The State of Security in MMORPGs

Anonymous writes "Security researchers Greg Hoglund and Gary McGraw poked around in World of Warcraft and other online games, finding vulnerabilities and exploiting the system using online bots and rootkit-like techniques to evade detection. Their adventures in online game security became fodder for the book, Exploiting Online Games. McGraw discussed with securityfocus the state of security in modern video games, cheating and anti-cheating systems, how the market for cheats, exploits, and digital objects is growing, what we could learn from the design of these huge systems, and how game developers react to submissions of security vulnerabilities."

My personal feelings..

[faloi]

The market for cheats and exploits is so large primarily because of the "make it a grind!" trap that most MMORPGs fall into. If you're into a MMORPG, and you "need" cash for a certain item, or to recoup your costs for the last big raid, or what have you, you seem to get one of two choices. You can grind away whatever playtime you have in order to get the cash legitimately, you can buy it from someone that is grinding away (or perhaps using exploits), or you can turn to exploits/hacks/whatever yourself.

I understand that some percentage of the playing population is going to cheat, hack, or use an exploit simply because they can. But if game design didn't make it so attractive to so many people to reap the rewards that go along with it, it would be a pretty minor problem. In my opinion, as soon as you're killing the 3,000th slightly different textured mob for his toe...or running a dungeon you could do in your sleep just to make sure a fellow guild members armor is a little bit different color so you have a shot at the next dungeon, MMORPGs start losing some of their fun. I don't know of too many people that really enjoy running things that are on "farm" status, but there's a necessity to grind it out built into the games.

I know it keeps people hooked longer, but it also keeps the temptation to play...creatively...in people's mind.

Re:My personal feelings..

[brkello]

Eh, this is the same tired point that is pulled out every time there is an article about MMORPGs. "Oh, it's the grind that drives people to cheat...if their were only good designers in the world that could make MMORPGs without grinds." The thing is, the best designers in the world are working on these games. People, in fact, play these games because of the grind. They put effort in to something and then they get a reward. This is the same in real life, except the results take much longer before they occur (or may not occur at all). Take any other game and you see it follows the same model in a different form. Geometry Wars you grind until you beat your next high score. Guitar Hero you grind on a song until you can get 5 stars. Etc. etc.

If you play any game long enough, you are going to get tired of it and want to play another game. That is just being normal.

As far as cheating goes, some will do it for the challenge. Most of the others will just do it because they want to be better than their friends. It is a competition. It's a dumb place to want to be recognized...but people do it. If people hated the game, they just wouldn't play it anymore. They love the game, they just want an edge over others and will do whatever they can to get there faster. The grind is in everything...just it is just popular to bash it in here since people on here like to bash what other people enjoy instead of actually coming up with anything better.

Re:My personal feelings..

[NeutronCowboy]

People rely on the "grinding" aspect because it's the easiest to develop and balance properly.

Actually, I think there's a more insidious reason people rely on the grinding aspect: it allows developers to create the strongest reward mechanism; one that leads to behavior most closely related to addiction: random rewards at random intervals. It's convenient that it is the easiest to implement, but one reason we haven't progressed past it (and, in the case of Ultima, regressed to it) is that it is the single best way to keep players coming back for more.

Sorry for digressing, but that's the one thing that bugs me about most MMOs right now: they are designed as a massive grind fest.

Re:My personal feelings..

[randomaxe]

Geometry Wars you grind until you beat your next high score. Guitar Hero you grind on a song until you can get 5 stars. Etc. etc.

The difference here is that this isn't "grinding", this is practice.

If you play a song over and over in Guitar Hero, you get better at it, which eventually allows you to get five stars. You, the player actually get better at the game. In most MMORPGS, however, grinding is mere repitition, doing something over and over and over for experience points (or something similar), to improve the game character. The player is no better at the game, the game character is merely powered up.

Ultimately, these things differ in that the former affects the real world and the latter only affects the game world; if I play a song enough to get five stars in Guitar Hero, I can likely go to someone else's house and five-star it there, too. If I delete my character in an MMORPG, I forever lose all of the progress that was made, and getting a new character back to my old character's level requires going through all of that grinding all over again. While I may have figured out some easy ways to gain experience, I am still no better at the game itself. And really, I don't have to do anything challenging in the course of my grinding, because there is always some simple task (easy battles, for example) that can simply be done over and over to accrue easy experience.

To this extent, Guitar Hero (and Geometry Wars, and most non-RPGs, really) is no more a "grind" than any other skill-based activity that you do in the real world. Is writing code "grinding"? What about painting? Soldering? Singing? Playing cards? Cooking? Sex?

Exploits and WOW.

[Shivetya]

Well after reading the article, following links, and such its obvious the biggest thing they exploited with WOW during the course of writing and selling their book is the name. In other words, unless they had referenced WOW their book would be relegated to the dust bins of book sellers.

These two seem hell bent on FUD with Blizzard in regards to Warden. I haven't connected the dots but it appears these are either the same people who flew off the handle when Warden changed or are in the same group. Basically take something and use choice wording and catch phrases to imply sinister behaviour where none really exists. IOW - 911 conspiracy hacks read from the same play book. These guys just seem to be on some damn fool crusade against Warden that it borders on silly. The very same people probably don't blink when it comes to handing over their CC/Debit card to someone behind the counter freak out over a company that actually has to take steps to protect the data the players voluntarily entered when subscribing!

As for WOW itself, location hacks exist as the client and server are not always in synch for these actions. The biggest impact "cheaters" have on WOW is on the non-cheating players. Money transfers between accounts take an hour to complete, sales via the auction house are no longer immediate but instead take an hour, and trial accounts are so restricted that teaching someone to play with one is an exercise in frustration.

Re:Paradigm Shift

[Teancum]

One of the things that you miss here is the fact that many role-playing games (I'm including pencil and dice games here as well as stand-alone video games and MMORPGs) try to give you the simulation of being something which you decidedly are not. You may be a pencil-necked geek with a host of allergies (or in my case an over weight middle-aged software engineer), but you get into the games so that you can live out some sort of fantasy of being something you are not right now.

So the "skills" you acquire are something not entirely related to the activity you are doing "in game".

Still, the comment of a previous poster to your comment here is very appropriate: If you "cheated" your way into gaining a certain position/in game skill level by virtue of a gold farmer or some other hack, you really don't understand all of the subtle methods of using all of the options at your disposal. You certainly won't be able to take on even NPC monsters that would easily be defeated by somebody at your current "in-game" skill level. At the same time, even in a "grind" game (or even more so in those kind of games), you can take somebody with considerable experience in the game and see them excel at achieving in-game ranking even with a brand new character due to their advanced knowledge of techniques used to play the game, including knowledge of various locations and when to fall back and try again some other time.

Heck, I have actually enjoyed starting out all over again from scratch on a few occasions, just to get a little bit of a challenge back into the game. But I level up oh so much faster than my contemporaries who created brand new accounts with me that they just look puzzled when I walk by a couple of days later being twice or three times their "level". In game experience does matter, and it translates across in a whole bunch of ways.

Your suggestion that player rankings (combat levels are just another way for players to compare each other) bring about a desire to push their ranking up with real-world cash is certainly something worth mentioning. But in the long run those are artificially inflated rankings anyway. It doesn't deal with the other problems associated with real-world item trading, and IMHO there will always be those who try to find ways to "cheat" the system with cash. That can be through a faster network connection, better computer/graphics card, cheat program that let's you get an attack in 1/2 second earlier, or whatever means you can think of. This has always been the case, even for games like Doom and Quake that didn't even really have levels to compare against. And I knew people who did "cheat" at Quake and were proud of it.