Patch 5.3 interview with Ghostcrawler
Mystery of the Unborn Val'kyr
The latest patch 5.3 news
All of the latest Mists of Pandaria newsBlizzard's new Warden, and our privacy
by Mike Schramm 
Nov 15th 2007 at 3:28PM
Tech community Slashdot is going mad over a little present Blizzard apparently included with patch 2.3 this week: a brand new version of Warden (the program Blizzard uses to check for hacks, bots, and keyloggers) that they say effectively gives Blizzard total control over our computers. The technical stuff is a little hard to understand, but apparently Warden is what's called a "polymorphic program"-- that means that it actually hides from anyone looking at it exactly what it's doing and which files it's changing with a random code. Obviously, Blizzard wants to keep the program's activities secret from attackers-- if a hacker knows what Warden does, then he can more easily avoid it.In previous versions of Warden, this randomization was "easy to predict," but Slashdot is saying that the new version effectively hides from even the user exactly what Blizzard is doing on your computer. Now, there is no clear reason why Blizzard would want to do anything bad with your computer-- odds are that this new software is the most effective version they've yet developed at making sure you can play the game without fear of hacks or keyloggers, and that's all they want to do with it.
But you should know that, according to "Captain Kirk," who wrote this article, Blizzard effectively has access to anything and everything on your computer, and can now edit or retrieve information at will without even you knowing what has happened. There's no reason not to trust Blizzard-- they're a high profile company with a long reputation of developing great software. But if a wayward employee at Blizzard wanted to steal your private information from your computer, or install a virus or malware on your PC, we're being told that this program will let them do it without your knowledge. You agreed to this-- it's in Section 14 of the Terms of Use-- and so it's up to you whether you trust Blizzard with your computer or not.
WoW Insider has contacted Blizzard and asked them to clarify the situation if necessary-- we'll let you know if we hear anything from them.
Filed under: Analysis / Opinion, Blizzard, News items
Reader Comments (Page 2 of 4)
Hank Nov 15th 2007 4:04PM
@12, thank you for being the first sane mac user I have ever met.
Brandstone Nov 15th 2007 4:08PM
Any program you run on your computer can "edit or retrieve information at will without even you knowing what has happened". Even programs with limited privileges can at least retrieve most of you data. If you can't trust the source, or identify what they're doing; either don't run it or sandbox/isolate it.
Gazmik Fizzwidget Nov 15th 2007 4:06PM
Mac OS X isn't entirely free from malware: http://www.macworld.com/news/2007/10/31/trojan/index.php
Still, malware on the Mac is far from the epidemic it is on Windows. And with OS X much better protected against most typical attack vectors, it's likely to stay that way. (Unfortunately as this new Trojan shows, there's only so much that can be done to protect against user stupidity.)
Anyway, it's probably worth pointing out: due to the state of Mac malware, there's no Warden on the Mac version of WoW.
Askren Nov 15th 2007 4:17PM
Honestly, I couldn't give a rat's ass either way. I mean, I personally have nothing to hide on my computer, which happens to be a Mac. The way I see it, A.) If Blizz actually looked with any interest at the files contained in the computers of their players, they'd basically find 2 things: work, and porn. I don't think they care much about either as a company. And B.) If I get that little box that tells me to type my rootAdmin password in order to install something, and I don't know what it is, I don't think I'm going to be doing it.
But seriously: What good reason could Blizzard, a multi-million (billion, possibly) dollar company have to care what's on your computer? You have nothing they value, other than the $15 you pay them every month.
thorlok Nov 15th 2007 4:17PM
This is the reason that i have a WOW computer and a computer for everything else. The only thing on my WOW computer is.....you guessed it...WOW. They can dig around in there all they want incase they want to check out my mods or whatever cause thats all they gonna find.
Naix Nov 15th 2007 4:21PM
I just hope they don't install Vista on my PC.
Narissa of Eldre Thalas Nov 15th 2007 4:22PM
LOL I play on Linux, that's right Linux. No worries, no real issues, and not concerned of the data they cannot read from my system.
You windows users, if you cannot afford a mac, go clear a partition, Install Linux. I would suggest Ubuntu.
Mac Users, CHEERS!
Other Linux Users, show some love 8).
Ahoni Nov 15th 2007 4:23PM
This is a big bunch of FUD. Fear. Uncertainty. Doubt. I was wondering how long it would take Mike to post it.Basically, people are upset because they want to be upset. But Blizzard could steal private information from my computer. My neighbor could sneak into my house and slit my throat while I'm asleep. Blizzard might send data back to their servers. So what? What private information has been compromised? What data have they collected? What privacy "rights" have they violated. Right now it is just FUD. We should keep an eye on the situation, but its just FUD.
Naix Nov 15th 2007 4:23PM
Firefox FTW
Karl Nov 15th 2007 4:23PM
@5 LOL You are completely blinded by the BS commercials that Apple has spread out there. Macs are currently among the most vulnerable systems out there. Even Microsoft has started wiping their brow thanking Macs for the reprieve of the spotlight.
Get a clue.
On to the OP, it is a problem. Yes people did agree to a terms of use contract by clicking "I Agree", but the kid that installed WoW on his daddy's system would probably hate to tell him this story. True, there are a good number of gamers out there that could care less about this, but they probably don't keep financial records or important documents on their system. About the only incriminating thing most gamers have on their computers are the Gigs of porn.
The other thing I have to ask is, should companies be allowed to change their terms of use past the original purchase? Or more to the point, how does a user know the terms of use before they install the software>? When you bought World of Warcraft, did you see the terms that you were going to have to adhere to before the purchase? You can't return the product to any store after the seal was broken just because the terms of use were not something that you agreed with, can you? No. So why should a company be allowed to change them even once after the initial agreement? Also, terms of use are generally a blanket statement. I am sure the terms on this one do not include verbage stating that Blizzard is allowed to use "X" software to monitor the processes within your computer system, and the following sentences will explain the limit of the monitoring...
My guess is that nobody has really challenged this in court as of yet. I am sure that one day, someone will have a reason to sue some company for this specific reason, and will inevitably win. We'll just have to wait and see.
Kay Nov 15th 2007 4:25PM
@various comments on the theme of "you agreed to it".
Despite popular misinformation and endless piles of FUD on the subject, EULA's, like all contracts, are only valid so long as they do not contradict the law. They cannot under any circumstance supercede the law.
For example, let's say you sign a contract. In the fine print, this contract demands that you steal some stuff. Stealing stuff is illegal, therefore the contract is null and void. Likewise, a contract legally allowing someone to kill you would not be valid either.
IANAL, and don't know the specifics of state and federal laws regarding software altering/sending out personal data without your knowledge. Perhaps someone who is a lawyer could chime in on the specifics. However, either way...enough with the simple "You agreed to it, end of story." on this and quite a few topics that I've seen it applied to. It's far too oversimplified and ignorant an argument.
jr Nov 15th 2007 4:28PM
@4
read DAVIDSON & ASSOCIATES, doing business as Blizzard Entertainment, Inc.; Vivendi Universal, Inc., Plaintiffs--Appellees,
v.
Tim JUNG, an individual; Rob Crittenden, Defendants--Appellants
your wrong, ToU and EULA are so binding
Solidstate Nov 18th 2007 2:38PM
There is no issue here.
Read the /. discussion people, commenters there who actually understand that this is just FUD have dismissed this totally. I have no idea why wowinsider doesn't do some basic research before trying to scare people...
I think this /. comment sums it up best:
"No one is saying that. What we're saying is that Warden (what a horrible choice for a name) is that, in response to one specific "what if" question about some third party with access to your machine making Warden do something naughty, "if they have access to your machine, then the fact that they can modify Warden to do something naughty is moot... they can modify ANY program on your system to do something naughty."
Your straw man needs to go see the Wizard...."
sotallytober Nov 15th 2007 4:36PM
@30 AMEN! I was just going to type the same thing. Under US Law and the Constitution we have certain rights and no EULA/TOS can impinge on those rights, included in which is a right to privacy. True, Blizzard will likely never run into trouble with this but circumstances in which they could are not out of the question, ie something involving running WoW on a government/corporate computer and data being taken, even unintentionally.
Currently what Blizzard has told us is that all it does is transmit hashes of running processes to Blizzard's servers and if certain hashes (related to malware/exploit programs) are returned the account is flagged. The problem here is that's all they have told us and they can alter Warden however they want without any kind of patch and possibly while WoW isn't even running.
B Lee Nov 15th 2007 4:38PM
It's very ... CNN or Fox News of Slashdot to write up something like this. Yes, the Warden's there possibly watching over me like Big Brother. Yes, Warden IS probably looking at other files on your computer to see if you're a keylogger or hacker. And, guess what? I'm not, so Warden won't find anything. But I bet Warden has found things on other peoples' computers, and I'm glad it did. If it means that I won't get my account hacked, my gear and characters deleted, or I won't have level 1 gnomes with names made up of 15 consonants whispering me while I'm playing in a different zone, then I consider it a good thing. If you don't like it, no one forced you to play the game.
sotallytober Nov 15th 2007 4:41PM
@31 They are legally binding in the respects that pertained to that case which was about reverse engineering of their game servers to set up an individual Battle.net server.
http://www.eff.org/cases/blizzard-v-bnetd/attachments/eighth-circuit-ruling-affirming-district-court-grant-summary-judg
That didn't pertain to the EULA/TOS of WoW at all. The extent of the legality of many parts of the WoW EULA and/or TOS have not been tested in court.
Kurdon Nov 15th 2007 4:47PM
Or, instead of spending massive amounts of money on your OS and the proprietary hardware to run it, you could load up Ubuntu Linux and run WoW under Wine with a better sense of safety than running WoW on Mac. These days, running Linux is actually less painless than OSX by far IMHO, and gives you access to a radically larger pool of games to play when you rely on Wine or Cedega.
Kurdon Nov 15th 2007 4:49PM
@26, you beat me to it! GJ! =D
Glen Larkins Nov 15th 2007 4:50PM
People that proudly sit around and say they don't care and have nothing to hide, one day, when things are so far gone that its near irreversible, you'll realize that privacy doesn't so much stand for hiding something you didn't want others to see, but its a right to not have someone checking up on you just because. I have nothing to hide either, but I sure would object if the local police department passed a city ordinance saying they can search my premises twice a week without a warrant or just cause. No, its not the same thing, but the loss of all liberties start small. Allow a corporation the freedom to do what they want, and its a first step.
Bill Nov 15th 2007 5:06PM
Pure FUD. Folks, if you run a program on your computer, it has access. Period. If it's an online program, it can send it away to the server. It's like saying "OMG! Microsoft has access to your personal files because when a MS product crashes it sends a crash report to a server and a malicious MS employee can have it send your Quicken data files too!