Tuesday, May 20, 2008

May 20th ban wave: WoW 2.4.2

Alright it's no secret that there was a pretty big ban wave in World of Warcraft today, apparently hitting Inner Space, Glider, and unapproved addons, among other things (note: I don't know if they hit unapproved addons, or other things, I'm going off of secondhand information from sources that may not be accurate). Hats off to Blizzard for pulling off the Inner Space and Glider detections without tipping off the communities. It's been a while since the last time that happened.

So to that end, I first need to address the people who are wondering how it happened. ISXWarden and Glider's Tripwire both attempt to identify when a new Warden is distributed with new functionality. So why did neither prevent this ban wave? Simple. Warden was not updated. The detection method was hidden away in the 2.4.2 WoW client itself.

But it's not always that simple for Blizzard to get away with. First, Blizzard has no guarantee that the detection code will slip past researchers. The last time this was attempted, according to my logs, was WoW 2.1.0, released on May 22, 2007. I prevented that from affecting ISXWarden or Glider. This one (2.4.2) happened to slip past -- a mistake that is hopefully never repeated, but errare humanum est. Secondly, Blizzard can only update the WoW client every so often. In the last year, it's been about 1 patch per month on average. And, patches are never secret. Unlike Warden, which can be updated at any time while you play the game, client patches are announced to the public, and everyone is well aware when it happens. So it's no big mystery when to go hunting for new detections in the client, this is something researchers need to do every patch.

Now to address the people asking for details on what was detected. Sorry, but I can't provide that sort of detail at this time. I do not typically reveal that sort of information to the public.

What I can tell you is that today's new release of ISXWarden addresses the problem. I'm well aware that there are people who believe that, and people who don't, and if you're not sure which side of that line you're on, the safest option is always to not use programs that Blizzard will ban your account if they find out. Many people choose not to use those sorts of programs for a while after a patch just in case a situation like this arises.