[TERA Console] We will enter maintenance on 05/26 (Tue) at 7:00 p.m. PT, and have an expected downtime of 3 hours. For details, please visit the following thread: http://bit.ly/teraconsolemaintenance
[TERA PC] We confirmed that an issue with Civil Unrest persists, so Civil Unrest will remain disabled until further notice. Thank you for understanding.

The aftermath of xigncode3

12346

Comments

  • clfarron4 wrote: »
    SageWindu wrote: »
    ElinUsagi wrote: »
    SageWindu wrote: »
    You know... maybe, just maybe, @Equitas is right, and Xigncode has nothing to do people's issues with the game.

    That said, it's a hell of a coincidence for people to not be having major issues (like having their boot drive brick) until after Xigncode was installed. And for several people across several games to say the same things... look, the timing is pretty f**king convenient, is all I'm saying.

    Sorry but I don't know a case of Xigncode breaking "new hardware" the only complains I have seen is from people that were more probably had their hardware already damaged or with fabric defects and when they get an issue over a new driver or OS installed on their machines that makes them not being able to use their already damaged goods they try to convince others that was that new driver/software the cause of it.

    Again, the timing sure is convenient from where I'm sitting. Everything was fine until Xigncode came along? Coincidence? Possibly, but it does make one raise an eyebrow.

    Also, it's entirely possible for a new patch/driver to complete f**k up your system when it had no prior issues. Happens, well... pretty much all the time these days. I'm pretty sure there's a reason why one of the steps to resolving a PC issue is to see if you can roll back a recently installed driver (not the first step, mind, but a step nonetheless).

    FWIW, our version of XIGNCODE doesn't install a system driver (doesn't even run as Admin), an on first launch it seems to just do a full-scan of the files. Of course, literally anything -- or nothing -- can trigger a hardware failure. But in this case, the stuff that XIGNCODE is doing is pretty mild (which is arguably why it's completely ineffective, but that's another story).

    It doesn't appear to now. On the very first day, there was a mixed bag of results, but there were definitely some people, including myself that got the full installation of Xigncode as a system driver.

    I guess I'd be interested to know the combination of hardware/software; perhaps it has something to do with 32 vs. 64 bit Windows, the specific version of Windows, or who knows what else. (Maybe if it found a previous version already installed from a different game?) I can say that I tried on a few machines to check for this, and it didn't even ask for admin on any of them, but it doesn't mean it couldn't happen. Could be some reason.

    In the end, as I said back in the day, given that the world's largest PC game of 2017 deployed XIGNCODE without the sky falling (and nearly all of the other Korean MMOs on the market here use it), the paranoia people were peddling was always hard to really buy into. On a certain level I get it, but I still feel we should have had a more reasoned discussion about it.
  • vkobevkobe ✭✭✭✭✭
    edited August 2018

    In the end, as I said back in the day, given that the world's largest PC game of 2017 deployed XIGNCODE without the sky falling (and nearly all of the other Korean MMOs on the market here use it), the paranoia people were peddling was always hard to really buy into. On a certain level I get it, but I still feel we should have had a more reasoned discussion about it.

    but sky will fall because korean rocket man deployed XIGNCODE missile, he promise us that :3

  • clfarron4 wrote: »
    SageWindu wrote: »
    ElinUsagi wrote: »
    SageWindu wrote: »
    You know... maybe, just maybe, @Equitas is right, and Xigncode has nothing to do people's issues with the game.

    That said, it's a hell of a coincidence for people to not be having major issues (like having their boot drive brick) until after Xigncode was installed. And for several people across several games to say the same things... look, the timing is pretty f**king convenient, is all I'm saying.

    Sorry but I don't know a case of Xigncode breaking "new hardware" the only complains I have seen is from people that were more probably had their hardware already damaged or with fabric defects and when they get an issue over a new driver or OS installed on their machines that makes them not being able to use their already damaged goods they try to convince others that was that new driver/software the cause of it.

    Again, the timing sure is convenient from where I'm sitting. Everything was fine until Xigncode came along? Coincidence? Possibly, but it does make one raise an eyebrow.

    Also, it's entirely possible for a new patch/driver to complete f**k up your system when it had no prior issues. Happens, well... pretty much all the time these days. I'm pretty sure there's a reason why one of the steps to resolving a PC issue is to see if you can roll back a recently installed driver (not the first step, mind, but a step nonetheless).

    FWIW, our version of XIGNCODE doesn't install a system driver (doesn't even run as Admin), an on first launch it seems to just do a full-scan of the files. Of course, literally anything -- or nothing -- can trigger a hardware failure. But in this case, the stuff that XIGNCODE is doing is pretty mild (which is arguably why it's completely ineffective, but that's another story).

    It doesn't appear to now. On the very first day, there was a mixed bag of results, but there were definitely some people, including myself that got the full installation of Xigncode as a system driver.

    I guess I'd be interested to know the combination of hardware/software; perhaps it has something to do with 32 vs. 64 bit Windows, the specific version of Windows, or who knows what else. (Maybe if it found a previous version already installed from a different game?) I can say that I tried on a few machines to check for this, and it didn't even ask for admin on any of them, but it doesn't mean it couldn't happen. Could be some reason.

    In the end, as I said back in the day, given that the world's largest PC game of 2017 deployed XIGNCODE without the sky falling (and nearly all of the other Korean MMOs on the market here use it), the paranoia people were peddling was always hard to really buy into. On a certain level I get it, but I still feel we should have had a more reasoned discussion about it.

    afaict it only installs the driver on our version if it can't get perms without installing the driver, so probably just for people who aren't running tera as admin and who have UAC turned up or w/e
  • sonic101mk2sonic101mk2 ✭✭
    edited August 2018
    Me? It's an aging system.
    windows 64 bit home edition, all updates installed.
    I72600k CPU.
    32gb ddr3 ram
    gtx 780 GPU
    MSI Z77A-G43 motherboard.
    Prior to ssd destruction -single 500gb san disk ssd.
    after ssd destruction-boot drive 500gb san disk ssd and 2 western digital 1 tb hard drives for back up and game storage.
  • vkobevkobe ✭✭✭✭✭
    edited August 2018
    i5 7500
    gtx 1050 ti

    and if i spent 100 more $ i could get 1060 , but was too greedy for that, so my graphic card is not ready for tera vr :/
  • MelyodisMelyodis ✭✭✭
    Rainmist wrote: »
    ASUS N61JV-X4
    Windows 7 64 bit Home Edition
    Hard disk capacity 500 GB in two partitions.
    Amount of RAM memory 8 GB. DDR3 memory by the way.
    Processor CPU Intel i5 M450 2.40 GHz with Turbo Boost 2.66/2.7 GHz.
    Nvidia GeForce GT 325M GPU 1GB Graphics with Nvidia Optimus Technology. (white light=Nvidia and blue light=Intel graphics)

    Has played Tera on max high graphics just fine for many years. Around many players no problem. Only lags a bit when there is multiple dragon fireworks and many people LOL sometimes. Did perfectly fine during BAM Invasion Events, especially in Lumbertown.

    Only 7 years old. Never overheats and forces out hot air like insane. It's doing it's job :3

    So yes I'm 64bit. XIGNCODE seems to conflict with 64 bit machines by majority.

    windows home edition is a limited windows what i mean is some features are not available in it I suggest you all go to windows pro i have 64bit runs xigncode with no issues window pro.
  • edited August 2018
    So I've been looking for information on XIGNCODE for the past couple days and I'll give you my thoughts momentarily, but first I think there are a couple things you should know about me: First, I have tried Tera in the past but only recently decided to give it another chance after I saw the console release and downloaded it on my PC again a few days ago. I mention that because it means I don't have a "horse" in the race so to speak, because I'm not invested in the game and I don't care about things like the player-base or potential performance/stability concerns.

    Second, I'm a software developer who works in an industry with a high level of scrutiny on cyber security, privacy and data protection. What that means is that I'm basing my opinion purely on the potential concerns around a third party program that scans your files/data, created by an outside developer, who is located in another country that may/may not have the same kind of rules regarding privacy.

    Put simply: I think it is completely and totally unacceptable for a program like XIGNCODE to be scanning your files, your history, or any of your other data besides looking at what active processes are running and might be hooked into the game or attempting to modify the game memory. Period. Any other data, files or scanning being done represents crossing a line that in today's world should be absolutely terrifying to anyone who knows the first thing about cyber security.

    In my opinion: even if you're doing absolutely nothing wrong (in or out of game), it's completely unsafe to have any program on your computer that has the potential to access your most private data and send it somewhere. Especially if that program isn't made by the game developer or a major player (and recognized as such) in the world of data security. I.E. If Blizzard wants to install anti-cheat on my computer while I'm playing WoW or Diablo 3: I *TRUST* them not to cross a line and to follow industry best practices when it comes to data management and security.

    I've never even *heard* of XIGNCODE or Wellbia.com Co., Ltd and from what I can see on their website it doesn't leave me very encouraged. So I, for one... have uninstalled and scrubbed XIGNCODE from my PC and I simply won't be playing Tera. I'm not going to "bypass" it (even if it's easy), because I don't want to risk getting banned even if it's a D3 TurboHud situation where realistically it wouldn't ever happen... because I shouldn't have to take measures to bypass an anti-cheat in a major online game due to there being even the *question* that it's doing something it shouldn't be.

    Oh, and for the record: I understand it isn't a rootkit, nor does it get flagged by any of the major malware scanners. I'm not even suggesting that it's a malicious program or that the company behind it has ill-intentions, but to me it's not worth even the slightest risk that my data security could be compromised. If it happens it doesn't matter whether it was a fluke or through negligence. The fact is that some KR company isn't going to give two shits about a player in NA who gets their data stolen and even if they did it isn't much of a consolation getting credit monitoring after your identity gets stolen.

    So chalk me up as another user opting not to play the game directly because of XIGNCODE.

    P.S. Saying things like "But some of the biggest games in the world use it" isn't a valid argument for a bunch of reasons. Not the least of which is that nearly all of those games are KR/CN games, or that the largest portion of PC gamers are grossly ignorant about what is actually going on with their computer and data. Just because large numbers of people use it doesn't make it acceptable, particularly when they aren't even all using the same installation/version/options. That just introduces additional variables because it means they are taking what amounts to an "off-the-shelf" anti-cheat and modding it for certain games, and that's bad because it means it won't be robust and customized to the degree that something like a Blizzard anti-cheat would be.

    I may still play on console here and there, but with as many other great games are available I'm not sure...

    p.p.s. Where the hell did that awful username come from... when I made my PC account a few years ago the first time I tried Tera did it really just auto-generate it and not give me the option to select/modify one? Ugh. That's gross.
  • edited August 2018
    KGEF395FJC wrote: »
    p.p.s. Where the hell did that awful username come from... when I made my PC account a few years ago the first time I tried Tera did it really just auto-generate it and not give me the option to select/modify one? Ugh. That's gross.
    You need to do an extra step here:
    https://forums.enmasse.com/tera/discussion/20/setting-up-your-account-nickname#latest


    And for what it's worth...
    KGEF395FJC wrote: »
    Any other data, files or scanning being done represents crossing a line that in today's world should be absolutely terrifying to anyone who knows the first thing about cyber security.
    Considering that Windows applications aren't sandboxed and that it doesn't take any special permissions to do this kind of read-only scan, I'd be much more worried about programs that do it without telling me (potentially anything installed ever) than ones that are announced. Really, your main hangup about it is just that it's by a Korean developer, but so is TERA itself, so I'm not sure I'm going to hold that against them now. But in any case, the decision is obviously yours.

    (If people really have sensitive data on their hard drives they would not want leaked, they really need to be super-careful with their permissions, and not run apps as Administrator or as the same user as their sensitive data. And again, this is less because of programs that advertise they're going to scan files to look for known/flagged signatures -- like this one -- but because of programs that will never tell you.)
  • BorsucBorsuc ✭✭✭
    edited August 2018
    Considering that Windows applications aren't sandboxed and that it doesn't take any special permissions to do this kind of read-only scan, I'd be much more worried about programs that do it without telling me (potentially anything installed ever) than ones that are announced. Really, your main hangup about it is just that it's by a Korean developer, but so is TERA itself, so I'm not sure I'm going to hold that against them now.
    https://www.sandboxie.com/

    There's only 3 types of applications you should care about as a casual:

    1) Applications that aren't sandboxed (by sandboxie or other means) and are "trusted", which should be BLOCKED by your firewall, permanently (no net access, end of story)
    2) Applications that need internet access, such as TERA, which should be SANDBOXED, no exceptions, ever. Even if it's "trusted", security vulnerabilities are a thing.
    3) Applications that are untrusted. You probably should run these in a Virtual Machine, if at all. Just don't run them to be safe.

    Running a (2) app without a sandbox is just [filtered]. Just because you or Equitas or whoever else don't give a [filtered] doesn't mean others blow their PCs wide open to automated bot attacks, or data leak like you lot. Everyone and their mother said the same thing before the Facebook data leak fiasco, which is the most recent. And the problem is, they never learn no matter how many times it happens. New clueless people will be born, and the cycle continues: they label everyone else as paranoid and the cycle repeats itself, until it happens to them. By which point it is already too late. You can sue all you want but you're not going to get a time machine.

    Then they become security/safety advocates while new clueless ignorants are born and the cycle repeats, again. This is by far not the first time I've been through this with ignorant shills.

    This is not some theoretical thing, it's how anyone sane should utilize their PC. A PC is not a console, stop assuming everyone uses it that way just to play [filtered] [filtered] games.

    So guess why XIGNCODE is bad.


    PS: I'm actually shocked for real you thought nobody plays(ed) TERA with a sandbox. Seriously dude, even after the exploit with the chat? Blind shill.
  • edited August 2018
    Borsuc wrote: »
    This is not some theoretical thing, it's how anyone sane should utilize their PC.

    The vast, overwhelming majority of people who play TERA do not use Sandboxie or any other similar program. You know this as well as I do. They just download programs from the Internet and install them. And they're being told to freak out now because XIGNCODE is a thing, even though they've never had any sandbox protections whatsoever all along. So unless you're going to go way back at the very start and get people to realize they've always been at risk inherent to the way they've been using their computers all along, pointing the finger at this is totally missing the forest for the trees.

    Borsuc wrote: »
    PS: I'm actually shocked for real you thought nobody plays(ed) TERA with a sandbox. Seriously dude, even after the exploit with the chat? Blind shill.

    Actually, no, I didn't think that. But the tiny minority who already practice sandboxing, and understand the reasons and principles behind it, are generally not going to be bothered by this sort of minor hurdle in the first place.

    I'm in favor of teaching people how to properly secure their computer and their applications to reduce their security risk. But that's not at all the conversation that has been happening in these many threads. So your pretending like this has really been the issue all along and grandstanding by calling me a shill is pretty rich.
  • ChristinChristin ✭✭✭✭
    If Xingcode weren't in the updates, I'd still be playing on a daily basis to at least get legion quests done. However, I do a lot of financial transactions on my computer system, and I simply cannot afford to have any intrusive program on my main system. I also doubt that Xingcode would even work with my anti-virus, which isn't going anywhere. I could setup another computer system, but we already run 4 desktops and a laptop. I'm just not desperate enough to go that route.

    Sure, maybe it is a wonderful program and those dedicated to Tera will be so much better off with it in the game, but that could all change really fast. No one disputes that it opens up a backdoor to Wellbia. So, it's all safe and fine until someone finds that backdoor and starts exploiting it. You'll be like one of those guys with his pants around his knees to advertise the open back door.

    No matter what evidence you have against it, nothing will change. Misty plastered the forum with pages and pages of evidence. It doesn't matter, because Xingcode isn't going anywhere. It could have caused loads of people to quit Tera (no, not saying it did), but that still doesn't mean it would go anywhere. It's here to stay, so either love it or leave it.
  • BorsucBorsuc ✭✭✭
    edited August 2018
    The vast, overwhelming majority of people who play TERA do not use Sandboxie or any other similar program. You know this as well as I do. They just download programs from the Internet and install them. And they're being told to freak out now because XIGNCODE is a thing, even though they've never had any sandbox protections whatsoever all along. So unless you're going to go way back at the very start and get people to realize they've always been at risk inherent to the way they've been using their computers all along, pointing the finger at this is totally missing the forest for the trees.
    But I don't care about the majority, I care about me and people like me.

    You know, people usually complain when they, personally, have an issue with something. They don't speak for someone else or the majority. But everyone does that of course, even people in the "majority camp".
    Actually, no, I didn't think that. But the tiny minority who already practice sandboxing, and understand the reasons and principles behind it, are generally not going to be bothered by this sort of minor hurdle in the first place.
    Minor hurdle? You mean bypassing Xigncode? First, you assume that everyone who uses Sandboxie "must be cheating" (to consider it a minor hurdle, which it is, for cheaters), which is beyond absurd and fallacious.

    Second, avoiding something bad doesn't make it less bad. So I'm calling it out for what it is: a pile of garbage.

    Note that it doesn't matter if you trust Wellbia or not. It doesn't matter. I don't know how to emphasize this aspect. There are so many ways that even legit software can be malware. It's called security vulnerabilities, data leaks at Wellbia, hacks and compromised servers, etc. Paranoia? It has happened to far bigger companies, so no, it's pretty high likelihood. And that's just what you know, who knows how many vulnerabilities or breaches are hidden for now?

    Trust is not just for malice. It also applies to incompetence.

    But like I said, people will never learn, and even those who do learn will have to encounter the new people who didn't experience it yet, which ends in the same cycle all over again. Like they say, a sucker is born every minute.
  • edited August 2018
    Borsuc wrote: »
    Minor hurdle? You mean bypassing Xigncode? First, you assume that everyone who uses Sandboxie "must be cheating" (to consider it a minor hurdle, which it is, for cheaters), which is beyond absurd and fallacious.
    No, that is not what I am saying or assuming. If you're savvy enough to install a program like Sandboxie, you're almost certainly going to know how to search online for solutions when things don't work perfectly. It has nothing to do with "cheating" except in the sense that, arguably, any means to work around this functionality could be seen as cheating.
    Borsuc wrote: »
    Second, avoiding something bad doesn't make it less bad. So I'm calling it out for what it is: a pile of garbage.
    Okay. If you think that I'm in favor of XIGNCODE or somehow think it's a good thing, you're wrong. I've been against it from the start, mostly because a) it doesn't solve the problem, b) it creates more technical issues, and c) it caused more tension/drama in the community.

    What I'm against is arguments that make people who are against XIGNCODE (and this forum in general) sound like crazy/paranoid people. You can "call out" XIGNCODE for being a pile of [filtered] all you want, but what good does that do if you're literally yelling into the void?

    Arguments framed as "XIGNCODE is bad because anyone at all sane runs each of their internet-facing applications in a sandbox or VM" are so completely detached from the average customer's reality that no one at EME or BHS will take it seriously. These companies do actually consider arguments like "widespread market adoption for similar Korean MMO projects" and "successful large-scale deployments on popular titles (like PUBG)" and "alignment of anti-cheat solutions across our portfolio of products" as arguments in the software's favor. You might think those are all "bad arguments for suckers," but if there's any chance of affecting a change, they're the ones we have to convince. People might say "it doesn't matter; the decision's already made and the discussions are all academic" -- but it does matter: it continues to set the tone for whether the forum will be taken seriously by anyone in power or not.

    Like maybe, as I was trying to say in the first place, we should reframe the argument to start at step one. The first and most significant problem here is that Windows desktop applications aren't sandboxed by default, and people don't understand the inherent risk that poses for every program they install, not just something like XIGNCODE. If we can help people understand that first, then maybe they can get better habits in general. As sandboxing techniques become more popular, anti-cheat solutions will account for this (or even incorporate sandboxing principles as one of their techniques). Obviously that's a long game, but it's a heck of a lot more constructive and useful to people than yelling into the void about XIGNCODE when most people aren't even at the "basic hygiene" step. It's also a lot more likely to be seen as trying to be useful and worth listening to than screeds calling people shills, suckers, and clueless.
  • ElinLoveElinLove ✭✭✭✭✭
    Christin wrote: »
    [...] Misty plastered the forum with pages and pages of evidence. [...]

    No, Misty plastered the forum with pages and pages of unrelated spam with NO evidence.
    Misty willingly or not made a reverse campaign on his/her/it's XIGNCODE opinion entirely.
  • DeadXDeadX ✭✭✭
    @Borsuc
    blind paranoid fear because you really don't understand anything AND/OR fear mongering because you hope whoever reads your drivel doesn't know anything. pretty common tactic when someone wants something or wants something done but doesn't have a legitimate avenue, facts, reality, evidence or anything else to make a coherent and persuasive argument.

    oh, and nice slippery slope fallacy...just because someone CAN do something doesn't mean they WILL, just because SOME software can contain security flaws doesn't mean all software does. but hey, nice try, what else ya got kid?
This discussion has been closed.