Is WoW's anti-cheat software spyware?

by Conrad Quilty-Harper { Oct 19th 2005 at 3:15PM }

spycraft Hoglund, a blogger over at rootkit, did some investigation into World of Warcraft and made some rather worrying discoveries. Apparently WoW includes what he calls a "warden client". This warden, which is designed to verify user compliance with the terms of service, sends verification to the Blizzard servers every 15 seconds "to about 4.5 million people (500,000 of which are logged on at any given time)."

He found that this warden client records the "the window text in the titlebar of every window" to check for any banned cheating applications. If the title of a window matches a black list of applications (ie ones that will break the ToS) then prepare to feel the ban hammer.

However, the warden also has the ability to record such things as URLs, applications and the titles of any documents open at the time. Whilst Blizzard isn't (or at least we hope they're not) using the warden for such means, the technical ability is there. Hoglund states, "This behavior places the warden client squarely in the category of spyware." You can now download an application that will demonstrate in a graphical interface what exactly the warden is checking at this link.

Is this a fair means for enforcing Blizzard's strict anti-cheating rules, or is it a step too far?

[Update: Apparently the warden uses a form of hash coding to prevent Blizzard from getting any usable information from the reports. Blizzard will only be notified if the warden detects a banned app. So fear not, as long as you're not a dirty cheater…]

[Via digg]

Related From Joystiq

Patent application may hint at Tetsuya Nomura's next project
4 hours ago
GameTap Thursday: Full Supreme Commander experience; Overlord for free
432 days ago
The best of WoW Insider: August 26 - September 1, 2008
483 days ago

Reader Comments (Page 1 of 1)

Doug @ Dec 18th 2005 9:42PM

Warden does NOT open programs or read window titles to send to Blizzard. It scans for processes and sends an encrypted hash mark to the blizzard servers. These hash marks (which can't be reverse decrypted) are compared to a database. No personally indentifying information is sent to Blizzard. As for the allegations of sending cc info go, if the original poster actually had his CC# in the title bar, he is a moron.

I should also point out that the guy who originally makes these claims creates cheats for WoW, so he's basically crying foul because he got caught. The EULA and TOS for WoW clearly state that anti-cheating measures will be taken, and the program is in compliance with California's anti-spyware laws, meaning he doesn't have a case.

Not Impressed (Dmitri) @ Dec 18th 2005 9:42PM

World of what?

Hehehe, boooooring. Lets move onto the next big thing.

Elyscape @ Dec 18th 2005 9:42PM

Check here: http://www.livejournal.com/users/gamepolitics/108004.html?thread=3012068#t3012068
As noted in this comment at Game Politics, all that the WoW warden sends is a hash of the data it collects. For those who don't know, a hash is a code generated from some data (like a file or, in this case, whatever warden collects). The thing is, it's irreversible. That means that you CANNOT figure out what data was used to generate the hash.
Blizzard takes the hashes that the warden submits and compares them to a database of hack/cheat program hashes. In other words, the only things that warden really tells them are:
1) Useless non-data
2) Useless non-data that indicates a hacker or cheater

As noted in that Game Politics comment, the guy who released this information is well known as somebody involved in writing hack/cheat programs for WoW and therefore has, y'know, a vested interest in making Blizzard dump the warden. This is therefore just an attempt to spread F.U.D. (fear, uncertainty, and doubt).
I would recommend that you make a note to this effect in the post.

abhinav @ Dec 18th 2005 9:42PM

They are allowed to do it according to the Terms of agreement you signed when you started the game. They are not doing anything wrong but if they dont even one thing wrong, Blizzard is opening them selves to COUNTLESS lawsuits (Ex: somone hacks the program and gets into somone elses computer through WOW... or somthing like that... oh how they shall be F*cked then)

fush @ Dec 18th 2005 9:42PM

Just because they hash the titles of open windows doesn't mean they can't access the data. It simply means that a hash code is stored in their databases instead of the clear text of the title. Of course, since the warden client was written by the same company who stores the data, it would be easy for them to read the clear text, that is, if they wanted to.

Which I'm sure they don't.

Xlash @ Dec 18th 2005 9:42PM

Ok, because they send a HASH it is not a problem? What if a crazy Blizzard employee calculates a lot of HASH for Credit Cards Numbers open for example in an Excel Budget file. Will he find a match?

The problem is not with the ULTRA LOW risk. It's because they are doing it. If using a commercial application means revealing what you are doing, it becomes a really big threat... any of you heard of easter eggs, programming bug, etc...?

Will you need a EULA to disclaim that your privacy is worth less than the cash the company can made and you have to agree?

Will you need a law that force companies to produce good quality spyware? Good encryptions mechanisms before sending data, or hash of data? How about how the secure that sensitive data, what they can access, what they can't.

It's impossible to regulate precisly. And any decent government would protect privacy instead of companies. (By the way, US is not enforcing any laws about your privacy. Any company can build a database about you, and sell that information. In Canada, for example, you cannot do that without an explicit agreement.)

Anyway, this is not a threat, but what would be the next step? It might be a big deal... because Blizzard will want to check more than that to make sure you are legit.

Free & Open software! Everyone to LINUX!

Xlash @ Dec 18th 2005 9:42PM

That is not right fush.

A Hash is not encrypted data. A Hash means to identify something, but cannot be reversed. Encryption can be reverse because the DATA is actually sent.

What is possible, it's a HASH comparison attack.
IF 0000 0000 0000 0000 produce HASH:AAAABBBB
then you receive AAAABBBB and compare to your already calculated hash tables, you'll find a match and retrieve the information.

Alkaiser @ Dec 18th 2005 9:42PM

Dammit...I saw the box of SpyCraft cards and I was like, "YES! Spycraft Game!" and then it turns out to be WoW related. Bo-ring.

Elyscape @ Dec 18th 2005 9:42PM

To add to what #7 (Xlash) said, hashes are not one-to-one things. That is to say, supposing that 0000 0000 0000 0000 produces AAAABBBB, other data CAN (it's really rare, but it can happen) produce that as well. For example, 2376 B3F0 87CA 0993 677D might hash to AAAABBBB as well.
So even if you hash a bazillion credit card numbers, there's no assurance that you have a hash of a credit card number. Even if you got a credit card number, you'd then need to somehow get and then unhash the name and expiration date, a task that is simply unfeasable due to the variable length of names. Besides, WoW costs a monthly fee. Blizzard ALREADY has your credit card number.

I'm surprised that people are so surprised. This sorta thing has been going on for ages in all sorts of MMORPGs, as well as some non-massive multiplayer games. It's really not something you need to worry about.

kenny @ Dec 18th 2005 9:42PM

i don't know what the big deal is. VAC has been doing the same, or even worst things than this for years.

boneyard @ Dec 18th 2005 9:42PM

welcome to weeks ago, might have been wise to first look around a little before jumping into this. the issue has been hot for some time, blizzard keeps saying they don't cross any lines and the people who don't want blizzard snooping around don't like it.