NProtect GameGuard

Last updated

nProtect GameGuard
Developer(s) INCA Internet Co., Ltd.
Operating system Microsoft Windows
Type Anti-cheating
License Proprietary
Website gameguard.nprotect.com/en/index.html

nProtect GameGuard (sometimes called GG) is an anti-cheating rootkit developed by INCA Internet. It is widely installed in many online games to block possibly malicious applications and prevent common methods of cheating. [1] [2] [3] nProtect GameGuard provides B2B2C (Business to Business to Consumer) security services for online game companies and portal sites. The software is considered to be one of three software programs which "dominate South Korea's domestic online game security market". [4]

Contents

GameGuard uses rootkits to proactively prevent cheat software from running. [5] GameGuard hides the game application process, monitors the entire memory range, terminates applications defined by the game vendor and INCA Internet to be cheats (QIP for example[ citation needed ]), blocks certain calls to Direct X functions and Windows APIs, keylogs keyboard input[ citation needed ], and auto-updates itself to change as new possible threats surface. [1]

Since GameGuard works like a rootkit, [2] [6] players may experience unintended and potentially unwanted side effects. If set, GameGuard blocks any installation or activation of hardware and peripherals (e.g., a mouse) while the program is running. Since GameGuard monitors any changes in the computer's memory, it will cause performance issues when the protected game loads multiple or large resources all at once. [7]

Additionally, some versions of GameGuard had an unpatched privilege escalation bug, allowing any program to issue commands as if they were running under an Administrator account. [8]

GameGuard possesses a database on game hacks based on security references from more than 260 game clients. Some editions of GameGuard are now bundled with INCA Internet's Tachyon anti-virus/anti-spyware library, and others with nProtect Key Crypt, an anti-key-logger software that protects the keyboard input information.

List of online games using GameGuard

GameGuard is used in many online games. [3] [9] [10]

Related Research Articles

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed and often masks its existence or the existence of other software. The term rootkit is a compound of "root" and the word "kit". The term "rootkit" has negative connotations through its association with malware.

<span class="mw-page-title-main">Antivirus software</span> Computer software to defend against malicious computer viruses

Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

<span class="mw-page-title-main">PunkBuster</span> Anti-cheat software

PunkBuster is a computer program that is designed to detect software used for cheating in online games. It does this by scanning the memory contents of the local machine. A computer identified as using cheats may be banned from connecting to protected servers. The aim of the program is to isolate cheaters and prevent them from disrupting legitimate games. PunkBuster is developed and published by Even Balance, Inc.

<span class="mw-page-title-main">Cheating in online games</span> Practice of subverting video game rules or mechanics to gain an unfair advantage

On online games, cheating subverts the rules or mechanics of the games to gain an unfair advantage over other players, generally with the use of third-party software. What constitutes cheating is dependent on the game in question, its rules, and consensus opinion as to whether a particular activity is considered to be cheating.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

<span class="mw-page-title-main">Valve Anti-Cheat</span> Anti-cheat software

Valve Anti-Cheat (VAC) is an anti-cheat tool developed by Valve as a component of the Steam platform, first released with Counter-Strike in 2002.

<span class="mw-page-title-main">Extended Copy Protection</span> Copy protection rootkit by Sony BMG

Extended Copy Protection (XCP) is a software package developed by the British company First 4 Internet and sold as a copy protection or digital rights management (DRM) scheme for Compact Discs. It was used on some CDs distributed by Sony BMG and sparked the 2005 Sony BMG CD copy protection scandal; in that context it is also known as the Sony rootkit.

<span class="mw-page-title-main">Sony BMG copy protection rootkit scandal</span> Sony BMGs implementation of copy protection measures

In 2005 it was revealed that the implementation of copy protection measures on about 22 million CDs distributed by Sony BMG installed one of two pieces of software that provided a form of digital rights management (DRM) by modifying the operating system to interfere with CD copying. Neither program could easily be uninstalled, and they created vulnerabilities that were exploited by unrelated malware. One of the programs would install and "phone home" with reports on the user's private listening habits, even if the user refused its end-user license agreement (EULA), while the other was not mentioned in the EULA at all. Both programs contained code from several pieces of copylefted free software in an apparent infringement of copyright, and configured the operating system to hide the software's existence, leading to both programs being classified as rootkits.

Cheating in video games involves a video game player using various methods to create an advantage beyond normal gameplay, usually in order to make the game easier. Cheats may be activated from within the game itself, or created by third-party software or hardware. They can also be realized by exploiting software bugs; this may or may not be considered cheating based on whether the bug is considered common knowledge.

<span class="mw-page-title-main">Kaspersky Internet Security</span> Internet security suite developed by Kaspersky Lab

Kaspersky Internet Security is a internet security suite developed by Kaspersky Lab compatible with Microsoft Windows and Mac OS X. Kaspersky Internet Security offers protection from malware, as well as email spam, phishing and hacking attempts, and data leaks. Kaspersky Lab Diagnostics results are distributed to relevant developers through the MIT License.

<span class="mw-page-title-main">VirusTotal</span> Cybersecurity website owned by Chronicle

VirusTotal is a website created by the Spanish security company Hispasec Sistemas. Launched in June 2004, it was acquired by Google in September 2012. The company's ownership switched in January 2018 to Chronicle, a subsidiary of Google.

<span class="mw-page-title-main">INCA Internet</span> South Korean software company

INCA Internet Corporation, also known as nProtect, is a corporation which sells computer software. INCA Internet was founded by Young Heum Joo, the current CEO and President of INCA Internet, in 2000. It offers anti-virus, anti-spyware, game security, and unified corporate security. It is headquartered in Seoul, Republic of Korea.

nProtect GameGuard Personal 2007

nProtect GameGuard Personal 2007 is an Anti-Virus security suite for Microsoft Windows 2000, XP, and Vista developed by INCA Internet for users playing online computer games. It includes real-time protection from most forms of malware, including viruses, trojans, spyware, worms, keyloggers, and rootkits, as well as a game optimization feature. Like many other security products, nProtect GameGuard Personal 2007 can cause collisions when executed with security products simultaneously. The collisions mainly occur when running the on-access scanning simultaneously.

Michael Gregory Hoglund is an American author, researcher, and serial entrepreneur in the cyber security industry. He is the founder of several companies, including Cenzic, HBGary and Outlier Security. Hoglund contributed early research to the field of rootkits, software exploitation, buffer overflows, and online game hacking. His later work focused on computer forensics, physical memory forensics, malware detection, and attribution of hackers. He holds a patent on fault injection methods for software testing, and fuzzy hashing for computer forensics. Due to an email leak in 2011, Hoglund is well known to have worked for the U.S. Government and Intelligence Community in the development of rootkits and exploit material. It was also shown that he and his team at HBGary had performed a great deal of research on Chinese Government hackers commonly known as APT. For a time, his company HBGary was the target of a great deal of media coverage and controversy following the 2011 email leak. HBGary was later acquired by a large defense contractor.

<span class="mw-page-title-main">Malwarebytes</span> Internet security company

Malwarebytes Inc. is an American Internet security company that specializes in protecting home computers, smartphones, and companies from malware and other threats. It has offices in Santa Clara, California; Clearwater, Florida; Tallinn, Estonia; Bastia Umbra, Italy; and Cork, Ireland.

<span class="mw-page-title-main">Trend Micro Internet Security</span> Antivirus and online security software

Trend Micro Internet Security is an antivirus and online security program developed by Trend Micro for the consumer market. According to NSS Lab comparative analysis of software products for this market in 2014, Trend Micro Internet Security was fastest in responding to new internet threats, but as of June 2024 based on the chat support there is no known mechanism as with Microsoft Defender Antivirus to submit false positives like "Incorrectly detected as malware/malicious" or "Incorrectly detected as PUA " which may point to cutting corners and be the cause of application mislabeling e.g. as ransomware, while the mechanism for detecting real threats is not specified.

Avira Operations GmbH & Co. KG is a German multinational computer security software company mainly known for its Avira Free Security antivirus software. Although founded in 2006, the Avira antivirus application has been under active development since 1986 through its predecessor company H+BEDV Datentechnik GmbH. Since 2021, Avira has been owned by American software company NortonLifeLock, which also operates Norton, Avast and AVG. It was previously owned by investment firm Investcorp.

Anti-tamper software is software which makes it harder for an attacker to modify it. The measures involved can be passive such as obfuscation to make reverse engineering difficult or active tamper-detection techniques which aim to make a program malfunction or not operate at all if modified. It is essentially tamper resistance implemented in the software domain. It shares certain aspects but also differs from related technologies like copy protection and trusted hardware, though it is often used in combination with them. Anti-tampering technology typically makes the software somewhat larger and also has a performance impact. There are no provably secure software anti-tampering methods; thus, the field is an arms race between attackers and software anti-tampering technologies.

Cheating in esports is a deliberate violation of the rules of an esports governing body or other behavior that is intended to give an unfair advantage to a player or team. At its core, esports are video game competitions in an organized, competitive environment. Tournaments often pay out prize money to the highest placing teams in these events, giving players an incentive to cheat. Commonly cited instances of cheating include the use of software cheats, such as aimbots and wallhacks, exploitation of bugs, use of performance-enhancing drugs, such as Ritalin and Adderall, and match fixing.

References

  1. 1 2 Stevens, Scott M.; Saldamarco, Shirley, eds. (2008). Entertainment Computing – ICEC 2008: 7th International Conference. Springer Science+Business Media. p. 96. ISBN   978-3-540-89221-2.
  2. 1 2 Fahey, Mike (18 September 2009). "Hooray! Aion Drops GameGuard For Launch". Kotaku . Retrieved 2 February 2016.
  3. 1 2 le Ricque, Edouard (25 November 2011). "L.A. Noire sur PC : Kaspersky n'aime pas". Tom's Guide France . Archived from the original on 26 November 2011. Retrieved 2 February 2016.
  4. Sung-mi, Kim (11 September 2012). "Wiselogic, the Hidden Champion in Online Game Security". The Korea IT Times . Seoul, South Korea. Archived from the original on 18 January 2013. Retrieved 2 February 2016.
  5. Cano, Nick (2016). Game Hacking: Developing Autonomous Bots for Online Games. William Pollock. p. 248. ISBN   978-1593276690.
  6. "RootRepeal – Rootkit Detector" . Retrieved 3 February 2016. ...many antivirus programs and some games (for example, nProtect GameGuard) use rootkit-like technology to hide or protect themselves.
  7. Spohn, Steve (14 September 2009). "GameGuard Shuts Down Disabled Gamers". The AbleGamers Foundation . Archived from the original on 20 November 2009. Retrieved 4 February 2016.
  8. "CVE-2005-0295 : npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any process that calls it, which allows local users to gain privileges" . Retrieved 25 February 2017.
  9. "nProtect gameGuard Partner". Archived from the original on 18 August 2012. Retrieved 27 August 2007.
  10. "GameGuard Errors". NCSOFT . Retrieved 3 February 2016.
  11. "Announcing Our New Anti-Hacking Partner XIGNCODE3". elsword.koggames.com. Retrieved 23 November 2020.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.