I think I'd have more belief in Blizzards high ideals if more was done to stop bots and gold selling which go hand in hand. While periodically people are banned in large numbers it doesn't happen often enough.
I think I'd have more belief in Blizzards high ideals if more was done to stop bots and gold selling which go hand in hand. While periodically people are banned in large numbers it doesn't happen often enough.
Currently running 3x City of Heroes under Octopus
No, actually, they didn't. It had to be discovered and decoded. You know what they say about the best intentions....... it's a lot easier to fall over the edge when you are right next to it than a mile away.Blizzard told everyone about Warden when it was first released.
If you don't like my opinions or being kept abreast of the direct AND indirect changes to the boxing community (better OR worse) then go elsewhere. I have spent a tremendous amount of time and effort distilling information for the community and not EVERYTHING is going to be embraced by everybody. That's life. I try to keep away from botting or other explicit topics that Bliz frowns upon. I don't and have never botted but I like to understand how things work. This community, at times, fosters frank discussions and open and honest exchanges of opinion. I believe people should be kept informed of what is going on and if that winds up being controversial then so be it.Not to mention this isn't the first time Xzin has posted something unrelated to multi-boxing in the general forums that has turned into an opinionated flame fest. Please move this shit out of here.
The world we live in is not all rainbows and candy canes. If you want that, I suggest you post to the official WoW forums. If you have something meaningful to contribute then I (and others) welcome the discussion. But please don't troll the forums accusing people who have greatly contributed to this community of making inappropriate posts.
The Zins - 10 Boxing
Xzin, Azin, Bzin, Czin, Dzin
Xyzin, Ayzin, Byzin, Cyzin, Dyzin
Magtheridon - US
Technically this has absolutely nothing to do with boxing aside from it being about the game that most of us box in. The discussions within also don't touch boxing, and the only relevant way it would touch boxing is if blizzard decides to use warden to target boxers. It fits more in MMORPG general discussion, but it doesn't seem like posts get moved around here much, not that they need to considering there aren't many off topic threads here, and the few that do come up(like this one) are of interest to the people in said forum.
These forums are loosely moderated, and it seems to work well as is. As long as there isn't a bias that this gets to stay in this forum section just because xzin posted it I don't see any reason why it shouldn't be here.
Now to get back on topic...
Before you can log in after each patch you have to accept the tos and elua, which pretty much says you have to trust blizzard with running unknown(to you) code on your computer. The only change here is that now it is harder to figure out what it does for those who break the rules.
Was there anything stopping blizzard from running 'bad code' before 2.3, other than it being easier to detect?
There was nothing that was stopping them. The diffrence between now and then, was that prior to 2.3 this was being "policed" by the Botting communities. It is now more difficult as Blizzard can pretty much introduce a new scan/malicious code more "unnoticably" this is due to everyones hashed scans looking diffrent. Where-as before everyone's looked the same, despite their being many diffrent scans. We knew before that Warden worked in-process, although now it makes it a lot more difficult to know what its actually doing.
Wilbur
Having the botting communities 'police' the game they are trying to cheat in is like asking burglars to make sure everyone locks their doors.Originally Posted by Wilbur
As someone has said before this is more about the increased difficulty botters now have to make a) their software work and b)sure they don't get caught. Than it is about Blizzard (a well known big business, who can't just dissappear if their system is used for illegal activities) using encryption to send data back to their servers.
In fact if you for a moment ignore the reason Warden exists you could say that they are being good to their customers by encrypting their details before sending them over an in effect open data stream.
If any other group of WoW fans with a few exceptions (tin foil hat brigade) had found this out there wouldn't have been this outcry, Warden is a piece of software that is intended to make the game a leveller playing field for those of us who don't run 'illegal' third party apps.
Perhaps it sets a precedent, perhaps not. I don't think people are going to leave the game in droves and that would be the only way that Blizzard could be encouraged to remove this version of Warden.
Currently running 3x City of Heroes under Octopus
Yes, the fact that you could detect it. Now, for the time being, you cannot.Was there anything stopping blizzard from running 'bad code' before 2.3, other than it being easier to detect?
The Zins - 10 Boxing
Xzin, Azin, Bzin, Czin, Dzin
Xyzin, Ayzin, Byzin, Cyzin, Dyzin
Magtheridon - US
I'm still confused about the actual issue.
From what I've read, the only change to Warden is it now encrypts the data it sends to Blizzard. Nothing about running new malicious code, about opening holes in your system to allow malicious programs in, just encrypting outbound data.
1. We already run Blizzard software. We trust their executables. Every time a patch comes out, we run a new file that we know is going to modify files on our system. In fact, we have to run it as an administrator to do so. I see no threads saying "OMG, we should be able to patch as a guest user to safeguard our privacy!"
2. As someone else stated, Blizzard already has our credit card information, address, email, full name, etc. What exactly are you worried they're going to "steal?"
3. Rootkit? WTF? A rootkit is fundamentally different than Warden. A rootkit prevents you from uninstalling it. Warden only runs when you have WoW open. Rootkits try to take over your computer. Warden doesn't.
I have no doubt that the encryption will be broken quickly, and people will see what data was being sent. Blizzard will then just change their encryption to try to keep a couple steps ahead. If people actually find objectionable data being sent then I can see a cause for concern.
We can still see what warden is doing if we want to.
A program doesn’t run in a vacuum, it can still be observed even if it's perfectly encrypted....
It gets its information from somewhere... Even if warden had some magical, perfect, unbreakable encryption, we can still see what it is doing because the programs/hardware it's requesting the information from are not encrypted.
For example, it’s asking windows what programs are running, we can see that.
If it requests the contents of a directory, we can see that.
If it requests the contents of a file, we can see that.
The difference is that we can no longer check and see what it's looking for by checking warden. (aka, we can see if it's scanning what programs are running, but cant tell what pattern it is scanning for)
They will not be scanning all files.
They might scan all exe files, and/or dll files, but they will not be checking out the contents of our word files.
They can scan my exe/dll/etc all they want...
If they start touching my doc and xls files it's time for a lawsuit.
The basis of this thread is FUD.
(Fear Uncertainty and Doubt)
Blizzard has a goal to eliminate cheating in their game. Something which you can choose to play or not. If you aren't satisfied with Blizzard scanning your filesystem (where they can ZOMG see your personalz stuffs!). Don't play. You agree to it in the EULA. If you think the risks are greater then the benefit, DON'T PLAY. They aren't forcing you to play, it isn't the only game available. It's a choice you made. Deal with it.
If you don't trust Norton anti-virus to scan your system, don't buy it. Sense a similarity?
The 2 changes everyone is in concerned about, are only changes that affect bot makers. The ability to see what warden is doing, is still available. As stated above, every system call it makes is STILL VISIBLE.
The change is that they don't know what warden is GOING TO DO, BEFORE IT HAPPENS. Hence they all of a sudden become very vulnerable.
Warden is NOT A ROOT KIT. Therefore it is still detectable by the OS, and can have its actions monitored by other processes. It can still be detected IN WoW, a root-kit is created to prevent the above from happening. The only change here is that people can't reverse engineer Warden, and predict what it is going to do before it happens. Now you can only monitor what it does WHEN it happens.
So zomg, whats happening, its encrypted! ZOMG!.
Encryption is used on so many levels on your system, the fact that WoW traffic isn't encrypted should be more concerning then it being encrypted now. How do you like your password being sent plain-text over teh interwebs. You don't do that for ANY OTHER REPUTABLE SITE YOU VISIT. (check for Https)
Furthermore, the encryption is being used to hide traffic from warden to the servers. Therefore no one can see what warden is saying to the wow servers. Oh god no? They could be sending personal information?
Well to get the personal information, they have to get it off your system. This can be monitored by programs, as it is not root-kitted. Hence your fears are unbased.
Polymorphic wuzathingy? Polymorphic code is code that performs basically the same actions, with changes in its byte structure. The whole intent of polymorphic code is to prevent detection from scanning software. The version of polymorphic code that blizzard is using, is almost a falcity, as it (from what I read), isn't changing it self (as polymophic code would), but is mearly 318 versions of warden being used.
These 318 version present problems to BOT writers, because they don't have time to react to changes in warden to circumvent detection. Even moreso, blizzard was smart enough to ensure that encryption algorithyms are changed for each of these versions (yay!), so that they aren't using the same key over and over again (makig it easy to crack).
So end result of these changes are this:
*You can't veiw wardens traffic to the server, therefore its harder to detect what it is doing/sending. Only really a concern to bot developers, as the quicker they can find out what warden is scannign for, the quicker they can avoid said scans.
*You can't predict what warden is going to be used. Therefore you don't know what scans its going to do, and how to avoid them. (GG Bots)
*Warden is not a root-kit. Its actions are still visible to the OS. It's not hidden. You can still have a high level process monitor your filesystem access requests, to see if warden is accessing your tax returns.
So take off your tinhat. And if you want a tinhat, stop playing.
As someone else already pointed out they are certainly going about it in the most complicated and self defeating way possible.
Who even reads the EULA? Just because they put something in the EULA does not make it legally binding.Something which you can choose to play or not. If you aren't satisfied with Blizzard scanning your filesystem (where they can ZOMG see your personalz stuffs!). Don't play. You agree to it in the EULA. If you think the risks are greater then the benefit, DON'T PLAY. They aren't forcing you to play, it isn't the only game available. It's a choice you made. Deal with it.
And who monitors their system all the time?If you don't trust Norton anti-virus to scan your system, don't buy it. Sense a similarity?
The 2 changes everyone is in concerned about, are only changes that affect bot makers. The ability to see what warden is doing, is still available. As stated above, every system call it makes is STILL VISIBLE.
The change is that they don't know what warden is GOING TO DO, BEFORE IT HAPPENS. Hence they all of a sudden become very vulnerable.
I would be very surprised if your WoW password was ever sent in plain text. I'd like to see proof of that.Warden is NOT A ROOT KIT. Therefore it is still detectable by the OS, and can have its actions monitored by other processes. It can still be detected IN WoW, a root-kit is created to prevent the above from happening. The only change here is that people can't reverse engineer Warden, and predict what it is going to do before it happens. Now you can only monitor what it does WHEN it happens.
So zomg, whats happening, its encrypted! ZOMG!.
Encryption is used on so many levels on your system, the fact that WoW traffic isn't encrypted should be more concerning then it being encrypted now. How do you like your password being sent plain-text over teh interwebs. You don't do that for ANY OTHER REPUTABLE SITE YOU VISIT. (check for Https)
Again, who monitors their systems all the time?Furthermore, the encryption is being used to hide traffic from warden to the servers. Therefore no one can see what warden is saying to the wow servers. Oh god no? They could be sending personal information?
Well to get the personal information, they have to get it off your system. This can be monitored by programs, as it is not root-kitted. Hence your fears are unbased.
I read it differently. There are 318 different versions detected so far. With the current functionality they can "inject" a new version anytime they want to.Polymorphic wuzathingy? Polymorphic code is code that performs basically the same actions, with changes in its byte structure. The whole intent of polymorphic code is to prevent detection from scanning software. The version of polymorphic code that blizzard is using, is almost a falcity, as it (from what I read), isn't changing it self (as polymophic code would), but is mearly 318 versions of warden being used.
The argument is that it does not just present problems to bot writers but to anyone who actually wants to verify that each of these versions are "safe".These 318 version present problems to BOT writers, because they don't have time to react to changes in warden to circumvent detection. Even moreso, blizzard was smart enough to ensure that encryption algorithyms are changed for each of these versions (yay!), so that they aren't using the same key over and over again (makig it easy to crack).
I would like entertainment providers to provide entertainment without me having to worry about potential security issues. Would you like to go to the cinema if they made you walk through metal detectors and pawed through anything you carried with you to check for hidden cameras etc?So end result of these changes are this:
*You can't veiw wardens traffic to the server, therefore its harder to detect what it is doing/sending. Only really a concern to bot developers, as the quicker they can find out what warden is scannign for, the quicker they can avoid said scans.
*You can't predict what warden is going to be used. Therefore you don't know what scans its going to do, and how to avoid them. (GG Bots)
*Warden is not a root-kit. Its actions are still visible to the OS. It's not hidden. You can still have a high level process monitor your filesystem access requests, to see if warden is accessing your tax returns.
So take off your tinhat. And if you want a tinhat, stop playing.
Currently the "layman" implicitly trusts Warden and probably does not even know what it is or what it does. Personally I really hate the fact that a process running on my machine can look at other processes without my permission. I believe that kind of process rights should be easily manageable at O/S level.
If I want to do internet banking I should be able to open my browser and do my banking without having to worry about which other processes are running on my machine. But MS seems more interested in giving us transparent buttons with rounded edges.
As to "botting", their whole game design is suited to it. Repetition, repetition, repetition, ad nauseum. I quit 2 end game raiding characters because that is all end game raiding is about. Same instances, same bosses, again and again and again to gear a raid. Rinse, repeat.
Instead of looking at things they can do server side they prefer to outsource detection technology that runs on the client and can be a potential security risk.
Instead of addressing the in-game mechanics that make botting possible or the reason that a gold buying market exists we will instead install very complicated software that communicates with our servers and gathers information from other running processes or installed applications on your machine and encrypt whatever information we are sending.
We will pour a lot of money into developing this tool that will sit on your machine checking if you are cheating or not while we will continue employing a skeleton staff of GMs with an average response time measured in hours, sometimes days, that never responds in time to catch botters in the act.
Why do I still play? I have some friends that play and multi-boxing is my current toy. I am sick of WoW though and the endless repetition.
Am I concerned about Warden being a security risk? Not really, but it is the paranoid that ensures we enjoy the freedom that we do and I don't dismiss them out of hand.
Posting Rules
Reply With Quote
Connect With Us