Diablo 3

Regarding the security warning on the arstechnica article regarding Diablo 1 on GOG how concerned should we be?

diablo11 - Regarding the security warning on the arstechnica article regarding Diablo 1 on GOG how concerned should we be?
Loading...

there's a big security concern mentioned in this article that i'd like some clarification to if anyone doens't mind. I'm not smart on things like these so now i'm scared. here's the excerpt:

Punch a big hole in your firewall?

As for the security of playing this version of Diablo online via Battle.net, let me hand the proverbial mic to my Ars Technica colleague and Windows expert Peter Bright, who wrote the following portion:

 

The late '90s were a time before ubiquitous high-speed Internet connectivity, a time when online multiplayer gaming was still something of a novelty. While the Morris worm in 1988 had shown the problems that can arise when insecure code is exposed to hostile networks, it wouldn't be until the early 2000s that the lessons would truly start to be heeded by software developers.

There is no doubt in my mind that the Diablo network code contains bugs, and I would be absolutely astonished if it were free of remotely exploitable bugs. For single player, this is no big deal, because the game is fortunately so old that it doesn't even know how to request a firewall open some ports and allow inbound network traffic. But if you want to use the Battle.net multiplayer mode, you'll have no option but to punch a big hole in your firewall and forward traffic to the game and its inevitably insecure network code.

Загрузка...

For modern applications, we have a number of protective systems to make it harder to exploit flawed code. We have different user privileges, so we can run applications as unprivileged user accounts that cannot make extensive modifications to our systems. We have Data Execution Prevention/No Execute/eXecute Disable (DEP/NX/XD; different names for the same thing) that prevents direct execution of malicious code injected by an attacker, and we have Address Space Layout Randomization (ASLR) and Control Flow Guard (CF Guard) to make it harder to trick an application into disabling DEP.

Diablo 1 predates all these measures and is incompatible with them. The application will attempt to elevate itself to have Administrator privileges each time it is run, thereby giving it full access to your system. It does not support DEP or ASLR, and if DEP is forcibly enabled, the game crashes on startup. Nor has it been recompiled to use CF Guard.

As such, running this game and opening up your network to it is going to make it extraordinarily easy to hack your computer. We have built numerous safeguards over the last 15 years to try to reduce the risks of exploitable network code, and this game removes all of them. I would not run it on any system I cared about, and I think it's grossly irresponsible to release it in this condition.

any opinions on this is greatly appreciated. <3

Source: Original link


Loading...
© Post "Regarding the security warning on the arstechnica article regarding Diablo 1 on GOG how concerned should we be?" for game Diablo 3.


Top 10 Most Anticipated Video Games of 2020

2020 will have something to satisfy classic and modern gamers alike. To be eligible for the list, the game must be confirmed for 2020, or there should be good reason to expect its release in that year. Therefore, upcoming games with a mere announcement and no discernible release date will not be included.

Top 15 NEW Games of 2020 [FIRST HALF]

2020 has a ton to look forward to...in the video gaming world. Here are fifteen games we're looking forward to in the first half of 2020.

You Might Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *