Re: Games - A question
One of the main rules in computer security is that CLIENT SECURITY DOESN"T
WORK. I. e. if you have an untrusted client running your software there is
always a way to circumvent any kind of security you put in place. You can
make it increasingly difficult, but you can never make it secure. A couple of
exzmples:
When Diabolo came out the manufacturer claimed that they made the network
play unhackable, since they used some encryption on the player files, secure
protocol and what not. Cheaters started to appear after maybe a month or two
after the release.
I have once talked to a guy ( system programmer ) who was hired to break
dongle based security on one of the 3D modeling software packets. The reasons
were legitimate, the company that hired him, bought several hundred licenses,
and aparently sooner or later the dongles got all mixed, so they needed any
copy of the the software to run with any dongle or without a dongle. The guy
told me things unimaginable such as physical defects on the CD to prevent
copying, program files that are completely different on disk and in memory,
complex routines that query the dongle etc. etc. etc. It took him about 6
months to figure it out, but he did. That is the point. You cannot secure
something that is not under your full control.
On Friday 30 November 2001 10:57 am, David Roundy wrote:
> I haven't heard of a commonly played closed source online game in which
> people have been unable to cheat one way or another. I'm not sure how it's
> done, but I know in all the games I've played (not many) there are always
> cheaters who give themselves extra minerals, duplicate powerful items or
> whatever. The problem is when the game designer assumes (usually for speed
> reasons) to assume that the client can be trusted.
Reply to: