If Intel is involved...

Bingo!

http://www.gnu.org/philosophy/can-you-trust.html

Any MMO game can (and should be) designed in a way that makes client-side tampering impossible.

Presearing exploit is example where anet developers messed up and added functionality supposed to be in server to client. Long time ago, regen/degen was handled client side, resulting in ludicrous godmode cheats.

Stuff like duping was server side error, and that intel thingie would have done NOTHING against that.

So, local anticheat = fail.

Is this going to be another "Bash Trusted Computing" thread? If so, please educate yourself before you start discussing this issue (I'm at the second summer school on Trusted Computing right now, with Intel and AMD, and even Microsoft; but these guys are not paying me, directly or indirectly; and I work with AMD guys in an open-source project, just so you know I'm not waving the flag for nothing).

This measures are perfectly normal. Security was, is and always will be an arms race. Companies propose security systems (I would agree that TC is a much more sensitive technology than AV and FW) and hackers (bear in mind, now they no longer do it for the fun or reputation, we're talking millions in real money here, with links with mafia and other traffics) push through it, which force companies to fix until a certain point where they have to move to the next security paradigms.

I guess everyone would agree that when TJX's laptop were stollen and many customer information were available to hackers, fixing this issue would be welcome, right? Well, to fix this, you have to encrypt, and to make encryption work, you have to protect the key, and there are NO completely secure way to do that. Until you add hardware control (policy enforcement), which the most difficult and costly way to break (the hacker has to physically get at your computer, much more difficult than sending a trojan, isn't it?).

And since the gaming industry is the biggest one (more than movie and music, which makes people's scare about DRM very relative!), you can expect something big to happen here. I know that Intel's proposals in the last 2 years have been rejected due to their high cost (change in the way PCI works), but they are finding new innovative ways to improve the situation.

As can be seen from the /report system in GW, such features will be received by people shouting messages of "we're doomed" and "it won't work". Until they start to see it works. Which does not mean that this one will work, but at least they try. And if you have a BETTER solution, please apply for a job at Intel. If it's really better, you'll get a very well paid job!

So this is how Intel are going to push their hardware DRM?

Ok, so just to spare you some time, you can look at the wiki site where the opponents of TC have put all their "arguments" (you should look for Ross Anderson's ideas about the TPM being controlled by the white house ...):
http://en.wikipedia.org/wiki/Trusted_computing

They even have a nice video for those who think that a complicated technology can be summarised with a nice video.

Most of this stuff has been debunked in the scientific community, has been implemented by companies and is currently rolled out in the business world (where the highest loss are seen, see health and banking records being stollen).

Totally true. And totally impossible today, because all software is breakable. Any solid programmer knows that. You can most of the time design the software so that exploits don't lead to problems, but for any relatively complex software, this is not true. So you have to introduce an element of hardware, which makes it more difficult (since you have to have physical access).

What scares people is that the same technology that can be used to prevent cheating (well, it's all relative, people can still create scams and phishing, but this is a social engineering attack on the persons, not the computer) can also be used to enforce DRM. And then no more free games, videos and music.

Intel develops the platform, not the application. It's like blaming the car companies for the way people drive their car. (or more precisely for the government's highway code...)

(something tells me I'm going to have a very hard time fighting the wrong ideas here ... please read all my messages before you post a reply, thanks!)

Precisely.

Take me back to the old PSO way any day.
I doubt I would have enjoyed PSO as much if it hadn't been hacked to hell and back. Sega unfortunately didn't like it much.... but it did make the game more interesting. Plus there was a sense of satisfaction to teaching those without the hack-disks to exploit glitches in the game in order to defend themselves against the hackers.
It was the kind of anarchy I can only dream of these days.... but it worked wonders.

http://www.google.com/search?q=modchip HW can make it dificult, but not impossible. If enduser wants his freedom back, you cant really stop him.

---

ASAP programer tries to weasel out from making mess by claiming that mistakes are inevitable, its time to fire him on spot.

Amount of possible attacks on software is finite. All it takes is decent data entry filter and bam! Inpenetrable software. OFC, this is simple model. Its not cheap or anything, but guess what? If you dont do it, security chip wont save your ass because it can do nothing about rogue systems.

Its time for you to call buddies that work for banks. Believe me, they know better than "we cant fix all holes, yadada yadada".

Also, you really cant believe that DRM can be saved by that chip. Its defective by design: For enuser to access content, he must have key, sw to decrypt AND ciphertext. You can make it complicated, but you can never get around this simple fact.

FYI, before you start with "you have no idea..."... I work as software consultant. For banks.

Did you write a compiler? A library linker? Part of an OS kernel? Hardware firmware? (hint: that's roughly the chain of controls that you need to control in SW) I will leave you with this classic paper, before we delve deeper into the madness:
http://cm.bell-labs.com/who/ken/trust.html

You've heard of phishing attacks? And server DDoS? Guess who they target?

BTW, do you know the only OS that have a CC EAL4?

Yep, unless it's done in hardware. Then you have to open the TPM to see they key. And I wish you good luck with that (You'll be billionaire in months if you succeed).

Well, sorry but they should fire you. You apparently say things that are not true, so one could jump to consider what you program as "dodgy"...

(I taught software engineering in 1st year of a computing science university, we teach such things; I'm also working on formal methods, the only thing you could call close to safe computing in SE, look at EAL7 ...)

I wasn't replying to you; i was making a statement.

Also, Intel specifically made mention of it as usable as hardware DRM back four and a bit years ago when the project was kinda widely picked up by the internet, and again highlighted when Apple announced it was going to start using Intel chips.

There are a ton of google entries dated around 2004-2005 which clearly show Intel trying not to say what the hardware was supposed to do, before admitting that it was 'forward-looking DRM'.

If Intel want to argue now that the direction of the project has changed, fine. But DRM was one of the fundamental purposes of that technology. I would be very surprised if it wasn't destined to end up being used in this fashion.

I'm already aware of all of this. I just said AMD are unlikely to be exempt. Where do you get off telling people to 'educate themselves'?

Hardware or not it's still not going to work. Even if the majority of the code is kept server side all someone has to do is find the code that tells the bits of hardware on your end to report to the server. In other words you have program A sitting on a computer telling server B anything that is out of the ordinary. This means the actual monitoring is done client side but reported server side.

They already have this in network security. It's just a behavioral monitoring program put on a chip and it can be defeated. All you have to do is gather a baseline set of readings for normal operation and basically have another program report those to the reporting software while you do whatever you like. to that end you don't even need to know the server side code. All you need to know is the client side code and the normal parameters it checks for, which would also be in the codebase. Then you can design a program that does nothing but lie to the reporting software causing it to send false reports to the server.

The PoC of this has been around for over a year now. It's a simple macro virus that uses Excel features to attack your computer. It slipped past Symantec security and behavioral monitoring software because it was designed to search for and lie to those programs. It did it rather elegantly by taking a digital "snap shot" of the operating system at the moment of installation. It then fed those values to the behavioral monitoring software over and over and over again while it opened up excel and made your computer do bad things. Security software didn't know any better because the virus was sending it data that said everything was functioning normally.

I agree with you, or it's just a tech they can sell to make more money.
The more that "hardware" does things like scan / check stuff or ... it can check for "unlicensed media files or pirated media files and notfiy X" at the hardware level, this should really be controlled at the software level.

The problem is you can have a "box" that between keyboard and usb/ps2 port that can use macro's to simluate keyboard strokes that pc will not be able to detect. Then they can use the arugment must come up with a "standard" to encrypt keyboard to pc communcation... which could also be broken.

Build a better mouse trap, get better mice.

I wouldnt have degree if i werent able to write compiler...

Were talking service, with well defined API and input. There, your attacks are injection ... or injection.

server DDoS is problem, yes, but how would your chip help? It can be remedied by identifiying attacker before its too late, help a bit against swarm.

how does phishing come to this debate, but whever.

z/OS V1R8 for example? Is this googling contest anyway? Some linux distros aim for L5 btw.

EAL7 is possible. Not worth required money for public sector.

http://www.boingboing.net/2007/02/13...hddvd-bro.html for example.

HW still needs key inside, still needs it processed, and is prone to tampering.

But whatever.

Basically, Intel is into this business because they design chipsets. AMD's market share in chipsets is pretty small, so I guess you won't see them anywhere close to this (especially given the risk of getting more people upset, as usually they react berserk when one mentions the magic word "DRM" ... but yes that's not what you said but what someone else said!)

The way they will prevent that is called a "chain of trust": the TPM is a tamper-resistant hardware (open it and it will clear all its content); the BIOS uses it to store a hash of the boot loader, which i then started and in turns hashes the boot loader, and so on until the particular OS, libraries and the game (probably in a virtualised compartment, but this is a bit off-topic) run. And these last components will not enable you any kind of reverse engineering (the API will be restricted to what the game needs) or have any unrelated features (you run your game in one "compartment" and the rest in another, the two compartment use separate memory spaces that can't be read from the other compartment). Plus you'll use some of the crypto that the TPM provides to hide the communication with the server (you can't see the keys inside the TPM unless you hack the OS which will not be permitted in these scenarios).

This is NOT, to my knowledge, the way they plan to implement it. Just one possible scenario.

An ulterior motive? Behind a hardware keylogger? How could you possibly suspect a thing? My $5 says that data is going to end up fed to corporate "employee monitoring" spyware and/or Dick Cheney and his domestic spy programs relatively quickly after release.

At any rate, such a system would be easily defeated by a hardware dongle. It's not like we haven't had third-party hardware devices to spoof user input since the first "turbo" controller for the NES or anything....
If you wanted to get really fancy, you could give your dongle an additional USB connector and feed it the (complex, situation-dependent) output from a macro to feed back into the keyboard input.

Moreover, the unit is going to need a driver, either in windows or in firmware, which leaves open the possibility of disabling it with a "patched" driver.

So...

Precisely.

While their implementation isn't always perfect, a-net's anti-cheating philosophy is -- Presume the client is infinitely hackable; Move everything that isn't "mere I/O" to the server; Make sure your input is coming from the right user (session encryption ftw); Sanity check you input (The pistol-turned-machine gun in the FoxNews <shudders with disgust> report could be easily dealt with by implementing a max refire rate for the gun.. duh...); And don't send any output to the client that you don't want the user to know (D2 maphack ftw).

Ever heard of whitelists?

Go ask the banks . Impenetrable SW does not exist in any way. You' have a good example of why in Ken Thomson's paper. Or when you realise that any SW runs on the processor, which the SW has no control over.

Maybe if you're the chip maker. The big guns in the business already started trying to break it, without the hind of a chance. Furthermore, thanks to a clever design, if you succeed in opening your TPM, you'll only get keys for your platform, which are different from anyone else's.

Yes, but they cant be emloyed in most places ...

But you have controll of HW - you choose it. Thats why majority should run server side where you controll it and why you expect every outside machine as dangerous, because you cant make sure that it stays trustworthy.

Point here is that you can not make software secure if there is physical access to machine which runs it (that procesor of yours helps, but does not stop it.).

But you can secure remote server enough to be inpenetrable /unless you got some social engineering going on, but nothing expect common sense helps against that./.

Human factor is greatest threat here. Give it a while of being masproduced.

The problem with this sort of thing is that we're going to get into a situation where Guildwars (etc) only runs on PCs with all the latest "trust" hardware from a "trusted" group of hardware vendors all of which probably charge a premium.

If you've got a PC thats a couple of years old, or if you don't want to pay for trust hardware you'll be flagged as a likely hacker, or banned from playing at all.

If MMOs think they have to rely on these sort of things, they should just do everyone a favor and run on consoles instead.

Very good point. One thing you should know: all the people (including me I realise) talk about these system in the present tense, while they should mention these systems won't be here before 3 or 4 years. Until then, people will continue to be scammed and credit card databases will continue to be stolen.

This thread reminds me of the one on the /report feature. The only vocal people are the ones complaining, and sometimes whining (those that can no longer play nasty and get pleasure from annoying other people). The ones that have no problem with the system don't talk.