Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The State of Security in MMORPGs

CmdrTaco posted more than 6 years ago | from the i'm-in-your-machine-pwnzing-yer-gldz dept.


Anonymous writes "Security researchers Greg Hoglund and Gary McGraw poked around in World of Warcraft and other online games, finding vulnerabilities and exploiting the system using online bots and rootkit-like techniques to evade detection. Their adventures in online game security became fodder for the book, Exploiting Online Games. McGraw discussed with securityfocus the state of security in modern video games, cheating and anti-cheating systems, how the market for cheats, exploits, and digital objects is growing, what we could learn from the design of these huge systems, and how game developers react to submissions of security vulnerabilities."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered


JJJJJ (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#22067250)

first post

First Loophole (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#22067252)

I got in first! Hack!

I fucked a hooker on my lunchbreak yesterday. (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22067254)

It was incredible.

Re:I fucked a hooker on my lunchbreak yesterday. (0)

Anonymous Coward | more than 6 years ago | (#22068704)

Just wait until you get sex WITHOUT paying for it. It's even better!

Keylogger (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#22067294)


From a mainstream publisher (0)

CRCulver (715279) | more than 6 years ago | (#22067346)

For me it is a surprise that the book [amazon.com] was published by the mainstream publisher Addison-Wesley. Do they release expect many sales of what initially seems like a shady book?

Re:From a mainstream publisher (1, Offtopic)

kcbanner (929309) | more than 6 years ago | (#22067518)

Its not that shady, security by obscurity was never good for anyone. Its not even secure at all.

The short answer. (0)

Anonymous Coward | more than 6 years ago | (#22067876)


Re:From a mainstream publisher (1)

argiedot (1035754) | more than 6 years ago | (#22068136)

Do they expect sales of a book about exploiting online games? Oh come on...

Seriously though, why not? People pay big money for stuff in those games. Sure, the book's probably not going to help the guy who just wants to 'hax gold' in WoW or whatever's the latest fad I'm pretty sure that same fellow would buy it.

Re:From a mainstream publisher (0)

ubrgeek (679399) | more than 6 years ago | (#22068854)

or whatever's the latest fad

Kids today! Why when I was a kid, we had to hack gold up hill, in Dun Morogh's snow! ;)

Game is realistic (0, Insightful)

Anonymous Coward | more than 6 years ago | (#22067356)

When in a MMO game you can exploit rules and get an easy way in life of your caracter (evolving) its like some people exploiting laws for profit to get an easy way of life.

When in a MMO that person gets banned its like people who get caught in real life.

The more tight the rules/law the harder to exploit them. But making a full proof rule/law system? We dont even have that in real life!!

It costs money? (0)

Anonymous Coward | more than 6 years ago | (#22067364)

Lame article.

My personal feelings.. (5, Insightful)

faloi (738831) | more than 6 years ago | (#22067392)

The market for cheats and exploits is so large primarily because of the "make it a grind!" trap that most MMORPGs fall into. If you're into a MMORPG, and you "need" cash for a certain item, or to recoup your costs for the last big raid, or what have you, you seem to get one of two choices. You can grind away whatever playtime you have in order to get the cash legitimately, you can buy it from someone that is grinding away (or perhaps using exploits), or you can turn to exploits/hacks/whatever yourself.

I understand that some percentage of the playing population is going to cheat, hack, or use an exploit simply because they can. But if game design didn't make it so attractive to so many people to reap the rewards that go along with it, it would be a pretty minor problem. In my opinion, as soon as you're killing the 3,000th slightly different textured mob for his toe...or running a dungeon you could do in your sleep just to make sure a fellow guild members armor is a little bit different color so you have a shot at the next dungeon, MMORPGs start losing some of their fun. I don't know of too many people that really enjoy running things that are on "farm" status, but there's a necessity to grind it out built into the games.

I know it keeps people hooked longer, but it also keeps the temptation to play...creatively...in people's mind.

Re:My personal feelings.. (4, Interesting)

Pojut (1027544) | more than 6 years ago | (#22067484)

This is one of the primary reasons why I like Guild Wars so much. I was a WoW junkie for about a year and a half straight (played in the closed and open betas, bought the game on release day). Switched over to Guild Wars.

See, with WoW, since I was paying for it, I felt obligated to play it over other games...as a result, I missed out on a LOT of games when they came out. With Guild Wars, however, since there is no monthly fee, I'll log in for a couple hours here, a couple hours there...maybe a grand total of 5-7 hours a week out of my 25-30 hours a week spent playing video games. Since I'm not paying a monthly fee, I feel less like I HAVE to play it and more like I WANT to play it...WoW is a better game IMO, but I like not having that "second-job" feeling.

Re:My personal feelings.. (1)

brkello (642429) | more than 6 years ago | (#22068080)

I totally agree with this. So many games passed me by when I played WoW because I felt like I had to make it worth the time I was spending on it. When I quit WoW, it was a lot of fun to play all the games I had missed out on. Heck, I am still trying to catch up. Of course, now I am addicted to Disgaea so I am doomed.

Re:My personal feelings.. (2, Insightful)

hitmark (640295) | more than 6 years ago | (#22068348)

and therefor i go check the micropayment and free to play games listed at:
www.mmorpg.com ;)

Re:My personal feelings.. (1)

spirit of reason (989882) | more than 6 years ago | (#22068630)

There's also much less incentive to cheat in Guild Wars. Achieving the maximum armor level or weapon damage range takes no time at all. The slightly random values of the inscriptions and such don't have a large enough range to make it important that you have the maximum for those. The portion that takes a lot of effort is creating your character's appearance, which is not important, to say the least. Also, guild halls and the improvements that go with them do, but aside from the price of the celestial sigil, it doesn't change much.

But then... even with all of that, there are still people that sit in faction battles... What can you do besides report them?

I disagree about WoW being the better game. Certainly GW would be more exciting with persistent worlds and world pvp (GW isn't really an MMORPG per se), it has a much more interesting approach to combat. There's actually a touch of thought involved on the player's part... ;-)

Re:My personal feelings.. (5, Funny)

Anonymous Coward | more than 6 years ago | (#22067546)

If you're into a MMORPG, and you "need" cash ... you seem to get one of two choices.
1) You can grind away whatever playtime you have in order to get the cash legitimately,
2) you can buy it from someone that is grinding away (or perhaps using exploits), or
3) you can turn to exploits/hacks/whatever yourself
No, wait, I'll come in again. (exit)
(enter stage left, dramatically)

NOOOObody expects the Slashish Inquisition! If you're into a MMORPG, and you "need" cash ... you seem to get one of three choices....

Re:My personal feelings.. (4, Interesting)

qortra (591818) | more than 6 years ago | (#22067656)

I think you're absolutely right about this. I always dreamed of an MMO that was more focus on player-skill/ingenuity than on the amount of time invested in the particular player. Such a game should passively improve the real-human player by giving him more experience with the gaming system, rather than improving the virtual character by giving him arbitrary levels/gear/money. Such a game would be naturally resistive to exploits and cheats. I would apply the following test to an MMO to see if it meets this qualification;

Take a player who has played the game for a while, is skilled at the game, and is very successful at completing game objectives. Now, have that player start a new game with a brand new character. He should be able to be somewhat competitive with that new character - not nearly as strong without his old level or gear, but still competitive.

Of course, there are plenty of caveats. First, I have had difficulty in imagining an RP system that would have such a large emphasis on creativity and intelligence. Second, it is unlikely that many people would actually have interest in such a game. Unfortunately, I think that most people actually like the grind; and even if they don't have the intellect to keep up in a real game, they can gain satisfaction from countless hours hording gear and currency.

Re:My personal feelings.. (4, Informative)

Rei (128717) | more than 6 years ago | (#22067864)

People rely on the "grinding" aspect because it's the easiest to develop and balance properly. It's a well-worn formula. I do believe that there is some potential for ingenuity in games (and actually have worked a bit on developing a game (Eaku) that strives toward this end, with the idea of user-level scripting controlling actions in a very malleable world), but it's a lot trickier to pull off. Probably the worst idea that I've seen in practice is the one where people create a game world with the intent of it being "an environment for role-playing, not fighting". That almost never works out. Such an environment, if well advertised, will get plenty of people logging in, asking, "How do I attack things?" and leaving when they find that they can't, day in and day out. Even if in the ads you explicitly tell them that it's just for role playing.

The article touched on game dev reactions to bug reports. I've seen negative reactions to bug reports myself. In one game I was a developer for, I once did a security audit of the code and was appalled at what I found. With almost no effort, I was able to craft an in-game exploit that would wipe the hard drive of every user logged into the game who tried to bring up a URL. I had to push and push to get it fixed. Almost any bug that was security related, they didn't want to address; they were much more afraid of introducing gameplay bugs that might come as a side effect to fixing security bugs, and more afraid of having the schedule slip. Almost none of the strings in the game were checked for length or null termination when operations were done on them. It really disturbed me (and also reinforced to me why game code shouldn't be written in C; at least use C++, people...)

Re:My personal feelings.. (1)

qortra (591818) | more than 6 years ago | (#22068352)

People rely on the "grinding" aspect because it's the easiest to develop and balance properly.
No doubt. If Blizzard can make obscene amounts of cash using this kind of system, why wouldn't they? But now that market penetration of griding-style MMOs is so large, I think there is significantly more opportunity for a niche intellectual-MMO to really stand out - maybe like Eaku (have you posted any information on it yet?).

and also reinforced to me why game code shouldn't be written in C; at least use C++, people...
I've never written game code, but this seems like a no-brainer to me. Honestly, I think that even higher level languages are an even better fit (managed/garbage-collected/etc) in some ways. Certainly, most games really need performance that is largely unavailable with these languages, but not all popular games have to be pretty or state-of-the-art [tibia.com]. Also, I assume that servers are often written in a very high-level languages; the guy in this interview seems to be primarily concerned with Java. I strongly suspect that using high-level languages like Java on the server side is already a huge boon to security.

Re:My personal feelings.. (4, Insightful)

NeutronCowboy (896098) | more than 6 years ago | (#22068596)

People rely on the "grinding" aspect because it's the easiest to develop and balance properly.

Actually, I think there's a more insidious reason people rely on the grinding aspect: it allows developers to create the strongest reward mechanism; one that leads to behavior most closely related to addiction: random rewards at random intervals. It's convenient that it is the easiest to implement, but one reason we haven't progressed past it (and, in the case of Ultima, regressed to it) is that it is the single best way to keep players coming back for more.

Sorry for digressing, but that's the one thing that bugs me about most MMOs right now: they are designed as a massive grind fest.

Re:My personal feelings.. (1)

wallypop86 (1044532) | more than 6 years ago | (#22068334)

You'll find a bunch of different types of players in MMO's, though. I've played Everquest for years, and I've found that most high-end players are not good players; they just know how to successfully contribute to their guild/raid with whatever role they are in (healer, tank, DPS, etc). You'll find great players who are not high-end (and I don't mean just level, I mean a high-end progression guild) but have relied on their pure skill to move forward in the game. This is of course opposed to the high-end raider who has the best gear, but no skill, because he bought a level 75 (or now 80) Necro on eBay, and then joined a guild and is quite happy to sit and mana-feed the gimp clerics. (Ever notice you'll very rarely see a "high-end" necro kiting?). Overall I agree with you, but I think that this already takes place in many MMO's, however, it is also still possible for people to be those retards that can't do anything on their own. Its just like real life, you have smart people in crappy jobs, and dumb people in quite important jobs.

Re:My personal feelings.. (3, Insightful)

ilikepi314 (1217898) | more than 6 years ago | (#22067668)

Well what if you could easily and legitimately earn all of that money? Then either (a) everyone would have the same ultra expensive weapons, and so it would be boring anyway, driving some of them to use cheats/hacks/exploits to get better stuff than available, or (b) the game keeps creating better and better stuff for sale that gets more and more expensive and people still use cheats/hacks/exploits to be able to say "I got that item first!".

To me, MMORPGs have little to do with following a great story; it's mostly about bragging rights with your friends. (Not that everyone feels this way, but I've met enough to realize its a "Look what I can do!" mentality among most of the people that use game exploits.)

And when bragging rights are involved, people will go to extremes to prove they are better than everyone else. You make it easier for new players to get lots of money, then these other guys will say that's for newbies and hack something else to prove their superiority. I doubt any game constructs will change human nature overnight.

Re:My personal feelings.. (1)

zippthorne (748122) | more than 6 years ago | (#22068752)

Well what if you could easily and legitimately earn all of that money?

The problem is not that it's too difficult to "earn" the "money" to get the items, but with the whole paradigm of grinding away for money & stats to get things. In fact, it's not difficult at all. Just time consuming. There isn't any more depth to farming gold in WoW than there is to stringing beads in a costume jewelry factory. And, mind, stringing the beads would get you rewards in WoW significantly faster, even, if you use the goldsellers.

One thing that might make it more interesting is to do something about the fact that there's no in-game downside to the grind. Smash boars for 30 hours, you gain XP, and gold/hides, but lose nothing but time. If the stats were linked to percentage of time exercising them* instead of total time spent exercising in general, it might be a little bit more interesting. As an added benefit, it would be impossible for anyone to become the uber-everything, but many could become the best-<something specific>.

*not pure percentage, of course, but weighted for recent activity, "training" modifiers from equipment, skills, location effects, spell effects, astronomical configurations, some kind of interaction between a total XP (higher max stats) and character age modifier (reduced max stats) where you can either have a character run its course to eventually die of old age or take some kind of magical youth restorer, but at the cost of XP and/or skills. And probably a host of other variables which I'm not creative enough to declare, and would turn pure minimaxing into an activity requiring a degree in math.

They could also improve things by replacing the RNG crafting system with minigames, depending on the items crafted, and which affect the stats (and appearance if the developers are ambitious) of the items crafted. That way, at least, there would be some point to it other than just another tick-mark on the "I'm cool" sheet.

The point is that increasing play-time by sheer number of operations is easier to program, but players are going to start to look for ways around it pretty quick. From a purely economic point of view, though, WoW has pretty well proven that, at least at the moment, you don't have to go any deeper than that to make billions, as long as you have a relatively clean interface and compelling and vivid visual effects.

Re:My personal feelings.. (1)

psychicsword (1036852) | more than 6 years ago | (#22067696)

I know with Runescape(I was young and it was free) using scripts is a very easy thing to do. Back when I played I would make my own scripts to do the mining and killing for me, there was always the risk of getting caught and banned but it was so easy to just make a new account and start again. I have to say making the scripts was more fun than playing the game in the first place. Also because the game is so simple I bet it wouldn't be too hard to just decompile and hack the game.

Re:My personal feelings.. (3, Insightful)

sholden (12227) | more than 6 years ago | (#22067886)

The grind is the game in a MMORPG.

RPGs are about 2 things: story, and building the power level of a character to meet some challenge.

As soon as you add the MMO part the story has to give a bit (there's not just one player (or just one small group) so the player can't be the "chosen one, saviour of the universe" and the game is long term so story is expensive to keep adding to.

The challenge part also suffers, since there is no end. In a traditional CRPG at some point you win the game. The big evil is defeated by your powered up character and the game is over. The MMO part means that never happens, on and on it goes with the power cap getting raised every so often so that there's more grinding to do.

And of course people cheat in single player games, there's even more incentive in a multiplayer game...

Re:My personal feelings.. (1)

spun (1352) | more than 6 years ago | (#22068344)

I've never understood why MMORPGs didn't do stories the way romance novels do. Basically, romance novels are written based on a flowchart. The first kiss comes by page x, first love scene by page y, and so on. Adventure stories are at least as hackneyed. It's all fill in the blanks: "Find the magical _______ that will destroy the evil _______ and save the _________ !"

"What will we do today, Wheezenerd?"
"Well, Big Dumb Tank, today we must find the magical rutabaga that will destroy the evil gopher and save the princess' vegetable garden!"

Re:My personal feelings.. (1)

jank1887 (815982) | more than 6 years ago | (#22068608)

ummm... they do do stories that way. But they're called quests. And they have no real impact on the game world. And everybody goes through them. and they turn into just one more aspect of 'the grind'.

Re:My personal feelings.. (1, Troll)

Liquidrage (640463) | more than 6 years ago | (#22068508)

That's not quite true. Take WoW for example. One could go from 1-70 on nothing but quests (though few do it is an option).

Most of these quests ignore the fact that other people have done them as well. YOU get to help a night elf learn that owlbears are protectors from the god Elune. YOU get to recover the lost treasure for a dwarf. That isn't even taking into account instances where the *zone* is just you and your group.

Now, there's no end. But then, traditional D&D didn't have an end either. You were were character just waiting for the next adventure. Death was the end (though some didn't age characters or have perma-death, so it's not really any different).

EQ your point was spot on. The game was the grind until you got to the end game then the game was gems since you were doing nothing most of the time except waiting in raid groups.
WoW changed the game back to more how it should be. It did it by ignoring "realness" and making the game more personal. Many of the quests are actually very interesting and unveil the backstory of the world and make you the one.

Re:My personal feelings.. (4, Insightful)

brkello (642429) | more than 6 years ago | (#22067990)

Eh, this is the same tired point that is pulled out every time there is an article about MMORPGs. "Oh, it's the grind that drives people to cheat...if their were only good designers in the world that could make MMORPGs without grinds." The thing is, the best designers in the world are working on these games. People, in fact, play these games because of the grind. They put effort in to something and then they get a reward. This is the same in real life, except the results take much longer before they occur (or may not occur at all). Take any other game and you see it follows the same model in a different form. Geometry Wars you grind until you beat your next high score. Guitar Hero you grind on a song until you can get 5 stars. Etc. etc.

If you play any game long enough, you are going to get tired of it and want to play another game. That is just being normal.

As far as cheating goes, some will do it for the challenge. Most of the others will just do it because they want to be better than their friends. It is a competition. It's a dumb place to want to be recognized...but people do it. If people hated the game, they just wouldn't play it anymore. They love the game, they just want an edge over others and will do whatever they can to get there faster. The grind is in everything...just it is just popular to bash it in here since people on here like to bash what other people enjoy instead of actually coming up with anything better.

Re:My personal feelings.. (0)

Anonymous Coward | more than 6 years ago | (#22068822)

If it's the "grind" that makes people cheat I wonder how they explain, Counterstrike, UT, etc... Those games reek of cheating. Anytime you have a competition there's the desire to be win by any means. baseball and steroids? Trying to blame it on grinding is just bad use of logic. What MMO's have provided that other games did not is an effective way to make "real" money from the game.

Re:My personal feelings.. (1)

PhiloBeddoe (1191205) | more than 6 years ago | (#22068052)

With a game like WoW, you enter the game *knowing* you're going to have to grind out a character and all the things required to build that character to be the best there is. Compensating for the latest raid means a small amount of "farming" to recoup the money in repairs. Blizz has tried to make it easier to acquire (legit) gold in the game by creating ez-mode "Daily Quests" which can get you 100+g in a relatively short amount of time... daily. That's 5-600g/week, just doing daily quests. A character at lvl 70 can get 2-3000g just by completing all the quests in the other zones. People who haven't the patience to grind the 5000g riding skill, or raid the end game content for the best gear are the ones fortifying the hacks & scammers resolve by buying the gold they sell. Stop buying the gold, the farmers/scammers/cheaters will go away (for the most part).

Re:My personal feelings.. (1)

Deanalator (806515) | more than 6 years ago | (#22068614)

In diablo 2, cheating meant uploading your own characters and items to closed servers due to server vulnerabilities, and abusing holding buffers to dupe items. Sometimes you could also manipulate client side variables that blizzard forgot about to run really fast (yogbuls is my hero!) and things like that.

When did automation become such a huge sin? The solution is simple. Write scripting into the game so everyone is on the same level, and make characters get tired after a few hours of gameplay. You could even do it at the account level so players don't just rotate characters or whatever.

It is also helpful to minimise the amount of shit that is excruciatingly boring to do twice. People like me start scripting in games when they become too tedious.

Not just the game... (0)

Anonymous Coward | more than 6 years ago | (#22067414)

Some people actually write malware to install keyloggers by hacking into game-related sites. There was an article in the Firehose that was rejected about how Final Fantasy XI's website was hacked and a keylogger was created that would install through browser exploits. It would then steal gamers passwords (which were apparently stored clear-text in the game settings?) and then the accounts would be used to steal gold from them. Apparently Sony's response was to completely ignore complaints and refuse to restore deleted accounts.

So not only does the game client have to be secure, the entire computer has to be secure - apparently MMORPGs are big enough business to warrant malware explicitly targeting players.

Re:Not just the game... (2, Informative)

Reapman (740286) | more than 6 years ago | (#22068106)

Eh what? First off, FFXI isn't made by Sony, it's made by Square Enix. Also it wasn't the FFXI Site that got hacked, it was a major fan site outside of SE's control that had an Ad that would install malicious code, the site was ffxi.somepage.com (it has now been corrected is my understanding, safe to visit, or just use Opera or Firefox to work around it)

SE is dropping the ball in this area though, I know a few people that got screwed and lost their accounts like this.

Just ask regular players.... (5, Informative)

Ian McBeth (862517) | more than 6 years ago | (#22067416)

Just ask regular players about the security of the MMORPG's that they play.
Most are regular hack fests.

Ultima Online: Scripting in the number one player complaint, but EA doesn't give a rats ass, they never ban, despide their TOS saying otherwise. Other cheats include ways to make players drop items, and using bots to monitor certain parts of the game for the sole purpose of knowing exactly when to raid, and then there is all the speed hacking (EG movement hacks) that goes on.

Lineage II: I played for 6 months, and never met another player, just about 4000 different bots.

LOTRO: Besides the game missing something, it had its share of bots.

WoW: I get spammed with cheat site URL's every time I login, regardless of realm.

Of all the above WoW seems to have it the most under control, but that doesn't mean they don't have room to improve.
Cheating is so rampant in Ultima Online anymore, that the fricken game isn't worth logging into.

Re:Just ask regular players.... (1)

Malevolent Tester (1201209) | more than 6 years ago | (#22067858)

Lineage II: I played for 6 months, and never met another player, just about 4000 different bots.

I occassionally have a look at the MMO betas on fileplanet; almost without fail*, every Korean or Chinese open beta is cheated to irrelevance within a week of the beta starting - everything from complicated bots to speed hacks to simple memory cheats that shouldn't have been possible on any decent client 20 years ago. While every MMO seems to be afflicted with cheats, Asian (and console) developers don't seem to have learned the simple lesson of "never trust the client".

*Navy Field being the exception

Re:Just ask regular players.... (1)

1001011010110101 (305349) | more than 6 years ago | (#22068622)

That doesn't happen only in the the Korean ones.
WOW, for instance, has player position (x,y,z) in memory, and trusts the client about it. Some time ago, when teleport hacks started to surface, Blizzard started doing what koreans/chinese have done for years: monitor the player computer for software that could alter memory, and some other hacks. I believe they also started looking server traces to see people teleporting into non-standard destinations (people can teleport to their home in once an hour).
The problem with not trusting the client, is the resource usage in the server to monitor that much. I dont think wow realms support more than 2k users as it is, if everything was to be controlled on the client, they woudn't be able to support 200.

Re:Just ask regular players.... (1, Informative)

Anonymous Coward | more than 6 years ago | (#22068058)

Part of the reason WoW manages so well is that many of the kinds of rewards for achievements they give simply can't be bought and sold, the most significant being items that you can only get from PvE progress. I've never heard of gold farmers joining a high-end guild and selling a char with Illidan-killing level gear...

However, the AH prices for those items that can be sold and bought are pretty screwed up. Anything that's worth buying has seriously inflated prices while everything else doesn't sell at all (random greens sell for slightly above the vendor price due to enchanters leveling their skill, but that's about it). Of course most of those things are achievable without cheating - just by spending lots and lots of time online with enough characters...

Another problem is that leveling a new character on a realm where you don't have higher level characters requires you to choose a class that isn't too gear-dependent, since any gear worth having will be very difficult to get - since most similar level chars are twinks...that has nothing to do with cheating, but the item price inflation problem is very much related.

Economics (2, Insightful)

DJ_Adequate (699393) | more than 6 years ago | (#22068302)

That, I think, is my biggest complaint. Properly designed economies would go a long way to reduce the incentive to cheat. But WOWs economy, especially lately, is spectacularly broken. Most raw materials are worth more than anything you can craft out of them. Low-level items are either useless and impossible to sell, or--if useful--people with high level alts have priced them at a range no new-user can ever afford. I would suggest MMORPG designers spend less time on the technical aspect of the cheats, more time on the internal game economics that motivate them. And no, it's not really the grinding. Just the economy. Raw materials + labor should always have greater value than the raw materials alone, for example.

Re:Economics (1)

CensorshipDonkey (1108755) | more than 6 years ago | (#22068514)

Raw materials + labor should always have greater value than the raw materials alone, for example.

In any system where the real labor is the time getting spent accumulating materials, the "labor" is a 10 second long combine activated by a single button push, the "labor" is not adding much value.

Re:Just ask regular players.... (1)

Zader (814402) | more than 6 years ago | (#22068370)

Of all the above WoW seems to have it the most under control, but that doesn't mean they don't have room to improve.
It's been a while since I've been playing, but have you seen the number of autoleveling bots every time they open up a new server? It's a joke. I spent a couple of hours one night killing an ally priest who was doing the level grind with a bot. (I quit after something like 40 kills ... very boring). Screenshots, appeals - no actions by a GM. Saw the same guy a night or two later at a much higher level. Same with speedhacks.

This is why I quit bothering with WoW. Humans are now obsolete.

Re:Just ask regular players.... (1)

Bahamut_Omega (811064) | more than 6 years ago | (#22068552)

Well asides from WoW; I also play MapleStory. The latter tends to have a fair amount of hackers depending if someone releases an exploit into the wild. I've seen a few times where the hacking has gotten to the point where I've had to put a notice to my guild members because of it as well as take a break. This was all because Gameguard usually doesn't work too well for security; and Nexon usually tends to leap before they look. I would challenge one of the people from Nexon to post on slashdot under this very topic.

Re:Just ask regular players.... (1)

Kethinov (636034) | more than 6 years ago | (#22068960)

Regarding Ultima Online, play on a free server like UOGamers [uogamers.com]. The reimplemented server software prevents the server-related exploits like speedhacking (attempting it gets you auto-banned) and as for scripting, admins are vigilant about combating it. They have measures that EA didn't implement like in-game captchas and other internal methods of blocking scripting attempts.

I quit UO on EA's servers five years ago (making a hefty sum selling all my stuff on ebay in the process!) for the player run community have haven't looked back. The player run servers are of higher quality, sufficiently large populations, and are overall a superior gaming experience to EA's servers. I love it. :)

Best of all - no monthly fee. I can binge and purge freely and not feel obligated to login for 5 hours every day.

state of insecurity for US soon to be resolved? (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22067424)

don't hold your breath, or expect the corepirate nazis to help. they thrive on death, debt & disruption worldwide. let yOUR conscience be yOUR guide. you can be more helpful than you might have imagined. there are still some choices. if they do not suit you, consider the likely results of continuing to follow the corepirate nazi hypenosys story LIEn, whereas anything of relevance is replaced almost instantly with pr ?firm? scriptdead mindphuking propaganda or 'celebrity' trivia 'foam'. meanwhile; don't forget to get a little more oxygen on yOUR brain, & look up in the sky from time to time, starting early in the day. there's lots going on up there.

http://news.yahoo.com/s/ap/20071229/ap_on_sc/ye_climate_records;_ylt=A0WTcVgednZHP2gB9wms0NUE [yahoo.com]
http://news.yahoo.com/s/afp/20080108/ts_alt_afp/ushealthfrancemortality;_ylt=A9G_RngbRIVHsYAAfCas0NUE [yahoo.com]
http://www.nytimes.com/2007/12/31/opinion/31mon1.html?em&ex=1199336400&en=c4b5414371631707&ei=5087%0A [nytimes.com]

is it time to get real yet? A LOT of energy is being squandered in attempts to keep US in the dark. in the end (give or take a few 1000 years), the creators will prevail (world without end, etc...), as it has always been. the process of gaining yOUR release from the current hostage situation may not be what you might think it is. butt of course, most of US don't know, or care what a precarious/fatal situation we're in. for example; the insidious attempts by the felonious corepirate nazi execrable to block the suns' light, interfering with a requirement (sunlight) for us to stay healthy/alive. it's likely not good for yOUR health/memories 'else they'd be bragging about it? we're intending for the whoreabully deceptive (they'll do ANYTHING for a bit more monIE/power) felons to give up/fail even further, in attempting to control the 'weather', as well as a # of other things/events.

http://video.google.com/videosearch?hl=en&q=video+cloud+spraying [google.com]

dictator style micro management has never worked (for very long). it's an illness. tie that with life0cidal aggression & softwar gangster style bullying, & what do we have? a greed/fear/ego based recipe for disaster. meanwhile, you can help to stop the bleeding (loss of life & limb);

http://www.cnn.com/2007/POLITICS/12/28/vermont.banning.bush.ap/index.html [cnn.com]

the bleeding must be stopped before any healing can begin. jailing a couple of corepirate nazi hired goons would send a clear message to the rest of the world from US. any truthful look at the 'scorecard' would reveal that we are a society in decline/deep doo-doo, despite all of the scriptdead pr ?firm? generated drum beating & flag waving propaganda that we are constantly bombarded with. is it time to get real yet? please consider carefully ALL of yOUR other 'options'. the creators will prevail. as it has always been.

corepirate nazi execrable costs outweigh benefits
(Score:-)mynuts won, the king is a fink)
by ourselves on everyday 24/7

as there are no benefits, just more&more death/debt & disruption. fortunately there's an 'army' of light bringers, coming yOUR way. the little ones/innocents must/will be protected. after the big flash, ALL of yOUR imaginary 'borders' may blur a bit? for each of the creators' innocents harmed in any way, there is a debt that must/will be repaid by you/us, as the perpetrators/minions of unprecedented evile, will not be available. 'vote' with (what's left in) yOUR wallet, & by your behaviors. help bring an end to unprecedented evile's manifestation through yOUR owned felonious corepirate nazi glowbull warmongering execrable. some of US should consider ourselves somewhat fortunate to be among those scheduled to survive after the big flash/implementation of the creators' wwwildly popular planet/population rescue initiative/mandate. it's right in the manual, 'world without end', etc.... as we all ?know?, change is inevitable, & denying/ignoring gravity, logic, morality, etc..., is only possible, on a temporary basis. concern about the course of events that will occur should the life0cidal execrable fail to be intervened upon is in order. 'do not be dismayed' (also from the manual). however, it's ok/recommended, to not attempt to live under/accept, fauxking nazi felon greed/fear/ego based pr ?firm? scriptdead mindphuking hypenosys.

consult with/trust in yOUR creators. providing more than enough of everything for everyone (without any distracting/spiritdead personal gain motives), whilst badtolling unprecedented evile, using an unlimited supply of newclear power, since/until forever. see you there?

"If my people, which are called by my name, shall humble themselves, and pray, and seek my face, and turn from their wicked ways; then will I hear from heaven, and will forgive their sin, and will heal their land."

meanwhile, the life0cidal philistines continue on their path of death, debt, & disruption for most of US. gov. bush denies health care for the little ones;

http://www.cnn.com/2007/POLITICS/10/03/bush.veto/index.html [cnn.com]

whilst demanding/extorting billions to paint more targets on the bigger kids;

http://www.cnn.com/2007/POLITICS/12/12/bush.war.funding/index.html [cnn.com]

& pretending that it isn't happening here;

http://www.timesonline.co.uk/tol/news/world/us_and_americas/article3086937.ece [timesonline.co.uk]
all is not lost/forgotten/forgiven

(yOUR elected) president al gore (deciding not to wait for the much anticipated 'lonesome al answers yOUR questions' interview here on /.) continues to attempt to shed some light on yOUR foibles. talk about reverse polarity;

http://www.timesonline.co.uk/tol/news/environment/article3046116.ece [timesonline.co.uk]

nigger (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22067450)









and the best of all - nigger

rootkit-like? (1)

kwerle (39371) | more than 6 years ago | (#22067472)

I'm curious if "rootkit-like techniques to evade detection" is anything but BS market speak.

Re:rootkit-like? (5, Interesting)

RichMan (8097) | more than 6 years ago | (#22067564)

Blizzard has a cheat monitor process calls the Warden which scans the active process list for known cheat programs. Hiding from a process scanner is "rootkit-like". It is indeed a war zone out there. I wonder if these guys ever play core-wars.

http://en.wikipedia.org/wiki/Warden_(software) [wikipedia.org]

Warden (also known as Warden Client) is an anti-cheating tool integrated in Blizzard Entertainment games such as Diablo II, StarCraft (since patch 1.15), and most notably World of Warcraft. While the game is running, Warden uses API function calls to collect data on open programs on the user's computer and sends it back to Blizzard servers as hash values to be compared to those of known cheating programs.[1] Privacy advocates consider the program to be spyware.[2]

Re:rootkit-like? (0)

Anonymous Coward | more than 6 years ago | (#22068264)

There are a lot of ways to walk around that. I used to forward traffic to the server through another computer, which is the one with the cheat-proxy running. They can scan whatever they feel like in my computer, but they won't find anything.

Re:rootkit-like? (0)

Anonymous Coward | more than 6 years ago | (#22067614)

I'm curious if "rootkit-like techniques to evade detection" is anything but BS market speak.

Means they used something like the Sony BMG rootkit [google.com] if not that exact rootkit to hide their hacks.

Hide stuff at such a low level anything loaded after the protective rootkit umbrella has no chance to see it.

Re:rootkit-like? (4, Interesting)

Anonymous Coward | more than 6 years ago | (#22067638)

No, it means literally what it says. Rootkit-like techniques to evade detection; specifically, process stealthing.

Because, for example, Blizzard's polymorphic anti-cheat "Warden" tries to scan process lists, the memory space of other processes, window titles - and, if they want, your filesystem - and because it can be updated at any time, if you want to spend any serious time looking at the game in that way, one of the very first things you're going to need is a good stealth driver to pull the wool over its eyes.

It shouldn't be that difficult, you'd think. Both Inner Space and Glider, for example, have modules to do just that, and they're running a kernel mode driver which Warden doesn't have the advantage of, but even so, the stealth is woefully incomplete which is one reason people get massbanned.

Of course the other reason is that bots tend to look rather obvious to any other player, and get reported. The challenge there is to build a better bot, (but since there's chat involved in the game, you'd better get ready for a Turing test; since that isn't an option, discretion is the better part of valour).

Re:rootkit-like? (1)

stevey (64018) | more than 6 years ago | (#22068320)

The challenge there is to build a better bot, (but since there's chat involved in the game, you'd better get ready for a Turing test; since that isn't an option, discretion is the better part of valour).

If you were going to massive effort to write a new bot wouldn't it make sense to proxy the chat requests to an instance of Jabber, or similar?

That way you could have the bot doing bot-things, and if you get a chat a farm-operator could handle all incoming/outgoing chat queries from one central machine.

Re:rootkit-like? (1)

Torvaun (1040898) | more than 6 years ago | (#22068368)

Easiest way to deal with that kind of Turing test is to make your bot extremely antisocial. Example: Someone chats to the bot, bot replies from list of responses including "STFU n00b!!!!!", "how i mine 4 fish???", and something in a fairly obscure foreign language. Being abusive enough to keep people from trying to chat with you is an easy way to avoid having to code any real conversation.

Re:rootkit-like? (1)

mabu (178417) | more than 6 years ago | (#22067706)

That's about as specific as they got about "computer security". The article could have been written by a plumber for all we know. There's no indication from the article, these guys have any experience or knowledge about gaming security. It's as if I watched a tv show about being a doctor and then wrote a book on medical malpractice. Why is slashdot giving these poseurs any attention?

Re:rootkit-like? (0)

Anonymous Coward | more than 6 years ago | (#22068400)

This article was written by a writer. Writers are people who write articles. Go crawl back under your rock for a few more centuries, wouldja?

Rootkit techniques are so-called because they operate at essentially driver access level where the OS can't even manage them, so they don't appear in the OS's process listing. They live and work in kernel space. Another way to do this is to make the UI to the tool as an addon to the game itself, then TSR (Terminate, Stay Resident) the tool and control it with OS messages or something.

The goal is to get out of the process list. If your app isn't in the OS's process list, no other app will be able to detect it unless it specifically looks for it by trying to call its hooks in memory, which is pretty much guaranteed to crash the system if the tool isn't there.

Long story short, the article is accurate and you're a dweeb.

Re:rootkit-like? (1)

MorteSicura (766706) | more than 6 years ago | (#22067780)

This is no BS market speak. Those hackers use rootkit techniques to hide their bot from being detected. They know what their talking about.

Most game companies don't care (2, Insightful)

Saffaya (702234) | more than 6 years ago | (#22067562)

They don't care if their games are rotten with farmers and trading of game assets/currency.

All they will do is buy external software like GameGard, whose primary function is to hob resources of the customer's PC and make it less stable.

Thus, the low-end PHB will be able to claim to his boss he is actively fighting the problem, with GameGard's monthly invoice in hand for proof.

Meanwhile the players will lament about the enormous parasitic-like farmer population, detrimental to the game itself, and in plain view of anyone who actually logs in the game.

Exploits and WOW. (4, Insightful)

Shivetya (243324) | more than 6 years ago | (#22067584)

Well after reading the article, following links, and such its obvious the biggest thing they exploited with WOW during the course of writing and selling their book is the name. In other words, unless they had referenced WOW their book would be relegated to the dust bins of book sellers.

These two seem hell bent on FUD with Blizzard in regards to Warden. I haven't connected the dots but it appears these are either the same people who flew off the handle when Warden changed or are in the same group. Basically take something and use choice wording and catch phrases to imply sinister behaviour where none really exists. IOW - 911 conspiracy hacks read from the same play book. These guys just seem to be on some damn fool crusade against Warden that it borders on silly. The very same people probably don't blink when it comes to handing over their CC/Debit card to someone behind the counter freak out over a company that actually has to take steps to protect the data the players voluntarily entered when subscribing!

As for WOW itself, location hacks exist as the client and server are not always in synch for these actions. The biggest impact "cheaters" have on WOW is on the non-cheating players. Money transfers between accounts take an hour to complete, sales via the auction house are no longer immediate but instead take an hour, and trial accounts are so restricted that teaching someone to play with one is an exercise in frustration.

Re:Exploits and WOW. (1)

Sta7ic (819090) | more than 6 years ago | (#22068076)

WoW also has the funny distinction of being an order of magnitude larger than the next MMOG out there, for better or worse. It'd be somewhat absurd NOT to have a disproportionately large share of material for a disproportionately popular game.

Warden's also nettled a lot of people who look into it, even if Joe User doesn't care so long as it doesn't break anything.

Re:Exploits and WOW. (1)

lucifron (964735) | more than 6 years ago | (#22068672)

As for WOW itself, location hacks exist as the client and server are not always in synch for these actions. The biggest impact "cheaters" have on WOW is on the non-cheating players. Money transfers between accounts take an hour to complete, sales via the auction house are no longer immediate but instead take an hour, and trial accounts are so restricted that teaching someone to play with one is an exercise in frustration.
You forget about the incessant spam and hacking attempts. Blizzard has 9 million players to help them report spammers, and still can't get those IP addresses banned from the game and official forums..

A non issue (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#22067592)

You won't care about your vorpal blade when a Muslim has an AK in your back, forcing you to worship Allah.
You'll be praying for the good old days of Christian tyranny again.

Re:A non issue (0)

Anonymous Coward | more than 6 years ago | (#22067894)

That Islamic virtual reality game youve invented inside your head sounds great. Sign me up.

Paradigm Shift (3, Insightful)

cheesethegreat (132893) | more than 6 years ago | (#22067652)

The only way that online games are going to have a chance at getting away from these issues is with the implementation of skill-based advancement instead of advancement based on accumulated experience/gold. As it stands, a high-level player in many online games doesn't need to have learned any particular skill themselves, but a simple accumulation of wealth via goldsellers to buy high-quality equipment and mindless hack-n-slash, combined with good macros, and they can usually come out on top.

Contrast this approach with what's seen in something like Jumpgate, where players have to actually develop their skill as a pilot in order to be successful in combat. I'd expect that gold-buying in that game is significantly lower per-capita than in your standard grind games like WoW or LotRO.

When we pray for the end of goldselling, what we're really hoping for is the beginning of an era where non-transferable capital (the skill you develop from playing the game) becomes the dominant factor in advancement.

Re:Paradigm Shift (1)

Talderas (1212466) | more than 6 years ago | (#22067848)

However, you ignore that in every RPG, from Tabletop to MMORPGS, equipment and gear plays a role. A lv10 fighter in D&D with mundane gear is not going to be as good a lv10 fighter in D&D with magical gear.

In WoW, they have soulbound equipment. There's two types BoE and BoP, BoE is Bind on Equip and BoP is Bind on Pickup. Most of the time the best gear is BoP, meaning you have to actually do something to get it, raid or PvP essentially. Unless you buy a character off of ebay, you had to level it up, which means you should at least know how to play your class. On top of that, the quest rewards in the last expansion are at least half-decent when it comes to running instances, but I digress. In a game like WoW, gear doesn't solely define power. A lv70 warrior with quest greens versus a lv70 warrior in full epics isn't always going to result in the lv70 green warrior losing, the lv70 epics warrior could lost just because he doesn't know how to play. Equipment functions as the optimizer for your character, because you still need the skill to play.

Re:Paradigm Shift (2, Insightful)

mapsjanhere (1130359) | more than 6 years ago | (#22067866)

I don't know if you've ever played in the end game of a MMORPG - but skill is everything. Your fellow players at the highest level know immediately if you're a phony on a bought or borrowed account. Even if you have the skill with one of your classes, most likely we will know when you're on another toon, simply because it's not up to the standards. It's the fraction of a second your spells are late, the way you miss on hits by bad positioning, the choice of buffs you dole out. You can buy all the gold you want (or all the characters) from the commercial players, but you won't get anywhere at the end. At a level where 50 people have to give 99% of their ability to beat an encounter your lack of skill, even in a grind based game, will stick out like a sore thumb.

Skill doesn't help (1)

mark_jabroni (547666) | more than 6 years ago | (#22068390)

First of all, skill required to play MMORPG's is vastly underrated. The reason is simple : everyone plays so much that, on average, everybody is already very skilled. You simply couldn't throw an inexperienced WoW player into a serious raiding environment and expect them to succeed because they have gear/money/macros.

Secondly, Puzzle Pirates is a skill-based MMOG and there are still plenty of cheats and scams.

Re:Skill doesn't help (1)

C0rinthian (770164) | more than 6 years ago | (#22068896)

And again, You are confusing knowledge with skill. Playing WoW at the high level requires a decent chunk of knowledge. The actual mechanics of gameplay are quite simple.

Re:Paradigm Shift (4, Insightful)

Teancum (67324) | more than 6 years ago | (#22068650)

One of the things that you miss here is the fact that many role-playing games (I'm including pencil and dice games here as well as stand-alone video games and MMORPGs) try to give you the simulation of being something which you decidedly are not. You may be a pencil-necked geek with a host of allergies (or in my case an over weight middle-aged software engineer), but you get into the games so that you can live out some sort of fantasy of being something you are not right now.

So the "skills" you acquire are something not entirely related to the activity you are doing "in game".

Still, the comment of a previous poster to your comment here is very appropriate: If you "cheated" your way into gaining a certain position/in game skill level by virtue of a gold farmer or some other hack, you really don't understand all of the subtle methods of using all of the options at your disposal. You certainly won't be able to take on even NPC monsters that would easily be defeated by somebody at your current "in-game" skill level. At the same time, even in a "grind" game (or even more so in those kind of games), you can take somebody with considerable experience in the game and see them excel at achieving in-game ranking even with a brand new character due to their advanced knowledge of techniques used to play the game, including knowledge of various locations and when to fall back and try again some other time.

Heck, I have actually enjoyed starting out all over again from scratch on a few occasions, just to get a little bit of a challenge back into the game. But I level up oh so much faster than my contemporaries who created brand new accounts with me that they just look puzzled when I walk by a couple of days later being twice or three times their "level". In game experience does matter, and it translates across in a whole bunch of ways.

Your suggestion that player rankings (combat levels are just another way for players to compare each other) bring about a desire to push their ranking up with real-world cash is certainly something worth mentioning. But in the long run those are artificially inflated rankings anyway. It doesn't deal with the other problems associated with real-world item trading, and IMHO there will always be those who try to find ways to "cheat" the system with cash. That can be through a faster network connection, better computer/graphics card, cheat program that let's you get an attack in 1/2 second earlier, or whatever means you can think of. This has always been the case, even for games like Doom and Quake that didn't even really have levels to compare against. And I knew people who did "cheat" at Quake and were proud of it.

article devoid of content (1)

mabu (178417) | more than 6 years ago | (#22067666)

The OP's source article seems to be a prime example of astroturfing. The guy talks in generalities about computer security and gives absolutely no examples. He's just selling his book and the article really says nothing. He also used the phrase "paradigm shift" so you knew there wasn't any real content ahead. Plus, most security people will attest to the fact that any "computer security expert" who has a PhD is laughable. That guy probably couldn't get his parking validated at H.O.P.E.

Re:article devoid of content (1)

DigitalSorceress (156609) | more than 6 years ago | (#22068462)

I was kind of feeling the same thing... Really felt like an infomercial.

I didn't have too much of a problem with the topics, but the way he gives credit to his books for changing the security world? PLEASE!

Can anyone say Narcissism? (I'm not sure if I can even spell it) Ok, how about a side helping of hubris? mmm. Mix with [troll sweat] and simmer.

Security and what I call... the "zerging effect" (1)

blahplusplus (757119) | more than 6 years ago | (#22067752)

The problem is a game on the net is exposed statistically to millions of people at any given time, it's no surprise that game companies can't deal with "Zerging effect" (i.e. a term from starcraft where one masses units and over-runs the enemy).

Game companies neither have: 1) The talent or 2) The resources, to deal with this number of people effectively. Not to mention that, it only takes a few geniuses to post or sell their cheats online for them to spread to everyone else who's interested in them.

Look, that's the *idea*, people (3, Insightful)

DNS-and-BIND (461968) | more than 6 years ago | (#22067818)

The whole idea behind online games is twofold: 1) get the reward: better items and more money, and 2) accomplish objective 1 with as little effort as possible. The whole "solve problems creatively" idea is bunk, and besides if anyone actually did provide problems like that, you'd just search online for the answer anyhow. Everybody likes to be ahead of the game, and nobody wants to plod along the old-fashioned way. A sense that you're better than everyone else is expected, and even essential (and not just in video games).

Online games (and any game in which you accumulate posessions) are just variations on a Skinner box. Put a gamer in a box, have him peck away at moving about the world, and give him possessions randomly. It's the same sort of thing that makes people sit in front of slot machines for hours. If they *did* make a hackproof game, only a few people would play it and it would fail financially.

Re:Look, that's the *idea*, people (1)

DNS-and-BIND (461968) | more than 6 years ago | (#22067850)

Oh, and as an aside, I searched for random reward skinner just to make sure I was remembering correctly what a Skinner box was, and there were fewer results with rats and pigeons - most of the results had to do with online gaming. Scary, eh?

Re:Look, that's the *idea*, people (1)

DigitalSorceress (156609) | more than 6 years ago | (#22068082)

"If they *did* make a hackproof game, only a few people would play it and it would fail financially"

Not trying to get personal or troll here, but I completely disagree with you... in order for your statement to be true, this would suggest that the vast majority of MMORPG players were using hacks/cheats.

Now, if you consider a web site that has maps or quest data to be a cheat, or if you consider those who use add-ons and UI Mods (legal ones) as part of that category, then yeah, I know very few fellow Warcraft players who don't run at least a few mods or occasionally check one of the sites like thottbot, wowwiki, wowhead, alakazam, wowplotter, etc...

Still, I think when you say "hackproof" (at least how it comes across to me) you're talking about exploits and bots and other items that are against the TOS of the given game, and I just can't agree with that kind of blanket statement.

Re:Look, that's the *idea*, people (2, Insightful)

murdocj (543661) | more than 6 years ago | (#22068512)

The whole idea behind online games is twofold: 1) get the reward: better items and more money, and 2) accomplish objective 1 with as little effort as possible.

The rewards are nice. But that's not why I play. I play WoW for the same reason I play any game, to have fun. If I'm not having fun *while I'm playing* it's not worth it, no matter what the reward is. As an example, I do some player vs player combat in one of the zones (Halaa) when the chance comes up. You get tokens for doing this that you can use to buy gear. Well, I've looked at the gear and it's not interesting to me. I do the combat because I enjoy it, NOT because I can grind away and get some uber loot someday.

Interview with Sony Online Entertainment CEO (4, Interesting)

eepok (545733) | more than 6 years ago | (#22067870)

Massively just did an interview with John Smedley and touched upon the issue of farmers/plat sellers and how they are using social hacking to bring in profits and hurt the company.

Part 1: http://www.massively.com/2008/01/14/a-ces-interview-with-soe-ceo-john-smedley-pt-1/ [massively.com]
Part 2: http://www.massively.com/2008/01/14/a-ces-interview-with-soe-ceo-john-smedley-pt-2/ [massively.com]

SOE owns and operates Everquest, Everquest 2, Star Wars Galaxies, and other MMOs.

I think the issue of farming is higher on the radar now than it ever has been. The behinds the scenes things are really frustration. A lot of these farmers are essentially stealing from us. What they do is they charge us back all the time. They use a credit card -sometimes stolen, sometimes not - to buy an account key. They use the account for a month, and then they call the credit card company and charge it back. We have suffered nearly a million dollars just in fines over the past six months; it's getting extremely expensive for us. What's happening is that when they do this all the time, the credit card companies come back to us and say "You have a higher than normal chargeback rate, therefore we'll charge you fines on top of that."

Cheating in online games (5, Interesting)

mabu (178417) | more than 6 years ago | (#22067984)

I was a GM in Everquest for several years. I could chime in on my experience, which mostly related to scouting out in-game cheating. We were trained to look for signs of more elaborate types of cheats and report them higher up in the chain.

In most of these games, the main thing wasn't really "cheating" as much as it was "exploiting" flaws of characteristics of the game's design. On some maps it was possible to "fall through the world" and people could effectively position themselves so they could attack monsters but the monsters could not attack them. This was also accomplished by using creative means to get on top of structures in the game geometry that the designers had never intended to be accessible. There were places for example, where we'd often find PCs on roofs in hostile towns attacking high-level NPCs and due to the pathing, were able to not be counter-attacked. There was a constant cat-and-mouse game trying to find out how they were pulling these things off. It was more interesting than annoying usually. I was always impressed by some of the creative ways people would try to give themselves an advantage.

Midway into EQ's popularity a number of software programs started to appear. These really blew the lid off the game's integrity. I forget the name of this one utility, but it was a utility that managed to decrypt the game stream, and due to the way the game was designed, when you entered a zone, this program could identify the coordinates of and nature of every NPC and PC in a certain range. SOE's game design, which often sent more info to the client than the client needed to make available to the user, created a situation where once someone decrypted the data, they had access to what was going on. Suddenly rare NPCs were being killed within minutes of appearing, and when a GM appeared in a zone to investigate, the perps knew instantly we were there and would logoff. Again, a cat-and-mouse game erupted where the developers started routinely changing the game's encryption and eventually they curtailed much of this behavior and made it too difficult to use the software. But at its heyday, the cheats were quite impressed. You'd have your main game client, and then you'd have a second computer sniffing the traffic, decoding it and displaying a real-time map of all PCs and NPCs in the zone. Very high-tech. Also very difficult to catch. Since the cheat program wasn't even on the same PC, programs like WoW's "Warden" wouldn't help. The only way you could identify someone cheating was to watch their in-game behavior. When you'd see PCs make a beeline for a rare NPC within seconds of it spawning, you knew something was up.

Last but not least, in these games, the servers log just about everything. If they want to catch a cheater, the behavior is quite easy to spot. I think the biggest issue with security in MMORPGS isn't being able to catch people cheating, it's trying to figure out how to keep the proper balance between game integrity and profitability. Probably 90% of people playing MMORPGs have broke rules and most of this behavior is on file. The companies cannot afford to take too hard a stance unless the transgressions are creating big problems.

Re:Cheating in online games (2, Informative)

JDAustin (468180) | more than 6 years ago | (#22068218)

The program you mention was ShowEQ. Originally, it was a linux only program so it wasnt used by many. Eventually, someone ported it to Windows and its use increased vastly.

What really made things bad though was Macroquest II. Even though this required to be recompiled with every new patch, this is what made many of the exploits possible. Even SOE knew how rampant its use was but they would not go after people using MQ for its passive features (ie maps, targeting, healbot macros, etc) but people using it for the active exploiting (ie teleporting, attacking any mob in a zone from the zone line, etc).

Re:Cheating in online games (1)

Reapman (740286) | more than 6 years ago | (#22068282)

"When you'd see PCs make a beeline for a rare NPC within seconds of it spawning, you knew something was up."

For some reason I had a vision of you as a GM appearing in front of em and using your godlike powers to kick their ass and send em running away.

Wish that's actually how it worked in these games, would be pretty sweet watchin a GM kick the crap out of some Gold/Gil/Credit farmers.

Re:Cheating in online games (1)

Teancum (67324) | more than 6 years ago | (#22068888)

I played text-based MUDs that had the local server admin create a "God" character (often simply named GOD as well, interestingly enough) that would show up in-game and occasionally talk to players and give "gifts" of various items in-game as well from time to time. Or be able to zap players to a special "holding cell" that would then be a place for "God" to interview you about what was going on.

I got zapped once to "heaven" and talked about in-game issues on more than one occasion... usually on a friendly basis but on one occasion because the "god" was a total jerk. I do wish it was done more often with the MMORPGs, but sometimes I think they forget the rich heritage that proceeded them, and how often they have had to repeat the same mistakes that were discovered decades ago with similar games.

Having a "god" kill gold farmers with a single swipe of their "divine" weapon would certainly get some applause from many of those in-game. It would also drive home clearly what happens to rule breakers as vivid in-game examples.

Re:Cheating in online games (2, Insightful)

dc29A (636871) | more than 6 years ago | (#22068402)

The program you think of was ShowEQ. Also, this was a direct result of retarded game design by Sony where by one dragon can only be killed by one group of people per week, unlike the current crop of MMOGs where everything is instanced and this is no longer a problem.

Just the way ShowEQ was a direct result of game design flaws in EverQuest, the same way leveling bots are for other games or ingame currency selling for real life money and whatnot. Game design flaws will result in hacks, bots and currency trading.

Re:Cheating in online games (0)

Anonymous Coward | more than 6 years ago | (#22068652)

> Also, this was a direct result of retarded game design by Sony where by one
> dragon can only be killed by one group of people per week, unlike the current
> crop of MMOGs where everything is instanced and this is no longer a problem.

That's not necessarily bad design. It's a choice.

Having everything instanced in other games (WoW) has resulted in there being less direct competition between guilds. Guilds on average seem to be less 'hardcore'. With this reduction in competition comes an increase in loyalty, guild hopping is less of an issue because there's nothing to hide. Internet strategy guides all over because of instancing reducing the motivation to keep strategies secret reduce some of the (lol videogame) satisfaction gained from taking a new opponent down.

Instances did great things for the way I currently have to play (working players require a more structured playing time..), but in no way is it explicitly better than world spawns that must be competed for.

Re:Cheating in online games (1)

eepok (545733) | more than 6 years ago | (#22068712)

Well, instanced zones don't necessarily cure the ails. Recently, on one of the Everquest servers, there have been claims and reason to believe that a small group of characters beat a progression-based instanced mission (a first for the server) when the instanced is tuned for a extremely highly progressed raid of 54 people. Moreover, on the Firiona Vie server, all nearly all loot and gear is transferable between characters, thus any hacking of extremely high content (including instanced zones) turns directly into in-game currency via a sale and that in-game currency turns into real currency by selling the platinum for real money.

Game design flaws are the not the *cause* of these problems. Bad players cause exploits and design unpreparedness allow those exploits to turn into problems.

Re:Cheating in online games (1)

everphilski (877346) | more than 6 years ago | (#22068760)

Also, this was a direct result of retarded game design by Sony where by one dragon can only be killed by one group of people per week, unlike the current crop of MMOGs where everything is instanced and this is no longer a problem.

And there are a lot of us who wouldn't have it any other way, thanks. There should be competition for major targets and progression; handing it out for free to any group of N players just cheapens the game.

Games with Hackers/Code Explorers (2, Interesting)

Teancum (67324) | more than 6 years ago | (#22068166)

One of the things that needs to be remembered here about all of this concern about game hacks, bot players, gold sellers, and other nefarious aspects of the MMORPG universe is that a considerable amount of what happens here is just sheer intellectual curiosity.

Face it, network packets are for many software developers hardly a mystery, and trying to reverse engineer the communications protocols between a game server and a client is hardly the most challenging task in computer science. If the game publisher decides to encrypt the communication in some way, that encryption is easy to reverse engineer as well... especially if you have the software for the client on your own machine. It may crack up the skill level a little bit if the "hacker" has to decompile the client in order to find the encryption mechanism, but that just makes it all that more of a prize to win and find out.

For several of the on-line games that I play, I'll admit that I've been tempted to try this myself just to see how it was done. And there are major communities who love to do this stuff. For example, the game Runescape has a fairly good group of people who have tried to reverse engineer the communications protocols, and have gone so far as to recreate the server software itself and re-implement a client using the same protocol. One excellent example is Moparscape [moparscape.org] (Warning: click on this link at your own risk... these are real hackers here!) This is not the only server like this, I should add.

That real-world cash is also injected into the need/demand for these sort of reverse engineering efforts is really just icing on the cake for many of these individuals who get into this activity.

How you can get rid of this "game about a game" effort in terms of an arms race between the software publisher and the hacker community trying to reverse engineer the communications protocol may be something worth investigating. I'm certain that, as usual, the game industry is probably far more secure in its communication protocols than most other "real-world" activities like bank transactions and electronic voting, perhaps even military communications. This would be as a result of the vested interested of those young enough to have the patience and determination in order to hack this communications system.

I'm also certain that even the software developers who write these games have a fun time trying to come up with strategies in order to thwart the hacker community. For them, it is a fun intellectual exercise as well, especially when you are going up against people brighter than you are. So in this sense, it is a sort of chess game with slightly higher stakes on the line. And once a "hacker" has obtained all of this arcane knowledge... what are they supposed to do with that hard-won knowledge? (besides give themselves the best equipment in the game.)

"Halting State" (1)

Dirtside (91468) | more than 6 years ago | (#22068340)

For a well-written novel on this exact topic, check out Halting State [wikipedia.org] by Charles Stross.

Re:"Halting State" (1)

An ominous Cow art (320322) | more than 6 years ago | (#22068994)

An interesting book, and I enjoy Stross's stuff in general, but the constant use of second person present tense got old pretty quickly for me. Hmm, Wikipedia says it was an homage to the Adventure games. I didn't think of it that way while I was reading it... I guess that makes me feel a little better about it.

Quote (1)

brkello (642429) | more than 6 years ago | (#22068358)

Sometimes the quotes at the bottom of the page are so amazingly appropriate: "If only one could get that wonderful feeling of accomplishment without having to accomplish anything."

development or hardening... ? (0, Offtopic)

deviceb (958415) | more than 6 years ago | (#22068374)

Currently i'm playing a new game, it just hit open beta about a month ago. Shaiya online. It's a great game for a free to play MMO. Already some hacks have been spotted, but for the most part the hacks are out of view..
My gripe as with most MMOs is the rate of development. Players always will out pace the game development.. and i would rather have the developers focusing on the game, and not fixing flaws. -as weird as that sounds. Most studios do not have the man power to address issues quickly. -blizzard and the like is a while different story
This brings up the reason why companies use software such as Gameguard, or even Steam...
-and i think that unfortunately.. this is the future of online gaming, outside entitys trying to secure the game.

Back to the EQ GM comment. -Active GMs have been the only way to properly address issues in game. Once EQ was picked up by Sony the GM count dropped, and in game quality did also.
my 2 cents.

How game developers react to security warnings... (1)

CodeBuster (516420) | more than 6 years ago | (#22068424)

First they ban your account and then they fix if and when they get around to it.

Security in MMORPGs? (4, Funny)

Kazymyr (190114) | more than 6 years ago | (#22068494)

I find security in MMORPGs to be as bad as you can possibly imagine. I get killed all the time, and there's never any police around to report the crime to. Don't get me started.

Great Resources on Game Security (1)

miller60 (554835) | more than 6 years ago | (#22068776)

If you're interested in game security and RMT hacks, check out the Play No Evil [playnoevil.com] blog by Steven Davis of Secure Play, which focuses almost exclusively on security in online games. As an example, yesterday he had a post about the real reason game companies care about gold farming - which is not ethics or impact on game play but payment fraud and chargebacks [playnoevil.com].

Also, the authors of Exploiting Online Games [informit.com] have a sample chapter available, and Usenix has a video of one of Gary McGraw's presentations [usenix.org] on their web site.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account