×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

World of Warcraft's Brand New Rootkit

CmdrTaco posted more than 6 years ago | from the well-isn't-that-secure dept.

Security 576

Captain Kirk writes "We all know that World of Warcraft has checked for hacks to ensure a safe game environment for all players. The latest version of these checks goes beyond anything seen so far in that what is being checked is now completely encrypted. Obviously this hits bot writers as can be seen from these complaints, But it also strikes at the privacy of all users. Now Blizzard has a tool that is encrypted and can run any type of scan, transfer any file or edit any document on your computer. That can't be right."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

576 comments

Things that make you go WoW (1)

somersault (912633) | more than 6 years ago | (#21365959)

You can defeat the encryption, but you have to do it a bit at a time - just takes you a couple of years.

This is a non-issue, as it stands (5, Insightful)

krog (25663) | more than 6 years ago | (#21366111)

Summary of TFA: WoW Warden now selects one of many hash algorithms and uses it in server communication. Blog author gets his panties in a bunch because Blizzard could replace one of these hash algorithms with something that collects PRIVATE PERSONAL DATA, and NO ONE WOULD EVER KNOW. A misleading Slashdot headline and poorly-written blurb is generated, and the rest is academic.

Re:This is a non-issue, as it stands (4, Insightful)

wattrlz (1162603) | more than 6 years ago | (#21366259)

Couldn't someone who's not Blizzard, but sufficiently clever replace the algorithm with such a mal-gorithm as well?

Re:This is a non-issue, as it stands (2, Funny)

krog (25663) | more than 6 years ago | (#21366517)

Anyone sufficiently clever could hackify any host program they wanted.

lvl 69 dwarven faggot (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#21365985)

WoW is HiV

Recommendation for online gaming (5, Insightful)

ackthpt (218170) | more than 6 years ago | (#21365993)

1 computer for gaming
1 computer for everything else

Sorry if you can't afford a second, but that's how I do it.

Re:Recommendation for online gaming (0)

Anonymous Coward | more than 6 years ago | (#21366017)

or dual boot on one machine even if it's two installs of xp

Re:Recommendation for online gaming (2, Insightful)

Gr8Apes (679165) | more than 6 years ago | (#21366333)

That won't protect you if the drive contents are available to the first machine. Unfortunately with XP, MS finally can read multiple primary partitions. Of course, they can't read ext2... but then, Blizzard could implement a driver...

So nope - must effectively have a second machine via HD hotswap/disable features. Then again, if a game is this invasive, I wouldn't touch it with a 10 foot pole.

Re:Recommendation for online gaming (1)

luvirini (753157) | more than 6 years ago | (#21366043)

There are also other solutions, starting from dualbooting similar that allow you to keep things separate on a single computer... if done right...

But, yes in general it is a good idea to do dangerous things like run spyware in a totally separate computer from the one you use for any real work or banking or such...

Re:Recommendation for online gaming (0, Flamebait)

orclevegam (940336) | more than 6 years ago | (#21366173)

As an added bonus in that setup you only need one Windows machine.

Re:Recommendation for online gaming (2, Informative)

ByOhTek (1181381) | more than 6 years ago | (#21366253)

Technically you don't need /any/ windows machines (WINE).

Of course, if you go that route, you only need one machine...

Re:Recommendation for online gaming (1)

orclevegam (940336) | more than 6 years ago | (#21366433)

Much as I would love to be Windows free, there are still many games that WINE simply cannot run, and more still that it cannot run with acceptable performance.

Re:Recommendation for online gaming (1)

ByOhTek (1181381) | more than 6 years ago | (#21366545)

That is very true. But WOW (the subject of conversation here) is not one of them :-)

Re:Recommendation for online gaming (1, Insightful)

Anonymous Coward | more than 6 years ago | (#21366201)

I wouldn't even bother paying someone for such crappy, invasive software, much less spending even more money just to "work around" their crappy stuff. Simple solution: find something else to play. For me at least, no game is that good that such underhanded stuff would be justified.

Re:Recommendation for online gaming (5, Informative)

ByOhTek (1181381) | more than 6 years ago | (#21366209)

wow works great in Wine.

use a very restricted account when running it in wine. Problem solved.

Re:Recommendation for online gaming (2, Funny)

spun (1352) | more than 6 years ago | (#21366307)

1 computer for gaming
1 computer for everything else
And one computer to rule them all, and in the darkness bind them?

Seriously though, I have a Shuttle XPC for gaming and a laptop for everything else. Gaming is the only reason I have a desktop at all, and the Shuttle is still very portable for LAN parties and such.

"That can't be right." (5, Insightful)

RandoX (828285) | more than 6 years ago | (#21365995)

Then don't play. It really IS that simple. If you're having too big of a problem with that, put the mouse down and go join a support group.

Re:"That can't be right." (0)

Anonymous Coward | more than 6 years ago | (#21366235)

You're right. This is why I quit.

Or... (1, Redundant)

Elemenope (905108) | more than 6 years ago | (#21366249)

And I know this sounds crazy in our faux capitalist "customer is always wrong" universe, but why not organize and complain to Blizzard? It's not like players aren't already organized into large social groups (c.f. Clans, etc.). They could be mobilized and if they spoke with a collective voice might have an impact. I doubt most players would be comfortable with some corp. being able to toy with their boxes at will, and if it were explained in those terms I think you wouldn't have to work hard to convince people to mass e-mail complaints to Blizzard or something similar.

Or you could pack up, stop playing, go home (or out into the sunlight as the case may be ;). But why is it that the first reaction of this crowd when confronted with something good that has something bad piggy-backed onto it is this scorched earth "abandon the good" mentality? It's the same absurd attitude as those who say "you don't like our president's policies? why don't you leave the country, then?". How about instead of leave the country, work for change and reform? Things go to shit because good people leave instead of fighting to protect what is valuable to them.

Re:"That can't be right." (0)

Anonymous Coward | more than 6 years ago | (#21366395)

I don't care about WOW or other games, but I have seen many instances when companies leverage their usefulness to shove intrusive/other policies down peoples throats. Fuck your 'just don't play', 'boycott x', 'vote'2, and all that - it doesn't change anything. Hating tv and not watching it doesn't make the programming better, etc. I mean, where do people get these crazy ideas and who mods them up?

Re:"That can't be right." (2, Insightful)

bigstrat2003 (1058574) | more than 6 years ago | (#21366479)

Then don't play. It really IS that simple. If you're having too big of a problem with that, put the mouse down and go join a support group.
a) Whoever modded this troll is on crack, this is a legitimate point.

b) This is exactly right. I don't have a problem with this personally, but I'm sure other people do, and the proper solution for them is to not play. By not playing (and letting Blizzard know why), you send a message to them that their behavior isn't acceptable to you, and, if enough people are upset about this, they'll do something about it. Complaining to Blizzard won't change anything, you need to take action.

Unbelivable (3, Insightful)

Tainek (912325) | more than 6 years ago | (#21366011)

If i had a WoW account i would be cancelling it this second, no videogame has the right to violate the privacy of my computer

Re:Unbelivable (4, Informative)

daeg (828071) | more than 6 years ago | (#21366067)

I canceled when they started adding things to their detection kit. When I saw it reading registry keys (regmon) it had NO business reading, I canceled. Did it need to read the activation keys for Windows? Absolutely not.

Re:Unbelivable (1)

a-zarkon! (1030790) | more than 6 years ago | (#21366275)

Putting this in the context of the thread - I wouldn't trust this behavior whether it is phoning home on an encrypted or a plaintext channel.

Re:Unbelivable (5, Interesting)

ajs (35943) | more than 6 years ago | (#21366457)

I canceled when they started adding things to their detection kit. When I saw it reading registry keys (regmon) it had NO business reading, I canceled. Did it need to read the activation keys for Windows? Absolutely not.
I'm sorry to hear that.

Out of curiosity, how would you go about detecting keyloggers and/or bots without reading the registry? Or do you just feel that Blizzard shouldn't attempt to detect abuse? Myself, I'm a player and I WANT Blizzard to look for such abuse. If someone finds that Blizzard's bot is doing something that's actually wrong (e.g. sending personal data back to home base, not just reading the registry), then I'll be the first to pressure them to fix it. However, if they're just scanning for malicious software that doesn't actually seem like a problem.

It is CERTAINLY not a rootkit according to any definition I've ever heard.

Re:Unbelivable (1)

ajs (35943) | more than 6 years ago | (#21366303)

If i had a WoW account i would be cancelling it this second, no videogame has the right to violate the privacy of my computer
I recommend not canceling accounts that you pay money for on the basis of Slashdot articles... especially in this case, you'd be acting on horrible misinformation. There's no rootkit here, just a bot/keylogger scanner. That's it. Blizzard's malicious rampage to detect abuse and keep their game fun to play continues....

Re:Unbelivable (1)

Rogerborg (306625) | more than 6 years ago | (#21366385)

If you had a WoW account, you would already voluntarily have given Blizzard your full name, snail address, email address, and credit card number. What else is it that you think they'd be interested in, precisely?

Re:Unbelivable (3, Interesting)

MarcoAtWork (28889) | more than 6 years ago | (#21366493)

If you had a WoW account, you would already voluntarily have given Blizzard your full name, snail address, email address, and credit card number.


when I was playing wow I used prepaid game cards exactly for this reason... or aren't prepaid cards available anymore?

I always wondered (1)

ad0gg (594412) | more than 6 years ago | (#21366527)

Do bot users root kit there bots? Hide themselves from the filesystem, process list etc. How would blizard detect that?

Privacy? (5, Funny)

Debello (1030486) | more than 6 years ago | (#21366039)

You've already given up your life when you start playing WoW. What do you have to keep private?

Re:Privacy? (1)

mordors9 (665662) | more than 6 years ago | (#21366423)

Why does this all sound familiar though... give up any expectation of privacy to be safer... but they assure us not to worry, they are only looking out for us.... we can trust them...

Then don't play (2, Insightful)

UDGags (756537) | more than 6 years ago | (#21366041)

If you don't like it then don't accept the TOS and don't play. It is really simple. I've played WoW since it came out at a very high level and I welcome Blizzard trying to stop the root kits/gold farmers/etc.

Re:Then don't play (0)

Anonymous Coward | more than 6 years ago | (#21366315)

so instead of getting root kitted you'd rather get root kitted? AWESOME!

How about a second option? (0)

Anonymous Coward | more than 6 years ago | (#21366363)

In the totalitarian state of the computer world, it's a "take it or leave it". In the real world, compromises, contract changes and the like can be offered.

If I could edit a EULA, I would. Most of the time I go with the standard lawyer approach: it's only a contract, it isn't law.

Re:Then don't play (1)

ByOhTek (1181381) | more than 6 years ago | (#21366463)

Very sensible of you - but didn't you realize, sensible and logical are flamebait here on /.

<sarcasm>
You see, as an individual, you are allowed what you want however you want it, and the fact that you don't need it is irrelevant. The creators and distributors have no right to ask you for anything in response.
</sarcasm>

Seriously modtards - He's right. People have to go without all the time. There was a time when WoW didn't exist and people survived it. People can survive it now. If you don't like Blizzard's measures to stop cheating, don't play the damn game and get over your solipsism.

Re:Then don't play (0)

Anonymous Coward | more than 6 years ago | (#21366553)

Oh of course. We shouldn't have opinions about things. Just deal with them. Yeah. That makes sense. No room for discussion. Take it or leave it, but for chrissakes don't THINK about it.

Re:Then don't play (1)

91degrees (207121) | more than 6 years ago | (#21366573)

Yes! Then everybody loses! They lose a customer and the player loses hours of enjoyment.

Or alternatively people can complain, Blizzard will come up with a mutually acceptable policy and everyone wins.

Draconian EULA (1)

explosivejared (1186049) | more than 6 years ago | (#21366053)

Given the fact that the randomly generated hash algorithm can be replaced at Blizzard's sole discretion with any other algorithm, including ones that retrieve and use personal, private and/or otherwise confidential information, with only their server to be required to know about the changes, this should be considered a very scary thing for the rest of us.

I'm not a WoW player and don't particularly know the ins and outs of it EULA, but I can't imagine that that is covered at all in the license. Would a class-action suit be possible for this? I would certainly hope so.

Re:Draconian EULA (2, Insightful)

Pojut (1027544) | more than 6 years ago | (#21366163)

Actually, knowing Blizzard's history (and more specifically their history with WoW) it most likely is in their EULA and/or TOS somewhere. They wouldn't knowingly do something that isn't. All it would take is to update the EULA and/or TOS when the patch is applied, seeing as you have to accept the EULA and TOS everytime you install a patch. Not their fault if you didn't read it.

They are an internationally-known company bringing in millions of dollars a month from the most popular online game in the world. I'm sure they pay attention to what is and isn't in their agreements.

Re:Draconian EULA (1)

explosivejared (1186049) | more than 6 years ago | (#21366263)

Still... I could see this violating privacy laws all over the place. Contracts that involve one party breaking the law are null and void. Would that not void the EULA then? I mean I'm not sure, but that's just how I see it.

Re:Draconian EULA (2, Insightful)

ajs (35943) | more than 6 years ago | (#21366255)

Given the fact that the randomly generated hash algorithm can be replaced at Blizzard's sole discretion with any other algorithm, including ones that retrieve and use personal, private and/or otherwise confidential information, with only their server to be required to know about the changes, this should be considered a very scary thing for the rest of us.
I'm not a WoW player and don't particularly know the ins and outs of it EULA, but I can't imagine that that is covered at all in the license. Would a class-action suit be possible for this? I would certainly hope so.
A class-action suit for what? Blizzard has written a program that checks to see if the user running the game a) has a keylogger installed (a HUGE problem with WoW) or b) is using a bot to control the game. Neither of these is malicious or harmful. People are freaking out over nothing because the gold farmers are actively seeking to put pressure on Blizzard to relax their efforts to curb automatic control over the game. Let em whine.

Re:Draconian EULA (1)

explosivejared (1186049) | more than 6 years ago | (#21366403)

Maybe it's just the blogger's spin, but it seems this has the possibility to be a much more dangerous exploit. From what the article said the patch pretty much gives Blizzard a carte blanche when it comes to doing whatever they want with the player's computer. That reeks of a privacy violation and more rather than just them trying to police WoW.

Call me a fool but... (1)

Magneon (1067470) | more than 6 years ago | (#21366071)

I trust Blizzard with my gaming computer. I would rather lose a bit of privacy and not have annoying crackers trying to game the game.

That said... all of my real data is on another computer.

Re:Call me a fool but... (3, Insightful)

pak9rabid (1011935) | more than 6 years ago | (#21366231)

I trust Blizzard with my gaming computer. I would rather lose a bit of privacy and not have annoying crackers trying to game the game.

Yeah...it's this type of reasoning that lets the US government get away with wire-tapping w/out a warrant and other similar privacy violating activities.

Re:Call me a fool but... (1)

Magneon (1067470) | more than 6 years ago | (#21366405)

The difference is that you in effect are giving Blizzard a warrant to do whatever with your computer by playing the game(see their arguably overreaching EULA). The US government is not authorized to tap phone calls.

[shrodinger's sarcasm]and the US government is evil wheras Blizzard is not[/schrodinger sarcasm]

Re:Call me a fool but... (1)

Mayhem178 (920970) | more than 6 years ago | (#21366437)

I hate to break it to you, but we're talking about a game here, not federal politics. The two aren't even remotely related.

Where are the .... (-1, Troll)

iknownuttin (1099999) | more than 6 years ago | (#21366089)

Trolls comparing Slashdot geeks/losers and WOW players!?!

I wanted some entertainment during lunch!

Man, Slashdot better hire some Troll editors/comic writers to give us folks some entertainment during lunch!

Re:Where are the .... (1, Funny)

sanjacguy (908392) | more than 6 years ago | (#21366371)

Dere was dis one time mon, dat I was out huntin' da stoof dat I always hunt. And dere was a big light dat was really - uh - glowy! Yeah dat's da word, glowy. An' dis giant came oot and he 'ad a doggie head instead o' sumt'in' normal, like a face. I t'ought it was some kinda doggie I nevah seen befo' so I sneaksy ups on it an' it thwacked me good. An' da moral o' dis story is don' trus' anybody dats gotta doggie head.

Sorry, that was the best trollish rp I could do this early.

Oh darn, you meant a different kinda troll. My bad.

I've never been so happy... (1)

Starteck81 (917280) | more than 6 years ago | (#21366103)

...that I don't play WoW.I always steered clear of it because of the amount of time it requires if you want to have a decent character but stuff like this is just one more powerful reason. It's getting to the point where you need to have a leisure PC and a PC for your finances(i.e. shopping, working, accounting programs) so you know you're personal information is relatively secure.

"That can't be right." (1)

CheeseburgerBrown (553703) | more than 6 years ago | (#21366105)

Where does right enter into it? We're talking about business here, so the operative qualifier is whether or not it is profitable.

How many users will these alienate? A slim minority of elite geeks who actually have a clue what's going on inside their boxes -- you know, the set that contains the sub-set of people technically advanced enough to bother pirating games.

Is this going to slow the sign-ups of new accounts? Not bloody likely. Who listens to geeks? Not my boss, and not my neighbours asking for computer advice.

Take your right|wrong games and play them where they belong: in the cramped ivory tower of a university philosophy department that smells faintly of institutional-grade disinfectant. In the real world, practicality rules.

Re:"That can't be right." (1)

RickRussellTX (755670) | more than 6 years ago | (#21366305)

I was ready to dismiss this diatribe, but I have to admit, there is some insight here. The same rule has always applied: install somebody's software, and you potentially give them anything on your computer. We all know that. The only reason anybody noticed WoW is that there is a cadre of hackers (or, is that crackers? or cheaters?) with a vested interest in observing and modifying the server/client data streams.

Ultimately, using anybody else's software on a networked computer has always been a web of trust with very little hard data to verify that trust. To paraphrase David Hume, does the estimated likelihood of true privacy violation outweigh the utility of the product?

Re:"That can't be right." (1)

Rogerborg (306625) | more than 6 years ago | (#21366485)

That's so... so... pragmatically mercenary of you.

I'm so proud of you. Really. I even forgive you for the whole, you know, Mac thing.

Re:"That can't be right." (1)

moderatorrater (1095745) | more than 6 years ago | (#21366571)

How many users will these alienate? A slim minority of elite geeks who actually have a clue what's going on inside their boxes -- you know, the set that contains the sub-set of people technically advanced enough to bother pirating games.
In WoW terminology, guild leaders and core players.

What is worse? (0)

Sporkinum (655143) | more than 6 years ago | (#21366109)

This world of Warcraft thing, or Steam? Or are they equally as bad?

Re:What is worse? (5, Informative)

Cheesey (70139) | more than 6 years ago | (#21366415)

Steam games have "Valve Anti-Cheat" (VAC), which is similar in principle to the Blizzard Warden. Other games use Punkbuster, which uses the same strategy to detect cheats. All of these programs scan your machine's memory and look for the signatures of known cheats. The mechanism used to carry out the scanning and report the results is deliberately obfuscated to make it difficult to reverse engineer the process and send fake results. All three of these programs are spyware. But you agree to the use of each within the EULA of whatever game you are playing.

Warden has always had the ability to be updated with arbitrary code as you play. The observations of this article are nothing new: Blizzard has always been able to access files on your computer, just by sending the appropriate program to Warden. It seems that they have recently been sending more complex programs, generated for each client, so the current generation of programs that spy on Warden no longer work. The arms race continues.

Do this rootkit work on Linux/Mac? (1)

siDDis (961791) | more than 6 years ago | (#21366115)

Or is it windows only?

Re:Do this rootkit work on Linux/Mac? (2)

ajs (35943) | more than 6 years ago | (#21366189)

It's not a rootkit, so it doesn't work anywhere.

It's just an analyzer that's part of WoW. It checks for malicious software in the environments where WoW runs and reports back to Blizzard when you log in to their service. Malicious in this context being defined as malicious vs. the user (keyloggers are a major concern in the wow playerbase) and malicious vs. Blizzard (e.g. bots and such controlling the UI while the game is running).

Wine? (1)

Pazy (1169639) | more than 6 years ago | (#21366141)

Anyone know how this affects Wine players? Im not one myself but im wondering if this prevents linux/bsd (macosx?) players?

Define rootkit (5, Insightful)

ajs (35943) | more than 6 years ago | (#21366143)

So, now a "rootkit" is any program that does something we're not sure of?

I thought a rootkit was a program designed to take control of a system remotely or offer access to that system? This is just an obfuscated program (encrypted is a bit strong for something that is "decrypted" on your own system where you can watch its behavior).

Seriously, if this is the worst that Blizzard does, I'm a happy camper. They really do have serious problems with their users being exploited, and detecting these problems early is all good. In my case, they'll see everything that's in my virtual Windows environment under Wine.

Now, if someone proves that they're reading personal files out side of the Windows system directory or the WoW installation, then we can talk. Until then, this is a non-issue.

Re:Define rootkit (1)

ackthpt (218170) | more than 6 years ago | (#21366483)

So, now a "rootkit" is any program that does something we're not sure of?

Rootkit is new new bogey man.

Rootkits go Boo! Boo! Boo!

Re:Define rootkit (3, Interesting)

AvianM (1167701) | more than 6 years ago | (#21366515)

A rootkit is a piece of software that hides itself from the operating system, hiding running processes or files. It doesn't really matter if its malware or not, just the fact that not even the OS can see it while it's running makes it a rootkit. The wow system checker I don't believe hides itself, it just has to run or the game won't.

Re:Define rootkit (1)

grasshoppa (657393) | more than 6 years ago | (#21366565)

I thought a rootkit was a program designed to take control of a system remotely or offer access to that system?

No, that's actually just your run of the mill trojan/virus. A rootkit is a bit more sinister. It was originally a set of utilities designed to hide the signs of an intruder on a cracked system. That's about it. It has morphed into a software package/paradigm that means a set of software applications used to conceal an application's actions from the rest of the system and/or user.

The problem is, blizzard is accessing more than it should be. I understand wanting to stamp out cheaters ( they certainly got enough of that in battlenet ), but where's the line? Personally, I don't like having my system violated everytime I want to play their game ( and hence, I don't play their game ). If you want to see for yourself what WoW is doing, download regmon/filemon and see what it's up to.

Cancelled my account (-1, Offtopic)

steveo777 (183629) | more than 6 years ago | (#21366147)

Not just because of this, but WoW is boring. Was letting my cousin glide my account in his free time. Didn't care. Maybe I can get some cash back outta the deal.

How is this a root kit? (5, Insightful)

Bryansix (761547) | more than 6 years ago | (#21366155)

Does the thing hide itself? Can't you just uninstall WoW? (Maybe you can't but maybe you need mental help.) Ya, you don't know what it is doing but you don't know what most programs are going unless you reverse engineer them. I think this is just the cheaters getting their panties in a twist. Especially because it means the end to a real source of income for those who harvest gold and sell it in the real world.

Re:How is this a root kit? (1)

geekoid (135745) | more than 6 years ago | (#21366179)

I'm not a cheater, and it get's my panties in a twist.
But I got a thing about people rifling through my stuff.

Re:How is this a root kit? (1)

Bryansix (761547) | more than 6 years ago | (#21366445)

Yes and how is that different from Real Player. People don't call that a root kit.

Re:How is this a root kit? (4, Informative)

ajs (35943) | more than 6 years ago | (#21366561)

Does the thing hide itself?
No.

Can't you just uninstall WoW?
Sure.

Ya, you don't know what it is doing
Actually you know pretty well what it's been doing because with minor refinements, it's been doing just about the same thing for 3 years.

I think this is just the cheaters getting their panties in a twist.
Ding!

Especially because it means the end to a real source of income for those who harvest gold
Gold harvesting is easy. What's hard is maintaining your account for more than a week once you start trying to sell it online. This is why the pro gold farmers/sellers are all using level 1 accounts. At level 1 gold farming is a bit more difficult, so they have to abuse the game in order to profit. This program detects that kind of abuse, and THAT is why they're upset.

A bit sensationalistic (5, Insightful)

Zuato (1024033) | more than 6 years ago | (#21366171)

I play World of Warcraft. As a subscriber that plays this game I am ok with Warden as it stands. I want to play a game where hackers and cheaters are caught and banned. I know a lot of people despise the speed hacks and of course the gold farmers, so I don't see what the fuss is all about.

The likely hood of Blizzard hacking or stealing personal data is very small. They know that they could lose their cash cow by doing anything malicious with this information/software.

For those that fear credit card and personal information being lifted, I'm a little baffled. When you sign up for an account you enter most of the same personal info that is going to be on your PC anyway, and unless you are using game cards they already have at least one of your credit cards on file. All information that subscribers gave up willingly.

That aside, I did read the article and find the technology fascinating.

Oh really... (1)

fahrbot-bot (874524) | more than 6 years ago | (#21366411)

When you sign up for an account you enter most of the same personal info that is going to be on your PC anyway,

I wasn't aware that one must enter, say, social-security information, banking information, medical records, or personal communications -- all of which are on my PC. Those people at Blizzard must really want to know a lot about you.

Re:A bit sensationalistic (1)

Rogerborg (306625) | more than 6 years ago | (#21366535)

I want to play a game where hackers and cheaters are caught and banned.

I'd rather play a game where cheating was designed out of the architecture, but each to their own. I guess some people get off on the whole Crime and Punishment lark.

Re:A bit sensationalistic (2, Insightful)

ad0gg (594412) | more than 6 years ago | (#21366577)

What i don't get is why people would play a game where they need a bot to level themselves up. Is the game that tedious?

Console or genuine virtual machine? (1)

Bombula (670389) | more than 6 years ago | (#21366175)

a tool that is encrypted and can run any type of scan, transfer any file or edit any document on your computer. That can't be right.

If playing WOW or any other online game on your computer presents a hazard to that computer, the solution would seem to be to play it on a dedicated machine - one where you don't have any files or confidential data to worry about. That then immediately points to the value of a dedicated gaming box, and from there it's just a hop skip and jump to consoles... Now, wasn't the X-Box originally supposed to be a PC gaming console? That idea sort of got lost along the way somewhere it seems.

An alternative might be a genuine virtual machine for games running on your PC, but... well, I'll leave it to the experts to point out the problems that presents.

WoW = crack (1)

pak9rabid (1011935) | more than 6 years ago | (#21366177)

Yeah, WoW is like digital crack to it's users. Blizzard could probably pull off taking people's first-borns and they'd be ok with it as long as their account stayed active.

Re:WoW = crack (0)

Anonymous Coward | more than 6 years ago | (#21366525)

Yeah, the room mate plays 24 hrs a day. Whenever I start downloading pr0n, he runs in and starts screaming stuff about something being wrong with the router or some such. He's WOW Cracked. Since I control the router, I screw with him sometimes.

WoW's next expansion pack (-1, Troll)

circletimessquare (444983) | more than 6 years ago | (#21366181)

WoW's The Burning Crusade added the world of Draenor to Azeroth.

Which, while exciting, pales in comparison to the upcoming expansion pack Papers, Please, featuring the world of Orwellian. Orwellian will feature exciting new dungeons like "Guantanamo" and "Abu Ghraib".

Not much of a choice (0)

m.dillon (147925) | more than 6 years ago | (#21366185)

I don't think they have much of a choice. They have to check for game hacks, cheats, and key loggers. If they don't then cheaters basically get free reign over the game and destroy their subscriber base (similar to how hacks put the final nail in Diablo's coffin), and tens of thousands of people who get key-logged wind up blaming Blizzard instead of Microsoft for their woes. It's really an act of self-preservation for Bliz.

Why should we care? Only a complete fool actually stores sensitive information on a Windows box anyway. Oh wait, that's most of the population... well anyway I still don't care.

-Matt

Not Suprised (1)

Token_Internet_Girl (1131287) | more than 6 years ago | (#21366213)

Unfortunatly, World of Warcraft has become the "AOL of MMORPG's" in recent years. This package, while intrusive to most of us who know when to recognize a red flag, is most likely born out of honest necessity for the millions of players who barely know how to play, much less patch and repair the game they are paying 15$ a month to play.

Rootkit? (0)

Anonymous Coward | more than 6 years ago | (#21366239)

I don't think people use the term correctly.

Rootkit is a program that is invisible to the operating system. OS tools regard it is as if it does not exist: ps does not show it in memory and ls does not show it on the disk.

What is being described here should have a new name for it.

That's not a rootkit (1)

lib3rtarian (1050840) | more than 6 years ago | (#21366277)

There is nothing evenly vaguely rootkit-ish about this. Blizzard is scanning your PC for your benefit. What makes people think this is a rootkit, because its polymorphic encrypted code? This isn't a bit of code that is hiding from the OS, nor does it have control over the OS, or the ability to spawn processes in a rootkit'd environment. It is not a rootkit.

What a dilema... (1)

wattrlz (1162603) | more than 6 years ago | (#21366289)

Playing two of the greatest geek urges against each other like that: WoW vs Paranoia... who will win?

Re:What a dilema... (1)

gardyloo (512791) | more than 6 years ago | (#21366391)

Playing two of the greatest geek urges against each other like that: WoW vs Paranoia... who will win?
Bletchley Park's Colossus, obviously.

And all because they pooched their architecture (4, Insightful)

Rogerborg (306625) | more than 6 years ago | (#21366293)

If you start your architectural design from the assumption that the client is a malicious bot, then you can design out vulnerability. Blizzard chose not to do that. They thought that they could enforce trust on the client side, and let clients make decisions about (oh, just for example) player position. Well, that makes them idiots. Idiot savants, maybe, but idiots none-the-less.

The client cannot be trusted. Clients request, servers decide and dictate. Let the client anticipate and drift its local world state all you like, but the server must never, ever, accept a state change from the client, only requests. That's the way it has to be, unless you - demonstrably - want to play catchup for ever and a day. And if you get caught in that hole, then you need a spade the size of WOW's playerbase and Blizzard's resources in order to keep digging it deeper.

Re:And all because they pooched their architecture (0)

Anonymous Coward | more than 6 years ago | (#21366497)

wow those blizzard guys sure are idiots. If they had listened to you, they would have made a profitable game right?

Said It Before, Said It Again (1)

GearheadX (414240) | more than 6 years ago | (#21366313)

If you aren't doing anything wrong you don't have anything to worry about when it comes to Warden. The fact that people still persist in finding ways around it to screw with the game aggravates me no end. The only thing new that Warden is really doing is that it's hiding better, so as to prevent a standardized way of detecting, and foiling, it without breaking the hash encryption.

Duh... what's new? (5, Insightful)

mortonda (5175) | more than 6 years ago | (#21366319)

Now Blizzard has a tool that is encrypted and can run any type of scan, transfer any file or edit any document on your computer.

You do realize that *any* software you install on your computer can do this? Unless you have read the full source code and compiled it yourself (Ignoring the possibility of a trojan'd compiler) there is a possibility that a program could do these things. So what's new?

Re:Duh... what's new? (1)

Shoeler (180797) | more than 6 years ago | (#21366467)

You do realize that *any* software you install on your computer can do this? Unless you have read the full source code and compiled it yourself (Ignoring the possibility of a trojan'd compiler) there is a possibility that a program could do these things. So what's new?


Man, where are my mod points when I need em. ++

Eat it, WoW! (0)

Anonymous Coward | more than 6 years ago | (#21366365)

I'm glad I run WoW on top of Wine on Linux

It works great with Fedora 7, CrossOver Office, and the latest Nvidia drivers.

Root my emulatar. Please!

Over reaction (1)

Foofoobar (318279) | more than 6 years ago | (#21366409)

As far as I am aware, Warcraft on my Mac is fairly sandboxed; it cant read all the programs that are running or other files on my system without my permission. It may be different on Windows but this is why you shouldn't run as root. It could read files that it has READ permissions for. Want to limit it? Run it under limited permissions... problem solved.

People are really too panicky. True this is a shitty thing to do and yes it sux... but they suck; afterall they quashed the open source warcraft server. I have just chosen to pick my battles and this isn't one that I'm fighting. They are supporting games on Mac and for that I have to support them. They've got my pint of blood.

Blizzard, their TOS, and you. (4, Insightful)

BrianRoach (614397) | more than 6 years ago | (#21366447)


They clearly state in their TOS that they do this (Section 14)
http://www.worldofwarcraft.com/legal/termsofuse.html [worldofwarcraft.com]

Don't like it? Don't play the game. Very simple.

And in fact, when you first sign up for an account, Blizzard gives you 30 days to return the game for a *full refund* if you don't agree to the TOS and don't wish to play. That seems pretty fair IMHO, and far more than most game companies will do.

- Roach

And nobody complains about the passwords? (1)

Asmodai (13932) | more than 6 years ago | (#21366511)

I find it funny people complain about this sort of thing and they do not even refer to the fact Blizzard uses case insensitive passwords? Curious.

Use Wine (1)

_14k4 (5085) | more than 6 years ago | (#21366575)

I run WoW via Wine (Ubuntu-GG) - not exactly 100% sure it'll matter much, but in reality, I suppose since I'm not running wine as root... there isn't _much_ to worry about.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...