http://sunbeltblog.blogspot.com/2005/10/watching-blizzard.html
I’m a little late on this one, but as a follow-up from my previous post on Blizzard and the Warden Client (which allegedly has spyware-like attributes):
Greg Hoglund (co-author of “Exploiting Software, How to Break Code”) has released a program called “The Governor”, which shows exactly what Warden is doing.
The fact is that the warden client reads information from other processes on the computer. Regardless of the reasons, this technically counts as 'spying' on a user. So, reasons aside, the term 'spyware' is fitting.
Rather than debate the morality of this behavior, I would like to give the consumers the power to make this decision for themselves. I am releasing a program called 'The Governor'. The Governor is very simple - it watches the activities of World of Warcraft, and clearly reports which data is being read from other processes. The Governor makes no attempt to subvert or alter the behavior of the warden client, or World of Warcraft. The Governor will not assist you in cheating. The Governor exists for one reason, to tell you the truth.
Link here via EFF Deep Links (also worth reading), via Boing Boing.
I’m a little late on this one, but as a follow-up from my previous post on Blizzard and the Warden Client (which allegedly has spyware-like attributes):
Greg Hoglund (co-author of “Exploiting Software, How to Break Code”) has released a program called “The Governor”, which shows exactly what Warden is doing.
The fact is that the warden client reads information from other processes on the computer. Regardless of the reasons, this technically counts as 'spying' on a user. So, reasons aside, the term 'spyware' is fitting.
Rather than debate the morality of this behavior, I would like to give the consumers the power to make this decision for themselves. I am releasing a program called 'The Governor'. The Governor is very simple - it watches the activities of World of Warcraft, and clearly reports which data is being read from other processes. The Governor makes no attempt to subvert or alter the behavior of the warden client, or World of Warcraft. The Governor will not assist you in cheating. The Governor exists for one reason, to tell you the truth.
Link here via EFF Deep Links (also worth reading), via Boing Boing.
------------------------
Original Post:
I have a lot of love for Blizzard, but this sort of thing is inexcusable. And it's coming from quite a reputable set of bloggers, lending the original source a fair deal of credence. Either way, I don't play WoW, but have to flag this.
http://sunbeltblog.blogspot.com/2005/10/is-warcraft-spyware.html
Is Warcraft Spyware?
Well, not Warcraft/World of Warcraft per se, but an an application called the “Warden Client”, downloaded on the fly from Blizzard servers.
From Rootkit.com:
“I watched the warden sniff down the email addresses of people I was communicating with on MSN, the URL of several websites that I had open at the time, and the names of all my running programs, including those that were minimized or in the toolbar. These strings can easily contain social security numbers or credit card numbers, for example, if I have Microsoft Excel or Quickbooks open w/ my personal finances at the time…
Next, warden opens every process running on your computer. When each program is opened, warden then calls ReadProcessMemory and reads a series of addresses - usually in the 0x0040xxxx or 0x0041xxxx range - this is the range that most executable programs on windows will place their code. Warden reads about 10-20 bytes for each test, and again hashes this and compares against a list of banning hashes. These tests are clearly designed to detect known 3rd party programs, such as wowglider and friends. Every process is read from in this way. I watched warden open my email program, and even my PGP key manager. Again, I feel this is a fairly severe violation of privacy, but what can you do? It would be very easy to devise a test where the warden clearly reads confidential or personal information without regard.
This behavior places the warden client squarely in the category of spyware. What is interesting about this is that it might be the first use of spyware to verify compliance with a EULA. I cannot imagine that such practices will be legal in the future, but right now in terms of law, this is the wild wild west. You can't blame Blizz for trying, as well as any other company, but this practice will have to stop if we have any hope of privacy. Agree w/ botting or game cheaters or not, this is a much larger issue called 'privacy' and Blizz has no right to be opening my excel or PGP programs, for whatever reason.”
Well, not Warcraft/World of Warcraft per se, but an an application called the “Warden Client”, downloaded on the fly from Blizzard servers.
From Rootkit.com:
“I watched the warden sniff down the email addresses of people I was communicating with on MSN, the URL of several websites that I had open at the time, and the names of all my running programs, including those that were minimized or in the toolbar. These strings can easily contain social security numbers or credit card numbers, for example, if I have Microsoft Excel or Quickbooks open w/ my personal finances at the time…
Next, warden opens every process running on your computer. When each program is opened, warden then calls ReadProcessMemory and reads a series of addresses - usually in the 0x0040xxxx or 0x0041xxxx range - this is the range that most executable programs on windows will place their code. Warden reads about 10-20 bytes for each test, and again hashes this and compares against a list of banning hashes. These tests are clearly designed to detect known 3rd party programs, such as wowglider and friends. Every process is read from in this way. I watched warden open my email program, and even my PGP key manager. Again, I feel this is a fairly severe violation of privacy, but what can you do? It would be very easy to devise a test where the warden clearly reads confidential or personal information without regard.
This behavior places the warden client squarely in the category of spyware. What is interesting about this is that it might be the first use of spyware to verify compliance with a EULA. I cannot imagine that such practices will be legal in the future, but right now in terms of law, this is the wild wild west. You can't blame Blizz for trying, as well as any other company, but this practice will have to stop if we have any hope of privacy. Agree w/ botting or game cheaters or not, this is a much larger issue called 'privacy' and Blizz has no right to be opening my excel or PGP programs, for whatever reason.”
Further reading:
http://blog.xavier.ashe.com/blog/_archives/2005/10/9/1290491.html
http://www.rootkit.com/blog.php?newsid=358
Editted for a Note: The counter-argument so far seems to be that the data "doesn't go anywhere."
