Jump to content
Sign in to follow this  
$able

Explanation: Why does BattlEye need administrator privileges now?

Recommended Posts

The problem ist: Since the game allows scripting, a malicious script exploiting the game engine could not only kill the user's profile but the whole windows installation.

ehh?? kindly share the secret with bis. or would you kindly provide some examples? sqs/sqf could kill your win install?

how you gonna do that? spam your clippboard with funny char hoping its does something? did you figure out a bug/security issue with the windows clippboard ? since this is the only way arma can "" talk "" to windows by using arma's scripting language.

As an IT professional I have to say: You're doing it wrong!

sorry imo you dont sound like a IT professional.

on the other side $able is a professional programmer and i do belive hes on the right track.

Edited by nuxil

Share this post


Link to post
Share on other sites
Umm why the heck didn't you do it "THE RIGHT WAY" then?
Anyway, as I wrote in another thread, you can be sure that I am definitely looking into other solutions as well.

Regarding PB, installing a service that runs all the time isn't exactly "the right way" to me.

Edited by $able

Share this post


Link to post
Share on other sites

So all I have to do to fix this BattleEye privlages error when joining a game is tick the run as admin box in the properties > compatibility tab for my OA desktop shortcut?

Share this post


Link to post
Share on other sites
Umm why the heck didn't you do it "THE RIGHT WAY" then?

You claim the "Right way" is a extra service bloating your OS and I ask...says who... Almighty God!?

The problem ist: Since the game allows scripting, a malicious script exploiting the game engine could not only kill the user's profile but the whole windows installation.

(Ever heard of some nice Quake2-mod-viruses?)

Obvoiusly you have no experience with the scripting capabilities in A2.

Also: Running the game under administrator-account makes it using the wrong userprofile, etc.

You can use the "-profile" switch to overcome this.

As an IT professional I have to say: You're doing it wrong!

No offence mate but based on your post above I can say that I would never recommend (nor hire you) no matter what title you say you have.

/KC

Share this post


Link to post
Share on other sites

What is wrong with you guys? You have no idea who he is, but you are damn sure to 'never recommend no matter what'?

Of course current way is a bad way, Microsoft is constantly trying to get out of his do-everything-as-admin hell he introduced with early windows. Just look at linux, running anything close to game under root is security breach just from principle.

As about scripting capabilities.. yeah, it is not supposed to ruin your win install, but I'm damn sure some smart people are quite capable finding Arma2 weak spots and exploit them.

I understand $able is looking for different solution and appreciate it. As I get it, requiring admin right is temporary fix. I bet even BIS do not like this requirement.

Share this post


Link to post
Share on other sites
What is wrong with you guys? You have no idea who he is, but you are damn sure to 'never recommend no matter what'?

Nothing wrong here and I apologise if I bruised his (or any one elses) ego but coming here screaming "I'm IT professional" yadayada and that a service is the only/right way to do things is IMHO wrong way to get your message across.

I'm sure both $able and BIS knows what they are doing and don't need input like that! More often than not there are many different ways to solve the same problem and since we are not the dev's, none of us really have all the details.

So who am I you may ask!? I am nobody and do not sign my posts with profession this or that. I'm just like everyone else here - a regular A2 player that voices my personal opinion on things and try to report bugs/issues as I go. In this particular case I prefer not to have BE running as a service bloating my OS while not playing and never had a problem running A1/A2 with admin rights.

Again, my apologies to RipperFox if he felt offended in any way but I'm sure he is man enough to handle it anyway ;)

/KC

Edited by KeyCat

Share this post


Link to post
Share on other sites

Well, this seems to be our conflicting point.

You don't want any new windows service "bloating" your system (still there are services which starts only when requested, so they are not running all the time. I'm not 100% sure however when they stops).

I don't want ArmA2 to mess with my system running as Administrator.

But don't forget we both want the same thing, to get rid or at least discourage cheaters. So basically we are on the same side. No need to fight each other. ;)

But I expressed my opinion many times already and I have nothing more constructive to provide, so let's not "bloat" this thread even more.

Share this post


Link to post
Share on other sites
ehh?? kindly share the secret with bis. or would you kindly provide some examples?

Um.. ever heard of malformed JPEGs, Bitmaps and such which targeted a flaw in Windows GDI imaging routines to run malicious code?

Didn't you get that neat little LNK-dilemma, where a little icon could f*ck your Box without even clicking it? I'm quite sure you would have said "they are just links with icons - how should they do damage?"

Do you guarantee that there are no buffer-overflows, etc in Arma?

You seem to be a professional - heck.. The Unix, Windows and all other IT guys must be terrible wrong with the user-separation model that exists in all modern OS..

And memory-protection, et. all - totaly useless, right?

Running an App as Administrator is NOT the right way..

Regards,

Ripper

Share this post


Link to post
Share on other sites

The problem ist: Since the game allows scripting, a malicious script exploiting the game engine could not only kill the user's profile but the whole windows installation.

(Ever heard of some nice Quake2-mod-viruses?)

again.. share the seacret with bis or provide an example..

afik. jpeg/jpg or other picure format has nothing to do with the scripting in arma.

yes you can show a jpg picure in arma. but whats the chance a mission maker would put a virus in it. for god sake.. you could even get a virus from loading your favorite newspaper site in your browser.

also dont you run an antivirus? the way jpeg/jpg are infected are well know to antivirus developers/programs. so infected jpg's im worring about this much --> 0

Share this post


Link to post
Share on other sites

Um.. can you please put 1 and 1 together yourself?

http://forums.bistudio.com/showpost.php?p=1711748&postcount=37

Running an app, which heavily processes user input unnecessarily as Administrator (hey.. why not TrustedInstaller or SYSTEM) is simply wrong.

And: If there was an example to exploit anying, the forums would be the last way to share that with bis, right?

Also, you seem to be unaware how antivirus programs work :)

Have fun anyway..

Share this post


Link to post
Share on other sites

ok this is starting to anoy me..

you faild to show me examples on how you can screw up your windows installation by using the arma scriping language. i asked 2 times.

you obviously lack knowlage on how sqf and arma moding works

1st of all.. that cheat you refer to is just an addon and is easly stopped by more than one way.

2nd of all it needs an extra program to work if you want to play with the "addon" on a server that checks signatures.

the most ""nasty"" command you ever could do with arma would be to do a Shutdown or Ban a player.

so i fail to see how you can screw up your windows installation..

maybe you can do a buffer overflow on the winclipboard cache??

this is also starting to get oftopic to why BE should be run as Administrator..

i would rather have arma & be run with admin rights so it has to premission to check if any unwanted code is present.

Edited by nuxil

Share this post


Link to post
Share on other sites

Ok, seems you're right: Looks like the scripting functions can not harm an installation when they work as intended.

Doesn't solve the problem what happens when something doesn't work as exprected, right?

Maybe BattleEye devs should look at the competition on how it's done without admin rights for the full app?

Share this post


Link to post
Share on other sites
Ok, seems you're right:

Maybe BattleEye devs should look at the competition on how it's done without admin rights for the full app?

competition?

where?how?who?

Edited by SWAT_BigBear
typo

Share this post


Link to post
Share on other sites

By "competition" I ment "other multiplayer games with cheat protection"..

I guess the only real way to fight cheats is a fast patch cycle. It has to be so that that offsets change frequently, patterns don't match to easy and multiple guard variables trap a cheater after some time. Guess why Valve's VAC doesn't kickban cheaters immediately - they have to think they're safe, just to be banned some time later.

Ahh.. I forgot the whole Player-ID/BE-ID system seems breakable also (from what I hear from "the other side")..

Maybe $able could at least bring in some method to check if a debugger is attached and make BE behave different if this is the case.

Arma (2, OA, etc) could be one of the most outstanding multiplayer games - But I guess BI's focus lies somewhere else.. (I guess there no cheaters on VBS :)

Regards,

Ripper

Share this post


Link to post
Share on other sites
By "competition" I ment "other multiplayer games with cheat protection"..

As I already said, I am looking into other solutions. PunkBuster's solution isn't optimal though.

Guess why Valve's VAC doesn't kickban cheaters immediately - they have to think they're safe, just to be banned some time later.

This is why I don't like this solution. What's the point of anti-cheat software if it doesn't prevent identified cheaters from ruining the game? Besides, VAC is hardly updated.

BE-ID system seems breakable also (from what I hear from "the other side")..

Not true. There hasn't been a single proof by "the other side" anyway.

Share this post


Link to post
Share on other sites

As an IT professional I have to say: You're doing it wrong!

Just take a look at the competitors about how it's done better..

Dear $able,

i have doubt about security concerns with this new setting. I would suggest to reconsider this decision and search for alternatives. If possible, i would prefer to run only the battlEye Client as Administrator (not sure how PunkBstr solves this) or to switch this 'Admin Feature' of battlEye off.

Please keep in mind that:

- Even if you have admin Privileges, the client could run in a virtual machine which's memory can be accessed from the host system

- The UDP packets can be modified, deleted or faked and it seems that battlEye does not check them for integrity (TCP would be better here)

If possible please create a switch (e.g. config option in beserver.cfg) that each server admin can decide individually if he wants his server to check for 'admincheats'.

So far, thanks for the features, especially RCon that you have implemented.

Regards,

Crowe

Edited by Crowe

Share this post


Link to post
Share on other sites

Punk Buster does a fine job, I played AA for years and between the sever admins SS and the software cheaters were pretty much dealt with. Here we have the legit players who purchased this game with money,,,, being kicked off servers because of OS privileges? I'm sorry, but my OS has nothing to do with the game itself, nor should we have to put ourselves out there information wise. AA was pretty simple, you're caught cheating, hardware ban. AA is free, so I'll deal with the headaches, but ARMA is not free, so everyone who pays has a consumer right to complain. I believe this would be a forth amendment issue of the constitution in the states also.

Your work is appreciated, but you need a better deterrent... Under no circumstance should any anti-cheat software interfere with the ability to play a game online. Is it really worth killing off the game? So far I've done everything possible to play online and have been kicked off servers anyway for OS issues. Yes I run a steam version....

Edited by B CO 2/113 INF

Share this post


Link to post
Share on other sites

bco as you may know PB was in certain time of it's life on same spot,

needed admin / elevated privileges

and hardware bans aren't for game they only for hacking PB itself ...

so the situation is not much different and as $able said the system with BE will improve...

anyway it's not that hard to start STEAM as admin until that happen

Share this post


Link to post
Share on other sites

I don't see the logic behind completely wrecking the online experience for alot of honest players when there are very few hacks who would waste their time hacking a game for very little enjoyment. Don't you think these guys would be more interested in robbing some poor guys bank account online?

Basically, I have the same problem alot of people here have and its getting on my tits. Since when did I pay 30 quid for a game that claims to be multiplayer online but actually it's false advertisement because a crappy little anti cheat program is hell bent on the fact that someone will spawn a spaceship with lasers shooting everything in takistan. In essence, what i'm saying is...I'd rather play online with the hacks & spaceships than not play online at all.

Share this post


Link to post
Share on other sites

st3rv stop trolling and go play on a server with BE disabled, then you dont need to run arma as admin.

Share this post


Link to post
Share on other sites

BE client seems happy when runs under an user in the Administrators group.

But sometimes the chat log displays the BE Client would run better with Administrator privileges.

Is this message needed when running in Administrators group?

Share this post


Link to post
Share on other sites

Nuxil you hypocrite, you posted just to have a stab at me despite ME posting because I have a problem. You complete fool STOP TROLLING!

I just think Bohemia should remove BE completely and switch to one that works.

Share this post


Link to post
Share on other sites

take your attitude somewhere else.. calling people hypocrite,fools dont belong here on the forum.

and as i said. if you have a problem running the game as admin. play on server with BE disabled.

Share this post


Link to post
Share on other sites
Nuxil you hypocrite, you posted just to have a stab at me despite ME posting because I have a problem. You complete fool STOP TROLLING!

I just think Bohemia should remove BE completely and switch to one that works.

Could you tell us the exact problem you have?

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×