Secure computing

So you guys seem to have your pulse on the gaming public. Well at least more than most message boards. So what do you think? If secure computing was added to say an RTS title, or an MMORPG how much do you think it would be worth?

PS: assume that secure computing is actually possible. I understand that it’s difficult when the device is in the hands of the enemy (the users) but let’s assume that it can be done.

Could you define secure computing a little better?

Why would the person against the hackers talk in hacker l33t talk?

Chet

Sweet sweet mockery.

Perhaps he’s some sort of marketing suit who thinks he has to speak to us in our sp3c14| |4nguag3?

Is secure computing anything like posthumous dialog?

qt3 is NOT the gaming public. it’s frequented by adults who are often eloquent. the gaming public plays Madden on the ps2 with their classmates.

not that there’s a problem with madden.

Perhaps he’s some sort of marketing suit who thinks he has to speak to us in our sp3c14| |4nguag3?

I’m just an engineer who has been working in trusted computing for a couple of years who happens to play a wackload of online games. Much to my wife’s chagrin.

I constantly tell myself : "Hacks, like maphack for example, just kill the game for me. If they (blizzard for example) could just get with the program and implement some basic level of resistance they could pretty much eliminate hacking from their game. "

Since I think everyone is like me (LOL), I think that there is a huge market out there for this kind of thing. But before I went out and financed my own company to sell trusted computing compilers (jk, too much risk for me) I wanted to see what people who actually know the real market think about such a thing.

Oh as for the leet speak. I thought it was funny. It’s probably not. One of the drawbacks to being an engineer: poor social skills due to lack of interaction :)

You talk to yourself using examples?

Color me stupid, but what the hell are you talking about? “Secure computing” could mean about seventy-eight different things, depending on context.

Do you mean hack-proof computing? IE, everything locked down so that punkbuster becomes irrelevant, that you can be assured that everyone is playing off the same codebase? If that’s what you mean, then yeah, that’d be great.

Or are you talking Secure in the DRM sense? Such that the publisher can be guaranteed that everyone has actually paid for the game? That’d have definite benefits, too.

Personally, I think that they should make a thing that makes your CD drive hand out candy. On demand. I bet they could make a cool acronym for that, too.

When are they going to do all this stuff for us! We need it, and soon!

Hrmm… Google sez:

Your search - “trusted computing compilers” - did not match any documents.

Trusted computing of late has been used as a synonym for “hardware encryption”, and I’ll be damned if I can think of how you’d use that to stop online game cheating.

Do you mean hack-proof computing?

Or are you talking Secure in the DRM sense

They use the same technology under the hood. If you want to make a DRM you need to create a “trusted” environment for your code to enforce those rights. To do that you need to be hack proof. Although hack resistant would be more correct, since it’s clearly impossible to be hack proof (but you can make it very, very hard with hardware support).

Anyway, I’m mostly talking about hack-proof (resistant) computing, where you could trust to a high degree of confidence that your opponent is running the same code that you are and is not employing some kind of enhancement (be it maphack, aim-bot, whatever).

Let’s see. A secure online gaming environment where all users are guaranteed to be playing on equal footing and everyone playing has a valid copy of the game. Where have I heard of this before? Where oh where? Hmmm.

Oh yeah.

Where oh where? Hmmm.

Oh yeah.

And how valuable is the security portion of the service to you? How much would you pay for such a service on your PC?

Errr… nothing?

As a game programmer who thinks about this once in a while (I do a fair amount of online game work), I do not see how this is possible. Even if you’re only talking about locking down the game executable.

Then recall that a lot of the more effective hacks involve tweaking with some system DLL that is supposed to be different on everyone’s system, anyway – e.g. the graphics driver. How are you going to prevent said wall hack?

The only way to really prevent it is to do full occlusion culling on the server, which is prohibitively expensive right now (and has nothing to do with “secure computing”).

Though if you have a genuine idea on how this can be done (without hardware support – they ain’t taking my computer away from me), I’d be enthusiastic to hear it.

-J.

Also, I should say that your best chance at a market for something like this is selling an SDK to developers. Asking a game player “how much would you pay for X” is pretty much the wrong way to go about it.

Though if you have a genuine idea on how this can be done

I would love to say that it is my idea, it’s not. Everyone in the biz (drm) pretty much knows the techniques of how to make it harder (but again not impossible, that’s impossible) to debug an application, or more precisely sections of an application. Heck, I’m sure that any developer given a little bit of time would come up with some decent techniques.

In general most techniques are costly in terms of CPU power, they take development time to setup, and they make your development cycle longer.

Then recall that a lot of the more effective hacks involve tweaking with some system DLL that is supposed to be different on everyone’s system, anyway – e.g. the graphics driver

Don’t know about that kind of hack, sounds like one for an FPS and I don’t really play any FPS games. I guess you are referring to something that changes the game to wireframe or something like that which allows you to see through walls or something. Sounds pretty nasty since you have to verify the integrity of the video driver. You’ll probably need to wait until Microsoft makes secure video path (SVP) although to be honest it seems to have died. Secure Audio Path (SAP) was implemented but I guess the requirements for SVP were too high. Anyway, SVP seemed to be targeted at overlay output, and not the 3d api.

Also, I should say that your best chance at a market for something like this is selling an SDK to developers.

Oh I totally agree. Although it would probably be a compiler or a compiler add-on.

Asking a game player “how much would you pay for X” is pretty much the wrong way to go about it.

I disagree. I just want to feel out how much of a demand there is out there for hack free games. If there is no demand on the consumer end for their games to be hack free, then developers have little impetus to buy the technology to make their game more hack resistant. I know I would pay extra for RTS games that were hack free. Heck, considering how much I like RTS games quite a bit more. But I don’t think that I represent the general gaming populace.

I’m a programmer. What type of magical compiler addon would provide magically secure code? I am aware of the tricks being implemented in BSD & Linux which prevent execution of the stack which prevents buffer overflows, and have read various ideas of how to make hacking harder, but as long as your stereotypical hacker has access to a debugger on a system that has any game related data, he’d be able to mess with it. Its just a matter of time. Once one person finds it out, the game’s over.

The whole problem with hacking is that you’ve got a completely untrusted platform on one end of the calculation, and you don’t have any real control over this system at all.

In regards to your posts about gamers – the fact that you don’t play FPS games instantly reduces you credibility because you don’t appear to be aware of the cheats available for those, and those are the most cheated-on games played currently.

The other thing that bothers me is your perception that “Gamers don’t want hack free games.” Of course they want hack-free games. Customers aren’t going to spend MORE money on it though – if the developer can’t stop people from hacking the game, then the players will get pissed and go somewhere else. They might download a free system like Punkbuster if its not too annoying though.

So, to sum up:

  1. As a programmer I’m extremely dubious about your ideas
  2. As a gamer I’m not going to pay one cent for this because dammit, I shouldn’t have to fork out more money to get a game to play properly online.

#1 can be addressed by giving more more than vague buzzwords and handwaving about what you’d like to do.
#2 can’t be addressed, because that’s a personal opinion.