open All Channels
seplocked Linux
blankseplocked Eve on Linux and antibotting
 
This thread is older than 90 days and has been locked due to inactivity.


 
Author Topic

kakmonstret
Posted - 2011.04.06 10:53:00 - [1]
 

Anyone seen or heard any comment from the eve security team regarding Wine and the new technical methods for detecting bots. I'm not sure if there could be a problem but I wouldn't be surprised if wine shows up somewhat differently then windows to this sort of analysis.

Also could there be a risk that botters would take advantage of the extra layers involved in running eve on Linux and moving their bot tools over to Linux? E.g. hard for client tampering detection to detect tampering going on between wine and Linux, instead of between Eve client and directX?

I would be the first to celebrate if we got rid of bots. But It wouldn't help me much if it means I can't play.

Sevarus James
Minmatar
Meridian Dynamics
Posted - 2011.04.06 11:04:00 - [2]
 

Haven't heard a thing...and don't expect to either. If wine showed up differently we would have a more accurate count of linux users of EVE. Rolling Eyes

kakmonstret
Posted - 2011.04.06 11:10:00 - [3]
 

Yeah when we all stop playing worst case. Showing up differently in these cases is not good.

We should almost pay a ticket for a Linux person to go to fanfest and ask relevant questions...

Admiral Finkus
Posted - 2011.04.07 03:03:00 - [4]
 

Originally by: kakmonstret

We should almost pay a ticket for a Linux person to go to fanfest and ask relevant questions...


I hereby selflessly volunteer for this solemn duty.

The trouble with getting linux statistics is that many people who would otherwise run it on linux play it in windows instead so they don't have to deal with wine and some of the issues it can have. Personally, I'd never boot into windows again if it wasn't for Eve.

kakmonstret
Posted - 2011.04.07 07:37:00 - [5]
 

Originally by: Admiral Finkus
Originally by: kakmonstret

We should almost pay a ticket for a Linux person to go to fanfest and ask relevant questions...


I hereby selflessly volunteer for this solemn duty.

The trouble with getting linux statistics is that many people who would otherwise run it on linux play it in windows instead so they don't have to deal with wine and some of the issues it can have. Personally, I'd never boot into windows again if it wasn't for Eve.


Very true, but that group is next to impossible to count. The sad state of affairs today AFAIK is that not even players like my self that only use Linux is counted in any way.

Maybe we should shoot a mail at security@ and ask if they try to avoid detecting wine/Linux as tampering with the client.

Sevarus James
Minmatar
Meridian Dynamics
Posted - 2011.04.10 12:09:00 - [6]
 

wtf is this all about? tampering? Dude, eve running under linux via wine...shows up as windows to CCP. So where do you get the idea that they see tampering? Seems you are wagging the dog here.

Whitehound
The Whitehound Corporation
Frontline Assembly Point
Posted - 2011.04.10 17:14:00 - [7]
 

Edited by: Whitehound on 10/04/2011 23:20:24
From what I have picked up by watching some of the Fanfest videos are their security methods encapsulated and do not go beyond the client and server. I do not think they will scan your system software and hardware or try to take control over it or such. Instead, their security will likely rely on encryption challenges between the client and the server. If you then inject data or code into the client without knowing the secret keys on both sides will the encryption challenge fail and raise an alarm with CCP.

One will also still be able to cheat, because in the end can one use a computer to control another computer's mouse and keyboard, or you may just say that there are as many ways to cheat as there are counter measures... CCP does however monitor the players' activity. So you will be able to continue running some macros, but as soon as you make lots of ISKs without taking an occasional break, will it raise an alarm with CCP, too.

It is an indirect detection. To understand it, think of a Black Hole in space for a moment... Black Holes cannot be seen directly, but their existence can be proven by their effects on their environment. It is enough to observe the gravitational pull of a Black Hole on other stars, to understand that there is a very small and super-massive object. Once the mass of this object is calculated (by looking at the mass and movement of the surrounding stars) can one see that its mass is so large that it can pull in light and therefore has got to be a Black Hole.

It is the same with bots and macros. In the end, it is not the point of CCP to fight each and every bot and macro, because these violate the EULA, but to fight the effect of bots and macros on the game. It also means that if you are a very lazy player, who does not know how to play the game right, who makes no ISKs and runs a macro instead, will you not get detected as your income is that of any other player. You could say that your pathetic failure to succeed in EVE is already your punishment - for not being able to succeed without using a macro or bot.

So hopefully will CCP be able to fight bots and macros without bloating up the client and by being smarter and one step ahead of the bots and macros that pose a threat.

kakmonstret
Posted - 2011.04.11 05:58:00 - [8]
 

Originally by: Sevarus James
wtf is this all about? tampering? Dude, eve running under linux via wine...shows up as windows to CCP. So where do you get the idea that they see tampering? Seems you are wagging the dog here.



It may show up as windows to some extent. But it doesn’t behave exactly the same in every way. Especially if they compare relative execution time or things like that. There is a lot of metrics that CCP can use where wine will look different.

So it all comes down to what they measure and if they make a test with wine also.

What I got from the fanfest videos what that they uses multiple methods to detect cheating. Both things like analysing behaviour but also looking for hooks and tampering. So as far as I can understand the situation there may be a problem with wine.

Whitehound
The Whitehound Corporation
Frontline Assembly Point
Posted - 2011.04.11 06:06:00 - [9]
 

Originally by: kakmonstret
What I got from the fanfest videos what that they uses multiple methods to detect cheating. Both things like analysing behaviour but also looking for hooks and tampering. So as far as I can understand the situation there may be a problem with wine.

There is no problem with WINE. The security features are not just coming, but are already in place. If there was an issue then you would know by now and one could simply not play under Linux.

kakmonstret
Posted - 2011.04.11 07:25:00 - [10]
 

Originally by: Whitehound
Originally by: kakmonstret
What I got from the fanfest videos what that they uses multiple methods to detect cheating. Both things like analysing behaviour but also looking for hooks and tampering. So as far as I can understand the situation there may be a problem with wine.

There is no problem with WINE. The security features are not just coming, but are already in place. If there was an issue then you would know by now and one could simply not play under Linux.


Well they also stated that they are rolling it out a bit at a time. So we don't know that for sure yet.

Whitehound
The Whitehound Corporation
Frontline Assembly Point
Posted - 2011.04.11 08:29:00 - [11]
 

Edited by: Whitehound on 11/04/2011 08:34:47
Originally by: kakmonstret
Well they also stated that they are rolling it out a bit at a time. So we don't know that for sure yet.

Do not be paranoid. You will not get told any specifics at all, because Linux is not being supported by CCP. You probably think that it is much easier to protect a Windows application than it is to protect a Linux application. If CCP starts putting stuff into the client which increases the hardware and system specs of the client platform, then it is going to cut off more Windows users from playing EVE than it has got players who use Linux/WINE.

Sevarus James
Minmatar
Meridian Dynamics
Posted - 2011.04.11 10:29:00 - [12]
 

oh egads. you are using terms such as 'may' and 'might' and are just speculating. CCP actually has indicated that they 'sniff-test' with a wine client prior to release. (2 ff's ago.) Several devs have publicly stated that they prefer 'nix. You need to either find some evidence to back up your claims or cut the FUD out. Because that is currently what this thread is...FUD.

kakmonstret
Posted - 2011.04.11 11:12:00 - [13]
 

Edited by: kakmonstret on 11/04/2011 11:20:00
Edited by: kakmonstret on 11/04/2011 11:18:15
Originally by: Sevarus James
oh egads. you are using terms such as 'may' and 'might' and are just speculating. CCP actually has indicated that they 'sniff-test' with a wine client prior to release. (2 ff's ago.) Several devs have publicly stated that they prefer 'nix. You need to either find some evidence to back up your claims or cut the FUD out. Because that is currently what this thread is...FUD.



I'm being unclear exactly because that is the only way to lift this. I'm being unclear because I can't know what methods the security team uses or if they make any testing against wine. I know they do some snifftesting that seems to amount to the client starting and I'm happy about that. BUT that doesn't have to cover to check what data a client on wine sends back to the security team. My point with this thread was to determine if anyone had seen/heard any information and if not try to get that info.

I rather be a bit proactive and ask one thing to much then stand with bans falling down on us one day.

I try to be clear that it doesn't have to be a issue, but I remain convinced that there well may be.

My fear is that one day the security team will look at the data grouped into different "types" of users. Some they know like that is a normal windows user, that is a botter using bottingtool X and then, what is this strange group over here? This may never happen but if we know that they have a reference profile that is a Linux/wine user we can be somewhat sure that it never will.

So not sure what you are calling FUD and why I would want to spread that. The truth is that in some regards wine doesn't look exactly as Windows it will most likely never do and it's not sure that there is any reason for it to do.


//Edit:
"You probably think that it is much easier to protect a Windows application than it is to protect a Linux application."
Nope I don't think so at all.
But in this case you have the difference that the wine implementation is quite easy to make real compile time hooks into in c. While you have to do binary modifications into the winapi libraries in windows to do the same over there. This is not hard per say but it requires quite a different and somewhat more rare skill set. Or use the provided hooking mechanisms that ccp probably has easier to check against.

Scorpyn
Caldari
Infinitus Odium
Posted - 2011.04.11 13:23:00 - [14]
 

Note that this thread was posted in the linux section.

I very much doubt that a game with a linux section will become impossible to run with wine.

If I'm wrong I'll just have to unsubscribe until it works again.

kakmonstret
Posted - 2011.04.12 11:29:00 - [15]
 

Originally by: Scorpyn
Note that this thread was posted in the linux section.

I very much doubt that a game with a linux section will become impossible to run with wine.

If I'm wrong I'll just have to unsubscribe until it works again.


Please note that since CCP discontinued the official Linux client Linux has no official support and this forum was left for the community to help it's self. There is an unofficial promise to do some limited testing with wine. That is the total extent of things we can expect.

Nora Smith
Gallente
Space Frontier Foundation
Posted - 2011.04.13 10:38:00 - [16]
 

Edited by: Nora Smith on 13/04/2011 10:38:30
I watched the Fanfest security presentation, and the short summary of what has been said is that CCP won't implement a "spy" tool like Blizzard's "Warden" tool, that scans your installed software, HDD content, and running processes. They currently rely solely on server-side behaviorial analysis (e.g. 23/7 online time, and repeating patterns like mining all day long), the new bot reporting feature and toolset and, in a later patch, some client-side routines that check processes interacting with the client via messages or simulated HID commands.

All those methods are, in my opinion, safe for players using Wine. Although CCP has discontinued the (crappy crappy) Cedega based Linux client, some CCP devs use Linux, and Wine to run EVE. Still having the Linux board in the forums show that CCP gives us means to discuss our beloved platform, and thus, they won't implement any detection routines which suspect Wine being a botting tool.

As your point on porting Bots to Linux/Wine and take advantage of the open source model to integrate the bot into Wine (or at least using Wine to hide the bot process from EVE) is valid and there already might be some running examples, a bot stays a bot, and it's behaviour differs from normal "human" playing, thus it will still be detected by CCP's server-side forensic analysis.

kakmonstret
Posted - 2011.04.13 11:15:00 - [17]
 

I looked at the presentation video and my interpretation is that they won't look at anything outside the EVE client process but that they will look at things in the client process. Thus meaning more then behaviour analysis on the server. The big difference to warden being that they ain't spying on what you do on your machine outside the process.

The wine stuff could in some ways change behaviours inside the process hence my questions/worries.

Nora Smith
Gallente
Space Frontier Foundation
Posted - 2011.04.14 06:23:00 - [18]
 

Edited by: Nora Smith on 14/04/2011 06:22:47
Just as a side note, many people play World of Warcraft with Wine, and even Blizzard's Warden tool doesn't b'itch about it.

Whitehound
The Whitehound Corporation
Frontline Assembly Point
Posted - 2011.04.14 14:15:00 - [19]
 

Originally by: Nora Smith
As your point on porting Bots to Linux/Wine and take advantage of the open source model to integrate the bot into Wine (or at least using Wine to hide the bot process from EVE) is valid and ...

One can hide processes under Windows, too. Open source is not a threat and one does not need open source to implement a bot. And only to counter the argument - closed source makes it impossible to know what an operating system is doing and offers just as much hiding space for a bot.

Saying it can be done under Linux, too, or that it would be easy for the OP to do it, is just dumb. Linux players are a minority. The OP has not yet realized that he is asking for getting Linux blocked by CCP. I do not see the point here.

kakmonstret
Posted - 2011.04.15 06:51:00 - [20]
 

Originally by: Whitehound
Originally by: Nora Smith
As your point on porting Bots to Linux/Wine and take advantage of the open source model to integrate the bot into Wine (or at least using Wine to hide the bot process from EVE) is valid and ...

One can hide processes under Windows, too. Open source is not a threat and one does not need open source to implement a bot. And only to counter the argument - closed source makes it impossible to know what an operating system is doing and offers just as much hiding space for a bot.

Saying it can be done under Linux, too, or that it would be easy for the OP to do it, is just dumb. Linux players are a minority. The OP has not yet realized that he is asking for getting Linux blocked by CCP. I do not see the point here.


Over reading much?

My main point have always been. if CCP actually test what results wine gets with regard to the new monitoring.

This side discussion about if it is easier to write a bot with wine is just that a side discussion. But from a technical standpoint I still think it could be easier.

So I'm asking CCP to make it impossible for me to play the game, yeah that is *really* *really* likely. I discuss technicalities to the best of my knowledge and I will do that regardless what you believe could follow. If CCP bases their blocking on OS:s on a random forum post they would probably blocked Linux ages ago based on some real FUD from some real wintard.

Lederstrumpf
Posted - 2011.04.18 11:04:00 - [21]
 

Originally by: Admiral Finkus
The trouble with getting linux statistics is that many people who would otherwise run it on linux play it in windows instead


I'm capable of installing Linux and Wine and such, but for now I did stick to the buggy Mac OS client. Conclusion of the MAC experience: It's not worth it to invest any "Linux system integrator time" due to CCP not encouraging it by not paying enough respect to user feedback in general.

Whitehound
The Whitehound Corporation
Frontline Assembly Point
Posted - 2011.04.20 14:56:00 - [22]
 

Edited by: Whitehound on 20/04/2011 16:33:22
Originally by: kakmonstret
Over reading much?

How about you close your mouth and open it again when there is a problem? Just as an idea... The last this part of the forum needs is a Linux troll.

kakmonstret
Posted - 2011.04.21 10:12:00 - [23]
 

Originally by: Whitehound
Edited by: Whitehound on 20/04/2011 16:33:22
Originally by: kakmonstret
Over reading much?

How about you close your mouth and open it again when there is a problem? Just as an idea... The last this part of the forum needs is a Linux troll.


I like to be proactive, maybe you don't. I don't care, if all you want to do is to throw silly accusations around maybe you should shut up.

Whitehound
The Whitehound Corporation
Frontline Assembly Point
Posted - 2011.04.21 10:48:00 - [24]
 

Originally by: kakmonstret
I like to be proactive, maybe you don't. I don't care, if all you want to do is to throw silly accusations around maybe you should shut up.

Oh yes, you are trolling. I summarize it for you: you want CCP to support Linux and at the same time make CCP believe how much easier it is to write bots under Linux.

And now you want to call it proactive ... it is proactive trolling. Laughing


 

This thread is older than 90 days and has been locked due to inactivity.


 


The new forums are live

Please adjust your bookmarks to https://forums.eveonline.com

These forums are archived and read-only