World of Warcraft's Brand New Rootkit 576
Captain Kirk writes "We all know that World of Warcraft has checked for hacks to ensure a safe game environment for all players. The latest version of these checks goes beyond anything seen so far in that what is being checked is now completely encrypted. Obviously this hits bot writers as can be seen from these complaints, But it also strikes at the privacy of all users. Now Blizzard has a tool that is encrypted and can run any type of scan, transfer any file or edit any document on your computer. That can't be right."
Re:Unbelivable (Score:5, Informative)
Re:Recommendation for online gaming (Score:5, Informative)
use a very restricted account when running it in wine. Problem solved.
Re:Recommendation for online gaming (Score:3, Informative)
Of course, if you go that route, you only need one machine...
Re:What is worse? (Score:5, Informative)
Warden has always had the ability to be updated with arbitrary code as you play. The observations of this article are nothing new: Blizzard has always been able to access files on your computer, just by sending the appropriate program to Warden. It seems that they have recently been sending more complex programs, generated for each client, so the current generation of programs that spy on Warden no longer work. The arms race continues.
Re:How is this a root kit? (Score:5, Informative)
You thought wrong. (Score:4, Informative)
Rootkit is an OS-level subversion program.
http://en.wikipedia.org/wiki/Rootkit [wikipedia.org]
Re:Privacy? (Score:3, Informative)
Re:This is a non-issue, as it stands (Score:5, Informative)
No one is saying that. What we're saying is that Warden (what a horrible choice for a name) is that, in response to one specific "what if" question about some third party with access to your machine making Warden do something naughty, "if they have access to your machine, then the fact that they can modify Warden to do something naughty is moot... they can modify ANY program on your system to do something naughty."
Your straw man needs to go see the Wizard....
Re:This is a non-issue, as it stands (Score:3, Informative)
Unless WoW has some privilege escalator that I don't know about, I run World of Warcraft fine as a Limited User. The only thing I had to change was the permissions on the WTF directory so that addons could save information.
...and no, that's not a "what the f'?"
Re:Unbelivable (Score:1, Informative)
Reading your windows serial key is a no-no. The only reason I can guess they'd do it is as a unique identifier for computers to stop people just re-registering if they get banned for running a bot. I'm not sure Microsoft would be too happy about them doing that though.
Hooking keypresses wouldn't be done in the registry, it needs to be done during initialisation of the keylogger, there are API calls for it.
Re:Recommendation for online gaming (Score:1, Informative)
Wii is around $5k last I heard.
360 is around $100/yr if you want to put it on your box, otherwise it's free to write all the code and test on windows before you actually fork over the money to get it on the box.
I imagine the ps3 is somewhat reasonable too.