Spyware, Trusted Computing, Cheating, and Online Games

about | archive

[ 2005-October-14 13:12 ]

Bruce Schneier has a post on his site following the story about Blizzard Entertainment's cheating protection in their extremely successful online game, World of Warcraft. Some enterprising hacker has reverse engineered how it works: First, the code that does the checking is downloaded from the server, presumably to allow it to be updated easily, and to make reverse engineering more challenging. Next, the code pokes and prods all other applications on the system. Finally, if any of them match known cheating programs, Blizzard is contacted and the user is then banned. The controversy is that this software, in some sense, is "spyware" since it inspects what you are doing.

Protecting an online game from cheating is an extremely hard problem, somewhat related to the problem of protecting game systems from unauthorized software. In my opinion, any system in the world can get hacked unless the hardware and software platform support authenticated operation. A good paper on how this could be implemented is P. England and M. Peinado's 2002 paper entitled "Authenticated Operation of Open Computing Devices." This paper describes features that could be used to verify that the World of Warcraft client has not been modified, and that the user is not running any unauthorized software. This is very useful for making cheating impossible, but it is also very scary because it could also be used to impose arbitrary restrictions on what can be done on the hardware. One of the strengths of the personal computer has always been that it is immensely hackable, which has led to all sorts of new uses and applications. This hardware authentication could be used to make this impossible, but it certainly doesn't have to.