As someone else already pointed out they are certainly going about it in the most complicated and self defeating way possible.Originally Posted by Suvega
Who even reads the EULA? Just because they put something in the EULA does not make it legally binding.Something which you can choose to play or not. If you aren't satisfied with Blizzard scanning your filesystem (where they can ZOMG see your personalz stuffs!). Don't play. You agree to it in the EULA. If you think the risks are greater then the benefit, DON'T PLAY. They aren't forcing you to play, it isn't the only game available. It's a choice you made. Deal with it.
And who monitors their system all the time?If you don't trust Norton anti-virus to scan your system, don't buy it. Sense a similarity?
The 2 changes everyone is in concerned about, are only changes that affect bot makers. The ability to see what warden is doing, is still available. As stated above, every system call it makes is STILL VISIBLE.
The change is that they don't know what warden is GOING TO DO, BEFORE IT HAPPENS. Hence they all of a sudden become very vulnerable.
I would be very surprised if your WoW password was ever sent in plain text. I'd like to see proof of that.Warden is NOT A ROOT KIT. Therefore it is still detectable by the OS, and can have its actions monitored by other processes. It can still be detected IN WoW, a root-kit is created to prevent the above from happening. The only change here is that people can't reverse engineer Warden, and predict what it is going to do before it happens. Now you can only monitor what it does WHEN it happens.
So zomg, whats happening, its encrypted! ZOMG!.
Encryption is used on so many levels on your system, the fact that WoW traffic isn't encrypted should be more concerning then it being encrypted now. How do you like your password being sent plain-text over teh interwebs. You don't do that for ANY OTHER REPUTABLE SITE YOU VISIT. (check for Https)
Again, who monitors their systems all the time?Furthermore, the encryption is being used to hide traffic from warden to the servers. Therefore no one can see what warden is saying to the wow servers. Oh god no? They could be sending personal information?
Well to get the personal information, they have to get it off your system. This can be monitored by programs, as it is not root-kitted. Hence your fears are unbased.
I read it differently. There are 318 different versions detected so far. With the current functionality they can "inject" a new version anytime they want to.Polymorphic wuzathingy? Polymorphic code is code that performs basically the same actions, with changes in its byte structure. The whole intent of polymorphic code is to prevent detection from scanning software. The version of polymorphic code that blizzard is using, is almost a falcity, as it (from what I read), isn't changing it self (as polymophic code would), but is mearly 318 versions of warden being used.
The argument is that it does not just present problems to bot writers but to anyone who actually wants to verify that each of these versions are "safe".These 318 version present problems to BOT writers, because they don't have time to react to changes in warden to circumvent detection. Even moreso, blizzard was smart enough to ensure that encryption algorithyms are changed for each of these versions (yay!), so that they aren't using the same key over and over again (makig it easy to crack).
I would like entertainment providers to provide entertainment without me having to worry about potential security issues. Would you like to go to the cinema if they made you walk through metal detectors and pawed through anything you carried with you to check for hidden cameras etc?So end result of these changes are this:
*You can't veiw wardens traffic to the server, therefore its harder to detect what it is doing/sending. Only really a concern to bot developers, as the quicker they can find out what warden is scannign for, the quicker they can avoid said scans.
*You can't predict what warden is going to be used. Therefore you don't know what scans its going to do, and how to avoid them. (GG Bots)
*Warden is not a root-kit. Its actions are still visible to the OS. It's not hidden. You can still have a high level process monitor your filesystem access requests, to see if warden is accessing your tax returns.
So take off your tinhat. And if you want a tinhat, stop playing.
Currently the "layman" implicitly trusts Warden and probably does not even know what it is or what it does. Personally I really hate the fact that a process running on my machine can look at other processes without my permission. I believe that kind of process rights should be easily manageable at O/S level.
If I want to do internet banking I should be able to open my browser and do my banking without having to worry about which other processes are running on my machine. But MS seems more interested in giving us transparent buttons with rounded edges.
As to "botting", their whole game design is suited to it. Repetition, repetition, repetition, ad nauseum. I quit 2 end game raiding characters because that is all end game raiding is about. Same instances, same bosses, again and again and again to gear a raid. Rinse, repeat.
Instead of looking at things they can do server side they prefer to outsource detection technology that runs on the client and can be a potential security risk.
Instead of addressing the in-game mechanics that make botting possible or the reason that a gold buying market exists we will instead install very complicated software that communicates with our servers and gathers information from other running processes or installed applications on your machine and encrypt whatever information we are sending.
We will pour a lot of money into developing this tool that will sit on your machine checking if you are cheating or not while we will continue employing a skeleton staff of GMs with an average response time measured in hours, sometimes days, that never responds in time to catch botters in the act.
Why do I still play? I have some friends that play and multi-boxing is my current toy. I am sick of WoW though and the endless repetition.
Am I concerned about Warden being a security risk? Not really, but it is the paranoid that ensures we enjoy the freedom that we do and I don't dismiss them out of hand.
Reply With Quote
Connect With Us