Battlefield2 Demo, Punkbuster ,PG replacement, eeprom rootkits and Linux live-cds (!)

Discussion in 'ProcessGuard' started by lupus, Jun 13, 2005.

Thread Status:
Not open for further replies.
  1. lupus

    lupus Registered Member

    Apr 4, 2005
    I am a paid user of PG 3.0, i came to understand that the only way to play on Punkbuster servers with the BF2DEMO was to uninstall PG. This has made me angry beyond words especially since you cannot at least play under a limited account. So i uninstalled PG on my gaming machine (still installed on my laptop along with ZA and KAV).
    Now the thing is that it is not a matter of life and death since all sensitive stuff such as banking is done with a Linux Knoppix live-cd anyway. I do miss the warm fuzzy feeling to know that no rogue drivers could be installed behind my back though :oops:
    My curent setup is a NAT router, ZA free, Firefox. I do use p2p, never for .exes though, and i scan every .exe i download with Jotti prior to running.
    My question, maybe tinfoil hat batshit crazy, maybe not since i heard it was discussed over at, is:

    -Could it be possible to be infected under Windows by a a rootkit that would lodge itself on the eeprom of my motherboard or video card and could record my keystrokes under Knoppix?
    I assume not but i would like to hear about this from people more in the know.

    -Is there anyway to keep on using PG and trick Punkbuster into thinking PG is gone, maybe changing filenames and reg keys, has anyone been successful in doing this?

    -What could be a replacement for PG that would work with Punkbuster?
    I was considering Abtrusion Detector, would it work with PB or is it also banned?

    -Could i just go on with ZA and being very cautious?

    ps:not really sure if it is the right forum, sorry if it is not...
  2. Paranoid2000

    Paranoid2000 Registered Member

    May 2, 2004
    North West, United Kingdom
    You could try checking out System Safety Monitor as an alternative to Process Guard (do a forum search here for it, there are plenty of threads discussing it). However given PunkBuster's attitude, they'd block this also if they knew about it.

    As for BIOS-infecting rootkits, while theoretically possible, the rootkit would have to be customised for each BIOS type (e.g. AMI, Award, etc) or video card magnifying the difficulties several-fold and reducing the number of possible victims. There are currently far easier (and more profitable) routes for malware authors to follow with conventional rootkits and it will only be when the majority of users use software like PG to protect themselves that serious effort is likely to be spent on BIOS cracks.

    Wiping a BIOS (leaving the computer unbootable and unusable) is far easier though, and that was what the CIH virus attempted.
Thread Status:
Not open for further replies.