So I was thinkin...

[thebluefish]

Alright before any of you call me a noob for this idea, I have a little something to say before hand. I was an active part of developing the first "public" widespread Xbox 360 exploit (technically not the exploit itself, but the software that came out of it), and thus I have quite a fair share of cracking that system. Now for a little background:

Now the Xbox 360 had a hypervisor, which was essentially the equivalent of a VM. What it would do is run the system in a protected manner to make sure it could not be hacked and no malicious code could be ran. The hypervisor (which was stored on a ROM) was technically a bunch of executable data which would run the Xbox 360 dashboard and subsequent code. You could think of this similarly in terms of Warden: it was designed to prevent hacking and abuse of the system. Even when it was cracked, it still had internal "fail-safes" which would trigger once the code itself was modified and then ban the user's console from Xbox-live.

Now think of Warden... it's a process that gets called from WoW (could possibly be loaded as another thread in WoW if they wanted) that scans and monitors your computer as well as the game files for any malicious programs, known or unknown. It's safe to say that Warden poses a threat to any hackers, and most hackers instead make an attempt to simply make programs undetectable. A thing to note is that Warden is composed of both client-side and server-side components. The client-side is what's ran on your computer, and is ABSOLUTELY REQUIRED for Blizzard to get any information about what you are doing. The server-side component takes this information and will flag you, etc... based off it (although do note that Blizzard CAN and probably does detect many hacks such as speed hacks from just the data the server has).

Being unsure the exact nature of how Warden is ran is one major problem, but you can assume the following:
- It is not ran when none of Blizzard's games are ran.
- It is ran per-game, meaning there is no "central" Warden process.
- Each process then runs Warden, and most likely acts as the hub for Warden's communication to Blizzard.
- Each process therefore, also contains security to ensure that Warden itself is not compromised, while Warden ensures that the process itself is not compromised.

Now much of this sounds really similarly to how the Xbox 360 hypervisor acted. How did we solve this? We simply disabled the checks... ALL of them. See in terms of Warden, do note that in a nutshell, it simply produces data which is sent to Blizzard. This data could be a giant red flag saying "BAN ME", but it is still produced by the client in the first place before sending data to the server. Therefore, however it is ran, any "security" measures could be modified to not report any infringing data. As long as you managed to disable all flags and fail-safes, nothing on your computer is there to say that you're hacking. This could take effort though, all it takes is for one security check to fail for a flag to go off, but I'm saying that it's actually possible.

So instead of attempting complex schemes or methods to try to make a program undetectable, why not attempt to find a way to disable Blizzard's so-called Warden 2.0? I mean, for all you know, your programs COULD be detectable before you even thought they were. All it takes is for Blizzard to store information about processes running on your computers, and at a later date if they find one that's malicious, could look back and see everyone who WAS running it, then ban them at that later date. If you take the initial threat, and seduce it to report that everything's fine even if you're hacking the shit out of their computer, then all Blizzard has to work with is whatever they can detect server-side. And remember, many hacks *can* be detected server-side.

TLDR: knock Warden up, and knock Warden out, and for many of these "hacks", you've just secured yourself a level of security until the next update, except those of which (like speedhacks) are just so damn obvious any server-side detection could catch you.

[XpLoDWilD]

It's probably a good idea, but maybe harder than it may sounds.
Also, you didn't take in account that the client checks files integrity, and therefore detect that Warden's code has been altered, and prevent you from entering in the game.

[Castseven]

You're making a huge assumption that the server never, for example, says "Hey Warden, you cool?"