When the author of a simple game tells its users to turn off their system security software in order to run their game, have they gone too far? ...

(See also this thread (http://www.wilderssecurity.com/showthread.php?t=47819)) - link fixed :)

We've been informed by many Gunbound users over the last couple of days who are not happy about the action taken by Softnyx (the company behind Gunbound) asking Process Guard users to uninstall the program before they're allowed to run the game, and indeed it is a very aggressive way to go about things. Let's look at what's happening ...

On the 10th of September, Softnyx made the following public announcement which is still linked to from their main homepage (note that they've never contacted us):

-{ Quote: "Hello, This is the GIS Team.

We have worked hard to provide secure security for our users, and we have done that with many different ways.There is an increasing numbers of users using a hack, and we need your help you to prevent the hack. From now on, anyone with 'Process Guard' installed on your computer will not be able to join Gunbound. Either you installed it, or someone else did, your connection to our server will be prohibited if you have that program installed on your computer.
You must delete the program in order to connect to Gunbound. If you are using 'Process Guard' as a safety feature for your computer, then please choose something else. If you have the program installed on your computer, you will get the following error message.

The game guard initialization error
Either try again after rebooting or closing all the other programs which could cause the collision.

Please take a note of this situation, and hopefully we do not cause you any misunderstandings.

Thank you,
Softnyx Co.,Ltd" }-
... as you can see, they don't even say why Process Guard is banned, leaving the impression that Process Guard is some type of crackers tool, and you don't even need half a brain to work out that it clearly isn't.

So, why would a GAME company ban its users simply for using a SECURITY program when the two programs have nothing to do with each other? Let's put aside their announcement for a moment and just look at the facts ...

GunBound is a game. A game should have nothing to do with interfering with system security which makes their announcement even more surprising, but apparently a lot of crackers target GunBound to try to modify the game to give their user character various advantages, as this (http://www.google.com/search?q=Gunbound+hacks) simple Google search shows (65000+ results). This is nothing new - software cracking is a huge underground 'industry', and it is virtually impossible to prevent a software program from being cracked - given enough time, anything can be cracked, our software included - nobody is exempt from the laws of the 1's and 0's that we work with. So software developers often add various tricks to prevent cracking, such as anti-debug countermeasures, self-modifying code, packed executables, and so on.

So what does any of that have to do with Process Guard? Absolutely nothing, but these are the tricks that GunBound tries to use. Let's continue...

A further brief analysis of GunBound shows that the author of GunBound do not use many of their own protections (and that's fair enough - they're game developers not security experts), but instead are using several 3rd-party protectors, such as a packer made by a hacker called "y0da" and a Korean protection program called nProtect Gameguard (not to be confused with a Symantec/Norton tool of the same name). So that's somewhat ironic, stating to their users "we need your help you to prevent the hack", yet using hackers tools to implement that protection.

However, many Process Guard users run dozens of programs and games without any problems - this is the first time something like this has ever happened, so what is it about Process Guard that has caused the GunBound author to react the way they did, or what is it about GunBound that makes it so different to normal programs?

We're not 100% sure yet, it's still early days and we haven't finished our analysis yet, but for some reason if you run GunBound while Process Guard is installed you'll get an error message about GameGuard failing to initialize, which is probably nProtect failing. Because the GunBound author has no control over nProtect (its not his program), he can't modify it to get it to work with Process Guard, so his only other option is to stop using nProtect, which seemingly they don't want to do. Because one of Process Guard's main security roles is to stop processes from being interfered with, it seems crackers are using Process Guard (free and full editions) to prevent nProtect from guarding over the main GunBound.exe, thus bypassing its protection.

nProtect, y0da's crypter and the various other techniques they use are very trivial to bypass using various other methods, so why bother using them? The protections they've implemented might seem strong to the GunBound author, but in reality they're quite trivial and there are an infinite number of more conventional protection techniques that will actually make GunBound a lot harder to crack, yet without inconveniencing any users by making them turn off system security software just to run a game.

Thus, it would be in everyone's best interests if GunBound implemented a proper protection scheme rather than using hackers tools which do things they have no understanding or control over. Then the GunBound author would have a more secure and crack-resistant program (which is his main aim), and GunBound users would still be able to maintain the security of their system by leaving kernel protection systems such as Process Guard up. Think back to their first statement - "we have worked hard to provide secure security for our users". Turning off security software obviously does not make you more secure, so it's clear they're putting the security of their program before the security of its users, and in this case it seems they've gone too far.

We'd be more than happy to help them with a few real protection tricks if they bother to contact us, but this issue must be addressed first.

Best regards,
Wayne

WELL I WANT PROCESS GUARD And gunbound so something big man

hey i tell you why it was used its because hackers used process guard to hide their hacking processes which would bypass nprotect

ehh .. i cant even use Safety System Monitor with gunbound.. a blank error pops up then gunbound closes.. whats up with that?

-{ Quote: "hey i tell you why it was used its because hackers used process guard to hide their hacking processes which would bypass nprotect" }-

HUH? Please explain!!!!!

You saying ProcessGuard is being used BY hackers to HIDE their actions?

ROFL. That's tooo funny for even comment.

TAS

thanks for all the time explaining this! =P

-{ Quote: "HUH? Please explain!!!!!

You saying ProcessGuard is being used BY hackers to HIDE their actions?

ROFL. That's tooo funny for even comment.

TAS" }-
yes people used it to hide their aimbot (which told u how to aim and do a direct hit in the gunbound shooting game) well they used it and protected the aimbot in process guard. So nprotect wouldnt detect the aimbot. Thats why everyone is going crazy from gunbound how it was patched so they can hide their hack processes and get by nrpotect.

OK, thanks for reply. :)

I've never played, so best to leave Wayne explain further, but it seems impossible to me to use a Security Program to 'hack' back into a game running on a server which is supposed to be protected by nprotect?

IF this is so, that means nprotect is very weak, doesn't it.
I won't comment any further, leave to DCS, if they feel there is a need to.

Thanks, TAS

Well without actually looking at the "aimbot", I would think it would act like a proxy, receiving packets from the game, altering them, then sending them to the real server. Hence the actual gunbound process isn't modified or changed.

There are still many ways to detect such programs (even with Process Guard protecting them), to me it just looks like the authors took the easiest way out. If their current methods of detection are based around looking for signatures in the "aimbot" hacking tools, they are also fighting a losing battle there.

Alternatively what is so hard for the determined hacker to simply route all the packets through another computer, and on that computer the aimbot is installed to change packets, before finally sending them out to the real server? There are ways to stop hacking like these people do, but it involves a lot of knowledge and constant hard work. It doesn't involve taking the easiest way out everytime a problem pops up.

The aiming applications do not change packets. They merely search for offsets, read them, then display a line on the screen for you to use. It reads where your mobile is, the wind, the mobile you chose, and a few other bits and pieces to put a perfect arc on your screen for you.

There are some programs that change the incoming/outgoing packets, but they are not aimbots.

Nothing really important, just thought i'd leave a comment

This is pathetic, they should fix the servers, not the clients. They should stop bullshitting around and learn how to code. I have had process guard for months until now

ok i think this is how the "Aimbot" work i saw a screenshot on it. it actully work like reading the wind n the angle n then u drag the power bar n the line on the screen will move it's normally pink i donno y. but sometimes it will miss cos the user hold the space bar for too long so it's kinda like a programme that helps u aim so they call it as aimbot thats all as easy as that

A program that helps u aim

Thanks for pointing that out Colton. I havn't seen this particular aimbot mentioned.

If this aimbot program they are blocking does indeed modify the gunbound process, then it is even easier for them to detect this. It's just like asking anyone here how easy it is for them to know if someone is in their house if a burglar starts making noise . :)

-{ Quote: "ok i think this is how the "Aimbot" work i saw a screenshot on it. it actully work like reading the wind n the angle n then u drag the power bar n the line on the screen will move it's normally pink i donno y. but sometimes it will miss cos the user hold the space bar for too long so it's kinda like a programme that helps u aim so they call it as aimbot thats all as easy as that

A program that helps u aim" }-


How did u see a screen shot? When u take a screen shot in the game, the line will not show up.


But yeah like the other guy said. We were useing Precess Guard to make the hacks we used work.. Bypassing npro.

Onllydbg is used for AIMbot, so we just select the exe and it worked...Thats why so many people used Process Guard.

But GIS is gay for making us uninstall our program befor we run gunbound.. HOW GAY

Would it be possible for gunbound not to block this program??

-{ Quote: "How did u see a screen shot? When u take a screen shot in the game, the line will not show up.


But yeah like the other guy said. We were useing Precess Guard to make the hacks we used work.. Bypassing npro.

Onllydbg is used for AIMbot, so we just select the exe and it worked...Thats why so many people used Process Guard.

But GIS is gay for making us uninstall our program befor we run gunbound.. HOW GAY" }-


if u r asking how to take a screenshot please press the printscreen button above Insert button n click on paint n press Ctrl+V that should work

-{ Quote: "if u r asking how to take a screenshot please press the printscreen button above Insert button n click on paint n press Ctrl+V that should work" }-

Umm thanks man. No I was stateing that while Protohell shot is running (thats the aim bot program) If U take a screen shot in the game u can not see the line. Its like another program running on top of another? When u take a screen shot your taking a shot of the window u have clicked, and the window u have clicked is Gunbound, not protohell. So u only capture Gunbound's window.

Heh... well... my friend had a good idea, what if Process Guard changed it's process name every hour or so to a random name and everytime you boot up pg it deleted the old reg. keys and makes new ones with random names?

INTERESTING but this would give the wrong signal to these kind of companies using this tactic.

this is quite an interesting read if I may say.

-{ Quote: "Umm thanks man. No I was stateing that while Protohell shot is running (thats the aim bot program) If U take a screen shot in the game u can not see the line. Its like another program running on top of another? When u take a screen shot your taking a shot of the window u have clicked, and the window u have clicked is Gunbound, not protohell. So u only capture Gunbound's window." }-

Shouldn't you keep the hack conversations to the hack forums. Discuss here only DiamondCS' programs. In this case, keep the conversation to the usage or not of ProcessGuard + Gunbound.
Probably no one in DiamondCS has any relation to these hacks nor can give you support.

What Xanatos forgot to tell you people is that HE started the whole nProtect bypassing methods in the first place. He used some modified trojan rootkit to hide the hacks, and because people said his 'hProtect' (that's what it was called) is a trojan, he went spinning to GIS and joined them...As you've figured by now, they have a HACKER working for them...So, GameGuard could be stealing info from your computers and you wouldn't even notice...Thanx, Xan...you ****...

There is always a better hacker then the ones already existing at the moment. Also, this is a 2 sided road : u want to use PG, stop playing GB; u wanna play GB, uninstall PG...

The game itself isn't worthy of this discussion. Uninstall the game, play something else.
The Gunbound team seems to trust the judgement of a kid named Xanatos, as I understood correctly, to classify aplications as dangerous to 'the game' or not. This is both hilarious, and dangerous to the users.

As for you and this kid Xanatos, please keep personal quarells to private conversations.

This topic will be closed if there are ANY personal remarks are made about ANY individuals.

This topic is about Process Guard & Gunbound - Any deviation to this subject line will be edited or deleted.

Thanks for your co-operation Pilli

So the Thing now is Pg or GB either 1 right?

-{ Quote: "gunboundluver wrote: So the Thing now is Pg or GB either 1 right? " }-
Not really, As I see it the Gunbound people should talk to DCS about a proper solution as it is unfair to tell their users to compromise the users computer's security by disabling Process Guard for the sake of a game. :)

Umm, ok ... i agree ... i don't know this guy, just wanted to point out that it's his fault we got here in the first place ... if they want something fixed, they should remove him, not Process Guard ... Anyways, nice job you have done with this program ... going to buy full ver... Sorry for any inconvenience caused by my posts ...

It is useless. PG should just come up with a new version that keeps changing the reg key name but being as stable as before.
the "hackers" are already using programmes by symantect etc...
i will be amused if gunbound bans these few big companies too, as I am sure these companies will not be as hesistant as diamondcs in carrying out actions to counter this(ie new version, or new feature, or talk terms, or lawsuit)
I didnt mean to offend anyone in diamondcs, just a comment in comparing something.

so if gunbound gonna ban every single company that does this, u will find the population of their users dropping to less than 3000 in a month, as parents will certainly not allow their children to uninstall all these to compromise for a game. mature users will not be as dumb as to install the last line of defense(ie norton systemworks) to play a game too.

if hackers are really persistant in a way, they can either spend money and buy norton systemworks, or simple program a new way of bypass.
all gunbound can do is to prevent them for hacking for 1-2 weeks.

gunbound should learn from valve and blizzard on their methods to counter hacks, as we do not even need to install spywares and hacking tools to play those games, nor do we need to uninstall any other programs.

Is gb really that "UNIQUE" so the extent that they give the impression that they are so stupid?

I hope something can be done, so that hacks can be prevented, but at the same time we DONT compromise on security.

gunbound should also consult a better company for anti hacking since they are so incapable to prevent hacking and at the same time without having to ban other "innocent" programs.

I wonder if Pivx (http://www.pivx.com) would take any interest in this? I know they have taken game vendors to task for security issues in the past, and will take it public if they don't respond. Forcing customers to leave their systems wide open to attack is absolutely not acceptable.

I certainly understand gunbound wants to prevent hackers from hacking the game to make it more enjoyable.
but installing spywares and blocking security programs which only kills our computer instead of helping it is absolutely unforgiveable, unless gunbound wants to pay me $4000+ a month to buy me a new computer each month.

Doing this will only kill their cash charge business and reputation. As a whole, I am really disappointed in Softnyx.

On the other hand, is diamondcs able to come up with a new version that will work in hand with gunbound? Ie the register name keeps changing so gunbound can never ban it.

Also if gunbound wants to ban processguard, whats the point?
The hackers will just shift their attention to programs made by microsoft, symantec etc. Does gunbound really intend to ban all of them???

Just from my personal experence on trying to get PG to work with nProtect. It is not a regestry key. nProtect is detecting procguard.exe (i think thats the running name) either by injecting .dll's into every process on the computer or somehow scanning running processes. If a new version is to be made it would have to have a timer set-up that changes its project/processes name every time the computer restarts or PG restarts. It is almost impossable to change its running name while the program is running would cause system problems because of not notifying the .dll's that processguard is changing its name.

Thought i'd put in my 2cents.

-{ Quote: "I certainly understand gunbound wants to prevent hackers from hacking the game to make it more enjoyable.
but installing spywares and blocking security programs which only kills our computer instead of helping it is absolutely unforgiveable, unless gunbound wants to pay me $4000+ a month to buy me a new computer each month.

Doing this will only kill their cash charge business and reputation. As a whole, I am really disappointed in Softnyx.

On the other hand, is diamondcs able to come up with a new version that will work in hand with gunbound? Ie the register name keeps changing so gunbound can never ban it.

Also if gunbound wants to ban processguard, whats the point?
The hackers will just shift their attention to programs made by microsoft, symantec etc. Does gunbound really intend to ban all of them???" }-


Why on earth should ProcessGuard itself mold to fit the Gunbound users' wish? Why on earth should It be changed to overcome an online game protection ? It is NOT PG who is wrong, badly coded, or not doing its job right? The only thing worth fixing is Gunbound's protection.

Like Pilli said - no more personal garbage - last post removed for that reason.

-{ Quote: "Thanks for pointing that out Colton. I havn't seen this particular aimbot mentioned.

If this aimbot program they are blocking does indeed modify the gunbound process, then it is even easier for them to detect this. It's just like asking anyone here how easy it is for them to know if someone is in their house if a burglar starts making noise . :)" }-


If you would like any hurther explanation, ill see what i can do. I'm not sure if drawing the purple line like the aimbot does really modifies the process at all, It may just be "drawn over"

Now there are other applications made for gunbound that do modifiy the process, just simple memory address value writing.

Either way, most of these "cheats" and "hackers" are not doing anything other than client side memory address editing, or merely changing outgoing packets.

The origin of this was probably an old method used to kill the nprotect application. You would inject a dll into explorer.exe, which in turn would render the nprotect application useless. The nprotect application now restarts explorer.exe, which is why many of these cheaters used your application protection.

Not sure if this was usefull at all either, but if you have any questions, im more that willing to help.

Look i've used cheats in gunbound, yeah <snip> got it patched... but there are reasons he did it. Theres a whole story to it people do not know, and it would have even occured if <snip> hadn't released it everywhere (sorry for doing the personal remarks thing) <snip> got blamed for <snip> leaking and he decided to get it patched.

Look Process gaurd is a great program, and i think you guys should work with softnyx, i can vouch for them the lead programmer is a complete <snip>, the guy who did the custom build for nprotect spelled his name wrong...

i would like to use process gaurd beyond how i used it in gunbound and i hope this is resolved. But hey you guys got a lot of customers from it am i right?

-KTJR

feel free to contact me if you have any questions or i can help

aol im- KTJR777
email- <snip>

thanks


edited to remove names, a personal insult, and an email address to protect from harvesting - Detox

If <snip> was working for the Gunbound security, how can you be sure he didn't warned them for the process guard's existence before this new character <snip> had made the information public? Why search for culprids when the question is as simple as : "they now know it".
I played the game for 5 minutes and made me wonder why so many complaint, since this game has nothing of value. For parents, there are other games out there to encourage your kids to play. Don't refuse your protection over a Video Game's demented security manager (or anyone else responsible for the management of nprotect).


removed names - Detox

-{ Quote: "If <snip> was working for the Gunbound security, how can you be sure he didn't warned them for the process guard's existence before this new character <snip> had made the information public? Why search for culprids when the question is as simple as : "they now know it".
I played the game for 5 minutes and made me wonder why so many complaint, since this game has nothing of value. For parents, there are other games out there to encourage your kids to play. Don't refuse your protection over a Video Game's demented security manager (or anyone else responsible for the management of nprotect)." }-

Im confused as to why your so raged by <snip and what he did if you've only played GunBound for 5 minutes. Maybe I'm jsut slow.

Softnyx had a problem with hackers. As a regular player for a year now, I've seen all this hacks used and have even used them in the past. Process guard was a good way of making the injection bypass work, and alot of GunBound users learned this. Simple fix, block it. But all of that has already been said on this thread.

I see no reason why the programers should modify the code of thier software for some kid that wants to use it to help enable a hack for a game. I like games without hacks! (Yes, I know I've said I've used some of the hacks, but just too see if they actualy worked really.)

Even still, hackers have already found away around this patch, there are currently 3 known working bypasses as of this writing, but in 5 hours thier might not be.

Ah, I'm going no where fast here!


removed names - Detox

I digress. Its not just gunbound that is in question here, but a large majority of other games that use nProtect as their protection scheme.

Games like Ragnarok Online, Phantasy Star, Shining Lore are all protected by nProtect and therefore also ban the usage of ProcessGuard. I hope there is a resolution for this soon

i was ummmm checking them out http://gunbound.net/screen/screen_game1.asp whats the recomended age starting for this game lolllllllllllllllllllll


no im seriouse

i think kenedy would dig this game lol

im check out those other games you mention one of them sound cool

I'm getting real tired of removing all these names.

Additionally, a review of Wayne's initial post may be in order for those who desire to argue the politics and stories of this game and the people involved. This is the Process Guard forum - not the Gunbound "this guy is bad but really this guy was at fault" forum. Wayne's intent was put forth in his initial post and it would be nice to try and stay at least somewhere near topic.

well looking at the games and looking at process guard to me it strange.

but i do think its not really a big deal in less you make it one

this should had been kept in house it has nothing to do with dcs at all

its not the security company job to cater to a video game company this was done after process guard came out

if you play these games complane to the companys not to dcs

and thats the bottom line

so after reviewing the games and looking at the facts this is there problem nothing to do with dcs

but if you insist just go dowenload the 5 patchs out already to bypass this so you can go useing lame aim bots lol dont bug a security company

We'll close this thread now as everyone has had plenty of time to have their say on the matter.

Thanks everyone for understanding that this is a Gunbound issue and really has nothing to do with Process Guard. Gunbound users should direct any further their concerns/questions towards the Gunbound author, not us, as we have no control over Gunbound.

Thanks,
Wayne