WoW cheat protection update concerns expert
Email This Post
According to a post on blog On Warden, new updates to a World of Warcraft cheat detection software, Warden, could, in theory, be used by Blizzard to install malicious software on the users computer. The post says several times, “Blizzard has not, in my opinion and to the extent of my knowledge, broken laws with Warden’s use in World of Warcraft. Nor do I believe they would knowingly and willingly do so.”
The writer claims to be one of the foremost experts on Warden outside of Blizzard employees and has “first-hand knowledge of Warden through reverse engineering nearly every minute detail of the software since its inception.”
Full Disclosure: the On Warden blog’s about me only has a link to Lavish Software, which develops WinEQ2, a program that allows “forcing the game into windowed mode, session-switching hotkeys (two-way cycling and global activation), custom window titles, custom eqclient.ini and eqlsPlayerdata.ini for EQ1, automatic CPU Affinity setting and more.”
Warning: technical language after the jump.
Warden works by scanning the computer for specific variables that indicate cheating, for instance a window open with the name of a cheating program. Of course, cheaters have figured out ways around these scans. The only way Warden works is when cheaters don’t know a new version has been released, and they need the new work-arounds accordingly.
The post says that because there are several hundred “permutations” of Warden, and a new update adds functionality that makes it much more difficult to analyze.
On Tuesday, November 13, 2007, Warden was updated to include a new cryptographic (crypto for short) layer, presumably used to prevent man-in-the-middle attacks over network (something done by those who emulate the WoW network traffic in order to automate game play without running the World of Warcraft client software). The cryptographic layer works for that purpose solely because the algorithm is generated, presumably at random, per permutation, and is embedded into Warden.
Prior to the new crypto layer’s implementation, all permutations of Warden could be vetted by security researchers in one fell swoop, effectively verifying that all permutations of Warden did, in fact, contain the same functionality.
What’s concerning is that this new algorithm could be abused.
The real problem is that this implementation can be exploited (sic) by Blizzard or an employee of Blizzard, at their sole discretion, with surgical precision if they so choose, to bypass any protective measures taken on behalf of the customer, and retrieve anything they may not be entitled to, even installing malware. There is essentially nothing stopping Blizzard from producing 100,000 permutations of Warden, slipping something unlawful into a single permutation, and slipping right through any network of researchers watching for just that.
According to the post, this usually isn’t a problem because there’s usually only one permutation of a program, but because Warden has at least several hundred “flavors” there’s no way to verify that Warden isn’t doing something it shouldn’t be.
Warden, however, typically comes in hundreds of flavors, and the software routines are downloaded and executed in real time, and customers must not observe the behavior of those routines, as required by the game’s End User License Agreement. This means that the customer is prohibited from viewing what Warden is doing, even if they have the knowledge to do so.
This isn’t just about Blizzard, though, the post says.
The issue that happens to affect Blizzard today, is likely to affect more corporations in the future, unless it can be legally curbed. It’s a slippery slope, and although they may not be doing something wrong today in the opinions of many, Blizzard or similar corporations may continue dangerously down that slope and eventually the many may change their minds and become interested. With an End User License Agreement and Terms of Use that expressly prohibit research into their tactics, polymorphic code to help hide them, and now random functionality that makes it much more difficult to white list all of Warden (if you ask me what scans Warden has now, I can’t tell you for certain), one must wonder exactly how far companies like this will go. Such tactics are usually reserved for malware to hide from anti-virus software! How much of our rights to know what information our own computers are sending out into the world do we have to give up, just to use software? What is stopping other companies from doing the same thing? Why would we trust other companies in the same situation Blizzard is in? In a world where corruption issues routinely make front page news, people need to realize that there are reasons new laws get made. We need to protect our rights as consumers, not blindly accept whatever agreement is thrown at us. Just because the EULA says something is prohibited does not mean they have the right to prohibit it.
The worst part is, according to the post, Warden isn’t even an effective means of stopping cheating. Server side protections are much more effective, he says.
While the possible abuses are concerning, I seriously doubt Blizzard would take advantage of its users in such an obviously illegal way. What seems really important here is the point he makes about EULA. Many companies assert a lot of control using EULAs and treat it as a legally binding contract, but how many rights can they really assert through a “contract” that only requires a single click to approve?
Tags: Blizzard, eula, On Warden, security, Warden, World-of-Warcraft, wow
