With an idea like GoogleDNS widely in use, Google would be in a position to detect Bot-Nets. Many computers (estimated to be 1 in 4) have been taken over and made part of a Bot-Net to do the hackers' bidding. Quite often, these computers are used to serve as hosts for impossible to detect/track web sites.
If a scam artist wanted to run an "example.com" web site and provide purchase and payment instructions, but not get caught doing it, they would pay a hacker to have it hosted by a bot-net. When the user clicks on the example.com link, a dynamic DNS entry would dole out an IP address for some poor individual whose machine has been compromised. The scammer's web page would be served up, and no one would be able to track down the scammer. The next time someone went to example.com, the IP address would be someone else's compromised computer. The IP addresses for example.com would appear to bounce around all over the world. Law enforcement is left trying to "follow the money" to catch the scammer, since they can't track them down via the web site.
A GoogleDNS solution would allow Google to detect DNS resolution oddities such as a bot-net would exhibit. As the user attempts to visit example.com, Google could provide the user with warnings or outright blocking of the site based on the user's preferences.
Unfortunately there is a possible work-around for hackers to avoid immediate detection. Hackers would want to make their bot-net web site "clusters" act like respectable authentic web site clusters. Many web sites exhibit this DNS resolution behavior as they load balance their web site across the country, or across the world. I am convinced though, that there are detectable differences in this behavior that the clever people at Google can use. For example, bot-nets would likely need a larger number of sites, or higher turnover, to do the same thing as a "respectable" cluster... or the hosts of the web site could be resolved to be on home cable networks.
Google is in a unique position to offer protection from bot-nets that few services could detect or provide.
Wednesday, September 26, 2007
Google Bot-Net Stopper?
GoogleDNS
Google has a lot of high level information about internet web sites, including topical categorizations. They have the ability to offer services to filter the web traffic from your machine(s), and insights to discover phishing and other malevolent web sites.
(See Google Porn Stopper? and Google Bot-Net Stopper?)
Google could provide a service such as OpenDNS.com which currently provides a robust DNS lookup and web site filtering (if desired). Google has the knowledge and horsepower to offer DNS services and the associated web site filtering. They would then connect your existing Google account to web site filter settings (possibly with some automatic help from a small network identifying and setup application in Google Pack). Google Apps already intends to be most of the personal/home/business web services infrastructure that you'll need... web based content filtering seems to fit right in for those users that want it.
A GoogleDNS solution would also provide users with a way to remotely monitor the activity of their own machines/networks, just as any commercial web site filtering software would offer. This would be possible because your machine using GoogleDNS services would log all their DNS lookups (which amounts to all internet activity).
The real question is whether Google will determine this to be "evil" because of the potential for abuse of information. Though they are already housing your email, your web sites, your browsing habits, ...
Google Porn Stopper?
Google is built on some rather advanced reliance algorithms, but can also detect communities of interest. Looking at white papers about detecting groups of sites in a topical community can be rather difficult due to the surprising amount math involved. The end result though, is that Google can detect the interconnected nature of adult web sites, or sites of any other topic.
The difficulty for adult site blocking software is the manual categorization of sites. I would suggest that Google has that information, through it's current algorithms, possibly with better coverage than any other database. They are already offering a glimpse of their knowledge by providing moderate and strict filtering from the search preferences page.
The next step is for Google to package an web site filter into their Google Pack of essential software.
(Of course this filtering and web site categorization works great for other topics as well. Google should have sites already categorized as: adult, violence, gambling, illegal, ...)
Look to my GoogleDNS post for how Google could help us filter our web browsing.
Monday, September 24, 2007
FileSystem Firewall
There is a compromise security model that could make it easy for Windows users to prevent unauthorized programs (ex: malware) from reading files that they shouldn't.
There is currently a disparity between the "ideal" file system security model touted by Unix/Linux zealots, and the "practicality" of novice Windows users. The tight security model says log on to your computer as a low privileged account and only occasionally run "certain" programs as the high power administrator. The Windows user is used to logging in as a "Power User" or an administrator, and running every program with full authority. With file system security usually as the main goal, the Unix users are preventing rouge programs from corrupting or taking over their computer. Windows users typically see security as getting in the way of desirable programs conveniently auto-installing plug-ins and sometimes even working at all!
Security enthusiasts use the approach of securing with users and groups that have just enough access to regions of the file system to perform their preprogrammed function. If a program tries to step out of bounds, it will fail since the user account the program "runs as" simply was not granted access to any other region of the file system. This is a solid approach that has worked for decades, but generally requires a system administrator to setup and maintain. In the Windows world on a workstation, this would require a high degree of effort (creating dozens of accounts and groups, and assigning proper permissions to file system nodes) and is well beyond what even most power users would consider reasonable.
What is needed is an approach where the program is considered as an individual entity automatically. Consider how modern network firewalls let the user allow or disallow network access down to the application level. If a new program tries to access the internet, or a modified program attempts to phone-home... the user is alerted, and given the option to allow or block it. What if an individual application was automatically treated with those kinds of restrictions while trying to access the file system?
Programs start their lives on your system with an install. You then run them repeatedly and they might even receive updates. An uninstall may also occur. Generally this normal cycle is moderated by core APIs and known directories on the Windows platform. When considering what files and directories an application should be legitimately accessing during that life cycle, it is possible to use community submitted configurations and distribute them the way virus protection software gets updates.... but there is also another "automatic" way.
When an application is installed, the operating system can "notice" the installation directory, and automatically provide that application with full control to that directory as its "home." When the user goes to save files from the application, the operating system's common "save" dialog box could inform the system of directories or individual files that the application should have read/write access to. Registry entries associating file types to applications is also a clue for the operating system to allow special access. If all these clues aren't enough, the user could always be asked to allow/disallow, the way firewall programs do. Generally between these system clues, and profiling by the community, this system shouldn't require much, if any interaction from the end user to provide this extra layer of security.
I think there is a potential here for a solid application based file system fire-walling product. A few years ago I did the research, and I only found one defunct product that had attempted this type of "sandboxing" (with a different market and purpose). I am sure that the same consumers that enjoy the Norton or ZoneAlarm network firewall features would find the security and ease of use of this approach. In fact, I even approached ZoneAlarm with an idea to enhance their product line, but I got no response from them.
I run my PC as an Administrator, and would welcome this security enhancement. I don't want any programs but Quicken accessing my Quicken data files! In Windows, I'm basically forced into this "wide open" predicament because Windows is such a standard and productivity enhancing platform... ie: I like it, but it has problems.
Sunday, September 23, 2007
Swarm fighting
Fighting games are limited by the player's ability to comprehend the complexity of game play, the player's reaction time, and the computing horsepower to present a beautifully rendered bout (which people expect these days). One-on-one or One-on-few games are all you are likely to find. What about an advanced One-on-Many or Few-on-Many where one or more players battle a large group of nicely rendered attackers with realistic physics? Are you wondering if it would be playable or even possible? I think it can work well, but conventional one-on-one game play concepts won't produce a compelling result.
Consider a One-on-One fighting game. It is easily comprehended by the general gamer. The game authors improve the game by adding stunning graphics and special button press combinations (combos) to enhance game play with special moves. Combos are a sly way to add complexity to a game to challenge advanced players, without turning off the beginners, since the core game play still seems obvious (approach opponent, use attack buttons). Utilizing new hardware and improving the software make the games wonderfully rendered and attractive to new players. Modern games feature three dimensional "feel," realistic looking surroundings / bodies / clothes / eye movement, swooshes / blurs / replays, fighting implements (like swords), humor, special moves and powers, strategy, … But when you consider them, although fun, they are still just "souped up" classics, and not revolutionary.
The One-on-Few or Few-on-Few fighting games are not very prevalent. They usually have poor game play due to limiting the virtual environment or providing contrived fighting scenarios to aid the player's game comprehension and reaction time (by turning the game play into many one-on-one fights). These games have existed for a while, and are getting better.
Remember the old arcade games like the Simpsons or Teenage Mutant Ninja Turtles? They were Few-on-Few by having 1 to 4 players and usually had several attackers on the screen at once. Horrible graphics, physics and game play from today's standards, but they were somewhat entertaining at the time. Many of the multi attacker games today unfortunately provide the same simplistic two dimensional feel of those old classics.
It would be amazing to see a good "Swarm Fighting" game where one or more human players face a large group of attackers (imagine 100 attackers!) in the same type of beautifully rendered three dimensional physics that modern one-on-one games exhibit. The questions are how would it work, and would it be playable. There have been some successes in this arena, but nothing modern. 
Robotron 2084 and Smash TV were basically two dimensional top-down perspective shooters, but they drew players in and gave them the panic of attacking hordes. These games introduced two joysticks (no buttons) for quick reaction time. Move with one joystick, fire with the other. Smash TV even supported two players. The innovation of top-down perspective and two joysticks broke with convention (not just 1 joystick, and 1 fire button) and made game play more natural in fighting large swarms of attackers with what looked like near impossible odds. They were good games, but how about a modern game with well rendered actors and believable physics as dozens or hundreds of attackers approach?
Here is an approach that would be entertaining and would pull players willfully into the middle of a swarm of attackers. The proven combination of "simplicity of play for beginner players, with combos for advanced players, and beautiful imagery for players and onlookers alike" can be achieved, but the mechanics of game play needs to change to allow the player to react to a new type of battle scene.
Base the fighting game play on a meta-game that the player can easily understand, allow them to almost fight by "feel" so they get so absorbed that the controls quickly become an extension of themselves, and then add combos and stunning visuals that are worthy of modern gaming. The meta-game is a game-within-a-game, and could be anything. In this case we are using it as a mechanism to play the main game… or a sly substitution for the impossibly difficult task of battling 100+ opponents with one or two joysticks. The player will be drawn in by the simplicity of the meta-game, but then subconsciously find the depth and challenges addicting. Some players may even find themselves internalizing the meta-game and reacting solely to the main display of the game in ways that wouldn't have been possible without easing them in with the meta-game.
As a concrete example, let's talk about a playable version of the Agent Smith swarm on Neo in the movie Matrix where he fought the impossible battle to a rock'n soundtrack. In the movie, Neo could fight off the swarm of thousands of Agent Smith attackers due to his immersion and first person interaction with the environment. To make the game playable to the average real-world person, overlay a fast paced meta-game on top of it that corresponds to the visuals and expected game play. A meta-game that would work well in this example would be a variation of Dance Dance Revolution where upcoming moves are presented "just-in-time" and even correspond to the rhythm of the sound track. As attackers approach, the nearest 4 to 8 would be represented on the "radar" as approaching "blips." The physical orientation of player would be represented in that peripheral viewer with the attackers approaching. Just as Dance Dance Revolution (and others) show you what is coming, and when to act, the player would see the swarm of attackers and be able to react to the most imminent 1-8 attackers. Run away from the swarm to minimize simultaneous attackers, into the swarm to maximize simultaneous attackers. Consider that even in "real-life," if you were attacked by 100 people, it would be difficult for more than 8 people to actually be physically by your side to attack you at once.
To completely bring the player into the action, the game would take advantage of rhythm based game play that Dance Dance Revolution demonstrates so well. This swarm fighting game would have an immersive sound track just as in the Matrix fights or any Hollywood theatrical fight scene (think of our Matrix Agent Smith fight swarm for one), but in this case, the game play would also benefit from it. In the fight, each punch would correspond to the heavy beat of the soundtrack rhythm. The software would even adjust the approach of the attackers to ensure that every punch or kick occurs on the beat. As the player learns this enhancement to game play, reactions will start to occur more accurately and quickly than just watching for or anticipating attacks. There are many depictions in television and movies where a "tough-guy" starts playing a "fight song" or theme song before engaging the enemy. In the case of this game, the fight song will actually help further the immersion and improve game play (I've been in that zone, it feels great).
Theories for improving immersion with additional feedback have worked well for driving games for many years. Provide the player with a rear-view mirror, radar to show other cars and players, and the player will be more entertained, more involved, and even play more realistically. Consider that adding force feedback to the steering wheel to subtly inform the user of road conditions (and turns) is similar to adding awareness to a fighter that would help convey the timing of encounters with attackers' punches and kicks. The radar and soundtrack rhythm provides the fighting player with a tactical advantage.
One joystick with directional attack buttons would work. With two joysticks, the player is provided with more flexibility, each joystick representing a different side of the body, or one joystick would be arms and the other joystick would be the legs. These types of controls provide the ability to respond to more attackers in the "radar view" and also provide a wider variety of responses. Add joystick/button combos to game play to allow for one-hand-stand-kicks, round-houses, jumps, pile-up-escapes, attacker-freezing-fast-time and other gravity and time defying moves.
Considering these approaches, the overwhelming fights in the Matrix movie should be as playable (and cool) in the arcade as they were depicted in the theater.
(It has been suggested to me that a big game house such as Electronic Arts should appreciate this idea, should build the next killer game based on the One-On-Many or Few-On-Many concept, and that they should also express at least $ome gratitude my way for putting forth the core idea. That remains to be seen.)