World of Warcraft's Brand New Rootkit

Captain Kirk writes "We all know that World of Warcraft has checked for hacks to ensure a safe game environment for all players. The latest version of these checks goes beyond anything seen so far in that what is being checked is now completely encrypted. Obviously this hits bot writers as can be seen from these complaints, But it also strikes at the privacy of all users. Now Blizzard has a tool that is encrypted and can run any type of scan, transfer any file or edit any document on your computer. That can't be right."

Re:Unbelivable

[ajs]

I canceled when they started adding things to their detection kit. When I saw it reading registry keys (regmon) it had NO business reading, I canceled. Did it need to read the activation keys for Windows? Absolutely not.

I'm sorry to hear that.

Out of curiosity, how would you go about detecting keyloggers and/or bots without reading the registry? Or do you just feel that Blizzard shouldn't attempt to detect abuse? Myself, I'm a player and I WANT Blizzard to look for such abuse. If someone finds that Blizzard's bot is doing something that's actually wrong (e.g. sending personal data back to home base, not just reading the registry), then I'll be the first to pressure them to fix it. However, if they're just scanning for malicious software that doesn't actually seem like a problem.

It is CERTAINLY not a rootkit according to any definition I've ever heard.

Re:Unbelivable

[MarcoAtWork]

If you had a WoW account, you would already voluntarily have given Blizzard your full name, snail address, email address, and credit card number.

when I was playing wow I used prepaid game cards exactly for this reason... or aren't prepaid cards available anymore?

Re:Define rootkit

[AvianM]

A rootkit is a piece of software that hides itself from the operating system, hiding running processes or files. It doesn't really matter if its malware or not, just the fact that not even the OS can see it while it's running makes it a rootkit. The wow system checker I don't believe hides itself, it just has to run or the game won't.

Re:Oh really...

[pthor1231]

You keep all that information on your hard drive unencrypted?

Re:And all because they pooched their architecture

[Cheesey]

The purpose of Warden is not just to detect cheats but also automated players ("bots").

Bot prevention is an extremely hard problem. Warden gives Blizzard a way to send arbitrary code to the player's computer in order to carry out any "test for a bot" that they like. If the set of available tests were restricted to a defined interface, then bot authors would be able to fake the test results, and according to TFA, this is actually what happened: "previously, roughly 318 permutations of Warden existed per patch". Presumably the bot code would detect which version of Warden was in use, and use the appropriate Warden-faking code for that version.

Now, many more permutations exist, so this type of attack is much more difficult. I find it particularly interesting to point out that Warden doesn't actually have any new capabilities: it has always had the ability to accept arbitrary code from Blizzard, and all that has happened here is that Blizzard have made their "test for a bot" more difficult to fake.

Re:And all because they pooched their architecture

[MarcoAtWork]

all nice in theory, but workable only if your clients could all have 10ms latency. When you start designing games to be playable with 400+ms latency you need to make compromises, and it becomes REALLY difficult to get things working well (I know, in a previous life I've been a games network programmer for an fps, it was quite challenging).

In wow (and fps games in general) player movement is not predictable, at any point a player can stop and turn with no inertia (so it's not like, say, a space sim game where you can do dead reckoning at even fairly high latencies and make things look decent) and if you've seen any wow pvp you know it consists of a lot of jumping around and running through each other to try to get behind the other player. Also several abilities need to be used with very tight timings, there is the gcd to take care of etc. etc. etc.

You need to have some things running on the client side to make the game playable for as many people as possible (for example oceanic players on US servers), and the problem is what you do when the client and the server disagree on where you are and what you are doing: tilt the balance too much towards the client and you have easy exploits, tilt the balance too much towards the server and the game will start to feel 'sluggish' and sometimes outright broken (I was right on top of the other player, why did I get 'out of range').

It's not an easy problem to solve for a game as complex as wow, if it was do you think that with all the money they're raking in they wouldn't have fixed it yet?

The end game is obvious

[stewartjm]

The war will continue until the cheaters are forced to use the same interface(keyboard/mouse/monitor) the humans use. I.e. within 5-10 years you'll be able to buy a little box for $50 that will plug into your mouse and keyboard ports(with passthru of course) and point a camera at your monitor that will play the game for you. There will probably even be an open source powered version of this box :) At that point it will become impossible to differentiate cheating from playing and the cheaters will have won.

This is the only way it can go down in the end. All of the current and future "anti-cheating" technology basically boils down to calling someone on the telephone and asking "are you cheating?" while expecting a truthful answer.

Instead of wasting time with all this crap the game makers should be redesigning the games such that reflex augmentation(aimbots) and robotic automation(24/7 farming) do not provide the advantages that they currently provide.

Can I return it now?

[campnic]

If they have just changed Warden and I'm no longer happy to agree to their terms of service, can i return wow and BC for a full refund? Don't I agree to let them run what software is in the box when i agree to the ToS? If they change the software can't i change my mind?

This is where APT in Linux shines

[Pausanias]

Ah, this is the often ignored genius of systems like the APT installation software in Debian flavored Linux distros. When you download software from a trusted repository, you are downloading binaries that have been compiled and digitally signed using the private key of people that you (implicitly) trust. This is a good thing, because the sources you are downloading have been checked by an expert third party that you believe capable of doing the job. This mitigates the need for trusting the software provider and/or checking the source code yourself.

Not that this helps with WoW, but it addresses a common cynical criticism of free/open source software, where people claim it's useless since the average joe can't read source. Yes, the average joe can't read source, but he can decide to have a trusted third party for do so.

Re:Unbelivable

[rawn53]

When I saw it reading registry keys (regmon) it had NO business reading

Poster didn't say that he was upset about it reading the registry, just upset about it reading parts that were completely unrelated, such as the Windows activation key. I'd have to say that I agree, if something needs to look in my registry for bots or whatever, it better stay away from the registry entries that don't matter.

Re:This is a non-issue, as it stands

[wattrlz]

I thought the point was that you don't need access to the machine to make Warden do naughty things. If you could spoof the Blizzard server you could insert any bit of code you want in for the hash algorithm and let the pwnage begin.

Uhh the blog writer writes bots for a living

[extra the woos]

So of course he's trying to make a fuss about it--It will hurt his ability to help people cheat. Slashdot has been trolled, sigh. Warden is good for us that actually just want to play the game and not have people cheating. If you are that concerned about it, please feel free not to play. No one is forcing you. It isn't being installed behind your back or hidden in any way. QQ moar, as we say in WoW. :)

Re:Recommendation for online gaming

[VJ42]

So do you use a third computer to run games that are not available for Wii? How would you recommend that independent game developers get their products onto Wii?

I'm not the GP, but I do it a similar way; not available for Wii (or DS)? Then I go without (unless it's a quality RTS or a CIV game; personal preference means I have a Windows partition for gaming).
If you want to get your game on the Wii I believe Nintendo require you to prove yourself on another platform. There are plenty of PC gamers out there, release your game on PC, distribute via the internet. If it's a hit Nintendo should have no problems letting you release it on the Wii, if it's not a hit well then you're unlikely to make Nintendo money so try again until you come up with a quality title.

Re:A bit sensationalistic

[Sparr0]

Bots are not just for leveling up. There are PLENTY of other extremely tedious parts of the game. When I still played WoW for fun, before I started farming gold full time, I used single-purpose "bots" to automate most of the tedious parts of the game. Travel (30 minutes of walking and waiting for boats/zepplins is not fun), harvesting trade skill resources (find minerals, right click, wait 10 seconds, repeat), and combat (both as a melee fighter and as a healer. bots make great healers, especially in raids), all good targets for automation.

Re:Unbelivable

[NekoIncardine]

This one actually does not work anymore; it's too easy to stealth processes (the Sony Rootkit debacle people keep bringing up ironically was exactly how botters did this for a while, since the rootkit stealthed ALL processes that started with $, not just it's own!). However, there's a point where you have to give up the ghost and go to other methods that I'm frankly amazed they didn't go to first - like having GMs actively patrol the servers, looking for bot-like behavior (because trust me, you can tell if it's a bot or human playing). More expensive, yes, but also more effective and less offensive (even if it leads to a few retard players getting accused constantly of using bots when in fact it's they themselves who are getting stuck on that rock).

Re:Recommendation for online gaming

[SL Baur]

Compare that to the number of people that would have a problem with Blizzard NOT doing everything possible to stop cheating and botting.

I agree and they have made very visible progress in the year I've been playing WoW. The 2.3 patch is more of the same. Online gold sellers already have had their access to free advertising nuked. Leveling "services" have just been hit with Cheap Shot.

Why would people pay for leveling services and what not? Because it takes a casual player so dang long to get from level 1 to level 60 or 70. Leveling between 20 and 60 (and apparently especially between 30 and 60) has been made significantly easier. They've also wiped out in one stroke some of the most irritating midlevel quests by nuking outdoor elites (I found it sad in a strange way to visit the underwater murlocs in the Vile Reef and see them only as typical irritating murlocs and not dangerous like they were last week).

A more likely explanation of the general Azeroth nerf though, is that they want the vast majority of players to be in Outlands by the time they release the next expansion so that they'll buy it quickly.

I have no visibility into what changes they've made with respect to bot detection, but I've noted that my UI addon (cosmos) is generating new error messages about actions being blocked. Actually, it's time for me to get rid of cosmos because Blizzard has just about implemented everything (the right way) that I used it for.

Blizzard's doing the right thing for their customers by providing the best game experience possible.

I truly believe that and it was most illuminating to me to play a few of the newly nerfed quests and compare the experience against the older harder versions. For all the difficulty, the older versions played better, but the new versions will just help (newer) people level faster. The UI changes also make it easier to find stuff on the ground and quest givers in an area. Those will help everyone. And, if you (still) think it's a lousy game ...

You don't have to play it if you don't want to.

Well said. There's a reason why there are 9.3 million subscribers and climbing, so let the rest of us have our fun. Competing against people who have used gold selling services and against bot-driven mat grinders is seriously un-fun. Anything which cuts into both of those activities is a Good Thing in my book. (People who have used leveling services and have gotten to Outlands or level 70 without learning how to play won't go any further anyway, so they're irrelevant).