DB Security Improvements

[Foss]

I am not a security expert but I have been in the Punkbuster environment for some time and suggestions like these could always be implemented.

Security Improvements which I think should be accounted for in DB and lower the risk of ban are:

-Static process name change that uses ascii. (do not have it called Demonbuddy.exe)
-All dll's and common file names should all be compiled into ONE ".exe"
-Registry files should have a static directory (if DB drops reg files)
-checksum randomize knowing warden system could and probably explains in the EULA that they can search your computer.

All profile randomize will have to be done from the creator of course which I see people are catching on.

Any feedback and possible forwarding this to the dev's would help protect DB users... in my opinion.

 

[Nab]

Good suggestions, but it has been stated a few times before that even though the eula states that they can search our computer,
it doesn't make any difference because they would risk violating privacy laws, which they can't afford.

 

[Foss]

Good suggestions, but it has been stated a few times before that even though the eula states that they can search our computer,
it doesn't make any difference because they would risk violating privacy laws, which they can't afford.

That may be true but there are different laws for different countries and the legal system can always be exploited and has loop holes to it. Everyone knows that blizzard has plenty of money and can delay a case for years on end until the defending entities have pretty much bankrupt. One could guess that blizzard has spent millions on a lawyer for constructing an EULA which meet legal terms.

My suggestions are just meant as a precaution. So one may never have to go through setting up a petition in order to fight privacy claims stated in the EULA.

It is like having a seat belt. Its there to protect you and there are laws to make you wear it but it does not always save your life. 90% of the time it does but i rather have that chance to be safe.

 

[Giwin]

the system setup is for warden, not punkbuster... they know what they're doing and doing more than what is necessary means that there's a performance hit on the bot.

 

[Foss]

the system setup is for warden, not punkbuster... they know what they're doing and doing more than what is necessary means that there's a performance hit on the bot.

And that is why I said I am not a security expert, and I am using the PB system as a compassion. My first post is implying that DB take the same precautions (from what I stated in the first post) as if we were protecting ourselves against PB. I would consider PB the greatest anti-cheat system in the market right now, and I would think the warden system is up there too. So researching outside sources does not hurt? A great offense is a good defense, right?

Now if you look and research these links all these systems are in relates and have some sort of compassion, plus at the bottom of each wiki there is a "See Also" which all link each other.
PunkBuster - Wikipedia, the free encyclopedia
Warden (software) - Wikipedia, the free encyclopedia
Valve Anti-Cheat - Wikipedia, the free encyclopedia

They all scan the game directory and memory and task's.

 

[Giwin]

no I think warden is terrible according to some devs and has been dumbed down, I think after the mmoglider lawsuit warden couldn't go outside the wow memory space.

 

[Foss]

true but it does not hurt to take these precautions and only takes several hours to implement them. And doing this would make people feel safer agreed? If any 3rd party programs impact and impede the Auction House and Real Money Auction house I would think blizzard would want to strongly enforce there EULA.

 

[Foss]

Here is a great example of what I am talking about:
Blizzhackers • View topic - WARDEN = UP

Please read that thread and now think that something like this should be implemented. All blizzard needs to do is add "Demonbuddy.exe", "DemonBuddy" and md5 checksum to there warden filter and that is it, flagged.

I want a dev to respond to this, and/or moderator forward this to a dev to maybe get some of these features added.

 

[CodenameG]

the system setup is for warden, not punkbuster... they know what they're doing and doing more than what is necessary means that there's a performance hit on the bot.

exactly, its not the same, thing not only that but all the information you can find on warden by googling now a days is more then a few years old, and dosnt apply to the warden variants we are seeing now, we have the best experts on warden working for us, if they would think that taking the kind of mesures discussed above would do anything then we would of done it.

not only that but most of the bans we're seeing aren't even from warden detecting the program, most of them are from blizzard doing server side monitoring and pattern detection that has nothing to do with warden.

 

[Foss]

exactly, its not the same, thing not only that but all the information you can find on warden by googling now a days is more then a few years old, and dosnt apply to the warden variants we are seeing now, we have the best experts on warden working for us, if they would think that taking the kind of mesures discussed above would do anything then we would of done it.

True, but if you read this whole thread you will see how a related each other. I understand what you are saying, but there is no harm, but rather good in adding something like this. It simply doesn't hurt even though it may be over kill.

 

[Giwin]

True, but if you read this whole thread you will see how a related each other. I understand what you are saying, but there is no harm, but rather good in adding something like this. It simply doesn't hurt even though it may be over kill.

there is harm when performance sacrifices are made over security measure which make absolutely no difference in safety, although I understand why you want these features because you think the bot will be more secure but it would be the same (exactly the same) as when warden changes or updates then the tripwire will go off and then the people working on the warden protection can implement features such as you've stated but until then.

 

[Foss]

Ya i just do not want to wait for the "until then". But I hope someone will look at this and be like.. "that was not bad of an idea" lol

 

[Apoc]

Ok, so, I'm honestly getting a bit tired of replying to threads like these. (Please, go search for other warden related posts by me, MaiN, Nesox, Hawker, or any other developer here...)

Warden will not reach out of it's own process any more. (Scan.dll does this in WoW to catch stuff like CheatEngine, etc. Nothing too fancy, nor worth worrying about) They can't read our window titles, as we're not "in" the game process. (See: warden doesn't leave the game proc)

Warden does do module hash scans. Yes. But only for modules loaded in the game. We don't load any in the game, so those scans are completely pointless to us.

Warden does driver hash scans as well. Nope, we don't touch kernel level stuff (drivers). So again, scans are completely pointless.

Warden does not check the current process list for any scanning. (They check it, but don't do anything "detection" related with it. It's just a requirement to do some other scans.)


So, to shut down all 4 of your suggestions:

Static process name change that uses ascii. (do not have it called Demonbuddy.exe)

Warden doesn't do anything with the process list. So this isn't necessary. (We do have full support for renaming the exe, and our built-in updater will even rename updates to whatever you named your exe to) Feel free to rename. (This changes the process name as well btw)

All dll's and common file names should all be compiled into ONE ".exe"

... we do. For the exception of some that we can't (due to .NET restrictions on managed/native code) We leave other libs out as they can be updated without us needing to push a full update. Plus, they are all widely-used libraries, so there's no harm in leaving them by themselves.

Registry files should have a static directory (if DB drops reg files)

The windows registry is the devil! (It's being used less and less, and according to MS, will be removed in an OS in the not-too-far future.)

checksum randomize knowing warden system could and probably explains in the EULA that they can search your computer.

...what? I assume you mean modify the exe so that the checksum changes and can't be detected by warden's scans? If so; see my statements about warden not leaving the game's process.

 

[ryan12345]

Now this is the stuff I like reading about. Even though I only understand 25% of it. : )

 

[mephuser1000]

All profile randomize will have to be done from the creator of course which I see people are catching on.

The above is very much needed. Even custom-made profiles that aren't randomized will result in bans.

 

[sparks]

I like the ideas and I also trust the DB staff.
Yea you have to be carefull, look at glider in their may bans.
bliz put some stuff in the front end when they did a warden update and everyone went bye bye LOL

I bet that DB have seen worse and they are the ones I trust but there is always new ideas and thoughts on this.

And since bliz staff can't read this will be read to them at the next beach party. LOL

sorry ass money grabbing lying ASDF@#$@#$@#%@#%^@#

 

[Foss]

@Apoc Well thanks man for reply if it was repetitive for ya. And seeing that you have more knowledge I would think you are part of the security team, But it is good to have a thread like this once and a while to insure that people feel secure in some way running a 3rd party program they paid for lol. As long as you guys stay ahead of it and add things which may improve the security then people like myself will feel better about it. And I am speaking out for everyone else not including myself.