World of Warcraft's Brand New Rootkit 576
Captain Kirk writes "We all know that World of Warcraft has checked for hacks to ensure a safe game environment for all players. The latest version of these checks goes beyond anything seen so far in that what is being checked is now completely encrypted. Obviously this hits bot writers as can be seen from these complaints, But it also strikes at the privacy of all users. Now Blizzard has a tool that is encrypted and can run any type of scan, transfer any file or edit any document on your computer. That can't be right."
Re:Unbelivable (Score:5, Interesting)
Out of curiosity, how would you go about detecting keyloggers and/or bots without reading the registry? Or do you just feel that Blizzard shouldn't attempt to detect abuse? Myself, I'm a player and I WANT Blizzard to look for such abuse. If someone finds that Blizzard's bot is doing something that's actually wrong (e.g. sending personal data back to home base, not just reading the registry), then I'll be the first to pressure them to fix it. However, if they're just scanning for malicious software that doesn't actually seem like a problem.
It is CERTAINLY not a rootkit according to any definition I've ever heard.
Re:Unbelivable (Score:4, Interesting)
when I was playing wow I used prepaid game cards exactly for this reason... or aren't prepaid cards available anymore?
Re:Define rootkit (Score:3, Interesting)
Re:Oh really... (Score:3, Interesting)
Re:And all because they pooched their architecture (Score:4, Interesting)
Bot prevention is an extremely hard problem. Warden gives Blizzard a way to send arbitrary code to the player's computer in order to carry out any "test for a bot" that they like. If the set of available tests were restricted to a defined interface, then bot authors would be able to fake the test results, and according to TFA, this is actually what happened: "previously, roughly 318 permutations of Warden existed per patch". Presumably the bot code would detect which version of Warden was in use, and use the appropriate Warden-faking code for that version.
Now, many more permutations exist, so this type of attack is much more difficult. I find it particularly interesting to point out that Warden doesn't actually have any new capabilities: it has always had the ability to accept arbitrary code from Blizzard, and all that has happened here is that Blizzard have made their "test for a bot" more difficult to fake.
Re:And all because they pooched their architecture (Score:5, Interesting)
In wow (and fps games in general) player movement is not predictable, at any point a player can stop and turn with no inertia (so it's not like, say, a space sim game where you can do dead reckoning at even fairly high latencies and make things look decent) and if you've seen any wow pvp you know it consists of a lot of jumping around and running through each other to try to get behind the other player. Also several abilities need to be used with very tight timings, there is the gcd to take care of etc. etc. etc.
You need to have some things running on the client side to make the game playable for as many people as possible (for example oceanic players on US servers), and the problem is what you do when the client and the server disagree on where you are and what you are doing: tilt the balance too much towards the client and you have easy exploits, tilt the balance too much towards the server and the game will start to feel 'sluggish' and sometimes outright broken (I was right on top of the other player, why did I get 'out of range').
It's not an easy problem to solve for a game as complex as wow, if it was do you think that with all the money they're raking in they wouldn't have fixed it yet?
The end game is obvious (Score:2, Interesting)
This is the only way it can go down in the end. All of the current and future "anti-cheating" technology basically boils down to calling someone on the telephone and asking "are you cheating?" while expecting a truthful answer.
Instead of wasting time with all this crap the game makers should be redesigning the games such that reflex augmentation(aimbots) and robotic automation(24/7 farming) do not provide the advantages that they currently provide.
Can I return it now? (Score:4, Interesting)
This is where APT in Linux shines (Score:3, Interesting)
Not that this helps with WoW, but it addresses a common cynical criticism of free/open source software, where people claim it's useless since the average joe can't read source. Yes, the average joe can't read source, but he can decide to have a trusted third party for do so.
Re:Unbelivable (Score:2, Interesting)
Re:This is a non-issue, as it stands (Score:2, Interesting)
Uhh the blog writer writes bots for a living (Score:3, Interesting)
Re:Recommendation for online gaming (Score:3, Interesting)
If you want to get your game on the Wii I believe Nintendo require you to prove yourself on another platform. There are plenty of PC gamers out there, release your game on PC, distribute via the internet. If it's a hit Nintendo should have no problems letting you release it on the Wii, if it's not a hit well then you're unlikely to make Nintendo money so try again until you come up with a quality title.
Re:A bit sensationalistic (Score:4, Interesting)
Re:Unbelivable (Score:2, Interesting)
Re:Recommendation for online gaming (Score:3, Interesting)
Why would people pay for leveling services and what not? Because it takes a casual player so dang long to get from level 1 to level 60 or 70. Leveling between 20 and 60 (and apparently especially between 30 and 60) has been made significantly easier. They've also wiped out in one stroke some of the most irritating midlevel quests by nuking outdoor elites (I found it sad in a strange way to visit the underwater murlocs in the Vile Reef and see them only as typical irritating murlocs and not dangerous like they were last week).
A more likely explanation of the general Azeroth nerf though, is that they want the vast majority of players to be in Outlands by the time they release the next expansion so that they'll buy it quickly.
I have no visibility into what changes they've made with respect to bot detection, but I've noted that my UI addon (cosmos) is generating new error messages about actions being blocked. Actually, it's time for me to get rid of cosmos because Blizzard has just about implemented everything (the right way) that I used it for.