|
Why can't an enhanced EULA be given through battle.net which specifically allows blizz to look more thoroughly for hacks whilst one of their games is running? If the sanctity of private data is guaranteed (whole can of worms right there alone) Then, why not?
An option could then be given in game "only match me vs. other people who've agreed to enhanced scanning".
Who here would be willing to go for such a system?
A lot of this talk of cheating & anti cheating stems from Blizz's inability to communicate well. This is something they've finally cottoned on to with the weekly community feedback blog, it just needs to spread to other aspects of their community interactions. For the life of me I can not recall reading of bannings due to hacking in sc2. Maybe if I idled forums where hacking was top priority I wouldn't have this opinion?
|
On July 30 2015 01:47 fruity. wrote:
Why can't an enhanced EULA be given through battle.net which specifically allows blizz to look more thoroughly for hacks whilst one of their games is running? If the sanctity of private data is guaranteed (whole can of worms right there alone) Then, why not?
Because thats illegal in many countries in this world, whether you agree to it or not.
Just because you agree does not make an illegal thing legal. You can agree to somebody murdering you, but they will still be trialed for murder in several parts of this world.
But what is the scanning going to do? You can only look for specific things, every time there is a new hack your scanning would be absolutely pointless. You would have to keep updating the anti-hack program just like you have to update your anti-virus programs. Blizzard is never going to do that because it means they have to constantly put more and more work into SC2 although they do not get any additional money for that.
|
On July 30 2015 01:56 RoomOfMush wrote:Show nested quote +On July 30 2015 01:47 fruity. wrote:
Why can't an enhanced EULA be given through battle.net which specifically allows blizz to look more thoroughly for hacks whilst one of their games is running? If the sanctity of private data is guaranteed (whole can of worms right there alone) Then, why not? Because thats illegal in many countries in this world, whether you agree to it or not.
Out of curiosity, which countries and which specific laws?
|
On July 30 2015 02:18 DonJimbo wrote:Show nested quote +On July 30 2015 01:56 RoomOfMush wrote:On July 30 2015 01:47 fruity. wrote:
Why can't an enhanced EULA be given through battle.net which specifically allows blizz to look more thoroughly for hacks whilst one of their games is running? If the sanctity of private data is guaranteed (whole can of worms right there alone) Then, why not? Because thats illegal in many countries in this world, whether you agree to it or not. Out of curiosity, which countries and which specific laws?
I'd love to know too. Or is it just rhetoric once read repeated?
Also how exactly does looking for hacks on someone's computer equate to a privacy issue? If they're not reading your email, or storing data on which sites you visit and so on, where exactly is the problem? It seems to me this whole issue is being bundled in with the likes of the NSA or GCHQs (and the like) Invasive data gathering strategies, and it shouldn't be.
|
Completely off topic question...
but @OP are you the same Dickbutt that played Archeage on Tahyang?
|
On July 30 2015 00:58 JimmyJRaynor wrote:Show nested quote +On July 29 2015 17:31 RoomOfMush wrote:On July 29 2015 16:40 brickrd wrote:On July 28 2015 23:42 RoomOfMush wrote:
Many hacks work by analysing the RAM and changing values (which you can do absolutely NOTHING against) but there is always security through obscurity. I could imagine automatic updates, perhaps once every week, that move all the variables around and thus make all hacks obsolete. So each time there is an update hackers would have to change their hacks and update as well. This might become tiring for some hackers and discourage them. you realize that security through obscurity is a sarcastic term and its actually a bad thing, right? It is not a "sarcastic term" it is a strategy. Some people believe it is a suboptimal strategy, but that really depends on the problem at hand. You can not say one tool is just bad. Its a tool, its designed to do a certain purpose. There are no bad tools, there might only be too few applications for them. People who say "Security through obscurity" is "bad" really mean that it is worse then a solid foundation that allows you to use more profound security measures. Unfortunately the foundation in our situation is flawed (from a security point of view) and unlikely to change so security through obscurity suddenly becomes a valid option. Dismissing an option on the grounds of what others say is a very stupid move. +1 obfuscation is an option and can work well in the hands of a skilled software developer for certain problems. obfuscation has been used for many years. didn't the first few versions of MS Visual Studio come with an obfuscator ? i'm almost positive MS VS 2005 had one. Many encryption methodologies include an element of obfuscation.
I have a lot of experience with different obfuscation techniques in my line of work. It can help to delay the inevitable, but it is always possible to reverse it.
You tend to have to mix various techniques of obfuscation to reach the most secure solution. Especially if you want to load your resources into the memory.
The problems we ran into with obfuscation is that the more secure and obfuscated we made our binaries, the bigger performance hit we took
We fell into the trap trying to balance obfuscation with performance, but as soon as our binaries were sent to our security contractors they broke it within days and could freely read and write memory. The first time with just basic memory obfuscation was broken in house before we even sent in on review.
The only real solution is to have everything that is sensitive to take place server side and the client is kept as thin as possible.
However I don't think a solution like that is doable for a game like StarCraft.
Honestly, I don't see a final solution to the hacking problem that does not impact the game too much.
One idea that has been thrown around is to implement crowd-sourcing for review of hacker replays.
If a player gets reported, a replay for that game is uploaded with the report.
Then players from the community can review the game. The names of the players as well as the chat is disabled to keep the players anonymous.
If the community reviews flags the replay as hacking then Blizzard officials can have a look at it and deal out a ban if needed
That way you'd get rid of the bulk of the replays of players that were not hacking but reported anyways and Blizzard only has to deal with the amount of replays that are left and flagged by reviewers.
|
On July 30 2015 04:17 JulDraGoN wrote:
The problems we ran into with obfuscation is that the more secure and obfuscated we made our binaries, the bigger performance hit we took
obfuscating data in RAM... ya true.
i was referring to obfuscation as a general technique...
On July 30 2015 04:17 JulDraGoN wrote:
Honestly, I don't see a final solution to the hacking problem that does not impact the game too much.
yep, i agree. i'm sure we'll got lots of people trashing Blizzard when no RTS developer has come anywhere close to solving this problem.
|
I'm a laymen when it comes to in-depth computer science, but I've got an idea for an anti-hack system that Blizzard could implement. I remember back in WC3 there was an anti-hack for Dota that would crash the game if a hacks were being used because they could see an "invalid" unit that was hidden for everyone else. There was also a UMS for Broodwar that used a Scourge for a similar effect. Couldn't Blizzard do something similar in an actual ladder environment, and instantly ban the account that sees the "invalid" unit?
|
I'm sure this is all an intellectual orgasm for the IT people here, but surely the specifics are not that relevant. It's like drug cheating, you develop one way to detect or sport something you have 10X as many people trying to come up with another cheat.
Wouldn't it be better to have a better to have a better system to ban players who hack so that it discourages the behavior rather than trying to make the game hackproof.
|
Aotearoa39261 Posts
On July 30 2015 11:07 Lazo89 wrote:
I'm a laymen when it comes to in-depth computer science, but I've got an idea for an anti-hack system that Blizzard could implement. I remember back in WC3 there was an anti-hack for Dota that would crash the game if a hacks were being used because they could see an "invalid" unit that was hidden for everyone else. There was also a UMS for Broodwar that used a Scourge for a similar effect. Couldn't Blizzard do something similar in an actual ladder environment, and instantly ban the account that sees the "invalid" unit?
Only works for a time since you can probably code a hack to avoid looking at that unit. Some hacks will instead give you a replay type interface where you can see buildings in production/units in production etc which wouldn't trigger your proposed anti-hack.
|
United Kingdom20320 Posts
Nice work.
As long as people are talking about an issue there is hope, keep talking about it.
|
On July 30 2015 02:18 DonJimbo wrote:Show nested quote +On July 30 2015 01:56 RoomOfMush wrote:On July 30 2015 01:47 fruity. wrote:
Why can't an enhanced EULA be given through battle.net which specifically allows blizz to look more thoroughly for hacks whilst one of their games is running? If the sanctity of private data is guaranteed (whole can of worms right there alone) Then, why not? Because thats illegal in many countries in this world, whether you agree to it or not. Out of curiosity, which countries and which specific laws?
In germany the EULA is invalid. I don't know which law it contradicts with exactly and I'm to lazy to look it up right now, but it's invalidity is more or less common knowledge over here.
|
Blizzard just did a new "round" of bans, this time it seems they've finally caught some fishes.
I went to a well known hacker forum (thanks google), and it seems lots of people using the famous "DSH maphack" got bans. Probably a little detection trick found by blizz and inputted in the last patch since every other hackers (even blatant ones) haven't got anything yet. Let's bet this hack gonna be fixed soon or that its concurrence becomes even more popular.
Of course it's only 1 software in a sea of 'em, but for once Blizz hit the mark with "ban waves" because past ones were mostly words without any real impact.
*
Note DSH seems to be a paid hack, with the creator not being very active since a few months. Alternatives can be found eailly for free.
Also note that some maphackers have "test" accounts with different tools/hacks and even behaviors (normal play, ful cheat) to continuously monitor Blizz' reaction.
|
On July 30 2015 11:07 Lazo89 wrote:
I'm a laymen when it comes to in-depth computer science, but I've got an idea for an anti-hack system that Blizzard could implement. I remember back in WC3 there was an anti-hack for Dota that would crash the game if a hacks were being used because they could see an "invalid" unit that was hidden for everyone else. There was also a UMS for Broodwar that used a Scourge for a similar effect. Couldn't Blizzard do something similar in an actual ladder environment, and instantly ban the account that sees the "invalid" unit?
Completely useless. If a hacker is smart enough to analyse SC2 and find all the necessary data and change it at will to do almost anything they wont even be bothered by a broken unit model. Simply not load the model, or the unit.
|
|
|
|
|
|
|
|
EPT
