...or why we shouldn't rely on security by obscurity.

The recent events sparked a controversy on whether to use PunkBuster or not. While some say we should keep using PunkBuster because it's better than using nothing or because there are no alternatives, others argue to get rid of Punkbuster due to its "track record" (read as: nuisance). In the moment I'm writing this column round about 61% would like to ditch Punkbuster.
This column is somewhat of a follow-up to Cash's column and unlike Tosspot I'm trying to argue against PunkBuster.

It's not a bug, it's a feature!

Some people seem to think that nC exploited a bug in PunkBuster. Let's get this right: this is by no means a bug. They're exploiting PunkBuster's flawed method of detecting cheats. While you're playing, PunkBuster is crawling through your PCs memory trying to find blacklisted strings. (Sounds a lot like an antivirus protection, however an antivirus does it different/ does more.)
Evenbalance relies a lot on the fact that hardly anyone knows how cheats were busted. This is called security by obscurity (or security through obscurity).
QuoteSecurity through obscurity is a controversial principle in security engineering, which attempts to use secrecy (of design, implementation, etc.) to provide security. A system relying on security through obscurity may have theoretical or actual security vulnerabilities, but its owners or designers believe that the flaws are not known, and that attackers are unlikely to find them.

What does this imply?
(i) All a cheat coder needs to do, in order make his cheat undetected again, is search for the affected string in his code, change one char and possibly any reference to this string and (re-)compile the cheat. THAT'S IT! He got a working, undetected cheat again with hardly any effort.
(ii) False positives: like we see now anyone can get banned just for having a blacklisted string in his memory.

Think of these poor Evenbalance employees: after searching for cheats all day long, searching for strings to ban by and after they finally released a PunkBuster update after some days/weeks/months, the cheat is undetected again within a matter of minutes and all that's left are a lot of false positives, because some kid on the internet thinks it's fun to spam these blacklisted strings. Ouch. Sounds a lot like a Sisyphean task to me.

But what can Evenbalance do about this?
(iii) They could always pretend like nothing happened, but I doubt their customers would appreciate such a behaviour.
(iv) Remove these strings from the database or respectively replace them with new strings, rendering all work already done void.
(v) Change their method and start analyzing cheats (again), in order to ban the methods used to make cheating possible.
It doesn't take a genius to notice (v) is the only way to go since it is the most effective, however it's the most time consuming either. While Evenbalance's method is best compared to trying to find the needle in the haystack. For now Evenbalance went for (iv).
Correct me if I'm wrong, but I think (v) is basically what ETpro's IAC did back then when it was introduced. ETpro's IAC wasn't perfect either*, but seemingly it managed to get the game clean for a month. And I think, that's something PunkBuster will never manage to do.

*some programs, like Xfire or that Teamspeak overlay tool, caused false positives due to the way they interfered with the game.


Let me reiterate my reply to Tosspot's column.
In engineering, and of course in other disciplines as well, efficiency is crucial. One always tries to make a system as efficient as possible... at least within the ressources (blame economists ;).
Efficiency is the comparison of the power you put into a system and the power you get out of the system. It's the USE you have compared to the EFFORT you put into.
Efficiency is always compared against an optimal and usually purely theoretical system. In thermodynamics the most basic and optimum cycle is the Carnot cycle. It is pure theory and not usable in the real world. (You could try to at least get close, but the effort in terms of ressources would be too huge. There are always trade offs.) For different applications different cycles are used for comparison. E.g.: the Otto cycle for gasoline engines or the Rankine cycle (Clausius-Rankine in German literature) for steam power plants. Both mark the optimum, something one would like to achieve.

As written in the reply to Tosspot's column, I don't think the currently used method is really efficient. Two reasons why:
(vi) As pointed out in (i) there's not too much use in banning based on strings, while the effort is rather huge.
(vii) This puts a lot of stress on the PC, as some of you might have noticed *wink* (fps drops, lag, etc.). Therefore it isn't viable in an environment where performance is valued very high.

The optimum would obviously be the perfect anti-cheat program. An anti-cheat which gives us a cheat free environment. But just like the Carnot cycle this is theory. There will always be a new method to bypass the anti-cheat program. So don't waste your time waiting for perfect protection, leave that to the music industry.


Apparently the main reason why nC acted is the fact that Punkbuster, while doing its job, crawls through all your data. That includes private data.
Let's take a look at Punkbuster's End-User-License-Agreement (EULA):
Quote[...] Licensee further acknowledges and accepts that PunkBuster software may be considered invasive. Licensee understands that PunkBuster software inspects and reports information about the computer on which it is installed to other connected computers and Licensee agrees to allow PunkBuster software to inspect and report such information about the computer on which Licensee installs PunkBuster software. Licensee understands and agrees that the information that may be inspected and reported by PunkBuster software includes, but is not limited to, devices and any files residing on the hard-drive and in the memory of the computer on which PunkBuster software is installed. (...) Licensee agrees that any harm or lack of privacy resulting from the installation and use of PunkBuster software is not as valuable to Licensee as the potential ability to play interactive online games with the benefits afforded by using PunkBuster software. [...]

They can "inspect" any file on your PC and report "information" to other connected computers. Sounds a lot like spyware with the only difference being: they tell you before installation. They even acknowledge that it "may be considered invasive".
Quote by OALD about invasionan act or a process that affects sb/sth in a way that is not welcome

But what is the benefit they are talking about for us? /shrug

But it's free!

Yes, it is free for us to use. But that doesn't mean we are not in a position to criticize them. If we were not allowed to criticize any free product, we wouldnt be paying money for any product, instead they would find another way to charge us.

We are Evenbalance's customer, they even force us to accept their EULA. They make business because of us, they need us. So yes, we are in a position to demand.
Wasn't the only reason PunkBuster was introduced in Call of Duty 2 that the gamers wanted it? Would they have demanded it, if they knew it wasn't any good? If the gamers don't want to use PunkBuster anymore, if they stop using it and publishers/developers stop using it, eventually replacing it with something better, Evenbalance's business will be hurt. So yes, they need to listen to us.


We should stop using PunkBuster. In it's current state it is useless, meaning we could as well use no protection and have the benefit of a better performance. When PunkBuster, or any other anti-cheat for that matter, becomes usable again, we can still reconsider using it.
I'm not trying to say that we shouldn't use an anti-cheat because there will never be an optimal, efficient one, but using one (PunkBuster) that is so flawed isn't really an option either.