October 31, 2005

• more on this at: http://www.rootkit.com/newsread_print.php?newsid=371
• Sounds like punkbuster.
• What if Warden is running in the background and catches you ranting about it on MoFi? Does it step in?
• Isn't this old news? I don't really care. I'm a WoW player who plays maybe 10 hours a week, at most. Goldfarming/purchasable gold is bad enough, 3rd party programs that run stuff piss me off. I can't compete with this sort of thing. And hell, it's in the terms of service that that's a violation. It's like a mannequin in the passenger seats to get in the HOV lane; it's cheesy and it pisses the people trying to do it fair off. And how spy-y is it if it's well known?
• Like cobaltnine, I play WoW at the very most 10 hours a week. However, I'm a little more concerned about the spyware issue than he is. I'd like to hear more computer folks' opinions on this. By the way, I can't stand add-ons either, and custom interfaces and the like. I think they should all be banned. Just play the game as it is and have fun... only silly kids need to tweak out their gaming.
• I too am concerned! I mean, what's to prevent Blizzard from finding out my password, or even my credit card number? Aside from the fact that I already gave it to them for my subscription, that is.
• I don't know what the big deal is. It sounds like they hash the data on your computer, match it to a list of cheat hashes, and return a "yes match / no match" back to blizzard. The hashes should be one way functions with no way to recover the original data from the hash, so, who cares. People up in arms about a computer looking outside of its own data area in memory, must then think Windows is spyware. I normally like the EFF, but the whole "what if I came into your home, poked around, but didn't tell anybody what I saw" analogy, well, I invited you into my home, even held the door for you, and I'd only be upset if you told everybody about all my cool swag.
• That should read "computer *program* looking outside of its own data area" Antivirus programs do this all the time. They are spyware too now.
• I get as steamed up about eroding privacy rights as the next gal, but all I can say to these people is, RTFEULA. Seriously. If you don't like what it says, you don't have to play. And I don't buy that "no one reads those things" argument either. Blizzard could act it out in shadow puppets and someone would still complain that they didn't feel like watching.
• Let's assume it's a hash -- a one-way function -- while it's not possible to recover the data in reasonable time with only the hash, it is possible for Blizzard to figure out what's on your hard drive by running their hash function against a library of known programs. This is how Punkbuster works. But this means that they could add, say, "Klingon-bible.doc" to their library and then know if you had that file on your drive, or maybe they could scan your browser cookies (stored as files) for well-known passwords. By allowing them to do a hash of your files, you allow them to test for more than just WoW cheats. --Pat
• i prefer to trade frame rate for privacy and play on my mac ;-)
• I really^10 want someone with money to challenge a EULA. Other than that, as an MMO player, I'd drop WoW (if I played it) unless I was 60. Then the gross violation of my privacy rights would be protected. Time to log on to Steam. ttyl
• Um, every time you run anything on a windows machine, it pretty much has access to everything.
• Um, every time you run anything on a windows machine, it pretty much has access to everything. Are you just being trollish and snarky, or do you really believe that this makes WOW's software ok? Next time I'm over to your house for a game of parcheesi, you won't mind if I take a look around in your sock drawer and your medicine cabinet, would you? ...not that there's anything to hide in either of those places in _my_ house... certainly not...
• Warden is well known in the WoW community, and generally accepted so players can have a fair shake at the game without dealing with 3rd party hacks. Blizzard figured it would be better to snoop a little and have a better gaming experience than worry about a small privacy issue. Players agreed.
• Are you just being trollish and snarky, or do you really believe that this makes WOW's software ok? No, I'm referring to comments like this: what's to prevent Blizzard from finding out my password, or even my credit card number? The answer is... not windows.
• What's upsetting to computer savvy people is not so much the actions of this particular program, but that it is part of a very troubling trend. Why is Warden installed secretly? No decent player likes cheaters. Simply tell people up front that the software is being installed. The secrecy issue gets everyone's back up. You look out your window and catch your neighbour standing in his kitchen washing his dishes. You both wave at each other. No big deal, you make a mental note not to do anything embarassing while still in view. However, find out that your neighbour is sitting in a darkened room at night, watching you with binoculars, and suddenly you think he's a disturbing creep, and right so. Blizzard should simply have been up front with their actions - tell the user during the install procedure, or have a tab in the game with the Warden info. Just as important, Windows is a very finicky system. Even if programs are completely innocent in their intent, not knowing what's installed and running on your system is a recipe for headaches and crashes. Heck, the latest version of Quicktime forced me to install iTunes, and iTunes quickly messed with my file system behind my back even though I'd never run iTunes. sniffs email addresses, website URLs open at the time of the scan Why the heck is it doing this? Checking software signatures is one thing, but no way should the software be going anywhere near any text string that could contain personal information. That's clear invasion of privacy and unnecessary to program core functionality. This is indicative of a trend in gaming software, of which Warden is one of the lesser offenders, that makes knowledgable computer users very nervous. StarForce is an example of how bad things are getting. It secretly installs software in the form of a driver, a type of Windows program that is particular prone to causing instability and crashing, which Starforce does. Furthermore, Starforce cannot be easily uninstalled, even by uninstalling the game. Starforce is also so poorly written that it completely undermines part of Windows security design, leaving the system much more vulnerable to viruses and trojans. It's like a third party security guard hired to check on a bank, who leaves the back door unlocked whenever he's in the building. Who the heck would respect that? It takes almost no foresight to extrapolate this trend to envision the next generation of this type of so-called 'game protection' software, which secretly installs buggy code on your system, obliterating your passwords, firewalls and antivirus systems, emailing your personal data files back to the manufacturer, and making itself as impossible to uninstall as the worst adware.
• nai: it took some searching, but I found a version of quicktime without itunes using google.
• They might make it covert in order to keep it from drawing cheaters' attention, not honest players'. To a cheater this would be a big "Hi, here's what you need to crack and here's how it works!" sign. Clearly this didn't work, but I'm trying to think of *a* reason.
• And yet, so they check for Klingon dictionary... I for one don't care if they find I have Klingon dictionary. If I cared about it, I would run it separate from WoW since they announced they would look at other running programs in the EULA. Are they engaging in anti comptetitive practices by disconnecting users who run other games? Are they going to test every email address until they get a hash match and send my friends spam? They said they were going to do this to look for cheats, we accepted it, noone has to play World of Warcraft if they don't like it, and as long as they restrict themselves to doing what they said, I'm giving them access to my game machine. I trusted them with my credit card number. Trusting them to keep anything else private, like Klingon dictionary doesn't seem like too much of a stretch. I am more concerned about things like Starforce, mentioned above. There they are tampering with the basic function of the operating system, and they don't remove it when the game is uninstalled. I think they need to be pretty explicit in the documentation if they are going to rewrite part of the operating system. Furthermore, where is the uproar over Punkbuster, it even takes screenshots and sends them, not to the company, but the individual server operators. What if I'm buying something on amazon.com when punkbuster decides to check for a wall-hack. What about moves to put rights-verification subroutines into hardware, that will announce to the RIAA if I have any copyrighted music on my hard drive. And it will probably be enforced industry-wide by something similar to the DMCA. Certainly we can have more than one issue, but to get worked up over a video game that announced in the EULA it was going to do this... wheras other things are being foisted upon us by industry standards and legislation (printer dot tracking, etc...) seems a little hyperbolic.
• a version of quicktime without itunes using google Wow, thanks. I didn't even bother looking because I've seen this sort of forced bundling so many times before. So much for all that hassle editing the registry. Punkbuster, it even takes screenshots...What if I'm buying something on amazon.com I was under the impression that Punkbuster is incorporated into the game system itself, so it's only running when you're playing the game. Do people often shop and game at the same time? Most of the games I play don't lend themselves to that sort of multi-tasking. noone has to play World of Warcraft if they don't like it And as a result I'm not playing any games incorporating spyware that misbehaves in this manner. The companies can continue to futilely try to sell me something I have no interest in. However, there is a short window of opportunity to try and make them understand the objections. If people who dislike this sort of intrusion simply go quietly into the night, then the game companies will cling to their feelings of justification even as their sales shrink, until such 'features' become totally accepted by the ignorant. This will simply be one more nail in the PC game market, only recognized by the publishers after the market is dead. What about moves to put rights-verification subroutines into hardware That is certainly a huge concern. It's broad implications are simply staggering. However, it is only through common outrage over smaller rights issues that there will be any hope of scaring corporations into hesitancy over the larger ones. Market fear is the only weapon here. Otherwise the corps will believe they can lead us by baby steps into giving up our traditional rights and privileges, until they are all chained down in cramped corporate dungeons. Remember that it was popular outrage over the Pentium ID number that killed movement in this direction the first time around.
• I won't for myself buy multiplayer software that doesn't take action to prevent cheating, and if that means agreeing to let them survey process space, so be it. You're right, very few people will multitask while punkbuster is running. Likewise, I will not likely be running klingon dictionary while playing warcraft, or have my pgp keys open, or be buying stuff online. But I consider a screenshot far more invasive than a matched hash value. Virus scanners do the exact same thing. Do none of them ever report results back to the company of origin for the purpose of tracking outbreaks? Right, but we trust Mcafee more than Blizzard.
• StarForce threatens to sue Boing Boing
• Lame DRM company announces ebook DRM
• World of Warcraft scans players' Internet Explorer browsing history