Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Role Playing (Games) Security

NCSoft to Roll Out Hackable Anti-Hack Software 22

Greyzone writes "NCSoft is preparing to use a security product to protect the Lineage II game process from user hacks while running on a user PC. Unfortunately, this product has serious flaws of its own. Securityfocus.com explains the serious flaws and the possible hacks that can be used against user PCs that have installed this software." From the article "It is true that even with this vulnerability the user must still be tricked into running a malicious application that exploits it. However, in South Korea, where the Gameguard service is widely used, net cafes have become part of the social fabric. These machines are ripe fruit for damage."
This discussion has been archived. No new comments can be posted.

NCSoft to Roll Out Hackable Anti-Hack Software

Comments Filter:
  • Still, you can't block every hole in security. Sometimes you just have to hope, right?
    • you can't block every hole in security. Sometimes you just have to hope, right?

      How's about not introducing new holes? That would be a good start.
    • Yes and no (Score:4, Interesting)

      by Pan T. Hose ( 707794 ) on Thursday January 20, 2005 @08:55PM (#11427341) Homepage Journal

      Still, you can't block every hole in security. Sometimes you just have to hope, right?

      Yes, you can. No you don't. Software is just an applied form of discrete mathematics. "Beware of bugs in the above code; I have only proved it correct, not tried it," as Donald Knuth [stanford.edu] once said. It is possible to present a formal proof of correctness for any algorithm. It is nearly impossible and certainly impractical when you have a big mess of spaghetti code like with most of software that is utter crap, but it is possible nonetheless when you know what are you doing and design appropriately, with very clean, small and isolated parts of your system responsible for enforcing its security policies. Take a look at such operating systems as KeyKOS [upenn.edu] and EROS [eros-os.org]. E.g. read Verifying Operating System Security [psu.edu] paper by J. S. Shapiro and S. Weber: "This paper presents a proof of correctness of the EROS operating system architecture with respect to confinement." Read some essays by Norman Hardy [cap-lore.com], especially those on Capability Theory [cap-lore.com]. This is hardly a new idea, see GNOSIS: A Prototype Operating System for the 1990s [upenn.edu] paper by Bill Frantz, Norm Hardy, Jay Jonekait and Charlie Landau, written more than 25 years ago. The bottom line is: it is certainly possible to have a 100% secure system, but developers don't bother because users don't care.

      • I remember they got us to prove around about 5 lines of code correct as part of a module in my Comp. Sci. degree. It took around half an hour of non-trivial effort, so good luck getting companies who churn out millions of lines of code to do this.
        And doesn't it get more complex with increased code size? Is it even feasible for large projects? And what about when you inevitably make a mistake in your calculations?

        (Disclaimer : this was quite a while ago, my memory could be faulty. Feel free to correct me!)
        • I remember they got us to prove around about 5 lines of code correct as part of a module in my Comp. Sci. degree.

          So you know that it is possible, even if not trivial.

          It took around half an hour of non-trivial effort, so good luck getting companies who churn out millions of lines of code to do this.

          I can guarantee you that if people demanded, the companies would do it, and that is exactly what I was saying. Remember that those are customers who have the power, not the companies. The compani

  • That the machines in South Korea's net cafes were already compromised and were used as spam relays. Or was that China?

    And in the environment the Internet has developed into, there's enough proof to show that it doesn't take much to trick even seasoned Internet users into running malicious code.

  • nProtect is not a sure way to eleminate hackers, but it's a pretty good at detecting if any hacks are running. If you used nProtect before, you will know what I mean. I used to run a TSearch and a debugger program for my C++ applications, and nProtect wouldn't allow me in any of it's protected games. I remember a few ways of patching old versions of nProtect, but they are eleminated now, and it's pretty hard to stop for an AVERAGE programmer.
  • Even bigger problem (Score:3, Informative)

    by Cipster ( 623378 ) on Thursday January 20, 2005 @06:30PM (#11425938)
    The main problem with nProtect is that it will do nothing to stop cheaters. The most popular bot for L2 does not even use the game client but runs as a complete standalone app. The protocol the game uses to communicate with the game servers has been completely hacked to pieces and the bots can emulate it perfectly. All this will do is install a bad piece of software on legit users' machines while the botters will bypass it completely.
    Once again chinese botters/hackers > NCSoft (the most popular bots/hacks are made by chinese programmers and are used by the workers of the companies that sell in-game currency for cash).
    • So you mean to tell me that nProtect only keeps track of hacks? Not to prevent them?
      • The problem is NProtect only runs when the game client runs. It's basically a wrapper app around the game client that prevents any app from running concurrent with the game. The first bots for L2 ran on top of the client basically intercepted and manipulated the packets to and from the server.
        The most popular new bot for L2 does not use the client at all but emulates the communication protocol with the server. So botters will never have to worry about it but legit users have to put up with the buggy app o
  • Phantasy Star Online Blue Burst uses nProtect, and the first thing I did was net stop it.

    C:\>net stop npptnt2

    The NPPTNT2 service was stopped successfully.

    Melissa
  • Irony. Sweet, delicious irony. So good.
  • And with it, many, many bugs^H^H^H^H"features."

    My Nostromo N52 is inactivated when I play Lineage2. Why? Because NCSoft, in their infinite wisdom, has determined that this game controller constitutes a "third party bot program" and is, therefore, BAD to use when playing a game.

    A friend's USB keyboard was completely deactivated when he tried to play the game. Seems it's a "programmable" keyboard and that means you can BOT with the keyboard!

    Funny thing is, NCSoft went through quite a bit of trouble to p

UNIX enhancements aren't.

Working...