1. Discord Support team Facebook l2central.info

frost security

Discussion in 'Archive 2.0' started by jul4ka, Mar 11, 2012.

Thread Status:
Not open for further replies.
  1. jul4ka

    jul4ka User

    Joined:
    02.01.12
    Messages:
    15
    Likes Received:
    0
    why it requires administrative access?

    how i can be sure it doesn't copy my personal data?

    if i have important documents on my pc, do you guarantee that those documents are not being checked by frost?

    which folders frost security scans?
     
  2. Gilby

    Gilby User

    Joined:
    04.01.12
    Messages:
    888
    Likes Received:
    0
    frost scans your whole pc running processes im not sure about registry what "important documents do u have" cure from aids alien ship drawings? :d
     
  3. jul4ka

    jul4ka User

    Joined:
    02.01.12
    Messages:
    15
    Likes Received:
    0
    that is none of your business what documents i have.....i want those questions to be answer by a moderator, who can confirm everything....
     
  4. Gilby

    Gilby User

    Joined:
    04.01.12
    Messages:
    888
    Likes Received:
    0
    and i want to win million dollar :d
     
  5. zzZzz

    zzZzz User

    Joined:
    16.01.12
    Messages:
    747
    Likes Received:
    69
    go to support.4game.com and ask this question. innova team can help u better than normal forum users.
     
  6. Treys

    Treys User

    Joined:
    07.12.11
    Messages:
    174
    Likes Received:
    0
    register from pc
     
  7. Limaro

    Limaro User

    Joined:
    04.02.10
    Messages:
    347
    Likes Received:
    32
    moderators will not help you. ask gms at support. the link given above.
     
  8. LoKii

    LoKii User

    Joined:
    14.02.12
    Messages:
    15
    Likes Received:
    0
    as i keep saying to jul4ka, this issue is more complicated in terms of privacy and computer security as most of you people think it might be. whilst i agree that some sort of cheating/botting control has to exist, i just disagree the way innova (or frost in that matter) goes about it. i can come up with many reasons as to why this method is a very bad idea. however mentioning these reasons here publicly might be a reason for innova to censor/ban/delete any discussion related to such technical/ethical details.

    the only way to find out the truth would not be to ask anyone, but to get access to the source code of frost, to see what it really does. and that..... will never happen.

    since 99% of the users don't really care about this, as long as they can just play play play, this issue is buried behind these player's ignorance/lack of knowledge/interest when it comes to computer privacy/ethics/security etc.....

    in my case, i have my game on a small separate dedicated partition only for lineage. (well, a bit more complicated than just that, but i will not go in to technical details about it). let frost do whatever it wants, since it can not read any other partitions that i have. but for jul4ka and other users who do not have such a setup, i still think frost is evil and should be considered as malicious code, and should be treated as such.

    while some of you will now join the trolling side and disagree.... be warned that your opinions mean nothing, the only truth is inside the source code!!!!

    on a side note for innova, i do not wish to offend innova/frost about this issue, as the idea is surely not meant to do any harm. i agree about having to control some aspects of what can enter the game. i just totally disagree on your approach, as it opens serious security concerns.
     
  9. Gilby

    Gilby User

    Joined:
    04.01.12
    Messages:
    888
    Likes Received:
    0
    frost scans your pc for possible 3rd software and has no intentions to steal your private data but if u are such paranoic people maybe u should play in other server.
     
  10. LoKii

    LoKii User

    Joined:
    14.02.12
    Messages:
    15
    Likes Received:
    0
    you miss my point, but that might be that i did not go in to technical details.

    it has nothing to do with 'intentions to steal private data' at all. so leave that option out of your reasons.


    as i mentioned above, i do not think that innova has any bad/negative reasons for this. its the approach they have chosen that is bad, and that 'could' lead to bad surprises.
     
    Last edited by a moderator: Mar 13, 2012
  11. DavidinoX

    DavidinoX User

    Joined:
    27.12.11
    Messages:
    14
    Likes Received:
    0
    privacy is dead, welcome to 2012
     
  12. LoKii

    LoKii User

    Joined:
    14.02.12
    Messages:
    15
    Likes Received:
    0
    yes in theory, no in practice :p

    privacy is still very much possible, as is security. but this takes away a lot of comfort. in addition to this, real privacy and security is slowly becoming illegal. many attempts have been made in the past to 'ban', or 'illegalize' methods of maintaining privacy. it all depends on each person's laziness/interest of doing so.
     
  13. EloKa

    EloKa User

    Joined:
    12.12.11
    Messages:
    42
    Likes Received:
    0
    no.

    you act like a hypocrite without the needed knowledge about how software works.

    no.

    geeez ... the matrix is attacking us, eh?
     
  14. LoKii

    LoKii User

    Joined:
    14.02.12
    Messages:
    15
    Likes Received:
    0

    your replies just really prove my point. go troll and just click 'next next next i agree' on everything you install. :d
     
  15. EloKa

    EloKa User

    Joined:
    12.12.11
    Messages:
    42
    Likes Received:
    0
    your post is just full of mistakes.
    taking another avatar and using some linux-alike location info doesnt make you an it professional or anything like that. (also i'd advice lvm instead of /, but you surely now about that isssue ... i guess.)

    a: you can scan all data access actions by any program, be it unter windows, linux, unix or macos (well, i mentioned unix already but who cares).
    if you need any proofs: just take a look at the ea origin discussion.

    b: your statement that you need the source code to see frost's action is simply wrong.
    therefore "lack of knowledge" does also apply on you, causing you to act like a hypocrite (also often refered to "apple-fanboooi", but not in this case).

    c: if a program is in charge of scanning files: it doesnt matter what kind of partition you use or even what kind of filesystem.
    ntsf vs fat? reiserfs vs ext2/3/4? who cares. files are there anyway and the software uses its rights to scan whatever it likes to.
    the kind of internal/external partition, what os, what fs doesnt really matter. if it got the rights and is in charge of scanning: it simply will scan. maybe it wont be able to "understand" the files, but it will read them anyway.
    or do you really think that programmers are too stupid and are not able to access other os filesystems?<ironie style="hipster:100%;"> zomg adding a package like 3g-ntfs to read windows files must be really pr0, surely no coder will be able to do so. </ironie>

    d: from my point of view: your opinion isn't worth much either, because apparently you lack knowledge and only think from your very personal and subjective point of view, forgetting that there are also other sides.
    go and watch more kony 2012 stuff. click on like, feel good and keep acting like an it guy to your friends. but honestly: please stop it here.
     
    Last edited by a moderator: Mar 14, 2012
  16. LoKii

    LoKii User

    Joined:
    14.02.12
    Messages:
    15
    Likes Received:
    0
    it's sad that you don't even try to understand my point from a more 'global' point of view, and the way you assume anything about me by judging my forum avatar?

    for the record: i'm a security system administrator. i'm not here to brag about this or that... but if you had any idea what i meant in my initial post, or had a more global understanding about the risks of trusting software that has such an impact on the system, you would be more cautious about your choice of words. also you mention stuff that is just not true about some of your technical statements.

    however im not going to sit and 'dissect' your post, just to flame at it. your opinions are noted, but if i or anyone else agrees is up to each individual. i also will not go into details on why/how i think that frost is a bad approach, since this technical aspect does not belong into this part of the forum for discussion.

    all i wanted was to make aware to some people, to not just trust any software, especially software that has the capabilities of scanning your system or any application for that matter that requires admin/root access in order to function. it is not a matter of innova itself being able to scan... its a matter of having an application that has the power to do so, and the past has shown us how easily software with these capabilities can be abused causing harm as a result.

    ah, and just one more thing... about you mentioning if a program were in charge of scanning, that it would not matter what kind of partition i use, it would still scan. i can think multiple ways of preventing just that, cause no program is above the os itself, or the environment it operates under.

    this conversation is not about my knowledge, or your knowledge. its about 'ethics/privacy' and the latter being security (although theh first 2 points both fall under the category 'security' as a whole).

    if you wish, you are free to continue this discussion with me via pms, or any other method you choose (skype/ts/irc/emails) since a more technical discussion is not appropriate here or now.

    but stop with your hostility, since that will not get you anywhere with me. you just come here and insult me without knowing **** about me, just because you have a different opinion or you choose to think differently.
     
    Last edited by a moderator: Mar 14, 2012
  17. EloKa

    EloKa User

    Joined:
    12.12.11
    Messages:
    42
    Likes Received:
    0
    if you are sysadm you should be aware that there is no ethic as soon as you go online or join any other network. there should be a sign "on your own risk" for every connection.
    this is not because of some epic war like white hats vs black hats, the ethic stops because the average pc user is dumb and has no clue what he's doing.
    you cannot discuss anything related to ethic as long as 99% do not understand what's going on, and lets be honest: will never understand whats happening.

    i do personally just find it annoying if someone blames other people for acting dumb, even tho its not their fault because they will never understand whats going on.
    some years ago game demos and shareware did trace data and send it to companies.
    few years ago underground webpages started to steal data and install viruses.
    some time ago social networks started to trace data and sell it to companies.
    now small but free 3rd party applications track data and send it to companies.
    if you dont pay for a service: you are the product.

    lean back and get some popcorn like everyone else. things cannot be changed and won't be changed.

    you won't convience anyone, even 1 million people won't change anything. some kind of real example? people buy apple products and think that they bought high-end stuff.
    i can think of multiple programs that are above the os itself or the environment it operates under:
    mbr rewrites, bootlegs, rootkits, remote bios flash (rare, but may appear more often soon), flybydownloads that attack activex (gg ie), even scareware "kinda" overtakes the os even tho it usually only rewrites the shell reg-entry
     
  18. LoKii

    LoKii User

    Joined:
    14.02.12
    Messages:
    15
    Likes Received:
    0
    well, seems things have taken a turn here. i didn't want to go into dissecting your replies, but on a positive side of things i will:

    i totally agree, its hard to not possible to discuss things like this since the majority don't know/care/understand the back-workings of such issues. believe me, i truly am aware of the lack of ethics when on a network that is not under my control.

    i don't blame anyone for acting dumb, since the 'dumb' in our discussion here has a different meaning as 'not educated properly in this field', but users can not be blamed for this, and there are many other forces out there that would like to keep things this way.

    yes, exactly and this just proves my point in my first initial post. you just listed some examples of the details that i did not want to go in to, for the sake of 'too far off-topic' for this forum/thread. although some times more information does help to open some people's eyes, i don't think the crowd here truly cares/appreciates it, hence; nothing will change.

    never intended to convince anyone, since like you say, nothing will really change. and yes, your example made me smirk since its true and thinking of other people who believe otherwise makes me smirk even harder when they bring their 'gadgets' to work to show off. :d

    a lack of miss-communication here? the issue at hand is frost. and i doubt that frost operates at such levels as your examples. while what you say is true for other scenarios, frost is 'probably' not one of them (as in what it can do, unless we are talking about a variant of magic lantern/cipav implemented alongside). back to the 99% of average users who don't have their systems setup in secure ways frost is pretty much free to act like it was indented to, but thats about it. (although my paranoia in security can again imagine more scenarios, but that would then depend on who frost really is and who they share their results with).

    while what you say here is true on a much larger scale (offshore hardware assembly and production!!/hijacked update services/dns poisoning/bios attacks/advanced rootkits), i don't think that it has to do with the op's initial post and i doubt (as a sign of good will although it means nothing) that frost is one of them. i would love to continue your thoughts on those higher examples elsewhere for the sake of interest, but here let us stay with the frost issue.

    some of my concerns about frost is that it opens a can of worms, for example:

    • how secure is frost itself? can anyone else abuse it other than innova to get information?
    • no one knows what it does exactly except innova (hence; only the source code would reveal the truth but this will never happen), or do you just believe their website with that nice little animated video clip of how it works? (im not saying its not true, but i am saying that it takes more than that to convince me.)
    • since frost is required, why does innova still need to give rewards for reported bots? why isn't frost taking care of all that?
    • in my opinion frost's existence has less to do with bots, and more to make sure that people can not find ways around boxing (pa is more important than user's privacy here, since like you stated earlier:
      making it a business addition to the game, and we all know that business orientated applications focus more on protecting the methods of farming rather than anything to do with security/privacy for the end user. and this is one of the main reasons that so much malicious code is out there. (malicious is not just black hat ****, but also govs/business/vulnerable code.)

    i am pretty sure that you now better understand my issues with frost due to my above mentioned examples. it is all much simpler than some of the scenarios you have listed earlier. a programmer just wants his program to work and he must write them based on a description given to him by a business man who doesnt know/care about implementing his wishes in to proper code. a programmer doesn't care about security unless the application is based on security from scratch. a programmer has a deadline for his end results, meaning that time and money is short, resulting in a larger possibility of bugs/holes. (microsoft windows anyone?)

    //offtopic: does your nickname actually have anything to do with it's meaning? or just because it has to do with your field of knowledge about computing?
    //offtopic2: @ innova: no disprespect intented here towards innova/frost in general with this conversation. it's just that the subject does ring some alarm bells for people that think similar to the way i do.
    //offtopic3: damn, i havent had this much fun in a conversation since jp sold ao to quinstreet inc. i really miss such discussions :cool:
     
    Last edited by a moderator: Mar 15, 2012
  19. Radix

    Radix User

    Joined:
    10.02.10
    Messages:
    528
    Likes Received:
    14
    hi, jul4ka.
    i can answer any your question, if you want to talk with me about frost security systems

    1)
    l2 game client requires it too, so through launching process we should to save this option for the game:
    frost launchers and 4game apps can to work with impersonation options, but the game can't =(

    after all frost requires adm rights too while installing ring-0 driver (on x32) for kernel-activity monitoring and gaurding game process from standard attack verctors.
    on x64 we are using frostprotector injection to every accessible usermode process for the same task (but not from kernel because of some microsoft patchguard options).

    but driver's and frostprotector's filters are safe for you and your private data. they are not scaning your pc / registry and folders, they are only guarding the game process (aka l2.exe) from attack from others tools and programs (memory manipulation or windows manipulation). if you want to know how it work's better - let me know about it in skype.

    2)
    for frost tasks folders and system registry scan is not required, so... it's very simple in fact - only game process deep scan (components in l2.exe only!) and system-wide monitoring for accessing to game's windows & memory from other processes.
    if you want to know better about frost components and their tasks - let me know about it in skype.
     
    Last edited by a moderator: Mar 15, 2012
  20. DeepBlue

    DeepBlue User

    Joined:
    30.11.11
    Messages:
    7,766
    Likes Received:
    431
    closing thread as questions answered by radix.

    @jul4ka - if you need to discuss this more then please contact radix via skype and he will be happy to assist you further.

    @lokii - i understand you are enjoying this discussion, could i suggest to you to open a thread in the off topic section and i can move any posts from this discussion to that thread for you and there you can continue to have open discussions like these :)

    regards.

    thread moved to archives.
     
    Last edited by a moderator: Apr 1, 2012
Thread Status:
Not open for further replies.