Jump to content

UOForums interview with Tony Ray, founder of Punkbuster.com


Recommended Posts

UOForums was lucky enough to spend some time with Tony Ray, founder of the Punkbuster software, which is soon to be beta tested with UO.

 

Here are the questions we sent him and his subsequent answers..

 

<HR>

1) From PB TOS:

Licensee understands and agrees that the information that may be inspected and reported by PunkBuster software includes, but is not limited to, devices and any files residing on the hard-drive and in the memory of the computer on which PunkBuster software is installed.
Is this information kept? If so, for how long, and to whom is it made available?

Tony Ray: No information is kept and no information is ever made available to anyone. Our privacy policy is not part of the legal agreement, but it has been static since the beginning and all versions of PunkBuster follow that privacy policy which is here:

 

 

The wording of the legal agreement quoted above has to be broad so that users understand the scope of what PunkBuster can look at (which is everything). If there was something PB wasn't able to look at, then the cheat-writing punks would just make their cheats and hacks "look exactly like" whatever PunkBuster limited itself from inspecting so that the whole effort would be wasted. PunkBuster does obtain hardware and device identifiers but those are mangled before transmission so that no one (not even ourselves) can determine the original information used to create what it is transmitted. We can't for example know what someone's hard drive serial number is from these transmissions, and certainly cannot know what personal information of any kind is stored on the user's computer.

 

 

2) Is the PunkBuster crew working individually on it's version for Ultima Online, or in tandem with the UO Dev team? (other than getting facts/info on UO related stuff)

Tony Ray: Since PunkBuster is integrated at the source level for all games we support, our engineers work with the game dev team to get the integration accomplished, tested, etc. In the case of UO, that has already been completed and was a great experience. We are really looking forward to working with the whole UO team.

 

 

3) What is the biggest difference between creating a PunkBuster program for a FPS and a MMORPG?

Tony Ray: The biggest difference is in how PunkBuster's auto-update works. For FPS games where there are only a relatively few players per server, PunkBuster at the server auto-updates the PunkBuster clients when necessary. For MMO environments, PunkBuster clients obtain their updates directly from our master auto-update servers so that bandwidth used for updating does not choke the game server after a new update is released.

 

 

4) Are all efforts PunkBuster makes client(PC) side? Or would it be possible to have the system work inside the servers?

Tony Ray: PunkBuster has always been a client/server application. The PunkBuster server is in control. It requests information from the PunkBuster client running on the end-user's computer along with the game. The PB client must then supply the answers in a timely manner. The server then looks at the answer to determine if a hack or otherwise disallowed condition is present and takes the necessary action (i.e. remove the player with a message, etc.).

 

 

5) Does PunkBuster disallow play if a "problem program" is simply installed on the player pc, or must it be running?

Tony Ray: By default, PunkBuster does not look at any files on the hard drive nor the registry, it only scans memory for the presence of something running with the game. So with a plain vanilla installation of PunkBuster at the server, only running programs will be detected. There are, however, optional settings and commands that allow server administrators to look for the presence of unwanted or modified files on the hard drive. It is up to the UO team whether or not to use those optional tools on the servers they provide.

 

 

6) How does PunkBuster plan on handling Hardware/Global Bans between FPS's and MMO's? Will they carry over, or will they be mutually exclusive?

Tony Ray: At this time, we plan to leave all banning decisions to the UO team. For Ultima Online, PunkBuster is currently designed to report what it finds to the GMs and it is up to the UO team to enforce their own policies. At least in the beginning, players who are Hardware banned for hacking PunkBuster in some other game will not be Hardware banned in UO.

 

 

7) Do you play any MMO's? If so, which ones?

Tony Ray: The only time I have to play games these days is when testing PunkBuster. That is one thing I had to sacrifice personally a few years ago to see this project succeed. However, having said that, before the project was initiated, I played computer games frequently (many hours per week). The only MMO I ever played was Ultima Online. That was back in 1998 after the Second Age expansion was released. I loved the game and for awhile I didn't play anything else.

 

 

8) What are the levels of bannings? (temp-how long. perma ban-warnings?)

Tony Ray: That will be completely up to the UO team. By default PunkBuster will keep a player off of a server for 2 minutes after kicking for a cheat violation.

 

 

9) What are the review processes for bannings? If one feels they were wrongfully banned how would they file for a review? Would it be to EA, PB, or both?

Tony Ray: At least initially, all banning and everything related will be through the UO team. If we at some point begin to Hardware ban in UO, whatever procedures that are in place may or may not change at that point.

 

 

10) Will the "banning" process be automated as on FPS's, or will a GM have the ultimate say BEFORE the ban occurs?

Tony Ray: That will be up to the UO team. When PunkBuster kicks for a cheat violation, the GMs will receive a report of the details for that violation and will have their own procedure for dealing with it.

 

 

11) I run two computers on broadband off a router. Will this be a problem, and, if action is required to allow this to continue, will I have to be "computer literate" or can a computer "newb" make the necessary adjustments?

Tony Ray: Except for perhaps some really old NAT routers, there shouldn't be any problems running multiple computers with no action required on the part of end-users. All modern routers that I'm aware of (by that I mean released during the last 5 years) will handle the net traffic properly. In some cases, you may need to update your router firmware as there were some buggy firmware version releases a couple of years ago on some name brand routers that drop PunkBuster traffic. In our experience, this is likely to affect at most only a few people who play online games at this point.

 

 

12) How will "false positives" be resolved? This goes to the first question.

Tony Ray: We have been detecting cheats and hacks for many years. We are very happy with our record in preventing and also in handling false positives the few times they have occurred. And furthermore, our procedures for finding and dealing with the possibility of false positives has improved dramatically during the past five years. In the old days we used to work one on one with players who claimed to have been kicked for something when they were not running a cheat nor hack. We used those experiences to develop safeguards that allow us to now determine false positives often before any are even triggered by an end-user and remove those from our system. The way false positives are resolved is that we remove any bans that may have been triggered and then we make a public announcement on the affected game(s)'s support page(s) on our website so that server admins, leagues, etc. will know what they are dealing with.

 

 

13) Since "false positives" are an admitted possibility, how can one best prevent it occurring? (Here, we're ASSUMING that the person isn't running any forbidden programs and has done nothing to change the underlying program (UO))

Tony Ray: Every false positive we have ever seen occurs when a user is running a little known or newly released program that happens to have a footprint/pattern that looks exactly like a cheat we are scanning for. So, other than closing every other program besides the game, there is really nothing an end user can do. Despite what may be claimed on cheat/hack websites, PB false positives are extremely rare. Most of the games we support have never had even one.

 

 

14) Has EA actually looked at the source code to determine EXACTLY what the program does and what it does not do?

Tony Ray: All of our clients have access to some of our source code (the part that is integrated with the game). However, the full PunkBuster source code tree has not been made available to anyone outside of Even Balance. Since we frequently auto-update, adding layers of approvals would slow down the process to where it would not be effective. Speaking to that issue, I'd simply say that there is safety in numbers, over 20 million game players run PunkBuster by their own choice. We're not about personal information, we don't want the names, email addresses, etc. of our users - we don't even sell advertising on our own website which would be substantial income as we pull in significant traffic. The last thing we want to do is get bogged down with being responsible for the personal information of our 20+ million users (we have enough to do already) so we just avoid the issue entirely by not gathering any information that could be considered personal.

 

 

15) How many CLAIMS have been made over the past 5-6 years that an employee of PunkBuster has gained access to anyone's computer with the intent of either "browsing our private," or stealing private information, or causing damage to a customer's computer? Of these, how many were verified?

Tony Ray: I am aware of a couple of "articles" that have been written over the years but they never contain any verifiable information (because there isn't any). Some of these have "screenshots" but we all know that a screenshot can be made to look like anything the author wants it to look like using photoshop or whatever. These "articles" always turn out to be written by a punk cheat author who is (without merit) just trying to attack our credibility. We have a spotless reputation inside the gaming industry and that is something we are extremely proud of. There is only one person in the whole world up to this point who has released a PB update (myself) so I'm confident in saying that it is truly impossible for any Even Balance employee to have breached the trust of one of our users. Various members of our staff contribute to the code base, but I personally make all source changes and builds manually prior to each update. Plus keep in mind that accessing someone's computer is breaking the law (at least in the U.S. where we are based). Not only would such a person lose his/her job, but would also likely go to jail.

 

 

16) Does PunkBuster scan my hard drive or the programs which are currently running? If it scans my hard drive, exactly what is it looking for?

Tony Ray: By default, PunkBuster only scans memory. The optional file scanning tools that some server admins use look at files inside the game's installed folder hierarchy and send back file signatures that can be compared to known legitimate files. If the signature doesn't match, PunkBuster knows that a file has changed that shouldn't have. Some admins also use these tools to see if a file signature matches the signature of a known hack. We do not use this method by default because it only catches the laziest or most naive cheaters who don't even try to rename files plus we like to keep file accesses to a minimum for lag reasons, scanning memory in chunks during gameplay creates no oticeable lag.

 

 

17) How will PunkBuster in UO affect those who are on dial-up? (Lag issue)

Tony Ray: Users with 56K modems (or less) will experience noticeable lag during PunkBuster DLL updates which will probably occur on average around once per month for UO. We distribute a free tool called PBSETUP that these users can run before playing if they choose to check for updates so they can be installed quickly before joining a shard. The use of PBSETUP is covered on our website at evenbalance.com.

 

 

18) Who dictates what PunkBuster scans for and how (the original game creator or the PunkBuster team)?

Tony Ray: The PunkBuster team has ultimate control over our software system and how it works. However, we always follow the desire of our clients in kicking for specific programs that the game creators consider to be hacks or cheats of the system.

 

 

19) Is there anyone, say a dis-interested party, to verify PunkBuster is scanning for illegal 3rd party programs only (kind of like checks/balances)?

Tony Ray: Everyone is welcome to do that. Feel free to run any monitoring program you wish that will "watch" what PunkBuster is doing. We openly welcome any experts in this area to verify that PB works (and always has) according to our privacy policy.

 

 

20) When in game and utilizing the screen capture for gameshots, will bringing in our graphic program (like Irfanview, mspaint) cause a false positive?

Tony Ray: I'm not sure I understand the question. I'll try to cover the subject matter. When PB takes a screenshot, it is *only* of the game window. If the game is not running full screen, PB ignores anything outside of the window containing the game. When the game is minimized or not the active application, PB returns a blank screenshot saying that the game app was not active. Some admins will kick if this happens too many times. If you are talking about launching a graphic program in the background while playing, that would only cause a kick if the program "looks like" a cheat program in memory from a cheat pattern perspective.

 

 

21) In the business world, the additional costs to operate and provide a service is ultimately passed on to the consumer.

Tony Ray: hmm, I think this phrase is actually part of the next question...

22) Will this increase the fee per month for Ultima Online, in the near future?

Tony Ray: This is (of course) up to EA and the UO Team. However I will say that I doubt that this has even been considered. I'm not aware of a single game we support where it is considered that the PB support cost is significant enough to warrant adjusting the end user's cost. For most games we support, the user base either increases or is sustained over a longer period than was originally hoped for, so we expect our clients to actually increase their profit by selling more units or subscriptions due to adding PunkBuster without the need to increase the end user's price point.

 

 

(This question has since been answered by Darkscribe, there will be NO increase in the monthly subscription fee)

 

 

 

<HR>

 

 

Special thanks to Tony for answering all our questions and thanks to all our posters and staff members for submitting them.

Link to post
Share on other sites

The formatting of the original post is pending a clean up so it isn't bunched to the left like this and a spelling mistake will be corrected as well.

 

Thankyou QMum for fixing the formatting and Mr Wilki for the spelling check :P

 

....

Formatting fixed, spelling corrected.

Link to post
Share on other sites
Guest Shotack

I wish this interview made me feel better about Punkbusters, but it doesn't. I keep hearing the words "by default" which means to me that by changing a setting UO or any worker there can have total access to my files, passwords, personal documents, confidential documents (for work), and so on. This disturbs me greatly. And, what Punkbusters response is "Trust us". I find that hard to do, because that is what every criminal says just before they rip you off. Seeings as this is going to happen whether the players want it or not, I have 2 choices. Close my accounts or build a machine just for use with UO that has absolutely no other personal stuff on it.

 

Thanks,

Steven

Link to post
Share on other sites

To help with assuring players that PunkBuster is not after passwords, personal documents, confidental documents, and so on, we have gathered together information given by UO.COM, UO Staff, PB, PsB, in UOF's FAQ about PunkBuster thread so that we all can see their answers to privacy and other concerns. Of course it would be impossible to provide every answer provided so far but the ones available have links to the original cited quotes.

 

My personal favorite is ...

 

"PunkBuster can’t read English, decipher a tax return, or tell a financial document from a picture of your dog. It looks at blocks of data and compares them to blocks of data known to be in cheat programs. That’s it." Darkscribe (UO Producer)

Link to post
Share on other sites

With the whole thing still being in the "development" stage, some of the questions dont have hard-and-fast answers yet...Im sure as things get closer to a pulic beta-testing he more concrete version will come out.

 

Thanks to UOF and Mr Ray for a great read!

Link to post
Share on other sites

I have a friend that uses the EasyUO program, although he doesnt use it for the more common purpose of automating his characters, to enhance his abilities, or further his skills.. He only uses it to load two clients of UO at once, and plays both characters.. i.e. the main purpose for this..

i.e.

He logs in on account number 1 - loads his tamer, and takes it to Ish/Spirit.

Then he logs in on account 2 - Loads up his archer so that he may kill any changlings ect, without them killing him.

(While hes working the Cu Sithe spawn trying to aquire a blaze coloured dog)

 

Mainly, im just curious because i was considering doing this so i could have 2 tamers at a peerless spawn. (Until i found the program used to launch these was illegal). Can you still get banned for this, although you only have it running long enough to load up two clients of uo at once? And if so, will a legal program be launched by the UOStaff to be able to do this (Lets face it, id buy the program, its a good investment.)

Link to post
Share on other sites

Yea, it's illegal and will get you booted from UO (Booted as in disconnected) and i'd imagine banned if it was kept up

 

You CAN legally log into UO more than once, if you're running Windows XP And your machine can handle having 2 copies of UO running on seperate user accounts.

Link to post
Share on other sites
A Question i didn't see on the list was how will Punkbuster affect UO players who use UO Assist?..... or UO Auto Map aswell....

 

In the UOF's FAQ Forum about PunkBuster there is more information about Third Party Programs .... Third Party and Other Hardware/Software Program Issues: that should help explain the position on such things as UO Assist, UO Auto Map and others ... Here are just two of the statements provided ...

 

"UO Assist and UO AutoMap will not be flagged as cheat programs, nor will any program on the approved-for-use list. In fact, many programs that are basically harmless won’t be flagged. We are looking for programs that automate processes that shouldn’t be automated and programs that make your character faster, stronger or better than anyone else’s." Darkscribe (UO Producer)

 

"Rather than have an exclusive list of pre-approved programs that can be running while UO is open, instead, we provide a list of programs we *don't* want running. So UOWeddings, Trillian, and other applications won't be affected. Programs we've specifically marked as cheating programs will be." Draconi (UO Designer)

Link to post
Share on other sites
Guest Shotack

Hi, I’m certain that 8x8 will be banded and should be because of the way some people use it. I use it occasionally to minimize the repetitive key strokes of say tinkering or hiding when building my characters. I always am monitoring my characters and interacting when needed. However before I began to use 8x8 I developed carpal tunnel so bad in my wrists from the game that I could barely play for weeks at a time. Is there a possibility that UO could develop something like 8x8 with say a 5 minute timer, so people couldn’t abuse it?

 

Thanks,

Steven

Link to post
Share on other sites
Guest lvschoonover

with all the BS repetitive things needed to do anything in UO there needs to be some kind of way to repeat a command. When i am crafting for gains especially over 90 Skill level without a repeat util it is almost impossible to get any gains let alone get any crafting done in a resonable time. There are way to many key and mouse strokes required by even the simplest operation in UO as far as I am concered. Something maybe the designers never considered was the physical damage all the repetition causes in their customers? may be a law suit in there somewhere? Depraved indifference or just plain stupidity?

Link to post
Share on other sites
Guest Barbosa

Ok, I strongly agree with puting PB into the game. And alot of others agree to this program on my shard. However there is going to be impact on certian things. Getting resources etc. Is there a chance of ever bringing "Powerhour" back in this case? :)

Link to post
Share on other sites
Guest HarleyQuinn
What the hell are you people trying to hide that you have pasworded access to the punkbuster faq thread?

huh? passworded where? *looks so confused*

Link to post
Share on other sites
What the hell are you people trying to hide that you have pasworded access to the punkbuster faq thread?

 

No one's trying to hide anything, that was my fault, I put the html code for the Punkbuster image in the wrong box and it set a password for the forum

 

Should be open now.

Link to post
Share on other sites
I have heared of programs called xxxxxxxx and xxxxxxxxxx and other things that let you play on custom made shards. Are these Illegal Programs? And if so, would PB be looking for it?

 

Thanks,

-Drayvock

 

They are illegal, yes

As for whether Punkbuster would search for them, I don't know

But if you're playing on a EA shard, you wouldn't have those programs open anyways....?

 

(I edited out the names..it's against the rules here i'm afraid)

Link to post
Share on other sites
I have heared of programs called XXXXXXX and XXXX and other things that let you play on custom made shards. Are these Illegal Programs? And if so, would PB be looking for it?

 

Thanks,

-Drayvock

 

PLEASE READ the agreements that we all agreed to with EA/UO in order to play Ultima Online ...

IT IS ILLEGAL! "custom made" = player run & grey shards. As for PB looking for it ... please read the UOForums FAQ about Punk Buster it might help answer your question about running illegal programs with Punk Buster.

 

ULTIMA ONLINE SERVICE RULES OF CONDUCT

It states:

16) You will not attempt to play Ultima Online on any service that is not controlled or authorized by Origin Systems.

 

17 ) You will not create, use or provide any server emulator or other site where Ultima Online may be played, and you will not post or distribute any utilities, emulators or other software tools related to Ultima Online without the express written permission of Origin.

 

Not enough to convince us? It is the same at ULTIMA ONLINE LICENSE AGREEMENT Which states:

 

5. Rights and Responsibilities.

© Official Service. Ultima Online has been designed by Origin Systems for play only on the Service. The Software is licensed to you for play on the Service only. Origin does not grant you a license to use the Software for any other purpose. You agree to play Ultima Online only on the Service and not through any other means. You further agree not to create or provide any other means through which others may play Ultima Online, for example, through server emulators. You may not reverse engineer, decompile or disassemble the Software, including any proprietary communications protocol used by the Software. You acknowledge that you do not have the right to create, publish, distribute, create derivative works from or use any graphics, audiovisual display, software programs, utilities, applications, emulators or tools derived from or created for Ultima Online unless specifically authorized in writing by Origin Systems.

 

And if we want to bring up the symantic of 'Origin Systems no longer exists' ... NO PROBLEM .... According to EA ONLINE TERMS OF SERVICE You will violate the Terms of Service if you (or others using your Account) do any of the following:

  • You will not attempt to play your EA game on or through any service that is not controlled or authorized by Electronic Arts. You will not participate in any online service that provides online features or game play for your EA game that is not authorized by Electronic Arts.

And if thats STILL not self explanatory enough for us then ... EA Customer Support also helps to clarify it ...

 

Can I set up my own UO server? Can I play on a UO server not run by OSI?

  • Question Can I set up my own UO server? Can I play on a UO server not run by OSI?trnsp.gif

Answer:

As per the UO Service Rules of Conduct:

16) You will not attempt to play Ultima Online on any service that is not controlled or authorized by Origin Systems.

 

17) You will not create, use or provide any server emulator or other site where Ultima Online may be played, and you will not post or distribute any utilities, emulators or other software tools related to Ultima Online without the express written permission of Origin.

 

Violating these policies will result in action against your accounts.

 

What is a UO Gray shard?

  • Question What is a UO Gray shard?trnsp.gif

Answer:

Gray Shards are sometimes referred to as "splinter" or "sphere" shards. A UO Gray Shard is a computer game server that is not owned or operated by Electronic Arts Inc., but which allows people to play Ultima Online -- an Electronic Arts Inc. game. Many times, these Gray Shards also use the Ultima Online game code or allow players to download the Ultima Online client software. Anyone who operates a Gray Shard that uses the UO game code or who distributes the UO client software is in violation of U.S. and International copyright and other laws. Also, anyone who uses a Gray Shard that utilizes the UO game code or distributes the UO client software is also in violation of U.S. and International copyright and other laws.

 

Any UO customer who participates in one of these game servers is in violation of the Ultima Online Rules of Conduct at http://www.uo.com/conduct.html, which states:

 

16) You will not attempt to play Ultima Online on any service that is not controlled or authorized by Origin Systems.

 

17) You will not create, use or provide any server emulator or other site where Ultima Online may be played, and you will not post or distribute any utilities, emulators or other software tools related to Ultima Online without the express written permission of Origin.

 

________________

Until they change the rules in their documentation, we must and should abide by them or we are subject to the consequences set forth in these agreements!

 

I hope that this clarifies the record about player run shards and illegal programs ... as for UOForums stand on discussing/promoting them ... That is simple ... we are an official UO Fan site and we will abide by the rules agreed to in order to maintain our affliation-partnership. Which by the way we are EXTREMELY proud of! :)

Link to post
Share on other sites
Just checked with Draconi.
Draconi: yeah, 8x8 doesn't work anymore

Draconi: sure, we said it officially a long time ago

 

 

As of PUBLISH 39 it was stated in the Other Bug Fixes found here in Publish 39 Additions, Changes, and Fixes UO.COM HOme Site

 

"“Streakiness” in the random number generator should be improved. As a side effect “8x8” will no longer work."

 

___________

Hope that helps answer when it was changed (or suppose to be) :)

Link to post
Share on other sites
  • 1 month later...

I do data entry for a job and sometimes I have UO running on the side with a vertical split. I use a keystroke/mouse macro program for my work, it allows me to record a # of keystrokes and mouse movements and do them all with one keystroke, and make my job alot easier, so that I have time to poke over to UO and spam something in luna.

 

Would my macro program be considered a macro program for UO, and would Punk buster bust me for it?

Link to post
Share on other sites
  • 2 years later...

If This is ever implemented i will not every play ultima again. I dont you those pragrams,and you dont have the right to scan my hard drive, I dont care what you think.My privacy is my entitlement.It also seems to me,The developement team should take deep thought into giving any company that ability.We are all human,and humans dont always do the right thing.I don't care how safe you consider your employees,you cant read there minds.Seems to me,you may need a better developement team that actually knows programming, because third party programs are able to be detected and blocked at loggin screens,If your programmers is educated enuff to write the code.I say this,attempt to invade peoples privacy,and you will be in the un employment line soon.

Link to post
Share on other sites

Also,programming the game to not allow third party programs at all unless you do it before you log in, would completly take care of cheaters by enabling a detection system at login.You pay your developers well im sure.Perhaps its time you put there skills to the test,instead of having to raise monthly fees on players so an outside company can invade there privacey.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
×
×
  • Create New...