Matrix Rule Clarifications Options

[Mardrax]

Analyse is software, and hence unable to make calls of the 'dodgy' neomer.
It analyses something running Stealth, and based on the test outcome, reports wether or not the icon in question is doing something it shouldn't, based on user access rights, or lack thereof.

Infrastructure in place on a system is there to be used, and said use by authorised parties shouldn't be suspect -or objected to by Analyse, by default- unless a spider would specifically want that infrastructure watched, which would make it bait.

I tend to see Stealth as a way to make use of Analyse's scanning priority algorythm. Stack the office full of christmas trees with blinking lights, and chances are you won't see the man behind. Without him acting suspicious to avoid notice.

[Saint Sithney]

This is software that occasionally breaks and becomes sentient enough to pass a Turing test.

I think you underestimate it.

[DMiller]

Thanks all, this is insightful.

I’ve always seen the Stealth Program to be the same for the Matrix as the Infiltration Skill in the meat-space. I do believe that the books support this view. That’s why I made the reference I did about a legit account not running Stealth.

However I can see both sides of the possible operations.

Again thanks all for the input.

-D

[MikeKozar]

I think I really like the idea of being stealthy or being legit as alternate modes of operation. It rewards the sort of legwork that Probing a Target is supposed to indicate, and makes it riskier to go hot.

To justify this, I might claim that if Analyse detects a user with malware, viruses, or exploitive hacker-softs loaded, the system security policy is to treat it as a compromised account. Obviously getting the list of running programs would involve beating the Stealth, but if the defender first beats the hacker's Stealth and then realizes that the persona is running Stealth, alarms might go off. Ditto if the persona has a running Attack program.

It's analogous to a 2011 sysadmin noticing BitTorrent traffic on a user's node. The user might be entirely legit and updating legal software, but company policy is to assume he has been rootkitted by pirates and is racking up lawsuits. Paranoia is a legitimate business plan, doubly so in 2074.

Speaking of which, Happy New Year, Dumpshock!

[Draco18s]

Just FYI: it takes an action for a spider/IC to run Analyze on a icon to figure out what programs its running.
(By RAW I believe it is 1 action to identify how many, then 1 action per each program to determine the program name/type).

[MikeKozar]

Just FYI: it takes an action for a spider/IC to run Analyze on a icon to figure out what programs its running.
(By RAW I believe it is 1 action to identify how many, then 1 action per each program to determine the program name/type).

It looks like you can get more information with more hits on the Matrix Perception test, but it's unclear how many is needed to uncover the info. I'm guessing I would have the Analyze accumulate hits, as follows:

1) Persona identified.
2) Running programs catalogued
3) Checking program for malware
4) Checking next program...

...so a hacker with multiple running programs, one of which is banned by system policy, would trigger an alert when the Analyse had accumulated 3-7 hits. This puts a lot of pressure on the hacker, but gives time to mess around before the system catches on.

[Udoshi]

Just FYI: it takes an action for a spider/IC to run Analyze on a icon to figure out what programs its running.
(By RAW I believe it is 1 action to identify how many, then 1 action per each program to determine the program name/type).

Thats actually not strictly true. All analyzers have Automatic mode, which rolls your analyze score against every icon it can render.

Its a simple action to toggle it on and off, but that goes down to a Free(changed linked device mode) with DNI input. 4a 228 for details.

At least in my games, its the reason that hacking nodes with active IC patrols is a bad idea - every time you do something, all running analyzers get a chance to see past your stealth. I assume that all analyzers run in automatic, unless a user needs to look at something specific.


I mean, when you think about it, having the Analyze Icon action as the -sole- way to spot something is stupid. If it were so, even casual use of the matrix would be retarted.
'I want to check my mail!
'I analyze the login page. Then the username prompt. Then the password field. A free action to Transmit Data for my login details. Oh, now i have to spend a simple action to Log On. Now I can data search for my new mail, since its on a Specific System, thats a complex action... '
No, fuck that. Automatic rendering with Analyze programs makes so much more sense.