Patch 5.3 interview with Ghostcrawler
Mystery of the Unborn Val'kyr
The latest patch 5.3 news
All of the latest Mists of Pandaria newsBlizzard's new Warden, and our privacy
by Mike Schramm 
Nov 15th 2007 at 3:28PM
Tech community Slashdot is going mad over a little present Blizzard apparently included with patch 2.3 this week: a brand new version of Warden (the program Blizzard uses to check for hacks, bots, and keyloggers) that they say effectively gives Blizzard total control over our computers. The technical stuff is a little hard to understand, but apparently Warden is what's called a "polymorphic program"-- that means that it actually hides from anyone looking at it exactly what it's doing and which files it's changing with a random code. Obviously, Blizzard wants to keep the program's activities secret from attackers-- if a hacker knows what Warden does, then he can more easily avoid it.In previous versions of Warden, this randomization was "easy to predict," but Slashdot is saying that the new version effectively hides from even the user exactly what Blizzard is doing on your computer. Now, there is no clear reason why Blizzard would want to do anything bad with your computer-- odds are that this new software is the most effective version they've yet developed at making sure you can play the game without fear of hacks or keyloggers, and that's all they want to do with it.
But you should know that, according to "Captain Kirk," who wrote this article, Blizzard effectively has access to anything and everything on your computer, and can now edit or retrieve information at will without even you knowing what has happened. There's no reason not to trust Blizzard-- they're a high profile company with a long reputation of developing great software. But if a wayward employee at Blizzard wanted to steal your private information from your computer, or install a virus or malware on your PC, we're being told that this program will let them do it without your knowledge. You agreed to this-- it's in Section 14 of the Terms of Use-- and so it's up to you whether you trust Blizzard with your computer or not.
WoW Insider has contacted Blizzard and asked them to clarify the situation if necessary-- we'll let you know if we hear anything from them.
Filed under: Analysis / Opinion, Blizzard, News items
Reader Comments (Page 3 of 4)
Tridus Nov 15th 2007 5:17PM
#39 has it right.
The fact is that Windows itself can already do this. Your web browser can do it. Warden has been able to do it for as long as it existed.
The new version of Warden is designed to make it harder to predict exactly what its doing. Who does that hurt? Botters. Who is complianing aobut this?
Follow the Slashdot story back to its source, and you come to a blog related to a program that allows you to hide programs from Warden. Who uses that? Botters.
Oh noes, the cheaters are upset!
The fact is that any program you run on your computer is capable of sending data back across the network. Its also capable of reading files. This is a non-story except to botters.
Ahoni Nov 15th 2007 5:24PM
39 & 40 have it completely right.
However, if you want to stir up trouble, make it about privacy or the children. For some reason that always gets them all fired up. What if you combined them and it was about the children's privacy? Oh lord we'd have a mess ....
Markymark Nov 15th 2007 6:00PM
@ 6 Seriously its not that big of a deal... I'f you don't want them to see what your doing don't play.... don't give me that violating my privacy bullshit... I'm no fanboi but its understandable.
Alex Nov 15th 2007 6:09PM
@21: That wasn't really a true virus, it required user intervention to install.
AKA, you had to choose to install it, and then you had to enter your admin password...
mizatt Nov 15th 2007 6:18PM
News flash, for most windows installs, everything you have installed effectively has access to everything on your computer. Big deal
Bunkai Nov 15th 2007 6:47PM
@26 and 37
w00t! Linux FTW!
bodar Nov 15th 2007 6:31PM
@43: True, it's not a virus, but a Trojan is still malware. Besides, that's what social engineering is for. Hell, all they have to do is call it "iTrojan" and Mac users would install it. I kid, I kid... sort of.
Simon Nov 15th 2007 6:52PM
If Warden wouldn't be stealthy, someone would have complained about how easy it is to exploit it.
So, I prefer it is stealthy.
And if you don't trust Blizzard, what the heck are you running their software anyway? If they wanted to the wouldn't need Warden to trash, erase or steal you data. They could just add that "feature" to the next update of any of the bits of executable code you run play WoW and it would have done it's job way before anyone would notice.
Monion Nov 15th 2007 6:54PM
All Warden does is scan currently running processes and your registry looking for certain "signitures," ie: patterns, and if it finds one that's suspicious, it flags it on Blizzard's end. It's a fancy spyware/virus checker that Blizzard is using to ensure that hackers/cheaters/botters aren't destroying the integrity of the game. Pretty much every MMO game uses a tool like this. Also, consider the fact if you run an online virus scan of your computer launched from a website, they're doing the same thing.
The change they made makes it use random hashes instead of a predictable hash. Now, speaking as a programmer, security by obscruity isn't usually a good idea, but it's like any cryptographic algorithm, it's only as strong as the key. Using a predictably rotating key versus using one that changes at random, yes the random one is more secure. It's not changing what Warden does, just how it does it.
For the people who are crying "Oh noes! Think of the children!" your calls ring hollow and years after the fact considering this technology has been in use for years. Anyone can modify a program in memory if you're saavy enough using buffer overflows and the like, but it's unlikely there's a chance that someone can use Warden to take over your machine. Read your data, perhaps, but honestly, it'd be easier to do using exploits in an internet browser or at the operating system level than with a program that just reads data. You've already installed 4 CDs worth of Blizzard's code, which means that you trust them enough to be running their program in the first place. If you didn't, you wouldn't be playing the game anyways.
If you don't trust the company with that data, and that's a reasonable fear, don't play the game. If you want to protect your data, run it on a different computer or run it in a Virtual Machine. Or at the very least just don't run any programs you don't need to in the background. Going to check your online banking with it open, not a smart idea. Basically, it comes down to if you trust the company, and making educated decisions. You installed Blizzard's program in the first place, so that implies you trust them, so now it's a question on whether you educate yourself on the issue and make a decision, or if you read an article or opinion and blindly accept it as fact (including my own posted here!)
Basic Nov 15th 2007 7:02PM
Well when I first saw this I wasn't too concerned. However, now that I've logged in and played a bit my opinion has changed slightly. I noticed that as I played and alt-tabbed back and forth to my XChat application that app would get a SEVERE UI lag.
The XChat app isn't as stable as most windows apps, but I've never seen it behave this way before. It makes me wonder if Blizz is scanning ALL window resources not just the title bar. This could mean a whole new bag of false bannings depending on the content of the chatrooms we visit. :(
KCV Nov 15th 2007 7:06PM
Thank you from someone else who understands something about cryptography and hashes. Predictable hashes and signatures allows cheat/hacks to detect warden and circumvent it. It is polymorphic to avoid cheats detections not your detection. With the same key patterns occuring I am sure hacks out there have discovered how to circumvent warden.
So I read the algorithm is different in every copy of warden out there so they are using unique keys for each copy negates the anti warden hacks out there which makes complete sense.
Justme Nov 16th 2007 6:59AM
I canceled both my subs today. No thanks Blizzard.
Mike Schramm Nov 15th 2007 8:47PM
Monion has it exactly right. I've had people tell me this post goes too far in making an issue out of nothing, and people have also told me that I wasn't hard enough on Blizzard, and that Warden is a rootkit. What's that old saying about you know you're doing it right when you piss people at both ends of the argument off?
The bottom line is that Blizzard has access to your computer, and it's up to you whether that's OK or not. In my opinion, it's fine-- I trust Blizzard enough, as Monion said, to run 4 CDs worth of code on my PC, and so Warden doesn't worry me. But at the same time, realize what you're giving away-- you're giving them full access to your running processes and any sensitive info on your PC. If you're fine with that, great. If you're not, uninstall the game. It's up to you.
TylerV Nov 15th 2007 11:49PM
You know, guys, this could look like a paranoia, but I prefer to protect myself by my own. I am pretty good in security things and this is not hard for me to install the software ones and update it time after time. So why will anyone look after my actions?? If anyone interested I suggest to install Anti-Keylogger(www.anti-keyloggers.com) to forget about keyloggers , you should also add a good anti-virus and firewall to anti-keylogger and you can forget about all the problems with different internet threats.
JALbert Nov 16th 2007 1:32AM
What's funny is this whole stink is being brought up by botters, and nobody really seems to realise it.
Also, @52. If I'm worried about keyloggers, the last thing I'll do is download a problem from a random website on a blog post.
lordfrikk Nov 16th 2007 3:16AM
I think everyone complainin needs to put on his [Tin Foil Hat]. I, for one, would like to play WoW without botters and other form of cheaters. How can Warden be effective against cheaters if they can easily read about Warden's function on web?...
astatine Nov 16th 2007 3:14AM
Consider the following - the first time Warden was "exposed", it was done so by the guy that wrote Wowglider, the very program Warden is designed to detect and stop. And yet, all the IT "journalists" out there couldn't even do the most basic homework to find out if the guy had a stake in Warden being exposed or not. Seems the same people haven't learned anything at all.
Someone Nov 16th 2007 7:19AM
Too much fuss over nothing: they have an improved warden version that bot-makers can't crack? GREAT! Finally we're getting rid of those lazy b@stards!
As for the lame excuses such as "a blizz employee wanting to do X or Y": WTF? You guys forget that you're ALREADY running blizzard's code?
"Oh, but it makes that cheating employee's code harder to detect" - The odds of piano falling on your head are probably much higher, but you don't worry too much about it, do you? And if you worry too much about this, just use another computer, don't store your sensitive information un-encrypted, use a restricted account to run WoW... It's not like this is a REAL threat to any of us!
And in the end, if you still feel uncomfortable, quite WoW altogether and go play something else: it's not like Blizzard shovels WoW down peoples' throats, is it?...
andrea Nov 16th 2007 8:38AM
oh awesome, a pc vs. mac debate. how 1995.
Aberu Nov 16th 2007 9:51AM
I like how the article leaves out the possibility that programmers of this new warden put in safeguards to keep Blizz employees from having that kind of control. Just because you don't know what software does, doesn't mean you should always jump on the scare-us bandwagon. It seems highly unlikely to me that there AREN'T safeguards. All companies don't trust their employees that much.