04-06-2003, 04:15 PM
Isolde,Apr 6 2003, 03:56 AM Wrote:However, since we've decided not to reveal *how* we're deciding who's hacking
The above is indicitive of why Diablo 2 has been and will continue to be hacked to pieces.
Today no one knows how your new detection code works. But the people that want to know have the resources(stolen CD keys, lots of free time, there's a lot more of them then you, etc.) to find out and they will. All you've done is bought yourself a bit of time you haven't fixed any of the underlying problems. Some problems being:
1. A game that requires thousands of hours to "win"(find all the neat stuff, get to high levels). And that is simple and repetitive enough that a computer can be made to play the game.(botting).
2. You trust the client and/or client/server protocol to make decisions it shouldn't be making(tradehack/ITHs).
3. You trust the client with information it shouldn't have(maphack). Though latency issues make this one a lot harder to "fix".
If you want to design secure systems you have to start with the assumption that the attacker knows everything because given enough time the attacker will know everything.
<Rant>
But Blizzard didn't take the above approach. Instead Blizzard wrote an insecure game for a mostly open system(The x86 PC) running on an open networking protocol(TCP/IP) and an open public network(the Internet). And then they attempted through dubious legal(HA!) means to close these open system through their EULA/TOS. And the only way they can even begin to pull all of this off is because most of their customers are ignorant about computers and contracts.
All I wanted was a game to play. But because of Blizzard's inept(blatently obvious hacked to pieces realms) and dishonest(not informing me that their "security" relied on a hidden EULA/TOS until after I spent my money) approach I did get my game. But I also got a nice heap of mental anguish and frustration as well. Argh!!!!!
I much prefer Turbine's approach with Asheron's Call. They acknowledge that the client is on an open system and network and proceed from there instead of trying to define the openness away.
</Rant>