2004 Web and Downloadable Games White Paper 

IGDA Online Games SIG 

Why Security Matters 

Security is an important part of any business and, as shown by the recent theft at Valve Software 

and Blizzard's banning of 400,000 users, is relevant to the computer game business in general. 

Online  games  face  even  greater  threats     they  are  online,  real time  targets  for  cheaters  and 

hackers, day in and day out. Even simple Flash and Java games that only report high scores are 

targets. 

Even with free games, there are real costs. Just to analyze and remove the cheaters incurs costs, 

the  necessity  of  paying  for  customer  support  to  deal  with  incorrectly  cancelled  accounts  incurs 

costs, and, obviously, the active involvement of cheaters can decrease the enjoyment of the non 

cheaters, resulting in decreased revenue, decreased perception of quality, and negative word of 

mouth.  

The question for online game developers and operators is:  How much security do I need?  Just 

as  with  any  other  business decision   maximize revenue at minimal cost. While some security 

experts resist this view, it is the only sensible option as a business decision. There are no perfect 

security solutions. They all have costs, and they should be held to the same standards as other 

facets of a game venture. Unfortunately, security solutions are not conducive to absolute analysis 

  while the costs may be clear, the benefits are not. Rather, security systems are more effectively 

assessed by relative versus absolute metrics. Comparison of security systems (or lack thereof) 

against  a  single  methodology  can  lead  to  more  effective  assessments.  For  example,  a  digital 

rights  management  system  can  be  compared  against  another  in  terms  of  gains  and  losses  of 

customers, consumer complaints, etc.  

Hard core cheaters are not foolish. They will spend a great deal of time and sometimes dollars 

(though  pirates  will  invest  substantially  for  a  good  return     they  are  businessmen,  too)  to  win. 

Active  attacks  by  online  cheaters  are  not  a  traditional  business  problem.  Weaknesses  and 

failures  must  be  considered  from  both  a  business  and  technical  perspective.  Good  security 

designs  will  degrade  gracefully  in  the  face  of  failures,  and  incorporate  recovery  mechanisms. 

Online  games  face  an  easier  challenge  in  this respect than music and film   the simple act of 

providing  an  ongoing  service  provides  an  inherent  mechanism  for  recovery  from  compromise. 

Recovery  and  incident  management  need  to  be  built  into  business  processes  and  need  to  be 

budgeted (or even purchasing insurance, if possible). 

Finally,  a  matter  of  increasing  relevance  to  all  online  businesses  is  that  of  regulatory  and  legal 

compliance.  In  addition  to  tax  issues,  security  is  becoming  a  part  of  the  online  legal  debate. 

Privacy,  security  disclosure,  and  other  relevant  laws  vary  substantially  around  the  world  and 

companies need to address them to reach their global audience. 

References: 

 Game 

s  source  code  stolen  in  hacking ,  Robert  Lemos,  CNET  News.com,  7  October  2003, 

http://zdnet.com.com/2100 1105 5087698.html 

 StarCraft, Diablo II, and Warcraft III Accounts Closed , 30 September 2003   400,000 thousand 

accounts closed, http://www.battle.net/news/0309.shtml 

D. 

Legal and Taxation Issues 

There are a myriad of legal and taxation issues that game developers must consider.  The listing below is 

not a complete list of all issues world wide, but it should provide developers with a clear idea of things to 

consider during game development and distribution.  

Page 33 of 93