Why No Countermeasure Software?

There are several techniques being used by griefers to crash servers and cause individual users video cards to blow up. In both cases they seem to be using a scripting language (LSL), not some sophisticated virus to cause the attacks.

A computer operating system, as used on SL servers, knows the  applications, processes and services running at all times. During normal operations, it is likely that any program exceeding normal limits could be identified immediately. So, it is in the realm of possibility that countermeasure software could identify programs causing demands that can crash a server.

The same is true of the operating systems running individual client SL viewer software. Perhaps, if the server is sending the types of graphics overloading used to blow up an individual video card, it wouldn’t be necessary to have client based countermeasures.

Every server and client on the Internet is already running anti-virus software. This is similar in concept except we know already that all the attacks will be generated by LSL scripting language, so it is relatively simple to identify the internal processes that are being overtaxing the server resources. Perhaps countermeasure software would place a performance burden on client and/or server software, however, a basic protection could be built into the SL server software. This in the realm of possibility.

Comments?

Advertisements

About Yordie

I'm an avatar in Second Life where I star as the heroine of a virtual fantasy life. In the real world, I'm writing my debut sci-fi novel.
This entry was posted in Issues and tagged , , . Bookmark the permalink.

14 Responses to Why No Countermeasure Software?

  1. sorornishi says:

    I agree entirely

    Like

    • Yordie says:

      There must be some brilliant engineers out there who know why this has never been tried, but often top engineers go where they are directed to. And if this isn’t a priority, then it could simply be waiting to be resolved. Afterall, years passed before someone invented “threaded region crossing” technology despite the fact that sim crossings have been the bane of every avatar from the inception.

      Like

  2. Some viewers — Dolphin, to my personal knowledge, and I think Firestorm — have antispam filters that will save you from some types of attacks. But on the sim side, It happens too quick, I think.

    One of the sim crashers on the Marketplace boasts that it can create 15,000 objects in one minute – by the time a sim owner could deploy a countermeasure, it would be too late, and even an automatic system might be too slow, unless the threshold was set very low.

    And that’s just one of the attacks these guys are offering.

    Like

    • Yordie says:

      Hi Bear… thanks for the feedback.

      my idea for countermeasures is that they are automatic, the instant someone object starts to create some predetermined number of objects, this would place demands on some process probably. So, at the moment the process exceeds that predetermined limit the object could be halted. Yes, there could be some performance issues, but someone needs to actually take a run at this problem. Processing speends on those class 5 and class 7 servers are extremely fast.

      If this type of solution should put a performance hit on the servers, it could be activated only after an attack. Then future attacts would be interdicted. In time, a griefer whose tools no longer work will move on. Then the countermeasure could be disabled.

      Before threaded region crossings, it was logical that the server about to receive avatars and objects could see this coming. By monitoring those programs and objects processing of the crossing could begin. This was an excellent solution although subsequent server mods seems to break this techology from time to time.

      Like

  3. If you look carefully amidst the stuff on Marketplace, you’ll find some countermeasures like this: https://marketplace.secondlife.com/p/Stop-Right-There-Crasher-Scum-Anti-Crasher-HUD/3561107

    Seeing as how it is mod + copy (no trans) means someone should be able to open it up & see how the scripts work…

    Like

    • Yordie says:

      That is good to know! I’m gonna grab me a copy. But still, the servers can protect themselves from this type of crashing technology. As Bear points out, the basic technology is primitive. They just have and object creating thousands of other objects. The specific program or process that blows up can be identified then the countermeasure software can stop the script. This might not even require low level processing.

      Like

    • Yordie says:

      i got a copy. i’m a little worried that it might blow up on me when i open it. but i’m headed to a sandbox to see what is inside.

      Like

      • primperfect says:

        One of the problems with some of the counter-measure software is that it seems to attract griefing attacks – you can see that from the reviews. Co-incidence? Or part of a deeper scheme? In the light of Red Zone, I would handle anything like this with extreme caution.

        Like

        • Yordie says:

          I took the package to a sandbox and rezzed, but as soon as i realized it wasn’t modifiable code i put it aside. However, Kiff at the JY has the product and has not been able to use it yet.

          Like

          • Hal Jordan says:

            I’ve been using this HUD for a few weeks now, and it appears to do exactly what it promises to do. If you teleport into a region where you’re facing a graphics crasher, the HUD instantly takes your camera view down below the surface of the region (underwater). Even with a fairly recent video card, my PC can’t view a graphics crasher for more than a few seconds before the viewer crashes. But this HUD keeps me from crashing most of the time. The interesting thing (to me) is that the HUD records the graphics crasher and its owner to a database that you can view online (the address is shown in the Marketplace ad). And if someone nearby is the owner of a graphics crasher that was previously reported, you get notified of his presence. So maybe you can shout “Stop Right There, Crasher Scum!”

            Like

          • Yordie says:

            Thanks Hal… You are the second person to tell me that the HUD is useful. In fact I bought one but don’t use it because I haven’t needed it yet; I guess that’s kind of irrational because I won’t have time to put it on when needed.

            My idea is that there could be server based countermeasure that monitors activities, then turns them off if they reach critical thresholds.

            Like

  4. Oh, I certainly agree with Bear; this type of thing surely spikes. It’s the same argument about spammers; some email address sending out hundreds of emails in 60 seconds is definitely spottable on a server. Why they don’t care… that is the question.

    Like

    • Yordie says:

      Hi Miso… i bought the product, and opened it up. it doesn’t seem to have mod code tho. i’ll dig a little deeper later today. this is good to know regardless.

      Like

Comments are closed.