I wonder..what if you run WoW in a sandboxed environment and the hack (Glider in this case) outside the sandbox?
If Warden just theoretically scans Process Lists/Window Titles wouldn't this problem be effectively fixed?
Yeah... I thought about this. I forget why I stopped caring though.
Sorry for the bump, but most of the detection is based on "characteristics" of a bot, not the actual presence of the software.
- Running in "robotic" patterns, stopping, swiveling, and walking again.
- Jumping in a rhythmic pattern.
- Walking in small circles, if your patrol sucks.
- Walking in circles at all, if people are bored enough to watch.
- If you're farming anything worth farming, other people will probably be farming as well. They may try to interact with you, or watch you.
- Also in more populated areas, following the same patrol as another botter, especially of the other faction. That's almost a dead giveaway, every time.
What you're suggesting, sandboxing it, is sort of what Glider does.
- Glider runs WoW as a non-administrator user.
- It automagically changes it's EXE's name as well as window title, so a simple window listing or task listing can't find it.
- IIRC, it sort of regenerates itself, moving functions and whatnot around in memory at random, so a memory hash can't be a reliable fingerprint.
- Although Warden doesn't scan the hard drive (yet?), it makes it's folder hidden.