As with many popular Internet attractions, World of Warcraft has been faced with a number of in-game issues and offline security concerns. Blizzard has used both legal and technological means to help address a number of these issues for their end users.
Selling Virtual Money
With over nine million subscribers, World of Warcraft has attracted a number of cottage industries that aren't directly part of the game, but instead exist to indirectly provide resources to players. Unfortunately, many of these companies are providing products and services that are a violation of World of Warcraft's terms of service.
Some of these out-of-bounds businesses are related to the acquisition of gold, which is the currency used inside the World of Warcraft universe. These companies acquire gold and then sell it for real-world currency outside of the World of Warcraft game universe. After this real-world transaction, the gold is then transferred to the gamer inside the World of Warcraft realm.
These activities negatively affect the overall gameplay experience for everyone, and Blizzard has been diligent about removing these organizations. They've also made changes to the gaming environment that limit the effectiveness of these companies to exist, such as providing additional spam administration and gold transfer limitations.
The "more honest" gold sellers (that still violate the terms of service) use their own gameplay to acquire gold, just like any other World of Warcraft player. However, recent unethical behavior has been found by gold scammers that acquire a World of Warcraft account name and password through the introduction of a keylogger or spyware. This evil software is usually introduced to the system through a Trojan horse email attachment, resulting in the release of private account information. Once the bad guys have the account information, they loot the "stolen" characters and transfer their gold to other accounts.
Social engineering techniques are also used to entice account information and passwords away from innocent users. Since many World of Warcraft gamers are relatively young, these scam artists prey on their innocence and lack of knowledge. In an effort to remind users of their privacy duties, one of the World of Warcraft startup tips reminds users that Blizzard employees will never ask for a password.
The World of Warcraft Client Paradox
Some built-in functionality of the World of Warcraft client has been given special consideration by security administrators. Because the World of Warcraft client resides on the local hard drive, many cheaters use third-party applications to manipulate or alter the local gameplay experience. For example, some third party programs will move an in-game character around an area automatically and fight monsters to accumulate experience points without any end-user intervention. These third-party programs are clearly a violation of the terms of service, but how can Blizzard manage something outside of their control?
From Section 14, Acknowledgements:
You hereby acknowledge and agree that: A. "WHEN RUNNING, THE PROGRAM MAY MONITOR YOUR COMPUTER'S RANDOM ACCESS MEMORY (RAM) AND/OR CPU PROCESSES FOR UNAUTHORIZED THIRD PARTY PROGRAMS RUNNING CONCURRENTLY WITH WORLD OF WARCRAFT." [snip] IN THE EVENT THAT THE PROGRAM DETECTS AN UNAUTHORIZED THIRD PARTY PROGRAM, BLIZZARD MAY (a) COMMUNICATE INFORMATION BACK TO BLIZZARD, INCLUDING WITHOUT LIMITATION YOUR ACCOUNT NAME, DETAILS ABOUT THE UNAUTHORIZED THIRD PARTY PROGRAM DETECTED, AND THE TIME AND DATE THE UNAUTHORIZED THIRD PARTY PROGRAM WAS DETECTED; [snip] B. "WHEN THE PROGRAM IS RUNNING, BLIZZARD MAY OBTAIN CERTAIN IDENTIFICATION INFORMATION ABOUT YOUR COMPUTER AND ITS OPERATING SYSTEM, INCLUDING WITHOUT LIMITATION YOUR HARD DRIVES, CENTRAL PROCESSING UNIT, IP ADDRESS(ES) AND OPERATING SYSTEM(S), FOR PURPOSES OF IMPROVING THE PROGRAM AND/OR THE SERVICE, AND TO POLICE AND ENFORCE THE PROVISIONS OF THIS AGREEMENT AND THE EULA."-----
The bad guys built software that looked into the internals of World of Warcraft, so Blizzard updated their software to look into the internals of the cheater's software. This will certainly be an ongoing battle as the two sides look for an advantage over the other, but it's the security administrator that ends up ignoring the infighting and chooses to block the entire war from ever entering their network.
There's no reason to believe that the information that Blizzard collects is harmful, but a security administrator understands that it's impossible to know exactly what information Blizzard might see on a remote computer. For many large organizations, the data stored on a computer system is often private or proprietary. The World of Warcraft Terms of Service clearly state that some information will be transferred to Blizzard, so many security administrators have no other choice but to disallow World of Warcraft activity on their local computers and through their network.
What about the home user? If important corporate information is at risk, isn't important personal information also at risk? The answer is yes, but the owner of the home computer usually has more control over what information can be seen. Unfortunately, the home user often doesn't have the knowledge necessary to properly secure their important information. For example, few home users use programs such as TrueCrypt to keep sections of their hard drive encrypted and private.