RE: World of Warcraft hackers using Sony BMG rootkit

[Dennis Lubert <plasmahh () tzi de>]

Am Donnerstag, den 03.11.2005, 11:02 -0500 schrieb Dave Hawkins:
> My knowledge of PunkBuster is limited, but it doesn't rely on
> process-scanning only (as I believe warden does).  A PB admin can grab a
> screenshot from the player's system to check for evidence of a cheat
> (for example, a hack that lets you see through walls in a 1st-person
> shooter).

Well, this prevents only against not so well done cheats. Since
Punkbuster is also only a Software it can be tricked. Its mainly purpose
seems to be to protect against the occasional cheater, which probably
99% of cheaters are. It even tries to "protect" agains things like
setting screen bit depth to 16Bit etc. and can be tricked quite easily
(like for user visible cheats, disable itself while the screenshot is
beeing made). Normal scans are also done for file integrity, and for
files on the hdd that are not allowed in certain directories.
Whats worse about Punkbuster is that recent versions force people to run
games with higher privileges. Although they can be enabled for normal
users, most users just run the game as Administrator. And as we all
know, games are not focused on online security...

greets

Dennis

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.