From what I can read there’s no evidence that he’s involved and that Blizzard got what amounts to a fishing expedition thrown out on its head. Looks, from my pov, an attempt to get him to hand over account names to be banned.

This “process scanning” thing really came to a boil as a result of some research done by Greg Hoglund on Warden. He also later wrote a book on the very same subject using much of what he learned from his initial research of Warden. Some of what he says is very true, but much of it was only true AT THE TIME he did his initial research. You see, Warden continually evolves and is updated at least every patch and typically one or two times between patches.

Warden itself actually has over three hundred different flavors and you will randomly get one of them every time you log on to the server. Once loaded, the WoW server will query Warden periodically to run different random tests. If the server doesn’t get a result, then it boots the client off the server. There is no guarantee you will see every test in a single session, but if you are logged on long enough your chances are pretty good at receiving most of them.

IMPORTANT: Up until patch 2.3, what Warden was testing and sending back was transparent to anyone with the technical know-how to look for it. If Greg Hoglund were to do his research today however, he would have no clue what tests were being run.

However, as I noted above, it’s not important for an exploiter to know all the HOW-TO details as it is to just find just ONE way to avoid it. And as you properly noted, an exploiter can use as many trial accounts as they want to test Warden.

Blizzard’s best opportunity for catching exploiters with the client-side detection is immediately after a Warden update. Lavish and MMOGlider are unique in that they offer detection of Warden updates that will shut down your botting processes before Blizzard detects them. In other words, they detect when Warden changes and then shutdown everything until they can figure out how to defeat the new version. This is why they pose such a particular problem to Blizzard.

If I were speculating, I would guess that this is the “technology” that Lavish licensed our provided to MMOGlider. Fundamentally, they both defeat Warden in very different ways. This Warden alarm system however, is something very similar and something that Lavish offered shortly after Warden was invented. MMOGlider on the other hand, didn’t implement it until much much later.

To make something very clear – I don’t support botting and I think Blizzard needs to protect their game. My point is that Warden is becoming more and more intrusive and remains a relatively ineffective solution. Instead of invading my privacy and wasting development time on Warden, they need to start investing in better SERVER SIDE detection methods that can’t be easily circumvented.

Anywho, here’s my question about privacy: What privacy is it invading. Let’s cover how Warden works quickly, and let’s avoid LoLSlipperySlopeLoL arguements for the sake of sanity (you can take those to absurd levels where your bank starts using all your money and just giving you fake balance printouts if you want to)

Warden looks at the first few bytes and the program names of every process currently running on your machine. Now, let’s cover some basics: None of your programs are running with a process title of your personal information. That would be silly, and a fault of the programmer (please note, this would be why I believe it was MSN that lists all your contacts regardless of being open in a chat window as a seperate process, because it’s Stupid). Let’s see, on my machine right now:

Inbox – Microsoft Outlook
For Once, The Folder Name Is Quite Appropriate << Broken Toys – Mozilla Firefox
VNC – Server
McAfee

Gee, not that dangerous. Howabout the first bytes? Well that’s all executable footprint, if it contains your personal information in the first 16 or so bytes of the running code, it’s not actually an executable file. Unless for some strange reason your personal data is actually executable. I blame your parents.

Now what does it DO with all this information? Well naturally it sends it all into a giant Blizzard Data Vault that tracks your information into a wonderful social web of player websurfing habits! Muahahaha!

No wait, that’s not what it does at all. We can verify this by sniffing the packets it sends and receives. What it does is gets a commonly updated list of offending process titles/executable code snippets in a hash form, it compares these to a hash of the running processes, and if it sees a match, it sends back “I saw a match” and the system flags your account for a GM to look into for suspicious behavior.

So obviously this is a massive invasion of my priva.. no wait, it’s actually a very protected method that’s concerned to make sure nothing is actually sent back to the server at any point that would contain information on my activities. So at what point in all of this is my privacy being breached?

Anyways, if an OS is coded to not allow Warden type applications, the point of a warden application is Moot. The whole problem is that windows allows a process to access another process and manipulate or read it’s information. With proper segregation radar and botting programs become a lot harder to create (going back to the old EQ radar days of needing a second packet sniffing machine). As is, the program may be a guest on your system, but you’re also a guest on theirs. The question comes down to which of you has the ability to declare the rules.

While I certainly want games to be cheater free I question the methods used to achieve that.

The major problem is that a lot of the actions taken put a burden or otherwise negatively affect the non-cheating player. There is a real privacy issue and I don’t think it can be washed away with a ‘don’t opt-in then’ response. Especially in that there are other options for improving security available to MMO companies. At any rate I expect this particular style of software security to go away eventually… as an app you are a guest on my machine and I don’t think (eventual) OS’s are going to allow Warden-style information gathering.

And let’s be honest, Blizzard (and the other MMO companies) really aren’t interested in a cheater-free game anyway. If you were you wouldn’t subject your players to annoying “free trial account” players as you try to pimp your game. Nor would you so blithely offshore your support and structure it to be chat-only.

So this is a pot-shot at an easy target. I expect it will have much the same affect as taking down BSI did.

This is almost certainly not true. While I am in no position to verify Blizzard’s engagement letter with their outside counsel, I have $50 that says that

1) Blizzard has real outside counsel and is not doing this with in-house employees (note: this is verifiable from Blizzard’s answer to the complaint) and
2) Blizzard is paying an hourly rate that will be burned up in less than 500 hours of work from the lowest paid associate on the case (this is not easily verifiable unless you work in Blizzard’s legal department or for whatever law firm Blizzard hired).

I think what really happened is (just like all the other big companies), the game developers and their managers are not happy with the stress of putting security calls everywhere, and in the internal politics, the developer’s side is winning over the security guys.