back to article World of Warcraft spykit gets encrypted

Tuesday's patch to World of Warcraft introduced new content and tweaks to the land of Azeroth, but with it came an important change to The Warden, Blizzard's ill-famed tool against cheaters. According to Warden-watching modders, the latest version is now encrypted, adding a major barrier for tinfoil hats who track what …

COMMENTS

This topic is closed for new posts.
  1. Joseph
    Thumb Down

    POS company could have at least WARNED us about the change...

    Also a quick check on their forums, you will notice any topic about this is getting nuked by the admins.

    Why would anybody trust them with this kind of behavior?

    If it's not doing anything bad, why hide it?

  2. Morely Dotes
    Thumb Up

    @ Joseph

    "If it's not doing anything bad, why hide it?"

    For the same reason YOU get to close your curtains whenever you feel like it; if you're not doing anything bad, why hide it?

    It's *their* program, which you *rent* on a monthly, quarterly, or annual basis.

    And as for Blizzard's forum discussions, I can see a good, valid reason for making the gold farmers go do their research someplace else.

    If you don't trust Blizzard at least as much as you trust Microsoft (you are running Windows, aren't you? Do you have even the *slightest* clue what data is sent back to Microsoft every time you log on to the Internet? Do you know what processes are running in the kernel?), then don't play the game.

  3. Anonymous Coward
    Anonymous Coward

    they're scared

    Not returning yr call....Because U are on to em'.

  4. Anonymous Coward
    Flame

    @Morely

    "you are running Windows, aren't you?"

    Hell, no. Linux. Debian. With Cedega on the side. And this is undoubtedly part of why the "update/upgrade" broke my kid's perfectly legal, paid-for, legit, etc. install of WoW.

    I'm conflicted on which icon to choose here; what I *really* want is an angry Penguin. Because I think WoW is a phenomenal waste of my kid's time, but I also hate that Blizzard and others can't do a "pure" *ix port of their game/software. Always leaves a foul taste. So to speak.

  5. Lou Gosselin

    @Morely Dotes

    Err...not quite.

    The controversy is over Blizzard running spyware on *your* machine. Said another way, they are taking away your right to not have them snooping on your machine.

    "It's *their* program, which you *rent* on a monthly, quarterly, or annual basis."

    *License* would be more accurate, but regardless.

    The fact is that they bundle unwanted additional spyware to monitor *your* software and operating system installation, there is no intrinsic right for Blizzard to do that. This latest encryption change means that users can't see what information is being collected about them.

    Blizzard shouldn't get off the hook just because MS may be less trustworthy. In any case Microsoft has taken alot of heat over privacy concerns and Blizzard should too.

    BTW I am not a gamer, it's just that I've seen spy ware in other applications and I'm not thrilled about the prospect of it being integrated into every application running on my machine regardless of the justifications. Can you imagine that? What a waste!

  6. Eric Olson
    Boffin

    @Tin hat wearers

    Without reading through every line of the EULA I can't say this for certain, but history has shown that they will include a clause about information being collected, sent back to the mothership, hashed, diced, sliced, and extruded in some way, shape, or form that makes the License Holder feel better about things. I mean, you actually expected that something wouldn't be sent back to something you are making a digital connection to? Hell, they have your IP address, and even supposedly dynamic IP services are pretty static these days.

    Is this right? Legally speaking, I would say it is. Unlike the shrink-wrap license, you are free to not accept the terms, cancel your membership, and no longer be paying. In fact, I think you are able to download the client for a free trial, see the terms at installation, and back out, before any money even changes hands.

    Discussions about the ethics, the morality, the fairness do not belong in this situation, as Blizzard is making it clear they are exercising their legal rights through the EULA they have crafted and require everyone to accept before logging in. Just like you can exercise your right to discontinue your membership, or not start playing the game. You are making an economic decision: is your entertainment more valuable than the information sent back to Blizzard that is not used for any purpose than to expose cheating. And that whole, "If it's not doing anything bad, why hide" BS can easily be turned right around back at you. At least come up with a compelling argument against it, besides some Bush/Blair toddler logic.

    As stated earlier, Blizzard has a vested economic interest in ensuring that the system is not being exploited and undermined to the point that legitimate players stop playing, and then, stop paying. Using Blizzard as a poster-child for what is wrong with your conception of the internet is no better than using Microsoft as a poster-child for your conception of bad operating systems. It fails to actually address the issue, and just makes you sound like some silly little git, further decreasing any legitimacy you might have had.

    And to think Blizzard is the only MMO that might do it, or online game? What about the various anti-cheating measures that Valve uses, or how about the anti-cheating measures other matchmaking programs use? They have a vested interest, and 98% of people who use them would be fine with that, if they can be confident that the headshot from 4km away was just a damn lucky shot, and not an aim-bot. The other 2% who double as net-utopians don't quite grasp that the only reason why so much money and manpower is invested in the whole system is to make more money than spent! In fact, if the companies ever catch on to how much of a money pit the internet really is, and there are only a few good ways to make cash, and they are either illegal/gray area (gaming and gambling), or well saturated (porn), investment will dry up, and the internet will be ruled by Wikipedians who have no one but themselves to argue with.

    So... lets review. Money Spent + Manpower Used < Money Earned, or the internet will disappear. Granted, given that article about the whole, -6 is smaller than -8, there might be questions on the equation...

  7. Mr C

    why not include Warden into WoW ?

    i appreciate that Blizzard is trying to make WoW a better place for honest players.

    I do not appreciate that its doing this by scanning a pc and sending back information.

    But why did all this controversy happen in the first place?

    Its because they used a separate process "the warden" to do the scanning-and-sending back.

    Who knows what happens inside of the client-side WoW game itself? What does that send back?

    Would we be having this conversation if the warden was integrated within the game?

    Then nobody would know what it would be doing and what info it was sending back, now would we?

    Makes you wonder who else is doing stuff like that that we don't know about

  8. rd
    Thumb Down

    this article is a mislead

    This arcticle title is a completely mislead.

    Warden itself is not encrypted. What they are doing is to distribute different copies of warden (lightly different in code but provide the same basic functionalities in order to prevent some of warden anticheat-bypass technique).

    From the software company side, they have their right to protect the software/game from reverse engineering. Alot of software companies are using strong binary packer (with encryption, anti debugging, ...), code obfuscation, and strong licence scheme for their products in order to prevent cracking, reverse engineering, ....

    Using a different random cryptographic hash function in each copy of Warden is nothing wrong and surely customers will not lose any "potential safeguard". Just like you use randomly MD5, SHA1 or SHA256 hash functions for checking the malicious/cheat tool to prevent some kind of cheating. If one blames that the implementation can be exploited by Blizzard or an employee of Blizzard, please think again. Once you've installed any software/game on your computer, you have to trust it, either main binary or its components. The hidden malicious code can be anywhere such as inside huge WoW binary itself but not warden. I don't see any serious issue here.

  9. Richard Large
    Alert

    The EULA

    It's in the Terms and Conditions you have to agree to when you start playing, and every time there is an update. From http://www.wow-europe.com/en/legal/termsofuse.html

    "17. Acknowledgements. You hereby acknowledge that:

    A. WHEN RUNNING, THE WORLD OF WARCRAFT CLIENT MAY MONITOR YOUR COMPUTER'S RANDOM ACCESS MEMORY (RAM) AND/OR CPU PROCESSES FOR UNAUTHORIZED THIRD PARTY PROGRAMS RUNNING CONCURRENTLY WITH WORLD OF WARCRAFT. AN "UNAUTHORIZED THIRD PARTY PROGRAM" AS USED HEREIN SHALL BE DEFINED AS ANY THIRD PARTY SOFTWARE, INCLUDING WITHOUT LIMITATION ANY "ADDON" OR "MOD," THAT IN BLIZZARD ENTERTAINMENT'S SOLE DETERMINATION: "

    You chose not to read it, how is the Blizzards or anybody elses problem?

  10. Joskyn Jones
    Stop

    World of W*nkcraft

    Bloody Mushroom Throwing Nerds should stop complaining and get back to making your Majick potions, lotions and whatever else turns you on. I can't believe that you people actually play this game let alone are dumb enough to pay each bloody month!!!!

    My idea of Gaming is, you pay your money for a game, you install it, set it up and play it, not to then pay again and again just so you get to kill some level 99.99 dwarf by shoving your toadstool up his Jacksy...!

    Give me Multi-Player Solitaire any day of the week! ;o)

  11. Anonymous Coward
    Flame

    @Eric Olson

    Everything you said up to the last two paragraphs made sense, the rest was absolute bs...

  12. Eddie

    Blizzard haven't replied to your query?

    Now there's a surprise.

    For the amount of money that they are indubitably making with this program, they sure as hell skimp on the customer/public relations front.

    Oh yes, and testing...

    The Warden is not a problem, and the people who complain are normally kids worried that it's recording them downloading porn torrents.

  13. Anonymous Coward
    Thumb Up

    The Warden is needed

    The problem is bad PR management on Blizzard's part, not The Warden. Gold farming is a huge multi-million pound business (see http://wow.azzor.com/445/truth_about_IGE.php ) and this program is an attempt to stop automation of certain game mechanics to stop 24/7 farming. Perhaps bundling it with the application may have been a better approach, although there are perhaps some good design decisions as to why a separate stand-alone application was more useful. If you like playing WoW, and it is an admirable game in many ways, then Blizzard should be congratulated for how seriously they are protecting the game. Yes, in *theory* it could be doing many untoward things, however its most likely its simply doing just what Blizzard say it is. Blizzard should perhaps consider adding some guarantees/promises to the EULA that they are indeed sending the minimum data needed. Their approach is very professional and I admire them for it.

  14. Daniel
    Heart

    MMOOOOOOOO

    Are any other games using the Warden "technique"?

    All MMO games have some form of gold/isk farmer, because people will pay to get ahead (or just because being poor [ingame] sucks).

    Are they encypting the warden to stop people hacking it, or just because they dont want people know what their search parameters are?

    If the warden it self is safe then I dont see the need to encrypt.

    Anyway why pay for more addons, when you can get free BIG add-ons with EVE-Online (Revelations 3 is out soon.... drool!!!!!)

    EVE-Online > WoW

  15. Lloyd Kinsella
    Flame

    Title

    Why is it whenever somebody does this there's this whole argument that gets blown way out of proportion on privacy. The fact is that if you read all 3 of the licenses when you install Warcraft and EVERY time a patch is roled out you'll see they explicitly say they monitor you and if you agree then whats the problem? You could just as soon disagree, stop whining and go play a MUD over Telnet.

    I'm quite happy for Blizzard to do this, I don't overly trust them with my life but the fact is I'm paying them good money for a continued gaming experience and if people are abusing the system and Warden stops and slows them up, who am I to complain?

    We seem to get lost in the idea because it's not doing all this in plain sight it MUST be wrong, have you considered its doing certain things for your own good?

    If anyone is that concerned about Blizzard stealing your photo album, music, e-mail and everything it can get its hands on then DO NOT INSTALL IT it's that simple, either that or hunt down all the software developers Blizzard has issue with and hit them with a large stick.

  16. Ash
    Stop

    Vote with your feet.

    Stop playing or stop whinging. You agree to the terms every time they bill your card.

    I did the former. WoW is a life drain.

  17. Steven
    Happy

    @Daniel

    And City Of Heroes > EVE Online

    Our opinions shape these things, but it doesn't really matter to Blizzard. They have (allegedly) 8 million subscribers playing their piss poor game (samey graphics, horrible style). They can afford to do whatever the hell they want.

  18. Anonymous Coward
    Go

    @Joseph

    Would you say this was a SLAP IN THE FACE?

  19. amanfromMars Silver badge
    Paris Hilton

    Tweaked Rules render AIDifferent Game..... no matter how similar or familiar ....

    ....and with New Lead Players.

    "BTW I am not a gamer, it's just that I've seen spy ware in other applications and I'm not thrilled about the prospect of it being integrated into every application running on my machine regardless of the justifications. Can you imagine that?"

    Lou,

    Can you imagine it as a Fait Accompli? And if you can Realise/Virtualise that, who would be Seeking Justification after the Fact.

    Surely it would only be for a case of Sour Grapes/Paradise Lost?

    Let the NeuReal Games Begin. Or do the Chiefs want a Pow Wow so that they can get to Grips with ITs Relative SurReality.

    And why Paris? Well, who would fail to Follow any SMART Hilton Type Lead, especially if one is so hopelessly smitten Au Fait and into the Genre...... which would be a lot more than just Hope and Hopeful. :-)

  20. Matt Bryant Silver badge
    Thumb Up

    Business protection servers the players AND the owner.

    Blizzard are just protecting their business. You agreed the licence terms then STFU. I have seen other very popular MMORPGs die due to rampant cheating despite the best efforts of the owner to run safeguards similar to the Warden. I don't play WoW but I wish Blizzard well on this, as the truth is they only make money whilst the majority of their players are enjoying the experience. If that means banning a cheating minority then Blizzard would be stupid not too. If you disagree, then stop paying and stop playing.

    And do any of you tinfoil wearers out there REALLY think there is some vast conspiracy to read all your private data??? Please, get a life! The internet is awash with your private data you have willingly uploaded countless times. It is of zero interest.

  21. Greg Williams
    Flame

    Doesn't bother me at all.

    So long as Warden has been competently written, doesn't impact upon the performance of my PC, and sticks to scanning for specific things in order to reduce gold farming etc. then it's fine by me. Completely. If it strays outside of this, then I would say there's a reason to be upset.

    I can see the reason they're doing it, and to be honest, any idiot could. Some people start frothing at the mouth at any slight indication of an 'invasion on their privacy'.

    Do you go out on the warpath with a piece of 2x4 when a local copper walks past on his beat? if he looks at your house for suspicious activity is he visually molesting you? If he radios in that someone is loitering on your property and calls for assistance has he breached your rights?

    I realise fully that the metaphor has limitations, in that he's not on your property, he's the law and Blizzard is, well, Blizzard... but at the same time, he's doing the same thing really. Presuming that Warden does stick to it's brief. Don't forget part of it's intended use is to also look for Trojans... not necessarily exploits used by the PC owner themselves.

    I can see what is firing people up about this, but it's a pile of steaming arse biscuits and people need to get over it.

    I'm hardly a pro-Blizzard fan... they drive me mental sometimes with crappy support, bugs a-plenty and unfathomable game decisions, but I can at least stay objective.

  22. Eddie

    Of course, RIPA..

    Now here's a thing.

    Suppose the Warden writes out a temporary file of the encrypted data to your hard drive, and then you get a Section 49 notice.

    Very far fetched, I'll agree, but still a possible worry.

    The warden has a marginal effect on combatting bots and gold farmers anyway. Every where you go in the game, where there is farmable content, you see toons following a very obviously pre-determined path, bumping into the same rocks, the characters have names randomly generated (zxzxzx or similar) and pets with the default name ("cat" or "bear"), and reporting does nothing - they stay, day after day after day. On the forums of wow-europe, people openly talk about buying gold (including some of the top guilds) from farmers.

    I don't object to the Warden per se, I just don't think it's very effective, and could potentially, only potentially, mind, lead to some security issues.

  23. Anonymous Coward
    Unhappy

    amanfrommars

    I don't like this poor impersonation. I am even moved for the first time ever to use a smiley to indicate my displeasure.

  24. Anonymous Coward
    Anonymous Coward

    the truth is..

    the only people kicking up a fuss about this are the people cheating or involved with cheating. Simple

  25. Matt Kemp
    Unhappy

    "could" be ravaged by gold farmers?

    Bit late on that one.

  26. BoldMan

    Nobosy is holding a gun to your head to force you to play WOW?

    If you don't like the T&C, don't play. Lord of the Rings Online and City of Heroes are much better games ;)

  27. Anonymous Coward
    Flame

    Re: the truth is

    The sad truth is that the same coding methods used in Warden can and HAVE been used by the cheats to defeat warden. The cheats even have their own 'anti-spyware' program called "Tripwire" that reads what warden is doing and immediately terminates all cheating applications if needed.

    One of the vendors of the cheating software has said that they already identified the changes made to warden stating that they are "not actually new" and will have a new version of their software including an updated Tripwire package within a few days.

    Basically, why are blizzard forcing invasive software down their customer's throats that simply doesn't work?

    No I don't play wow, but as has been seen by other "harmless" applications that send information back to the parent company, they can be hijacked giving full access to parts of the user's system (google toolbar anyone?).

  28. This post has been deleted by its author

  29. This post has been deleted by its author

  30. Kevin Campbell
    Paris Hilton

    @Joskyn Jones

    Excellent point - one which I have made often with my son who wants to play this drivel. I simply refuse to pay repeatedly for the "privilege" of playing a game. Once, certainly - programmers need to eat, too. Repeatedly? Nope, not here.

    At least, in Blizzard's favor, they slightly altered the model for Hellgate:London, offering an option to play for free (albeit with reduced functionality). Too bad that game blows chunks. I was really looking forward to it... Thankfully, I downloaded the demo first before parting with hard-earned greenbacks.

    Bottom line here: WWPD - What Would Paris Do?

  31. Robin
    Stop

    To Lou Gosselin and the other whiners...

    It always makes me laugh when people start talking about how thier rights have been taken away by a service they choose to pay for.

    Can't smoke in a restauraunt? They're taking my rights away! Can't bring your own food into a movie theater? They're taking my rights away! Can't block spyware on a piece of software you've subscribed to? They're taking my rights away!

    Please. If you don't like the service as offered, stay the hell out of restaurants, movie theaters and Azaroth.

  32. vincent himpe
    Coat

    just like in real life.

    if you are playing WOW expect to be cheated on. happens all the time in real life.

    i dont know Wow ar any other online game but would'nt it be simpler to put 10 WOW playing friends in a room. and have these 10 together ambush whoever passes by. and grab all they can Far more efficient and no Warden would be able to stop that. but then again .. most of these WOW players probably don't have 10 friends ( unless you read that '10' as a binary number .. )

  33. Anonymous Coward
    Alert

    Your missing the point...

    Read this blog:

    http://onwarden.blogspot.com/

    He's probably the foremost non-Blizzard authority on Warden. The point is not whether or not Blizzard should be able to protect their software. Of course they should protect it.

    What has changed is that it is no longer possible to tell what they are doing (not just scanning -- but doing period) because they are now using some advanced encryption techniques to muddy the waters.

    Previously, it was possible to reverse engineer Warden and determine what it was and wasn't doing. Yes -- this was being used to then thwart the behavior -- but it was also able to act as a check - and - balance to ensure they weren't making privacy violations or deploying malicious code. NOW -- they have effectively made this impossible. Ironically, they haven't made it impossible to cheat, only to tell what they are doing with Warden.

    If a future or current Blizzard employee decides to use this maliciously, no one would be the wiser. That's the scary part.

This topic is closed for new posts.

Other stories you might like