Has Warden Gone Too Far? I think so. Warden = Rootkit

[keyclone]

as someone has has developed secure voip systems, day trading systems, and other secure real-time systems... i see no problem with encrypting the bandwidth. i have even heard of some companies encrypting the binary itself in order to secure the protocol and avoid memory monitoring (haven't figured that one out)

according to the various rants, the problem isn't that blizzard is downloading executable chunks and running them on your system whenever they want to analyze what you are doing... it's that they have encrypted the chunks and those looking to get around blizzards attempts at security are having trouble with it.

there are things happening at lower levels that should freak people out, but don't.

*shrug*

[kayb]

I guess what people are really worried about is the fact that anyone of Blizzards employees are now potentially in control of 9 million systems. Can Blizzard guarantee for the safety and privacy of my system? Of course they can't. You'll always have people who see opportunities in situations like this. Like noone ever heard of a corrupt banker.

[Texic]

Listen.. The only difference between Warden after 2.3 and Warden over the past 2 years is that they added a hash to encrypt the data going back and forth to prevent Lax from spoofing information to allow his bots to work without being detected.
He is pissed because his method has effectively been defeated while mmo glider continues to work.
If you seriously think Blizzard is going to steal your credit card numbers you have other issues anyway.
And you of all people Xzin I would have expected to pick up on the fact that Warden is in no way a root kit and that slashdot poster obviously has no clue what a root kit is.
Very few people actually know the inner workings of Warden because the only ones who care are those that make bots. Its easy for any of them to spread any rumor they want about it because no one would know the truth.

People really need to check their information before going and spreading false rumors.

[Wilbur]

I'm guessing there will be very few people who have that level of access, Additionally its more than likely that it will require several authorisation passwords before it will actually work. As ever though, it could happen.

[Texic]

I guess what people are really worried about is the fact that anyone of Blizzards employees are now potentially in control of 9 million systems. Can Blizzard guarantee for the safety and privacy of my system? Of course they can't. You'll always have people who see opportunities in situations like this. Like noone ever heard of a corrupt banker.

Do you really think 1 employee would be able to change this and distribute it to millions of people without Blizzard knowing? Not to mention then hide the data coming back. GM's cant even give out gold or items let alone distribute a warden hash thats going to steal everyones porn.

[Djarid]

I now have something to contribute

I think people are focusing too closely on Warden itself rather than the precedent that warden sets.

Also you shouldn't compare encryption between partners to be the same as delivering encrypted code which the EULA requires that the enduser be ignorant if its specific purpose.

I have never and have no intention of carrying out actions contrary to the EULA and TOS but even to me this functionality is like buying house insurance with a clause permitting the underwriter, at their discretion, to send a team around to your house for a purpose they refuse to disclose.

As a side topic, how does Blizzard feel about UK's "The computer Misuse Act 1990" (http://www.opsi.gov.uk/acts/acts1990...00018_en_1.htm)
specifically

1(1) A person is guilty of an offence if:

a) He/she causes a computer to perform any function with intent to secure access to any program or data held in a computer;
b) the access he intends to secure is unauthorized; and
c) he/she knows at the time when he causes the computer to perform the function that this is the case.

Without know what is being accessed how can you give authorisation for a program to access it?

and

3(1) A person is guilty of an offence if

a) he/she does any act which causes the unauthorized modification of the contents of any computer; and
b) at the time when he does the act he has the requisite intent and the requisite knowledge.

3(2) for the purposes of subsection 3(1)b above the requisite intent is an intent to cause a modification of the contents of any computer and by so doing

a) to impair the operation of any computer;
b) to prevent or hinder access to any program or data held in any computer; or
c) to impair the operation of any such program or the reliability of any such data.

3(3) the intent need not be directed at

a) any particular computer;
b) any particular program or data or a program or data of any particular kind; or
c) any particular modification or a modification of any particular kind.

3(4) For the purpose of subsection 1b above, the requisite knowledge is knowledge that any modification he intends to cause is unauthorized. 3(5) it is immaterial for the purposes of this section whether an unauthorized modification or any intended effect of it of a kind mentioned in subsection (2) above is, or is intended to be, permanent or merely temporary.

Polymorphic code is, by definition, modification of data on a computer system.

just some food for thought

[Otlecs]

Polymorphic code is, by definition, modification of data on a computer system.

So is the patch system The difference, I guess, is that we know when a patch is happening but we don't with Warden.

As you mooted, by playing the game, we have already agreed to the EULA, which contains the following specific statement (my emphasis):

8. Patches and Updates. Blizzard may deploy or provide patches, updates and modifications to the Game that must be installed for the user to continue to play the Game. Blizzard may update the Game remotely, including, without limitation, the Game Client residing on the user's machine, without the knowledge or consent of the user, and you hereby grant to Blizzard your consent to deploy and apply such patches, updates and modifications.

That statement in itself covers them for delivering Warden updates and makes all such updates and accesses "authorised" for the purposes of the Act.

I am in no way a legal bod, and I don't set much store by forum discussions on legal issues because they're invariably wrong, but I would imagine that Blizzard would have had the EULA scrutinised by their own lawyers for enforcability in various territories.

Of course, the argument now is that we can't prove they're sticking to "updating the game". I personally think it's preposterous to suggest that they'd use it for anything other than the stated purpose and I've never bothered to prove that was the case anyway.

I remain totally unconcerned by all of this to be honest, and the more I think about it the less concerned I am.

Must be the Friday feeling

I know I can't find out what Warden does right now. I know it's aimed at cheaters. I trust that Blizzard want to keep me as a customer and won't abuse whatever facility they have.

I choose to contine playing the game. If I didn't like it, I would choose not to.

For conspiracy theorists, I'd be more worried about what Microsoft put into their operating systems than what Blizzard put into our game client

Once again setting aside the wider issue (if indeed there is one), the bottom line is that this has absolutely no impact to me, my gaming or my boxing, and I'm very happy that cheaters are feeling so hard-done by.

/smug

[Texic]

My last comment on the subject is that everyone needs to realize that this is coming from a guy who programs bots for WoW. His method of avoiding detection was defeated so now he is trying to say that Blizzard will use Warden for other uses than it was intended. He is just trying to stir things up since he has been defeated.

Otlecs has it right and it's not even worth arguing over because whether or not it was an issue we cannot do anything other than stop playing WoW to avoid it.

[Wilbur]

My last comment on the subject is that everyone needs to realize that this is coming from a guy who programs bots for WoW. His method of avoiding detection was defeated so now he is trying to say that Blizzard will use Warden for other uses than it was intended. He is just trying to stir things up since he has been defeated.

Do us all a favour and read the article. Aditionally, Lax doesn't program bots. He simply provides a development platform which other people have provided a) a WoW API b) Bots and other scripts For. Obviously he is commercially interested, and he's already stated that he's pretty much got this nailed. Its just become a lot harder he won't quite know many many Algorithms blizzard is passing round at any one time. It simply means that the method of defining each algorithm with a "signiture" in ISXWoW will have to be rethought.

[Texic]

Do us all a favour and read the article. Aditionally, Lax doesn't program bots. He simply provides a development platform which other people have provided a) a WoW API b) Bots and other scripts For. Obviously he is commercially interested, and he's already stated that he's pretty much got this nailed. Its just become a lot harder he won't quite know many many Algorithms blizzard is passing round at any one time. It simply means that the method of defining each algorithm with a "signiture" in ISXWoW will have to be rethought.

I decided to look again since apparently things had changed since the last time I read it and noticed he decided to "clarify" his original post which was a huge QQ about privacy and his detection methods no longer working.

I still find it incredibly hard to believe that 1 employee within Blizzard would be able to put in code to steal personal information without it being noticed. You have to realize 1 person does not control the whole Warden project and to inject and hide that code as well as hide the data coming back would be incredibly hard. Not to mention he says that the only encrypted data is that coming from the server and not going out which means you could find what they are sending back if you really wanted to.

Lax is probably the most knowledgeable person on Warden outside of Blizzard so no doubt he knows what he is talking about but I still can't help but see this post motivated by the fact that he stands to lose money because of the changes.


On a side note.. how many of you are going to quit WoW because Warden might steal your personal data? If it was really a threat we would all be leaving.