World of Warcraft's Brand New Rootkit

Captain Kirk writes "We all know that World of Warcraft has checked for hacks to ensure a safe game environment for all players. The latest version of these checks goes beyond anything seen so far in that what is being checked is now completely encrypted. Obviously this hits bot writers as can be seen from these complaints, But it also strikes at the privacy of all users. Now Blizzard has a tool that is encrypted and can run any type of scan, transfer any file or edit any document on your computer. That can't be right."

Recommendation for online gaming

[ackthpt (218170)]

1 computer for gaming
1 computer for everything else

Sorry if you can't afford a second, but that's how I do it.

Re:Recommendation for online gaming

[ByOhTek (1181381)]

wow works great in Wine.

use a very restricted account when running it in wine. Problem solved.

Re:Recommendation for online gaming

[EvilMonkeySlayer (826044)]

But how would I make gold from selling clam meat then?

Re:Recommendation for online gaming

[ArsonSmith (13997)]

Become a pimp?

"That can't be right."

[RandoX (828285)]

Then don't play. It really IS that simple. If you're having too big of a problem with that, put the mouse down and go join a support group.

Re:Or...

[nuzak (959558)]

> why not organize and complain to Blizzard?

Players: "Blizzard, your malware sucks, and you suck for using it!"

Blizzard: "What? Sorry, these piles of money you keep forking over to us every month kind of muffle the sound in here."

Re:Or...

[Elemenope (905108)]

I don't play WOW, I don't get why people are obsessed with it, and that has absolutely nothing to do with the point, which is this:

1. Many people like playing WOW. It brings them happiness to play it.

2. The provider of WOW has instituted a policy that is objectionable.

There is no reason on God's Green Earth why 1 and 2 above need inevitably lead to:

3. Therefore people should give up WOW that brings them happiness because there is a problem with how it is provided.

Because, frankly, that's just stupid. Less extreme measures should be tried first, like salvaging that which is valuable by attempting to change that which is objectionable. Cutting your losses and running is, if ever, a last resort when attempts to fix the problem have utterly failed. Now, this is "just a game", and so it is reasonable for people to only put as much effort into salvaging it as pleasure they get out of it; it's not like fighting for your rights or anything. I just have a really hard time comprehending the general attitude around here being that as soon as someone (esp. a corporate entity) does something to find questionable that the only response is immediate and extreme measures(tm). Human beings who do care, if even fleetingly, about things other than money run these companies; they want people to enjoy their products, and would be fools not to listen to valid concerns even if only for self-interested reasons.

Privacy?

[Debello (1030486)]

You've already given up your life when you start playing WoW. What do you have to keep private?

Define rootkit

[ajs (35943)]

So, now a "rootkit" is any program that does something we're not sure of?

I thought a rootkit was a program designed to take control of a system remotely or offer access to that system? This is just an obfuscated program (encrypted is a bit strong for something that is "decrypted" on your own system where you can watch its behavior).

Seriously, if this is the worst that Blizzard does, I'm a happy camper. They really do have serious problems with their users being exploited, and detecting these problems early is all good. In my case, they'll see everything that's in my virtual Windows environment under Wine.

Now, if someone proves that they're reading personal files out side of the Windows system directory or the WoW installation, then we can talk. Until then, this is a non-issue.

How is this a root kit?

[Bryansix (761547)]

Does the thing hide itself? Can't you just uninstall WoW? (Maybe you can't but maybe you need mental help.) Ya, you don't know what it is doing but you don't know what most programs are going unless you reverse engineer them. I think this is just the cheaters getting their panties in a twist. Especially because it means the end to a real source of income for those who harvest gold and sell it in the real world.

Re:How is this a root kit?

[ajs (35943)]

Does the thing hide itself?

No.

Can't you just uninstall WoW?

Sure.

Ya, you don't know what it is doing

Actually you know pretty well what it's been doing because with minor refinements, it's been doing just about the same thing for 3 years.

I think this is just the cheaters getting their panties in a twist.

Ding!

Especially because it means the end to a real source of income for those who harvest gold

Gold harvesting is easy. What's hard is maintaining your account for more than a week once you start trying to sell it online. This is why the pro gold farmers/sellers are all using level 1 accounts. At level 1 gold farming is a bit more difficult, so they have to abuse the game in order to profit. This program detects that kind of abuse, and THAT is why they're upset.

A bit sensationalistic

[Zuato (1024033)]

I play World of Warcraft. As a subscriber that plays this game I am ok with Warden as it stands. I want to play a game where hackers and cheaters are caught and banned. I know a lot of people despise the speed hacks and of course the gold farmers, so I don't see what the fuss is all about.

The likely hood of Blizzard hacking or stealing personal data is very small. They know that they could lose their cash cow by doing anything malicious with this information/software.

For those that fear credit card and personal information being lifted, I'm a little baffled. When you sign up for an account you enter most of the same personal info that is going to be on your PC anyway, and unless you are using game cards they already have at least one of your credit cards on file. All information that subscribers gave up willingly.

That aside, I did read the article and find the technology fascinating.

And all because they pooched their architecture

[Rogerborg (306625)]

If you start your architectural design from the assumption that the client is a malicious bot, then you can design out vulnerability. Blizzard chose not to do that. They thought that they could enforce trust on the client side, and let clients make decisions about (oh, just for example) player position. Well, that makes them idiots. Idiot savants, maybe, but idiots none-the-less.

The client cannot be trusted. Clients request, servers decide and dictate. Let the client anticipate and drift its local world state all you like, but the server must never, ever, accept a state change from the client, only requests. That's the way it has to be, unless you - demonstrably - want to play catchup for ever and a day. And if you get caught in that hole, then you need a spade the size of WOW's playerbase and Blizzard's resources in order to keep digging it deeper.

Re:And all because they pooched their architecture

[MarcoAtWork (28889)]

all nice in theory, but workable only if your clients could all have 10ms latency. When you start designing games to be playable with 400+ms latency you need to make compromises, and it becomes REALLY difficult to get things working well (I know, in a previous life I've been a games network programmer for an fps, it was quite challenging).

In wow (and fps games in general) player movement is not predictable, at any point a player can stop and turn with no inertia (so it's not like, say, a space sim game where you can do dead reckoning at even fairly high latencies and make things look decent) and if you've seen any wow pvp you know it consists of a lot of jumping around and running through each other to try to get behind the other player. Also several abilities need to be used with very tight timings, there is the gcd to take care of etc. etc. etc.

You need to have some things running on the client side to make the game playable for as many people as possible (for example oceanic players on US servers), and the problem is what you do when the client and the server disagree on where you are and what you are doing: tilt the balance too much towards the client and you have easy exploits, tilt the balance too much towards the server and the game will start to feel 'sluggish' and sometimes outright broken (I was right on top of the other player, why did I get 'out of range').

It's not an easy problem to solve for a game as complex as wow, if it was do you think that with all the money they're raking in they wouldn't have fixed it yet?

Duh... what's new?

[mortonda (5175)]

Now Blizzard has a tool that is encrypted and can run any type of scan, transfer any file or edit any document on your computer.

You do realize that *any* software you install on your computer can do this? Unless you have read the full source code and compiled it yourself (Ignoring the possibility of a trojan'd compiler) there is a possibility that a program could do these things. So what's new?

Blizzard, their TOS, and you.

[BrianRoach (614397)]

They clearly state in their TOS that they do this (Section 14)
http://www.worldofwarcraft.com/legal/termsofuse.html [worldofwarcraft.com]

Don't like it? Don't play the game. Very simple.

And in fact, when you first sign up for an account, Blizzard gives you 30 days to return the game for a *full refund* if you don't agree to the TOS and don't wish to play. That seems pretty fair IMHO, and far more than most game companies will do.

- Roach

Re:Unbelivable

[daeg (828071)]

I canceled when they started adding things to their detection kit. When I saw it reading registry keys (regmon) it had NO business reading, I canceled. Did it need to read the activation keys for Windows? Absolutely not.

Re:Unbelivable

[ajs (35943)]

I canceled when they started adding things to their detection kit. When I saw it reading registry keys (regmon) it had NO business reading, I canceled. Did it need to read the activation keys for Windows? Absolutely not.

I'm sorry to hear that.

Out of curiosity, how would you go about detecting keyloggers and/or bots without reading the registry? Or do you just feel that Blizzard shouldn't attempt to detect abuse? Myself, I'm a player and I WANT Blizzard to look for such abuse. If someone finds that Blizzard's bot is doing something that's actually wrong (e.g. sending personal data back to home base, not just reading the registry), then I'll be the first to pressure them to fix it. However, if they're just scanning for malicious software that doesn't actually seem like a problem.

It is CERTAINLY not a rootkit according to any definition I've ever heard.

Re:Unbelivable

[TheLink (130905)]

He said activation keys for windows, so if the detection kit was really reading those then that's bad.

Anyway why would a bot or keylogger need to write to the registry?

Would be good if you could restrict the user account you use to run wow to only talking to blizzards IP range and local IP.

Re:Unbelivable

[ajs (35943)]

Well, they could use a better design.
This whole problem is cause because gold is so important to the game.

They could minimize these problems with a number of basic fixes.
1) Don't allow the AH to sell anything for more then 5 times the vendor cost.

Which results in artificial control of the market, which primarily impacts those who don't have enough gold to exploit the system, and results in anything that's unreasonably capped being sold player-to-player outside the auction house. Turns out economies (virtual or not) are quite resilient to this kind of ham-handed attempt at control.

2) Lower the cost of items. How you can charge 5000 Gold to learn to use a mount and not expect a spike in Gold selling and farming is beyond me.

Actually, they did the reverse, and it's worked VERY well. The only people buying gold now are typically the newbies who need 10-100 gold to get started. 5000g costs an astronomical amount of money because it takes so long for a low-level player to get.

It's a root kit in that it can gain access to anything on your computer and send it to Blizzard.

So can the World of Warcraft game itself. That's a rootkit too? Oh PS: rootkit != any invasion of privacy. Rootkits are specifically those programs that subvert the security of your system. This simply doesn't do that.

To trust warden is to trust that:
they will never hire a bad dishonest employee,

You can replace "warden" in that sentence with the name of any software you've ever run.

Re:Unbelivable

[Dachannien (617929)]

I can't believe I'm forgoing a full complement of mod points to respond to you, but I get tired of seeing people go ape-shit whenever they use tools like regmon and filemon without having clue one as to what they're seeing.

Pretty much any program will make tons of accesses to registry keys that would at first glance appear to have nothing to do with that program, because the program loads a bunch of Windows libraries that access those registry keys whenever they're loaded. The same goes for IE cookies, for any program that uses the IE rendering libraries to render HTML (including things like the frontend patchers for games like EverQuest), because those libraries go through your cookies just the same as IE does when it first loads.

Sorry that you felt it necessary to cancel your WoW account because you didn't understand how your computer works, but at least it gives you a lot more spare time for making tin-foil hats.

This is a non-issue, as it stands

[krog (25663)]

Summary of TFA: WoW Warden now selects one of many hash algorithms and uses it in server communication. Blog author gets his panties in a bunch because Blizzard could replace one of these hash algorithms with something that collects PRIVATE PERSONAL DATA, and NO ONE WOULD EVER KNOW. A misleading Slashdot headline and poorly-written blurb is generated, and the rest is academic.

Re:This is a non-issue, as it stands

[Goldberg's Pants (139800)]

The article is absolutely retarded. It never ceases to amuse me when such grandiose claims are made about customers etc... Of the 7 million WOW account holders, I would bet that 6.999 million don't even know about Warden. And I'd bet that same number, if you made them aware, still wouldn't give a toss. He's probably just a disgruntled bot author, dressing up his complaints in the guise of the public service. I can understand being paranoid to a degree, but this is just ridiculous. The author clearly has delusions of grandeur, and ideas far FAR above his station.

This articles headline is INCREDIBLY misleading, and whoever wrote it needs a slap for their melodramatic endeavours.

Re:What is worse?

[Cheesey (70139)]

Steam games have "Valve Anti-Cheat" (VAC), which is similar in principle to the Blizzard Warden. Other games use Punkbuster, which uses the same strategy to detect cheats. All of these programs scan your machine's memory and look for the signatures of known cheats. The mechanism used to carry out the scanning and report the results is deliberately obfuscated to make it difficult to reverse engineer the process and send fake results. All three of these programs are spyware. But you agree to the use of each within the EULA of whatever game you are playing.

Warden has always had the ability to be updated with arbitrary code as you play. The observations of this article are nothing new: Blizzard has always been able to access files on your computer, just by sending the appropriate program to Warden. It seems that they have recently been sending more complex programs, generated for each client, so the current generation of programs that spy on Warden no longer work. The arms race continues.

Re:Draconian EULA

[Volante3192 (953645)]

And all Sony did was install a program on their music CDs that ensured someone had a legit copy of the CD (copyright infringement is a HUGE problem with IP).

(waves magic wand) Reducto ad absurdum!