You are reading:
Under the Surface of Azeroth:
A Network Baseline and Security Analysis
of Blizzard's World of Warcraft


Final Thoughts

The World of Warcraft client is a powerful application that provides gamers with an immersive role-playing environment. Blizzard has created an architecture that provides immense entertainment value to the end user while simultaneously supporting millions of players. Blizzard's World of Warcraft universe is built for size and speed, and it shows no signs of stopping.

The efficiency of World of Warcraft over the network is remarkable. The bandwidth used by World of Warcraft is so slight that it can be enjoyed by nearly anyone, regardless of their connection to the Internet. With servers around the world, Blizzard has created a service that gamers anywhere can enjoy.

Although the performance of World of Warcraft is elegant, it's a concern from a security standpoint. The proprietary nature of the World of Warcraft gaming client provides a certain level of protection because the details of the front-end are private and not well known. This doesn't ensure complete protection, but it does mean that exploits that directly attack the World of Warcraft client won't be as common as attacks to other more-open applications such as browsers or email clients. However, security professionals know that security through obscurity isn't really security.

It's the World of Warcraft software's proprietary nature that also includes a bit of insecurity. In an effort to keep the gaming environment fair for everyone, Blizzard has required that every World of Warcraft player agree that information "without limitation" can be transferred from their computer back to Blizzard's servers. There's absolutely no evidence of Blizzard ever gathering anything personal or private from end users. Indeed, it would be difficult to believe that Blizzard would put their extremely successful gaming business at risk by transferring information they shouldn't.

However, the security professional has to be concerned that Blizzard could not only transfer this information without limitation, but that the end user has agreed to this activity. If an organization's activities require an undeniable level of security, the World of Warcraft client would be an inappropriate piece of software. A security professional at a hospital, financial organization, or government entity would certainly want to be sure their end users were keeping their online gaming confined to their home computers.