Since the May 2003 attack on the Shadowbane servers at UBISoft, many people have
asked us about security.
Security is the single most important part of the game. People are often
surprised at how seriously we take security. Why are they surprised? We don't know... after all, who wants to
play an online game if hackers can simply have their way with you in the game.
Obviously we can't discuss all our security measures, and we will not reveal
specific hardware, software, or third party security companies we work with. But
our security measures do include the following:
- Dumb Client:
The client is never
given information not intended for the player's use. If there's cloaked ship
behind you which you can't see, the client software isn't told. trainers,
packet sniffers, and memory hacks won't be a help to cheaters. The client is literally an interface for the server,
- Server Side Logic:
The game client also has
no logic on it. How many weapons you have, your ships abilities and power
are all stored server side. Cloaking, skill calculations, weapon hits and so
on are all done server side.
- Legal Remedies:
When you buy a game off the shelf, like Shadowbane or Ultima Online, legally
you own that copy of the software. Legally you can reverse engineer it, modify
it, or distribute information about it. However our client is not sold. We
rent our client, like a cable box or credit card. This makes any decompilation,
even for information purposes only, illegal. We prosecute any case of
decompilation or decimination of server information.
- Hardware Firewalls: Every computer on
our network is connected to an independent, state of the art firewall with
virus protection and logging.
- Independent Software Firewalls:
addition to the hardware firewalls, our servers all have software firewalls
running on the OS.
- Hacker ID Program:
An extensive contract
with a major internet security firm for the tracing, identifying and reporting of hack
- No Cheat Codes:
Many games use cheat
codes for testing which are (in theory) removed for the commercial release. We
have alternate testing methods, and have never programmed in a single cheat
- No God Clients:
Often "God clients" are
used by developers to modify a game. To prevent the accidental release of a God client, or
the hacking of a standard client to god mode, no god clients were ever
created or enabled. Even the administrators use the same clients as players.
- Stripped OS:
The OS on each server
computer is stripped of all non-essential services, and updated daily with any
and all security updates.
- Isolated Database and Servers:
database, and most of the server machines, can not be reached from the
internet, and reside solely on stand-alone systems. Only the primary login
server can be accessed from the internet.
- Full Password Protections:
passwords for all systems, from administrative accounts to mail and
maintenance programs, have 8+ digit passwords with non-alphanumeric
- DoS Countermeasures:
detect, trace, and report Denial of Service attacks.