[Patcher] A few things for SE to consider

[Molly_Millions]

Oh and lets not forget people that live in university manages accomodation, if thier interenet uses the university network they have no access to any routers, and any administrator would say that the ports arent needed, so we will not compromise security by opening ports for an online game, its what I would say anyway.

Some people for various reasons could have to use mobile broadband (yes the game works on a HSDPA connection) they cant open any ports, these are the sort of potential customers that SE are loosing just because of the patch, and if your ISP blocks torrent traffic the only way to get patches is through somone posting them on the web, which could lead to so many problems.

The fact is there are alot of people who cant open ports for alot of differant reasons and SE will loose those customers, not because they dont know how, but because they physically cant, some people say they shouldnt be an administrator to download a patch, but for some people it will be "I shouldnt be a hacker just to download a patch"

As I said this is a problem that requires immidiate attention.

Such is life I suppose. When you're paying for your own internet connection you have more freedom. But that's not SE's problem. The patcher works great when everything is set up correctly.

[darkstarpoet1]

Such is life I suppose. When you're paying for your own internet connection you have more freedom. But that's not SE's problem. The patcher works great when everything is set up correctly.

incorrect it still does not work for some even when it is setup correctly.

[Delsus]

Such is life I suppose. When you're paying for your own internet connection you have more freedom. But that's not SE's problem. The patcher works great when everything is set up correctly.

The fact is that its subs that SE cant afford to lose in the current state of the game, at the end of summer the initial patch could be 3-4GBs depending on how big patches are, and if it says that will take 72hrs to download (I saw that in alpha) alot of people will just quit right there, I am saying this more for SE than anyone else, no other games require you to open ports and lower your security. If I was a hacker and made a keylogger to target FFXIV players I would have it transmit through those ports that you opened, you wouldnt even need a port scanner because you know the port range that the patcher uses.

It would technically be your fault for opening those ports. Opening ports sevearly reduces security and should only be done if its vital, which it isnt for this game because there are loads of other ports they could use, or just use a standard http download hosted on a farm of high bandwidth servers, they start to reach the limit put another blade in.

SE should not ask for people to to compromise thier personnal security over a game patch.

[Molly_Millions]

The fact is that its subs that SE cant afford to lose in the current state of the game, at the end of summer the initial patch could be 3-4GBs depending on how big patches are, and if it says that will take 72hrs to download (I saw that in alpha) alot of people will just quit right there, I am saying this more for SE than anyone else, no other games require you to open ports and lower your security. If I was a hacker and made a keylogger to target FFXIV players I would have it transmit through those ports that you opened, you wouldnt even need a port scanner because you know the port range that the patcher uses.

It would technically be your fault for opening those ports. Opening ports sevearly reduces security and should only be done if its vital, which it isnt for this game because there are loads of other ports they could use, or just use a standard http download hosted on a farm of high bandwidth servers, they start to reach the limit put another blade in.

SE should not ask for people to to compromise thier personnal security over a game patch.

If you know how to open the ports, you should know how to close them when you are done.

[Delsus]

If you know how to open the ports, you should know how to close them when you are done.

I can bet that 90% of people dont bother though, whether they dont know about the security problems or just dont want to for conviniance, even still you can tell malware that once ffxivboot.exe or ffxivupdater.exe is opened then transmit the data, admittedly this can be done for any program, but the common ports should be monitered for any suspicious traffic, the ports that are normally closed may not be, so untill all your accounts have been hacked you may not know anything

[Molly_Millions]

I can bet that 90% of people dont bother though, whether they dont know about the security problems or just dont want to for conviniance, even still you can tell malware that once ffxivboot.exe or ffxivupdater.exe is opened then transmit the data, admittedly this can be done for any program, but the common ports should be monitered for any suspicious traffic, the ports that are normally closed may not be, so untill all your accounts have been hacked you may not know anything

I think you are overstating the risk to try to prove your point. Preventing keyloggers and spyware from getting onto your system in the first place just takes a bit of common sense. I do realize common sense isn't common, but we can't blame SE for that.

[Delsus]

I think you are overstating the risk to try to prove your point. Preventing keyloggers and spyware from getting onto your system in the first place just takes a bit of common sense. I do realize common sense isn't common, but we can't blame SE for that.

What I am saying is there is no need to open ports for a game to take less than 24hrs to update (which is what we could see from 1.18)

You cant keep any computer completly secure, all you do is make malware between definition updates and lauch a fast attack before any anti-spyware will beable to detect it. If you think your PC is 100% secure, you are prime for an attack.

I have been studying networking and network security, and I know about attacks and vulerabilities, its all about compromise, anything you do for conviniance will lower security and you have to evaluate the risks against the differant possibilities, unless there is a delcleration from SE that if you get hacked via the ports needed to be opened for the patcher they are not liable, all you need to do is prove that an attack came through the ports opened and they should be liable because they ask you to open the ports.

Ports are one of the biggest security risks because apart from closing them there isnt alot of security to put on them, also its not just keyloggers that can utilise open ports for malicious activities, how about a DDOS attack on SE, or just a hacker accessing your PC through the open ports.

All ports are, are back doors into your PC, its the same as leaving your front door wide open over night, any burgalar would see you as a prime target.

As I said common ports like 80 (for http) have some security on because they need to be open, however unless you buy software (free software will probably just be a port scanner) there is absolutly no security on the uncommon ports, its just a dorr wide open to the internet

[Molly_Millions]

What I am saying is there is no need to open ports for a game to take less than 24hrs to update (which is what we could see from 1.18)

You cant keep any computer completly secure, all you do is make malware between definition updates and lauch a fast attack before any anti-spyware will beable to detect it. If you think your PC is 100% secure, you are prime for an attack.

I have been studying networking and network security, and I know about attacks and vulerabilities, its all about compromise, anything you do for conviniance will lower security and you have to evaluate the risks against the differant possibilities, unless there is a delcleration from SE that if you get hacked via the ports needed to be opened for the patcher they are not liable, all you need to do is prove that an attack came through the ports opened and they should be liable because they ask you to open the ports.

Ports are one of the biggest security risks because apart from closing them there isnt alot of security to put on them, also its not just keyloggers that can utilise open ports for malicious activities, how about a DDOS attack on SE, or just a hacker accessing your PC through the open ports.

All ports are, are back doors into your PC, its the same as leaving your front door wide open over night, any burgalar would see you as a prime target.

As I said common ports like 80 (for http) have some security on because they need to be open, however unless you buy software (free software will probably just be a port scanner) there is absolutly no security on the uncommon ports, its just a dorr wide open to the internet

This is common sense stuff again, if someone is leaving their ports open after the patcher is done and somebody takes advantage of that, it's not SE's fault, It's the fault of the end-user.