For Once, The Folder Name Is Quite Appropriate

Fans of leetspeak in legal documents will be fond of this one: a recently denied motion in the Blizzard/WoWglider case included the lines:

The documents that Defendants requested Thaler and Lavish Software to produce included:
1.     All records, documents, or [sic] relating to or concerning MDY Industries, LLC, Michael Donnelly, www.wowglider.com, www.mmoglider.com, or any related entity, or the WowGlider or MMOGlidercomputer program, or any of its predecessors
2.     All communications between you and the following entities and individuals, or documents provided by you or them or by them to you: MDY INDUSTRIES, LLC; MICHAEL DONNELLY; WWW.WOWGLIDER.COM; WWW.MMOGLIDER.COM
3.     All files located in the WTF directory (or any subdirectory) from any and all World of Warcraft installations used or controlled by Joe Thaler or Lavish Software, LLC.
4.     A list of all World of Warcraft accounts registered, used or controlled by Joe Thaler or Lavish Software, LLC in the past three (3) years.

The wonderfully named WTF directory being where World of Warcraft stores its preferences, including account IDs and addon data. Thus showing that the Fishing skill of the Blizzard legal team is at 375. Sadly, the zone they were fishing in hadn’t been itemized.

Also, as an irony assist: remember this story? Remember the subject’s insistence as how he was a poor aggreived innocent bot writer looking in from the outside at the WoWglider case? Guess according to Blizzard’s legal team, he wasn’t so outside after all.

http://www.thisisnotacommunity.org D-0ne

Lawyers can and do say anything if only to raise the other guy’s legal fees…

I remember stories of Andy Zaffron spending two and three hours on the phone with customer’s lawyers accusing the customer of some misdeed and then apologizing for making a mistake in regard to who actually did that misdeed. A great time waster Andy uses quit often.

Andy gets to avoid the customers actual grievence and the customer’s lawyer is already billing out for a few hundred dollars.

So don’t be surprised is Blizzard asks to see the wowglider guy’s college transcript and his stamp collection records. Blizzard has all the lawyers on retainer and it costs them nothing to ask… The WoWGlider guy on the other hand pays by the hour.
http://serialganker.blogspot.com sid67

I also find it interesting that Lavish had a closer relationship to Glider than either of them has admitted in the past. There was public talk on the Glider forums about them starting to work together, but they both backtracked on that idea until ‘the court case was settled.’

BUT–I think you are missing the boat on the Privacy issue regarding Warden. It’s a bigger issue than just Blizzard and I even wrote an article on this subject ( Privacy versus Protection of Digital Assets ) in a blog entry about a week ago.

To quote that article:

Pretend it’s not Blizzard and it’s not about botters. How would you feel if Microsoft made the same requirements for Windows and it scanned your whole computer for whatever data they wanted without your knowledge and then sent back results to be used however they wanted? And worse, they did it in such a way that you could never tell what they were scanning or sending back.

And that’s the rub. If Microsoft were to bundle something even remotely similar to the current incarnation of Warden in it’s products, one million IT professionals would be marching on Washington DC to ensure that privacy would be protected. The uproar would be incredible. Microsoft took a lot of flak on this topic when they wanted to send data back about simple bug reporting to enhance user performance. That’s why they have the little screen that pops up that lets you opt-in to reporting an issue and will even provide snapshot of the data being sent back to report the crash. Unlike Warden, it is VERY transparent and obvious what they are reporting.
…
The nasty thing here is that it sets a precedent for acceptable behavior by a software developer. Do we really want to accept that a software developer can embed hidden processes that mimic virus and spyware in their products?
kalain

The reason MS doesn’t get much flak for it (by the by, they do it when you use automatic updates) is because it’s something you can’t optionally use. As a monopoly, you’re not allowed certain things because of the difficulty of switching products.

You don’t need to use WoW. There’s no business case for it. It’s not a huge privacy issue because it’s opt-in.

I go to a concert. Per the rules of the concert, they get to go through my bag and search me prior to admittance. Same concept on an internet scale. You want into their system, they get to see if you’re hacked.

Heck, your corporate VPN software can be setup to do the same thing and scan your computer before allowing you access and checking for updated AV definitions and patch levels.

You have a choice in the matter to make it a business case. Right now, Blizzard is not suffering for their choice. Thus it seems to say there is a market for an MMO that has cheat detection built in. Hell, what is Punkbuster exactly, and why do so many of us refuse to play on servers without it? Warden gets complaints because it’s done very very well, so it’s very hard to bypass.
http://serialganker.blogspot.com sid67

Warden gets complaints because it’s done very very well, so it’s very hard to bypass.

Incorrect. It is easily bypassed as evidenced by the fact that botting is still prevalent and that Blizzard has taken up legal action against Glider and now Lavish. To quote myself again:

“The burden for the exploiter is not to learn all that it does, but only to learn one method in how to circumvent it.”

In other words, Blizzard has to figure out all the possible ways the WoW client can be exploited and then work to prevent them. The exploiter only needs to find one way to make his cheat work and he has defeated or circumvented the protection. Blizzard has more resources, but they also have a much bigger problem to solve.

The point I am making in my comparison to Microsoft is twofold: 1) it sets a very bad precedent for what a user base of any program is willing to accept, and 2) there needs to be transparency into what the developer is ACTUALLY doing in order for it’s users to make an informed decision.
kalain

Warden is not easily bypassed, or it would be a non entity. The reason they’re suing is due to glider changing constantly to adapt to the changes in warden. It’s a resource game and a waste of effort for the company when they can simply sue.

That said, I could easily point out that I have no idea what any company does with my personal information/credit card information/anything else, it’s a trust issue. I don’t give my money to anyone I default Don’t Trust. Blizzard is in a position where they stand to make more money by NOT fucking up and doing immoral things than they do by selling off my information.

That said, you’re also painting yourself into a corner. If warden is easy to bypass, that means we DO know exactly what it’s doing, and it’s not hard to do so.

The point I’m making is that in any fair system, a verification that everyone is playing fair is required. In a client/server communication system, the only way to do this is to verify the client. So either we allow cheating or we accept monitoring.
http://serialganker.blogspot.com sid67

I’m not going to point out all the ways that Warden can be bypassed. It can and is bypassed regularly and anyone who wants to bot can be botting in less than an hour. Blizzard makes changes to Warden that take them months to implement and they are circumvented in DAYS. That is a simple, yet painful truth and one I am not going to continue to argue.

To repeat my earlier statement, the burden is not on the exploiter to know everything about Warden. They only need to know one way to circumvent it. Think of it this way, you can wrap yourself up in plastic to avoid having paint thrown on you. But if I walk around with a paint brush and look for an open gap, I can easily find the place you missed covering up. Even if you smother yourself in the plastic, I can still cut a little hole and apply my paint brush.
http://wowpanda.blogspot.com/ wowpanda

sid67 is right. I only need 1 sure way to bypass warden to get my bot working. However others has used more risky ways and blizzard just don’t have the resource to fix it. If blizzard really want to do it they can still archive their goal, because even if your account is banned every 3 month, bot is not an option.

I think what really happened is (just like all the other big companies), the game developers and their managers are not happy with the stress of putting security calls everywhere, and in the internal politics, the developer’s side is winning over the security guys.
Richard Campbell

Blizzard has all the lawyers on retainer and it costs them nothing to ask…

This is almost certainly not true. While I am in no position to verify Blizzard’s engagement letter with their outside counsel, I have $50 that says that

1) Blizzard has real outside counsel and is not doing this with in-house employees (note: this is verifiable from Blizzard’s answer to the complaint) and
2) Blizzard is paying an hourly rate that will be burned up in less than 500 hours of work from the lowest paid associate on the case (this is not easily verifiable unless you work in Blizzard’s legal department or for whatever law firm Blizzard hired).
Richard Campbell

And, now that I look at the answer, at http://www.wowglider.com/Legal/Feb_16_2007/AnswerAndCounterclaims.pdf, I see that Blizzard picked outside counsel from a firm with over 700 lawyers. So yes to 1), still difficult to verify 2)
ubvman

Actually, if I was a bot writer, I would disguise myself as a P2P program, something like eDonkey, Limewire or Bittorrent. Then disguise all my processes like I was downloading porn or better yet stealing some RIAA music. If nothing else this would result in several million FALSE POSITIVES.
Sullee

As a player this is a frustrating issue.

While I certainly want games to be cheater free I question the methods used to achieve that.

The major problem is that a lot of the actions taken put a burden or otherwise negatively affect the non-cheating player. There is a real privacy issue and I don’t think it can be washed away with a ‘don’t opt-in then’ response. Especially in that there are other options for improving security available to MMO companies. At any rate I expect this particular style of software security to go away eventually… as an app you are a guest on my machine and I don’t think (eventual) OS’s are going to allow Warden-style information gathering.

And let’s be honest, Blizzard (and the other MMO companies) really aren’t interested in a cheater-free game anyway. If you were you wouldn’t subject your players to annoying “free trial account” players as you try to pimp your game. Nor would you so blithely offshore your support and structure it to be chat-only.

So this is a pot-shot at an easy target. I expect it will have much the same affect as taking down BSI did.
kalain

Marketing and Security are very different departments.

Anywho, here’s my question about privacy: What privacy is it invading. Let’s cover how Warden works quickly, and let’s avoid LoLSlipperySlopeLoL arguements for the sake of sanity (you can take those to absurd levels where your bank starts using all your money and just giving you fake balance printouts if you want to)

Warden looks at the first few bytes and the program names of every process currently running on your machine. Now, let’s cover some basics: None of your programs are running with a process title of your personal information. That would be silly, and a fault of the programmer (please note, this would be why I believe it was MSN that lists all your contacts regardless of being open in a chat window as a seperate process, because it’s Stupid). Let’s see, on my machine right now:

Inbox – Microsoft Outlook
For Once, The Folder Name Is Quite Appropriate << Broken Toys – Mozilla Firefox
VNC – Server
McAfee

Gee, not that dangerous. Howabout the first bytes? Well that’s all executable footprint, if it contains your personal information in the first 16 or so bytes of the running code, it’s not actually an executable file. Unless for some strange reason your personal data is actually executable. I blame your parents.

Now what does it DO with all this information? Well naturally it sends it all into a giant Blizzard Data Vault that tracks your information into a wonderful social web of player websurfing habits! Muahahaha!

No wait, that’s not what it does at all. We can verify this by sniffing the packets it sends and receives. What it does is gets a commonly updated list of offending process titles/executable code snippets in a hash form, it compares these to a hash of the running processes, and if it sees a match, it sends back “I saw a match” and the system flags your account for a GM to look into for suspicious behavior.

So obviously this is a massive invasion of my priva.. no wait, it’s actually a very protected method that’s concerned to make sure nothing is actually sent back to the server at any point that would contain information on my activities. So at what point in all of this is my privacy being breached?

Anyways, if an OS is coded to not allow Warden type applications, the point of a warden application is Moot. The whole problem is that windows allows a process to access another process and manipulate or read it’s information. With proper segregation radar and botting programs become a lot harder to create (going back to the old EQ radar days of needing a second packet sniffing machine). As is, the program may be a guest on your system, but you’re also a guest on theirs. The question comes down to which of you has the ability to declare the rules.
http://serialganker.blogspot.com sid67

Incorrect. Warden does FAR FAR more than just search through process titles. Quite frankly, if that’s all it did it, then it would be very simple to defeat by hiding the process title from WoW or randomize those “first few bytes” to avoid detection. In fact, the whole scanning process titles thing was so ineffective that for at least 6 months in 2007 – this wasn’t even functionality that was part of Warden.

This “process scanning” thing really came to a boil as a result of some research done by Greg Hoglund on Warden. He also later wrote a book on the very same subject using much of what he learned from his initial research of Warden. Some of what he says is very true, but much of it was only true AT THE TIME he did his initial research. You see, Warden continually evolves and is updated at least every patch and typically one or two times between patches.

Warden itself actually has over three hundred different flavors and you will randomly get one of them every time you log on to the server. Once loaded, the WoW server will query Warden periodically to run different random tests. If the server doesn’t get a result, then it boots the client off the server. There is no guarantee you will see every test in a single session, but if you are logged on long enough your chances are pretty good at receiving most of them.

IMPORTANT: Up until patch 2.3, what Warden was testing and sending back was transparent to anyone with the technical know-how to look for it. If Greg Hoglund were to do his research today however, he would have no clue what tests were being run.

However, as I noted above, it’s not important for an exploiter to know all the HOW-TO details as it is to just find just ONE way to avoid it. And as you properly noted, an exploiter can use as many trial accounts as they want to test Warden.

Blizzard’s best opportunity for catching exploiters with the client-side detection is immediately after a Warden update. Lavish and MMOGlider are unique in that they offer detection of Warden updates that will shut down your botting processes before Blizzard detects them. In other words, they detect when Warden changes and then shutdown everything until they can figure out how to defeat the new version. This is why they pose such a particular problem to Blizzard.

If I were speculating, I would guess that this is the “technology” that Lavish licensed our provided to MMOGlider. Fundamentally, they both defeat Warden in very different ways. This Warden alarm system however, is something very similar and something that Lavish offered shortly after Warden was invented. MMOGlider on the other hand, didn’t implement it until much much later.

To make something very clear – I don’t support botting and I think Blizzard needs to protect their game. My point is that Warden is becoming more and more intrusive and remains a relatively ineffective solution. Instead of invading my privacy and wasting development time on Warden, they need to start investing in better SERVER SIDE detection methods that can’t be easily circumvented.
http://www.thenonentity.com/ Nonentity

Interesting bit of trivia, which I haven’t seen mentioned yet – the WTF folder holds the Warcraft Text Files. Snazzy, no?
Njal

If the zone hasn’t been itemized they’ll just get cash, so I doubt they’re worried.
http://www.corpnews.com Andrew Crystall

Uhm..

From what I can read there’s no evidence that he’s involved and that Blizzard got what amounts to a fishing expedition thrown out on its head. Looks, from my pov, an attempt to get him to hand over account names to be banned.

Share this: