synch for these actions. The biggest impact "cheaters" have on WOW is on the non-cheating players. Money transfers between accounts take an hour to complete, sales via the auction house are no longer immediate but instead take an hour, and trial accounts are so restricted that teaching someone to play with one is an exercise in frustration.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
The only way that online games are going to have a chance at getting away from these issues is with the implementation of skill-based advancement instead of advancement based on accumulated experience/gold. As it stands, a high-level player in many online games doesn't need to have learned any particular skill themselves, but a simple accumulation of wealth via goldsellers to buy high-quality equipment and mindless hack-n-slash, combined with good macros, and they can usually come out on top.
Contrast this approach with what's seen in something like Jumpgate, where players have to actually develop their skill as a pilot in order to be successful in combat. I'd expect that gold-buying in that game is significantly lower per-capita than in your standard grind games like WoW or LotRO.
When we pray for the end of goldselling, what we're really hoping for is the beginning of an era where non-transferable capital (the skill you develop from playing the game) becomes the dominant factor in advancement.
Online games (and any game in which you accumulate posessions) are just variations on a Skinner box. Put a gamer in a box, have him peck away at moving about the world, and give him possessions randomly. It's the same sort of thing that makes people sit in front of slot machines for hours. If they *did* make a hackproof game, only a few people would play it and it would fail financially.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
That, I think, is my biggest complaint. Properly designed economies would go a long way to reduce the incentive to cheat. But WOWs economy, especially lately, is spectacularly broken. Most raw materials are worth more than anything you can craft out of them. Low-level items are either useless and impossible to sell, or--if useful--people with high level alts have priced them at a range no new-user can ever afford. I would suggest MMORPG designers spend less time on the technical aspect of the cheats, more time on the internal game economics that motivate them. And no, it's not really the grinding. Just the economy. Raw materials + labor should always have greater value than the raw materials alone, for example.
The program you think of was ShowEQ. Also, this was a direct result of retarded game design by Sony where by one dragon can only be killed by one group of people per week, unlike the current crop of MMOGs where everything is instanced and this is no longer a problem.
Just the way ShowEQ was a direct result of game design flaws in EverQuest, the same way leveling bots are for other games or ingame currency selling for real life money and whatnot. Game design flaws will result in hacks, bots and currency trading.
Boo hoo. This is a business opportunity staring you right in the face and you whine about it like a little bitch? Try this:
1. Sell the game's boxed set with a game card that includes playtime, enough to cover any chargebacks and chargeback fees for a single month. (Basically, pay for 2 months, get 1 month, hide the fee in the price of the boxed set.)
2. If the first card payment isn't charged back, give the player a "Free Month" (that they already paid for in the price of the boxed set) for being such a "valuable member" of our "online community".
3. Profit like hell, knowing that chargeback thieves have already paid their dues at retail, and legitimate customers are happy you've "rewarded" them.
Anybody with a business degree that can't figure this out doesn't deserve to be a CEO. This lack of business leadership may also explain why Star Wars Galaxies tanked into nothing.
MMO's strike at the heart of the American lifestyle - the struggle to be #1. This isn't Mario where at best you beat the game in 20 minutes and put a video on youtube. You build up a character to become supreme then show it off.
Problem is the path to superiority in MMO's isn't done through skill, but rather time invested. Bots are not good players, but are good at investing time.
When MMO's hit mainstream that reward skill before time, then the bots will dissapear.
"Do the security features in Windows Vista -- such as limits on HD playback and signed drivers -- help in fighting cheaters?".
I'm glad I'll be able to use my modded character over an HDMI cable, and I can install a 3rd party device without a signed driver to get around this.
Who thinks up these questions?
Download the free trial for Lotro, create a character and head to Bree. There is a quest there that starts at night, from a ghost near the southern gate, he asks you to find a ring that was lost at some baracks. Yet you don't recall any baracks even being at bree. It is suggested you ask around.
Want to guess how many people INSTANTLY upon receiving that quest ask where to find this ring? 10%? 20%? I once just parked myself for an hour at night time near that ghost, just to see how many people that came near him would next ask the question. 8 people. 6 asked in public chat, the others might very well have done the quest before or asked in private chat.
People don't want to explore.
SWG had a little exploration and most people never bothered with it until the path to Jedi required it.
On the way back from Dol Dinen to Esteldin you come across a wounded ranger, if you approach he warns of a trap and you are ambushed by 3 earthkins, fairly though critters. It isn't a quest, just a bit of color for the game. Again a bit of social experimentiation quickly showed me that most players had NEVER heard of this, quests are shown with a ring, there was no ring so people didn't explore to see what it was all about because no XP means a wast of time.
It is depressing, but I sadly think that the market has spoken and the market has said, we want more WoW, please don't make us think or give us choices. Lead us by the hand and give us our XP and levels.
And to be fair, I am not sure I entirely disagree. There is a fine line between an open-ended free form quest and sending a player out there without a clue. I remember a east european game, SS (not sure about the name, tactical turnbased squadgame in 3D enviroment that was totally destructable), it had quests/missions where on higher difficulties you weren't told what to do. You just appeared on a map and good luck finding out what your objectives were. A challenge or wasting my time?
Like many a MMO player I have thought long and hard about how you could make a better game, but I keep hitting the same old problem, can the user handle it and sadly the answer is no. If you wants millions of subscribers you got to accept that you are developing for an average IQ well below 100. Retards. Lazy retards. Lazy dyslexic retards.
Go on, come with an idea for a quest or game mechanism and then ask yourselve, how will a user who refuses to read or look at his interface deal with it. One of the biggest challenges in the endgame of MMO's comes not from the game itself, but in finding a group of people that after months of play actually managed to get a clue. It sounds amazing but as a raid leader you would be suprised how many times you get a newbie who must be playing on someones elses account because with their skill they should have died at the loading screen.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.