This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Security Issues for Online Games
Security is always a prime concern for online business where the safety and reliability of network operations is essential for commerce. In addition to issues of IT, financial, and identity security, online game business face a unique set of challenges in which an aimbot can be as detrimental to profits as a stolen credit card.
Moderated by Steven Davis, CEO of IT Global Secure, the Security Issues for Online Games panel included David Lee, VP of Engineering and Infrastructure for K2 Network, Scott Parcel, VP of Engineering and CTO of Cenzic, Varun Nagaraj, CEO of Net Continuum, and Micah Quinn, Senior Engineer at Even Balance. They discussed the various techniques used by hackers to disrupt online games, from web hacks to game cheats.
“Web site hacking is a nightmare for publishers and it happens constantly,” Lee said. Some of the major vulnerabilities that web sites face are from Cross Site Scripting (XSS) and Cross Site Request Forgery (XSRF) in which attackers take advantage of form inputs in web applications to execute malicious code. “Most hacks are web hacks, not network hacks,” Parcell emphasized, and integrating security testing with early development is a prudent defense. Developers must test early and test often, he said.
Nagaraj addressed hardware based Web Application Firewalls that can provide another layer of defense when dealing with web hacks. By filtering the data flowing into a host’s server, application firewalls are able to prevent the execution of harmful commands without the expense and time required to fix source code. They can also improve server speed by load balancing and accelerating encryption algorithms.
Rampant cheating can be a pernicious threat to online games, eroding the user experience until honest players are driven away. Quinn spoke about the history of game cheating and the development of cheat countermeasures. The problem had its origins with the release of Quake when clever hackers designed aim-bots that would automatically move a player’s aiming cursor with computer precision. The practice has since spread to most popular first person shooters, severely hampering genuine players’ enjoyment.
Online role-playing games are subject to a bewildering variety of cheats, from macros that automate repetitive activities to elaborate confidence scams. The practice of gold farming can also severely unbalance the in-game economics of MMOs. To deal with these threats, several third party anti-cheat software packages have been developed to aid game developers such as Valve’s Anti Cheat and Even Balance’s PunkBuster.
Maintaining and Updating MMORPGs
Ideally, MMOs are long-term propositions that require years of ongoing development work. The extended life of these games present new challenges for game developers and in a presentation by Shannon Posniewski, Director of Technology for Cryptic Studios, he examined some of the strategies his company used to insure City of Heroes/City of Villains’ continued viability.
“Development continues indefinitely and the classic game industry “crunch” doesn’t work,” he said. To remain creative, Cryptic’s staff follows regular work hours over a steady cycle of production and beta testing, providing regular updates every three to four months. “That seems to be the sweet spot. It prevents players from getting bored and the game feels more alive,” he said.
Because network operations are costly, Posniewski described how Cryptic worked to simplify and automate as many tasks as possible, such as log file rollover, load balancing, and fault detecting. Thorough data logging was very important to the process and over a terabyte of information on City of Heroes has been captured and archived. He added that a database keeps a record of every event in the game, from player chats to combat actions, all of which can be easily accessed by developers and customer support.
Posniewski also discussed the importance of good customer support to the longevity of an online game. Although support is costly, it can mean the difference between an unhappy player walking away from the game and never coming back, versus one who continues their monthly subscription. The key to success is to minimize the number of customer support “tickets” or instances in which a customer support person has to get involved. By anticipating problems during the design phase, game developers can enable ways for players to drop difficult missions or avoid abusive situations, thereby helping themselves without the aid of customer support. “A lot of the design of our game is to reduce griefing,” he said.