Raiya

Gameguard: y u no delete rootkit!? (Edit: They removed it TY NC!)

Recommended Posts

Melfice   
5 minutes ago, Lurkios said:

While GG is complete and utter crap, it is not a rootkit. Title is misleading.

 

Care to elaborate a little bit? What do you believe it is exactly?

Share this post


Link to post
Share on other sites
StrawHat   

I wish this was a flaming thread, because it really needs to be addressed. Who knows, like in Aion, it may reduce future patch problems too.

Share this post


Link to post
Share on other sites
Raiya   
14 minutes ago, Lurkios said:

While GG is complete and utter crap, it is not a rootkit. Title is misleading.

 

Its behaved as one in the past. Decided to test B&S on an older PC I'm planning on wiping for a clean win10 install in the next few days and it SEEMS to be far less agressive than in the past (this suprised me since it caused havoc the last time) when it was on aion beta (there was a GG removal and bypass patch back then as well thanks to some people) where it closed even legitimate programs like logitech gaming panel (, hwinfo64 (thats the one that was controlling the fans that destroyed the graphics card on another game). I dont trust it at all and its certainly not going on my main PC as far as I'm concerned. If it does break something NC's getting the fecking bill!

Edited by Raiya

Share this post


Link to post
Share on other sites
ZacBard   
3 hours ago, Raiya said:

 

Which AV? Its probably being blocked because its trying to inject itself into your system processes and the AV is catching it before it can.

I'm using Avira AntiVir.

The message pops up everytime I start the game, so I guess that file is protected from whatever that Gameguard thing is trying to do with it.

Share this post


Link to post
Share on other sites
Raiya   

One thing I noticed now as well is because Derpguard "hides" the game im not getting full SLI performance from my graphics cards on my test PC. 2nd GPU is not being utilised because it doesnt see the game  ._.

 

Another thing to add to the list.....

Share this post


Link to post
Share on other sites
Bril   

Funny that you mention Aion, because when I think back over all the MMOs I have played (and we are talking back to EQ) it was the worst one for hacking.  Now I have no idea if Gameguard would have helped with it but after a couple of months it was clear the direction Aion was going.  No animation, radar, flight, no clip it was just crazy the crap people got away with in Aion.

Share this post


Link to post
Share on other sites
Melfice   

I just uninstalled the game and did all that I could to get rid of GG from my system (the registry files appeared absent, so I couldn't delete them).

 

 

I'll come back when this has been removed or it's been strongly proven it's not dangerous. It's not worth risking security and functionality of my computer to play this game, no matter how much I was enjoying it.

Share this post


Link to post
Share on other sites

Anytime an application needs admin access it is usually a bad sign, I doubt NCSoft will remove this but it really is a joke having it on. Devs should know better, the person behind the comp (as in the client) ALWAYS has the upper hand and can bypass EVERYTHING! L2ServerValidate!

Share this post


Link to post
Share on other sites
Smo   

I wouldn't be surprised if the majority of the technical issues people have been having with this launch, would have been avoided if they had just left gameguard out.

 

Kinda sucks having to put a computer that cost thousands at risk just to play a game.

Especially when you consider how gameguard is essentially useless for its intended purpose.

Share this post


Link to post
Share on other sites

The GG that B&S uses doesn't seem to be as intrusive as I'd have expected, but it's still pretty bad.

Personally I found when helping a friend deal with GG that it's an absolute basket case when it comes to trying to deal with the bloody thing. A friend had an issue with another game crashing, and he'd have to restart his computer every time it happened. I found out the reason was because it was crashing during an action wherein gameguard would hide the process, arbitrarily just because it deemed that current in-game action worth hiding both the GG and game processes.

The kicker? After I told him to figure out how to find the hidden process, he couldn't even kill it. Despite him having maximum permissions, running a program with sufficient permissions (process killers, not just task manager), the programs were unable to kill GG no matter what, due to insufficient permissions.

In the end I had to create something specifically to kill GG for him. No other purpose, other than to kill the process.

 

If it comes down to a normal user, having no access to a process that can randomly hide itself can cause sooooo many issues, not just the instance I stated above, but things like hardware programs being unable to locate the program in order to do their job and such. There's also the case of, as other people have mentioned, legitimate programs not being able to perform because they constantly get killed/denied by GG, even if the program itself isn't remotely interacting with the program GG is protecting.

In most cases as well, people wont be able to stop GG from practically killing these unrelated programs because GG basically demands top-tier privileges in order to run in the first place.

Edited by LagIncarnate

Share this post


Link to post
Share on other sites

An old game I used to play used GameGuard, and it caused frequent crashes for me all the time, among other things. Most players had the same problems with it breaking legitimate (benign) programs that had nothing to do with hacking. I wouldn't be surprised if it's part of the reason people are getting banned by using latency lowering programs.

 

I don't know if they've made it less invasive over the years, but they've certainly made it no more effective (which is...not at all). NCSoft won't remove it, because no publisher ever does even when people mention how awful this thing is, but I think it's pretty stupid that they chose to include it in the first place given how it doesn't do anything to prevent hacking. 

 

And yes, it actually is a rootkit. Go look it up. It behaves exactly like one, even if it's not meant to harm your computer (and yet still can by accident because of how intrusive it is).

Share this post


Link to post
Share on other sites
Raiya   

Yeah some older versions of GG actually destroy computers or are exploited by malware to hack your system its another reason why its on the shitelist. As for aion hacking is made out to be a bigger issue than it actually is but its not as prevalent at least on the EU version. Ironically as bad as GF are at running their games decision wise and making bad decisions NC seem to sorely lack on the RMT containment side of things. GG only adds to the issues.

Share this post


Link to post
Share on other sites
ghost010   

Never really had any problem with these "protect" software. Might be pure luck... But then again, i dont like programs rooting in my files without permission.
I'm running W10 and it never asked for admin privileges, avast doesn't detect any thing.. so i wonder if it even does things.
Cheaters are able to play the game without it, so why do we need it?

Share this post


Link to post
Share on other sites
Raiya   
2 minutes ago, ghost010 said:

Never really had any problem with these "protect" software. Might be pure luck... But then again, i dont like programs rooting in my files without permission.
I'm running W10 and it never asked for admin privileges, avast doesn't detect any thing.. so i wonder if it even does things.
Cheaters are able to play the game without it, so why do we need it?

 

Not sure how it works in windows 10 it might operate on a different level I know it didnt work initially on it. As for the reasons we "need" it? Next to none tbh. Even checking some shadier sites shows the hackers have ways of getting around it easily its woefully inefficient because any people determined to hack are gonna have some sort of bypass as well. GG and the likes of it are visible so they can just get around it easily or cripple it outright leaving normal players stuck with this crapware. Only thing that works is server side protection and always has.

Share this post


Link to post
Share on other sites
ghost010   

I seee.

Hope NCsoft gets rid of it.
Oh and lets keep this thread alive.. its already buried under allot of nonsens topics.

Share this post


Link to post
Share on other sites
MrHmm   

Well I believe it will take them 1 year or so to remove Gameguard.

 

Might take them more but who knows.

Share this post


Link to post
Share on other sites
Odachi   

I really wanted to play this game, but it wouldn't launch while sandboxed. Now I guess it'll have to wait until they remove this invasive protection, if ever.

That other costume simulator, Tera, never had this problem.

Share this post


Link to post
Share on other sites

well does the Korean and Chinese version have Game Guard?

 

i run a alien ware X51 and Game guard Forces Shutdown of Alien ware command center .

 

And if you try to launch B n S with Ge-force Experience Boom Game Guard just closes it and then nothing.

anyone face these problems?

i even ran a full system scan!!!!

 

Share this post


Link to post
Share on other sites
Raiya   

Biggest reason why GG is so pointless: The same hackers who want to cheat at your game know how to reverse engineer GG to bypass it.

 

The reason its also a danger is if an exploit is discovered in a GG version in a completely different game ANY game running it is potentially exposed to a backdoor hack. Most decent games dont use crapware such as this because its a security risk to say the least. The security used to check that GG is running even is quite easy to circumvent as well.

Share this post


Link to post
Share on other sites
HMint   

I also had the issue with Avira blocking the program from accessing the Windows hosts file.

So I decided to see what's happening, made a backup of hosts just in case and disabled the protection in Avira.

 

Turns out GG does not change anything in the file after all.

 

I am assuming that it wants to check for redirects for the NCSoft servers, which would be a good point to start when trying anything shady. And does this by unnecessarily opening the file in R/W mode maybe?

 

On the other hand I find it interesting that GG tries to check the hosts file, but then proceeds without problems when being denied access to it...?

Share this post


Link to post
Share on other sites
Melfice   
10 hours ago, ghost010 said:

I seee.

Hope NCsoft gets rid of it.
Oh and lets keep this thread alive.. its already buried under allot of nonsens topics.

 

It's hard to keep the thread alive when in the first week the game is suffering from login-times and other such craziness. It'll be super busy until that all dies down.

 

But we shouldn't be letting this issue die either as you said. Ultimately, if it turns out the version of GameGuard packaged with this game is actually safe and secure (as in, different from what is normally packaged) then that would be something that the publisher/developer should make known. That might make me redownload the game; but only if we had pretty good proof that it was safe. I'm not even talking about the buggy aspect of it (as I actually suffered no bugs or crashes while I was playing the game), but security wise.

 

Or, while not ideal, if there were a way to bypass the requirement entirely and find a way to play the game after having removed GameGuard and prevent it from redownloading; but that falls too close to the realm of hacking/cheating territory and I'd rather not use such a method. It seems absolutely crazy because if it weren't for this program, this would be an MMO I'd stick around for and spend some money in. It does a lot of things right, but GameGuard is a deal breaker.

Share this post


Link to post
Share on other sites
Tohru   
11 hours ago, HMint said:

I also had the issue with Avira blocking the program from accessing the Windows hosts file.

So I decided to see what's happening, made a backup of hosts just in case and disabled the protection in Avira.

 

Turns out GG does not change anything in the file after all.

 

I am assuming that it wants to check for redirects for the NCSoft servers, which would be a good point to start when trying anything shady. And does this by unnecessarily opening the file in R/W mode maybe?

 

On the other hand I find it interesting that GG tries to check the hosts file, but then proceeds without problems when being denied access to it...?

 

My Avira just blocks Gameguard everytime I launch the game, am I still ok or does it still bypasses it?

Share this post


Link to post
Share on other sites
Melfice   
21 minutes ago, Tohru said:

 

My Avira just blocks Gameguard everytime I launch the game, am I still ok or does it still bypasses it?

 

I'd imagine that if Avira is blocking GG, but you're still playing the game, that it must be bypassing it. Otherwise it'd be more than just a horrible cheat/hacking protection software if a free anti-virus gets passed it.

Share this post


Link to post
Share on other sites
Tohru   
11 minutes ago, Melfice said:

 

I'd imagine that if Avira is blocking GG, but you're still playing the game, that it must be bypassing it. Otherwise it'd be more than just a horrible cheat/hacking protection software if a free anti-virus gets passed it.

 

Oh great, I researched more about it and apparently I still have hidden files gameguard uses to rootkit in my registry and system32/wow64.  I still do not know if it is nonexecuted or they went around my antivirus and decided to run it anyways.  This whole program seems very sketchy with all scare going on, I wouldn't blame people wanting to remove gameguard, there's also still bots running around the game with the program.

Edited by Tohru

Share this post


Link to post
Share on other sites
Melfice   
4 minutes ago, Tohru said:

 

 

Sounds good, I researched more about it and apparently I still have hidden files gameguard uses to rootkit in my registry and system32/wow64.  I do not know if it is nonexecuted or they went around my antivirus and decided to run it anyways.  This whole program seems very sketchy with all scare going on, I wouldn't blame people wanting to remove gameguard, there's also still bots running around the game with the program.

 

That's correct; I removed a bunch more registry files today after discovering I missed some. It's an ongoing process.

 

It's fairly invasive; though all things considered not hard to remove once you understand how to track it in regedit. Although if it's somehow hidden past that, I have no idea how to find the remaining files. Hoping my computer is now secure; but since the damn thing is designed to hide, how can you ever be sure?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now