Posted March 08, 2019
Quoting from an Ars Technica article:
'The late '90s were a time before ubiquitous high-speed Internet connectivity, a time when online multiplayer gaming was still something of a novelty. While the Morris worm in 1988 had shown the problems that can arise when insecure code is exposed to hostile networks, it wouldn't be until the early 2000s that the lessons would truly start to be heeded by software developers.
There is no doubt in my mind that the Diablo network code contains bugs, and I would be absolutely astonished if it were free of remotely exploitable bugs. For single player, this is no big deal, because the game is fortunately so old that it doesn't even know how to request a firewall open some ports and allow inbound network traffic. But if you want to use the Battle.net multiplayer mode, you'll have no option but to punch a big hole in your firewall and forward traffic to the game and its inevitably insecure network code.
For modern applications, we have a number of protective systems to make it harder to exploit flawed code. We have different user privileges, so we can run applications as unprivileged user accounts that cannot make extensive modifications to our systems. We have Data Execution Prevention/No Execute/eXecute Disable (DEP/NX/XD; different names for the same thing) that prevents direct execution of malicious code injected by an attacker, and we have Address Space Layout Randomization (ASLR) and Control Flow Guard (CF Guard) to make it harder to trick an application into disabling DEP.
Diablo 1 predates all these measures and is incompatible with them. The application will attempt to elevate itself to have Administrator privileges each time it is run, thereby giving it full access to your system. It does not support DEP or ASLR, and if DEP is forcibly enabled, the game crashes on startup. Nor has it been recompiled to use CF Guard.
As such, running this game and opening up your network to it is going to make it extraordinarily easy to hack your computer. We have built numerous safeguards over the last 15 years to try to reduce the risks of exploitable network code, and this game removes all of them. I would not run it on any system I cared about, and I think it's grossly irresponsible to release it in this condition.'
'The late '90s were a time before ubiquitous high-speed Internet connectivity, a time when online multiplayer gaming was still something of a novelty. While the Morris worm in 1988 had shown the problems that can arise when insecure code is exposed to hostile networks, it wouldn't be until the early 2000s that the lessons would truly start to be heeded by software developers.
There is no doubt in my mind that the Diablo network code contains bugs, and I would be absolutely astonished if it were free of remotely exploitable bugs. For single player, this is no big deal, because the game is fortunately so old that it doesn't even know how to request a firewall open some ports and allow inbound network traffic. But if you want to use the Battle.net multiplayer mode, you'll have no option but to punch a big hole in your firewall and forward traffic to the game and its inevitably insecure network code.
For modern applications, we have a number of protective systems to make it harder to exploit flawed code. We have different user privileges, so we can run applications as unprivileged user accounts that cannot make extensive modifications to our systems. We have Data Execution Prevention/No Execute/eXecute Disable (DEP/NX/XD; different names for the same thing) that prevents direct execution of malicious code injected by an attacker, and we have Address Space Layout Randomization (ASLR) and Control Flow Guard (CF Guard) to make it harder to trick an application into disabling DEP.
Diablo 1 predates all these measures and is incompatible with them. The application will attempt to elevate itself to have Administrator privileges each time it is run, thereby giving it full access to your system. It does not support DEP or ASLR, and if DEP is forcibly enabled, the game crashes on startup. Nor has it been recompiled to use CF Guard.
As such, running this game and opening up your network to it is going to make it extraordinarily easy to hack your computer. We have built numerous safeguards over the last 15 years to try to reduce the risks of exploitable network code, and this game removes all of them. I would not run it on any system I cared about, and I think it's grossly irresponsible to release it in this condition.'
Post edited March 08, 2019 by DeadlyRamon