No security reprieve from Blizzard's Warden
Two good reasons to pass on MMORPGs in the office
World of Warcraft (WoW) and other massively multiplayer online role-playing games (MMORPG) are the source of recent rumbling in the industry. The online gaming numbers are staggering, but the notion that a significant percentage of people is logging in from work is truly the stuff of executive nightmares.
The impact from lost work hours and the legality of alternate-currency businesses or "gold pharming" are worthy of discussion, but the alarm is a bit misplaced. Games have been a staple of computer workers' existence since J. Martin Graetz, Alan Kotok and others cooked up Spacewar! on a PDP-1 in 1961, and people have been exchanging virtual identities and goods for real money since the first multiuser dungeons (MUD) in the '80's.
Such games will always be with us, and the further up the knowledge-worker ladder one goes, the seemingly more essential their importance for blowing off steam. Modern role-playing games aren't my thing, but I'd much rather see a senior security officer ganking Blood Elves in a cathartic frenzy for 30 minutes on company time than losing her cool when cornered by a tightly wound executive in some postincident blamestorming session.
Yet there is a serious problem with gaming on the corporate network -- in fact, there are two. It's not with the games themselves and the effect of their use, but with software installation on an organization's computers by unauthorized individuals and the inclusion in that software of monitoring and self-help components. The former leads to all sorts of compliance issues. The latter leads to real risks of information disclosure and creation of new attack surfaces.
Monitoring and reporting
The Warden is not new in concept or execution. In response to widespread cheating on multiplayer online games, Blizzard Entertainment developed routines for detecting game cheats, eventually coalescing them into a distinct software component known as the Warden. The Warden is included with WoW, Diablo II and other Blizzard games.
When active, the Warden monitors program and process activity on the host computer, and it sends usage data and some desktop information (known to include at least the header of each open window) back to Blizzard's servers over the Internet. Blizzard says the Warden does not gather any personally identifiable information -- only data about the game account -- and only examines the gathered data for evidence of hack or cheat programs.
A representative of a WoW guild (a structured group of thematic players) told the BBC that many of its members support Blizzard's efforts to quash game cheats. "The concern most have is that the program has the capability to read text from open programs, potentially compromising the privacy of some sensitive programs. If someone is afraid of the program reading sensitive information from their programs, one possible solution is simply to not run any additional programs while playing World of Warcraft."
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts