Monday, August 08, 2011

RIFT Integrates 'Warden' Like Anti-Cheat

We have been informed by a well-known source that RIFT is currently scanning your computer of all running processes for bots and hacks. At this moment, it is only innocent name-matching, however there is potential for much more malicious activity. Their anti-cheat also checks for loaded modules (DLLs) within the Rift.exe process itself, and scans for one notable, yet legitimate, module that all users should be aware of. Read on to learn more.

At the moment, Trion is not scanning, or doing anything seriously malicious, however with very small code-changes, this can change drastically. This includes reading the content of any open text window (emails, web page content, more importantly, private information such as SSNs, credit card numbers, etc.), as well as tracking such info. (Please, PLEASE do note; Trion is NOT currently scanning this info, however it is entirely possible) With that said, this does not mean there isn't a huge potential hole in any gamer's security, from a 3rd party source, or Trion themselves.

We referred to this as a "Warden" like anti-cheat because there were (and still are) major complaints when Blizzard's anti-cheat came to surface. [1]Warden was scanning window titles, which could obtain vital information you input into your computer. They no longer do it, as it posed a humungous security risk, which lead to them removing that part of their anti-cheat.

Trion is currently scanning for a few well known .exe's (the processes) and a few injected modules (dll's) for bots and hacks. One of the injected modules they are searching for, isn't even malicious, or a bot/hack in nature, which can cause a legit users to get banned from their services for no reason at all. The module they scan for? Mscoree.dll. This module is the main .NET library (it is basically the 'required' module to run any .NET based application, or any 'plugin' style module that uses .NET), and as such, is a legit module, which many, many, programs these days use. Including programs that use .NET to create "global hooks" (think of a global hotkey, etc.) However, since they are considering it a 'hack', they will eventually end up banning legit users. You have been warned, make sure you check every program you run to ensure you don't run the risk of getting banned for a legit program.

They aren't just catching botters and cheaters, but they are actually stepping outside of their own process, and are willing, and able, to scan anything running on your computer.

Should Trion have that much power? To allow a scanner that can potentially expose you and leave you without the slightest thought of knowing it ever happened? They may be catching botters and cheaters, but at what expense is it okay? Blizzard's Warden may have done this in the past, but they have limited themselves to what it can see and how the information is used. We may live in the 'Information Age' but definitely not the 'Invasion Age'. There will be more to come as we gain more information on the matter, thanks for reading! Let us know what you think on the matter, is it worth it to you? More updates to come.


Post a Comment

RIFT: News and guides © 2009