There's no such thing is safe peer to peer networking

I was thinking about this the other day because I downloaded a popular game made by Korean developer softnyx. I was playing it for a while and then I got into a match with a particularly aggressive person inside of the match my computer halted and froze when I restarted it I was loaded up with Trojans adware malware and stuff like that it was just out of the blue all of a sudden, on a computer that nothing else ever gets downloaded on because the first computer is ultra paranoid about downloading anything. The program itself past all the virus scans I subjected it to, but then after that match the computer was loaded with them. Which got me to thinking you're opening a port of your computer to someone else's computer, you expect that their client is going to be safe because it was programmed by the company that built the software the game you're playing... But thats a pile of horse crap. All your computer knows is that it's receiving packets of data from a source that it thinks it can trust. What if the person built their own clients for the game after reverse engineering the original game itself and then there are security holes in the original software, and then they are able to just upload whatever the heck they want on your computer while you're playing the game. I never really understood why things were so much more subjective to hacking on a peer-to-peer network, but now I'm thinking it has to be a dedicated client just to prevent the people playing the game from basically being destroyed. If they take out the server hacking, that's all well and good hopefully you can reboot it or fix the problem or whatever but if they can get to one of the players of the game I just can't even imagine a bigger fail.

Is it even possible to create a safe peer to peer networking program considering how slick hackers are?

 

Dang that sucks man! I'm sorry that happened to you.

That's one thing I am really fidgity on is my IP and stuff being detected.
I refuse to use anything if it's peer to peer networking, I just don't trust it.
If it's a dedicated server to a big coorporation like EA then I trust it, at least to a point.
But I really don't trust any connections to anyone, company, or anything else.
But given the reputation of said person or company, I'd be more willing
to play their games online. But never in my life will I play a game where you have to type in
IP Addresses and stuff. Why would I want someone to know my IP Address
just so they can Ddos me and fry my computer (It's happened) lol..
I unplugged computer and it was still on while the fan was getting faster
and faster and faster and next thing I know it just stopped working period,
wouldn't cut on or anything.

 

I'm not sure I completely understand the point you are making.

When you receive data from a remote host, your computer does not automatically execute it as instructions. The program (game client) acts on the data in the manner that was specified by the developers.
Usually when playing a game, only update data is transmitted. This data may contain information about which game code (existing functions/methods) to run and new values for variables, but it should never contain the actual instructions/operations to run. As long as the update data is only being treated as data by the client there should be no security problem even if the data has been falsified.

If someone was able to modify their own game client in such a way that they could run arbitrary code on your machine, then surely there is a huge security problem within the game. It is unlikely that the developers made a client which executes data received from an untrusted host as instructions. If the game suffers from a security hole it is more likely to be a buffer overflow vulnerability or similar - which is also something the developers could have prevented.

Are you sure that is how you got the malware though? If you downloaded the game client from a non-official source, someone could have tampered with the executable.

So if your question is whether it is possible to make a peer to peer networking program which does not enable the remote party to install malware on your computer, the answer is certainly yes. Depending on the game, it might be a challenge to prevent the other player from cheating, though.

 

I can appreciate that thinking, because I have, myself, considered how it was possible to submit data to my computer. But, I also considered the possibility that perhaps it wasn't difficult to hack into the update system or something and simply point my program to a link that contained a small app that served as a behind the scene downloader for the stuff. I hate to blow holes in the logic of "it can't happen" with the force of futuristic space weapons but it can and it does. Super often, too. Ideally, you're just getting really tightly interpreted values that mean position, state, etc. but I think programs get a little hefty once developers start tacking on automated updates, databases, various methods for future bug fixes (a.k.a. code changes), etc... really, if we were looking at it from the perspective of a really knowledgeable hacker, someone who does this all day long for fun, having any port open from your machine to their machine and thinking you're cool is like turning your back on a guy with a gun in a dark alley and telling yourself your wallet is safe because you've zipped up your coat pocket.

Even the server client isn't really safe, but at least there's another layer there (and hopefully one programmed and maintained by lots of really smart people).

 

That stinks that you got infected that way. Cleanup after a virus is always no fun (I'm my family's "free" tech support guy so certainly have had to clean many a machine). I'd agree as games get more complex this is easier to do (more points of network traffic more chances for a buffer overflow or other ways to get malicious code in). If the game has built into it a way to update code for patches of the game then obviously it has the ability to overwrite the codebase easily and this would be possible. On games that don't it's obviously much harder but your typical pain point is if the game can load game saves. If the game doesn't even have that it's harder still but not impossible (it's never impossible). Heck when the latest Super Mario World speed run news story came out I was shocked that someone found out exact locations of in game actions that would cause programming issues to "write" certain things to memory to invoke the credits in record time. Programs written for other purposes if not following best practices can always be the delivery vehicle for unintended stuff (virus in your case). The odds of someone being that motivated are rare but rare things do happen everyday.

The only part I don't see a correlation to in your post is the peer to peer part. Client/server, authoritative, or any other paradigm would be just as susceptible in online games. The server might very well be a middle man and perhaps even sanitize network data (i.e position, action doing, etc.) before they resend it to the other clients but the odds that they would sanitize out the bad data intended to exploit other clients are pretty slim (if they knew enough to sanitize they would have likely just fixed the buffer overflow or other underlying issue).

Two of the more known news stories in which code was overwritten to serve another purpose linked below. The Super Mario World one just blows my mind that someone took the time to find this.

Super Mario World speed run (overwriting code in game):

Original Xbox (long ago) software mod from splinter cell (loading "game save" allowed them to mod unit)

 

More likely you got your virus from something else. Just because the timing of you noticing the infection, or it becoming active, you've gone and assumed that the game was responsible. Not saying it's not, but it's far more likely you got your virus somewhere else. A browser hack, an unupdated piece of software, there's lots of vectors, and a virus doesn't necessarily become immediately active. It could have been lurking on your computer for days or more.

For the record, the title of this post should be "There's no such thing as safe networking."

 

So you're telling me... it's WORSE than I thought!!

The problem is it's my wife's PC and she doesn't download anything, ever. She's paranoid. She doesn't visit small websites, either. Just facebook, and a few other big sites. Then I downloaded one game, and after that crash the computer fan kept running (noisy old pc) which prompted me to check the task mgr and sure enough, lots of processes were starting up and stopping, virus scans started picking things up, I couldn't access internet explorer at all. So, I had to use mozilla to download mwb and avg and that did fix it. But, it all started after that game session with some guy from asia who kept yelling obscenities about the US, ETC. just probably guessing here, but you know.. it's probably right. That game is known for hacking issues apparently.