Every week, computer security expert Jon Eldridge is your Azeroth Security Advisor. He will delve into the darkest reaches of computer security rumor and bring the facts back home even if they're wriggling at the end of a pike. His goal is to provide useful information to gamers who don't think about security much and flame fodder for those self appointed experts who need to rationalize the cost of their expensive certifications. Like any good security force he's a mercenary at heart and is happy to take subject requests from the user community that he serves. So feel free to leave a comment below or just sit back and enjoy the show.

Welcome back to the Azeroth Security Advisor. Last week I discussed two of the three ways Blizzard keeps an eye on your computer. This week I'll cover the controversial Warden program whose discovery in Oct 2005 by Greg Hoglund caused a great deal of outrage and confusion not unlike accidentally joining a pickup group full of rogues. Reactions have been so strong that some trolls dwelling in their parents basements are still alternately posting "OMFG BLIZ HACKZ CALL COPS!!!" or "U SIGNED EULA SO STFU N00B!!!!!" depending on which of their medications are kicking in at the time. Most people forgot to care one way or the other within a few weeks and went back to life as usual. Lucky for Blizzard apathy is the universal solvent for organized resistance otherwise they might be facing a class action lawsuit by now.

The Warden's core mission is to continuously audit your PC for suspicious activity while you play. First it reads all the DLL's loaded into the WoW process space, which is a perfectly legitimate activity any way you slice it. After that, the Warden ditches its friendly park ranger hat for a ski mask and takes a look around the rest of your PC. It reads the text in the title bar of every window you have open including that really embarrassing Furry fan site you don't want your friends to know about. Yes Nekudotayim, Bliz knows about your pr0nz.! The Warden then creates a hash code (think fingerprint) of each window title and compares the results to a list of "banning hashes" for potential matches and subsequent divine retribution.

The second act of the Warden Power Tour is to sniff out and hash every single process running on your computer and compare them to the list of banning hashes. So while you are playing WoW, Blizzard takes complete stock of every program, every window, every website and every process on your machine and compares it to a list you will never see... every 15 seconds. Contrary to many fanboy and armchair security expert flames Blizzard does indeed know about your surfing habits while you are playing WoW and a whole lot more. The issue is not what they know but what they choose to audit and act upon via their secret list. For anyone who'd like to watch the Warden sniff around on your PC you can try the Governor written by Mr Hoglund.

Blizzard does not deny that the Warden exists. In one interview a senior producer assured everyone that "we're not the Nazis" but drew a curious parallel between not reading the EULA and contracts with the devil. The Warden is also mentioned within the documents of an ongoing litigation between MDY Industries and Blizzard Entertainment United States District Court, District of Arizona case number 2:2006cv02555 filed October 25th 2006. This lawsuit focuses on the WoW Glider cheat software and its creator. Buried within the mass of documents easily accessible as part of the public record is the following tidbit.

Blizzard's Technical Security Measures

34. Blizzard employs a software program called Warden as a technical measure that prevents unauthorized access to WoW and restricts users from loading unauthorized copies of WoW.

35. When users launch the WoW game client, authenticate to the WoW game server, and access the copyrighted elements of the WoW gaming environment, they must demonstrate that they are running an authorized copy of the game client.

36. Warden enforces Blizzard's rights by running targeted scans of the user's
environment for the presence and/or use of "signatures" of known unauthorized third party programs that facilitate cheating or allow the modification of the WoW interface, environment, and/or experience in any way not authorized by Blizzard.

37. When Warden detects that a user is attempting to run an unauthorized copy of
WoW, Blizzard denies that user access to the copyrighted WoW gaming environment.

"Warden enforces Blizzard's rights by running targeted scans of the user's environment..." This is a bit misleading as they neglect to clarify that at the end of these targeted scans the user's entire system has been examined alien autopsy style. Blizzard considers your entire PC within its jurisdiction and has remained very tight lipped about what they do with the information they gather. Even some forum links to Blizzard's initial response to the 2005 excitement now lead to deleted pages. This is unfortunate. Now that the cat is out of the bag Blizzard would do well to share enough information to establish credibility with their customers and prevent the bad press that would accompany a high profile legal battle.

The Warden establishes very specific information about how a computer running the WoW client is being used and ties that use to a specific account which is in turn tied to the name, address, and credit card number of an individual customer. Certainly enough information is gathered for Blizzard to feel justified in any ban/suspend/spank action they take and confident that they are taking that action against the correct user account. If you don't consider this "personal" stop reading this right now, turn off your TV, take off your rubber elf ears and enroll in a few history or ethics classes at your local college. Whereas Blizzard may not being doing anything sinister with that information it is certainly personal.

Is the Warden spyware? A few security professionals and at least one watchdog group think so. Others argue that the EULA absolves Blizzard from any liability whatsoever. Both arguments have their merits. Frankly the label spyware is a matter of semantics and not worth warming your flamethrower up over. Yes, Blizzard warned you that your computer could be monitored. No, Blizzard didn't really give you a clear idea of how far they would take this liberty once it was granted to them. The Warden is certainly invasive and depending on the contents of that hash list it could be judged either benign or outrageous.

Could the Warden be abused? Sure. Depending on what data is being shared with the Blizzard mothership, subsidiaries of Vivendi easily could benefit from having knowledge of the usage patterns among the WoW user community as a whole or data mine answers to specific questions by verifying the presence or absence of particular hash codes. Law enforcement could provide Blizzard with hash codes of websites or programs that might lead to pinpointing anything from music pirates to the terrorists the US Intelligence community is trying to automatically detect based on user behavior within virtual worlds. Personally I'd pay big cash to watch a reality show based on the CIA analyzing the Second Life user community for suspicious behavior. Imagine how much fun it would be to watch some conservative Homeland Security agent discover their first vending machine full of detachable and interchangeable genitalia.

Is Blizzard the evil empire? Should we ask mom to make us a thicker tinfoil hat? I don't think so. Blizzard does a great job protecting their game from the hackers and grief mongers that would make WoW unplayable given half a chance. The fact that Blizzard allows users to customize their game play via AddOns while successfully guarding against cheating is Uncanny X-Men (before Gambit and Jubilee) cool. Your PC is likely to be infested with software that poses a much larger threat to your well being than the WoW client. What I would change is Blizzard's cloak and dagger approach to employing invasive software as a security guard. Rather than enrolling the user community in a way that would make them supportive of the Warden software they were lazy and shrouded in it mystery which can only result in poor PR.

So what does this all mean for the average user? That is a personal opinion so all I can do is share mine with you. Cheating ruins online multiplayer games. In order to provide a game environment worth paying a monthly fee for game companies are being forced to evolve strong defenses. Sadly this is leading them to make ethically and perhaps in the future legally questionable decisions. The battle over the legal strength of a EULA is just warming up and the results are likely to be different in each country. Ultimately you have a right to be concerned about what somebody could do with the information they gather about you, don't let anybody tell you otherwise. Never assume your computer is safe from unauthorized or unwanted probing, the opposite is frequently the case. Taking a back seat to important issues like your right to privacy is a slippery slope with a predictable outcome.

Tags: anti-cheat-software, eula, hash-code, security, spyware, tweet-this, warden

Filed under: Analysis / Opinion, Account Security, Azeroth Security Advisor