No security reprieve from Blizzard's Warden
Two good reasons to pass on MMORPGs in the office
World of Warcraft (WoW) and other massively multiplayer online role-playing games (MMORPG) are the source of recent rumbling in the industry. The online gaming numbers are staggering, but the notion that a significant percentage of people is logging in from work is truly the stuff of executive nightmares.
The impact from lost work hours and the legality of alternate-currency businesses or "gold pharming" are worthy of discussion, but the alarm is a bit misplaced. Games have been a staple of computer workers' existence since J. Martin Graetz, Alan Kotok and others cooked up Spacewar! on a PDP-1 in 1961, and people have been exchanging virtual identities and goods for real money since the first multiuser dungeons (MUD) in the '80's.
Such games will always be with us, and the further up the knowledge-worker ladder one goes, the seemingly more essential their importance for blowing off steam. Modern role-playing games aren't my thing, but I'd much rather see a senior security officer ganking Blood Elves in a cathartic frenzy for 30 minutes on company time than losing her cool when cornered by a tightly wound executive in some postincident blamestorming session.
Yet there is a serious problem with gaming on the corporate network -- in fact, there are two. It's not with the games themselves and the effect of their use, but with software installation on an organization's computers by unauthorized individuals and the inclusion in that software of monitoring and self-help components. The former leads to all sorts of compliance issues. The latter leads to real risks of information disclosure and creation of new attack surfaces.
Monitoring and reporting
The Warden is not new in concept or execution. In response to widespread cheating on multiplayer online games, Blizzard Entertainment developed routines for detecting game cheats, eventually coalescing them into a distinct software component known as the Warden. The Warden is included with WoW, Diablo II and other Blizzard games.
When active, the Warden monitors program and process activity on the host computer, and it sends usage data and some desktop information (known to include at least the header of each open window) back to Blizzard's servers over the Internet. Blizzard says the Warden does not gather any personally identifiable information -- only data about the game account -- and only examines the gathered data for evidence of hack or cheat programs.
A representative of a WoW guild (a structured group of thematic players) told the BBC that many of its members support Blizzard's efforts to quash game cheats. "The concern most have is that the program has the capability to read text from open programs, potentially compromising the privacy of some sensitive programs. If someone is afraid of the program reading sensitive information from their programs, one possible solution is simply to not run any additional programs while playing World of Warcraft."
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts