Chess playing software detection--speculation: how do they detect programs on your local machine?
in [Anti-Virus]
|
Prev: Infamous 'Snuff' Post Woman Sent To Raid
Next: Raid/Dustin Cook/John H. Grahms caught dropping viruses On Usenet
From: raylopez99 on 9 Jun 2010 05:47 As anybody who plays chess online knows, on occasion a chess playing site like the one PlayChess by Chessbase will say "Player XYZ detected using chess playing software--their account has been deleted". Also when recently the Topolov-Anand match was played, the Bulgarian servers stated (when I was checking out the live match): "Warning: Chessbase detected!". Apparently they were upset that Chessbase software was being used to analyze the match, which they wanted exclusive live rights to (they have sense sued Chessbase). Speculation: how do they do that? How to they detect software remotely--isn't this a security breach? Some theories: 1) They have some software that can check out what programs are running in your memory, and: (a) this software is bundled with the chess interface used by online chess playing programs, or (b) this is a Java applet that runs under any browser If 1)(b), isn't this something an anti-virus program would catch? Maybe not. 2) They are faking it: they simply analyze some games played by suspected cheaters--maybe people reported by opponents who are suspicious --and if enough of the game show that nearly all moves were the 'recommended' moves played by typical chess playing software like Rybka or Fritz, then the accounts are deleted. In the case of the Bulgarian servers--since the organizers of this match were upset with Chessbase before the match because Chessbase stated they were going to rebroadcast the moves--which BTW I don't think Chessbase has legal rights to--the Bulgarian organizers simply added a message "Warning: Chessbase detected!" just to show anybody they were upset with Chessbase, to scare them, since most serious chess players use Chessbase. In other words, it was a fake message that everybody saw, even those not using Chessbase software. RL
From: David H. Lipman on 9 Jun 2010 06:28 From: "raylopez99" <raylopez88(a)gmail.com> | As anybody who plays chess online knows, on occasion a chess playing | site like the one PlayChess by Chessbase will say "Player XYZ detected | using chess playing software--their account has been deleted". | Also when recently the Topolov-Anand match was played, the Bulgarian | servers stated (when I was checking out the live match): "Warning: | Chessbase detected!". Apparently they were upset that Chessbase | software was being used to analyze the match, which they wanted | exclusive live rights to (they have sense sued Chessbase). | Speculation: how do they do that? How to they detect software | remotely--isn't this a security breach? | Some theories: | 1) They have some software that can check out what programs are | running in your memory, and: | (a) this software is bundled with the chess interface used by online | chess playing programs, or | (b) this is a Java applet that runs under any browser | If 1)(b), isn't this something an anti-virus program would catch? | Maybe not. | 2) They are faking it: they simply analyze some games played by | suspected cheaters--maybe people reported by opponents who are | suspicious --and if enough of the game show that nearly all moves were | the 'recommended' moves played by typical chess playing software like | Rybka or Fritz, then the accounts are deleted. In the case of the | Bulgarian servers--since the organizers of this match were upset with | Chessbase before the match because Chessbase stated they were going to | rebroadcast the moves--which BTW I don't think Chessbase has legal | rights to--the Bulgarian organizers simply added a message "Warning: | Chessbase detected!" just to show anybody they were upset with | Chessbase, to scare them, since most serious chess players use | Chessbase. In other words, it was a fake message that everybody saw, | even those not using Chessbase software. Huh ? -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: "FromTheRafters" erratic on 9 Jun 2010 08:10 "raylopez99" <raylopez88(a)gmail.com> wrote in message news:fc013a92-1995-4a2f-ba25-a78b19c8a97c(a)x27g2000yqb.googlegroups.com... > As anybody who plays chess online knows, on occasion a chess playing > site like the one PlayChess by Chessbase will say "Player XYZ detected > using chess playing software--their account has been deleted". > > Also when recently the Topolov-Anand match was played, the Bulgarian > servers stated (when I was checking out the live match): "Warning: > Chessbase detected!". Apparently they were upset that Chessbase > software was being used to analyze the match, which they wanted > exclusive live rights to (they have sense sued Chessbase). > > Speculation: how do they do that? How to they detect software > remotely--isn't this a security breach? > > Some theories: > > 1) They have some software that can check out what programs are > running in your memory, and: > (a) this software is bundled with the chess interface used by online > chess playing programs, or > (b) this is a Java applet that runs under any browser > > If 1)(b), isn't this something an anti-virus program would catch? > Maybe not. > > 2) They are faking it: they simply analyze some games played by > suspected cheaters--maybe people reported by opponents who are > suspicious --and if enough of the game show that nearly all moves were > the 'recommended' moves played by typical chess playing software like > Rybka or Fritz, then the accounts are deleted. In the case of the > Bulgarian servers--since the organizers of this match were upset with > Chessbase before the match because Chessbase stated they were going to > rebroadcast the moves--which BTW I don't think Chessbase has legal > rights to--the Bulgarian organizers simply added a message "Warning: > Chessbase detected!" just to show anybody they were upset with > Chessbase, to scare them, since most serious chess players use > Chessbase. In other words, it was a fake message that everybody saw, > even those not using Chessbase software. http://support.chess.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=711 "How does Chess.com detect cheating? One part of our analysis involves comparing human moves to computer moves and looking at statistical significance. The other parts are not public knowledge. We will never disclose our exact methods for catching cheaters (to prevent cheaters from adapting their methods), but it involves both cutting-edge technology and human judgment." See also: http://www.chessclub.com/help/Speedtrap "The methods we use are confidential, because describing them in detail would allow cheaters to cheat more intelligently. However, we can clear up some common misconceptions by listing some things that do NOT cause us to put someone on the computer list:" I suspect they all will have similar 'explanations' on their respective sites. ....shouldn't that be Ruy Lopez? :o) I used that name when installing Vista because of the chess piece icon displayed during the process, and I never use my real name on any of my computers.
From: Jackie on 9 Jun 2010 09:28 raylopez99 wrote: > [snip] I doubt this belongs in the C# group or AV group. Probably not chess either. More like software security or something, I think. I have some ideas on how they do this and how they do it in any other online game. I won't go into the details on exactly how you can do the same or how you can defeat it. > Speculation: how do they do that? How to they detect software > remotely--isn't this a security breach? You have two choices, at least: Take a risk or not play it. There's no way to to detect such things remotely without the local machine sending some data first that allows the remote machine to detect it. Internal data of the game could be changed by the analyzer one way or another (you don't see this anywhere on the outside), and the game can either detect it locally or send a hash of or chunk of the data for verification. > Some theories: > > 1) They have some software that can check out what programs are > running in your memory, and: Either that or what I mentioned earlier. These are the simplest methods I can think of at the moment at least. > (a) this software is bundled with the chess interface used by online > chess playing programs, or Sure, it could be either bundled with it, integrated into the main application (game) or it is downloaded from somewhere after installation. Maybe I misunderstood? > (b) this is a Java applet that runs under any browser If so, it can of course check its internal data and let the server know either if something is suspicious, or simply let the server decide if it looks suspicious. I doubt it would be allowed to check what other applications are running and read from their memory if it's a Java applet, since that sounds very dangerous. But it's an IE or Firefox plugin.. Yes, I think that would be possible. Just like the Flash plugin. You may know it has been vulnerable for exploitation. > If 1)(b), isn't this something an anti-virus program would catch? > Maybe not. They can't magically know what kind of application it is and decide that it is something that should be "caught". If it should block Java applets by default, they should of course let you decide whether to run it or not. Or if it has the same kind of feature I have in Outpost Firewall Pro ("Host protection"), it will catch attempts to access other processes (for example reading memory from them). > 2) They are faking it: they simply analyze some games played by > suspected cheaters--maybe people reported by opponents who are > suspicious --and if enough of the game show that nearly all moves were > the 'recommended' moves played by typical chess playing software like > Rybka or Fritz, then the accounts are deleted. In the case of the > Bulgarian servers--since the organizers of this match were upset with > Chessbase before the match because Chessbase stated they were going to > rebroadcast the moves--which BTW I don't think Chessbase has legal > rights to--the Bulgarian organizers simply added a message "Warning: > Chessbase detected!" just to show anybody they were upset with > Chessbase, to scare them, since most serious chess players use > Chessbase. In other words, it was a fake message that everybody saw, > even those not using Chessbase software. I think that would be a complex to do anyways, so I doubt it. But of course they can if if they want to. > > RL Cheat detection methods do it one way or another with some variations, but I believe it's basically the same thing (of course, some are better than others). I have not tried to give you very informational technical details on this. Just enough, I hope. :) -- Regards, Jackie
From: raylopez99 on 9 Jun 2010 16:54
On Jun 9, 3:10 pm, "FromTheRafters" <erratic @nomail.afraid.org> wrote: > ...shouldn't that be Ruy Lopez? :o) I used that name when installing Vista > because of the chess piece icon displayed during the process, and I never > use my real name on any of my computers. Very clever. And thanks for the links with explanations...those chess programmers are always on the cutting edge! Ray "Ruy" Lopez |