Ok, I LIKE the SR4 matrix rules and even more the logic about that piracy is a fact of life and that hackers CAN load multiple commlinks with their programs without having to buy the program twice.
But I have a problem.
Agents.
Agents can be the gamebreaker both for and against the players. What’s stopping a megacorp from flooding their network of commlinks/computer with a gazillion agents?
What’s stopping players from using an armada of agents? If this is how one CAN use agents then there is no reason to believe that corporations wouldn’t do it to secure their data.
So, the end result is that hacking is either impossible or becomes a struggle between armadas of agents doing the hackers job.
I’m almost at the point where I’m about to suggest that we remove agents completely and only have IC. This way the Technomancer would really shine as being the only one with roaming entities of the matrix.
But…it is also wrong.
Should one limit the amount of Agents who can “look” into a node from one node to the other or even limit the amount of Agents that can be active on a node at once? Or should one be so harsh as to actually limit the amount of agent and make them un-crackable (which is silly in itself as they are programs as well).
Now, these are thoughts from the player who will be the HACKER of the team and not the GM and if I have such thoughts of game inbalance what are your views? So far we have yet to play a game but we are trying to fix some odd bugs first.
Full Version: The problem with agents
The problem is not quantity but quality. Hacking is about stealth, about not being detected. Lots of agents that breakinto something will most likely trigger an alarm. The system will be shut down, no problem at all.
The problem are rating 6 agents on rating 6 comlinks that are as goodasevery hacker (excluding edge).
My solution: Cap agent ratings at 4.
This is part of a bigger matrix rules framework I have developed. Depending on the upcoming matrix FAQ I may or may not publish this here.
The problem are rating 6 agents on rating 6 comlinks that are as goodasevery hacker (excluding edge).
My solution: Cap agent ratings at 4.
This is part of a bigger matrix rules framework I have developed. Depending on the upcoming matrix FAQ I may or may not publish this here.
True, but if a hacker can defend his commlink against intrusion with 9+ agents (using more than 1 commlink) you can bet that the corps have already implemented it.
This means that you might run into 20+ analyze checks per combat turn when investigating a corporations node.
My problem is not how a hacker works but how the reasonable response would be when the hacker tries to hack. Using a second commlink and several agents just sound logical to increase your defense but one can bet that if a corp has 20+ analyze checks SOME of them will roll that insane number of successes to detect you.
If one believes it is cheap for runenrs getting commlinks one should also think about that a corporation (even a tiny one) can buy the same things hundredfold times and use it even more efficiently.
Rating 4 agent is enough for me since a response 5 commlink can run 9 agents running 3 programs each...that's a lot, especially for defensive purposes.
This means that you might run into 20+ analyze checks per combat turn when investigating a corporations node.
My problem is not how a hacker works but how the reasonable response would be when the hacker tries to hack. Using a second commlink and several agents just sound logical to increase your defense but one can bet that if a corp has 20+ analyze checks SOME of them will roll that insane number of successes to detect you.
If one believes it is cheap for runenrs getting commlinks one should also think about that a corporation (even a tiny one) can buy the same things hundredfold times and use it even more efficiently.
Rating 4 agent is enough for me since a response 5 commlink can run 9 agents running 3 programs each...that's a lot, especially for defensive purposes.
The trouble with multiplying intrusion countermesure is that it's often detrimental to the legit user. Take a look at Windows Vista, asking you 3 times if you're really really sure you want to do something each time you click on something. Imagine having to unlock 5 doors and go through 3 security check each time you come home. Sure, your home is much more secure, but is it worth it ?
There's also another way to look at it. One may also wonder why the corps' matrix server can't afford better protection (rating 4-6 for a "secure" server according to the ratings) than your everyday cell-phone (okay, your everyday secured cell-phone). The answer lies in the traffic they have to deal with : your cell-phone isn't simultaneously used by 400 people. So I tend to think that, to make it simple, we consider the same thing for both because the 1/400th computing power of the server that your connection will use is the same that the whole computing power of your cell-phone. So even if the corp uses 800 agents in their server, you'll only face 2 of them.
About sending gazillions of agents to hack a server, that'll slow down your commlink, and I don't think that you'll have the rights to load an agent on a node you're trying to hack. You may try to load the agents on smaller nodes you've hacked (or bought/rent), but that would be as subtle as rushing a corp warehouse with a full squadron of tanks. And the server may also figure out that there's something strange going on and simply refuse to load new agents. The node might even be set up so that its list of active software can't be changed.
About using rating 6 agents, I simply consider that a rating 6 agents may have hacking rating of 6, but it doesn't have any logic rating. So, your agent will tend to fall in matrix trap designed to trap such programs, while your average hacker will be able to see through the trick with a logic+hacking test.
There's also another way to look at it. One may also wonder why the corps' matrix server can't afford better protection (rating 4-6 for a "secure" server according to the ratings) than your everyday cell-phone (okay, your everyday secured cell-phone). The answer lies in the traffic they have to deal with : your cell-phone isn't simultaneously used by 400 people. So I tend to think that, to make it simple, we consider the same thing for both because the 1/400th computing power of the server that your connection will use is the same that the whole computing power of your cell-phone. So even if the corp uses 800 agents in their server, you'll only face 2 of them.
About sending gazillions of agents to hack a server, that'll slow down your commlink, and I don't think that you'll have the rights to load an agent on a node you're trying to hack. You may try to load the agents on smaller nodes you've hacked (or bought/rent), but that would be as subtle as rushing a corp warehouse with a full squadron of tanks. And the server may also figure out that there's something strange going on and simply refuse to load new agents. The node might even be set up so that its list of active software can't be changed.
About using rating 6 agents, I simply consider that a rating 6 agents may have hacking rating of 6, but it doesn't have any logic rating. So, your agent will tend to fall in matrix trap designed to trap such programs, while your average hacker will be able to see through the trick with a logic+hacking test.
I am thinking of limiting the number of agents that you can have on your system before you start to get degradation of the system.
As well, I am thinking that too many agents will also interfere with each other, sort of like trying to run too many anti-virus programs at once, they keep detecting each other and not liking it.
Hmm, will have to look into if an agent with 3 programs running on it counts as 1 item for the system limit, or 4 of them. If it is 4, that will definately rule out running multiple agents. Anyone know?
As well, I am thinking that too many agents will also interfere with each other, sort of like trying to run too many anti-virus programs at once, they keep detecting each other and not liking it.
Hmm, will have to look into if an agent with 3 programs running on it counts as 1 item for the system limit, or 4 of them. If it is 4, that will definately rule out running multiple agents. Anyone know?
That would definatly stop the issue of having a rating 6 agent loaded with 11 programs. It would make Hackers choose 2 or 3 programs to load up on an agent or else jack up thier own commlink.
This decision also makes TM's more powerfull with thier Sprites, cause sprites dont count against the system value.
This decision also makes TM's more powerfull with thier Sprites, cause sprites dont count against the system value.
Just send for Neo...
| QUOTE (The Jopp) |
| Should one limit the amount of Agents who can “look” into a node from one node to the other or even limit the amount of Agents that can be active on a node at once? |
Agents must exist on the node that they operate on. Yes I would expect any systems of note to limit the number of Agents operating on them. If only for protection from unintentional program errors that lead to excessive spawning.
| QUOTE |
| Or should one be so harsh as to actually limit the amount of agent and make them un-crackable (which is silly in itself as they are programs as well). |
Not uncrackable. Just rule on the vague point about the Cracking extended test about how many copies you can make for successfully performing the test that the number is one. Meaning you must perform the extended test once for each instance of whatever program you want to run. Allows a healthy number of copies, but keeps things sane.
Because Agents are more expensive and therefore likely better protected they should likely have a fairly high Threshold for that extended test.
| QUOTE (Blade @ Oct 12 2006, 12:19 PM) |
| I don't think that you'll have the rights to load an agent on a node you're trying to hack. |
And here’s the problem. It seems one does not HAVE to upload an Agent to a node you wish to hack and/or monitor. There are two ways to “load” your agents.
Uploaded into persona with orders to access nodes independently= Using the persona commlink (See page 227 SR4 "using agents")
Operate on the matrix independently= Uploaded on another node and subscribed to persona. (See page 228 SR4 "using agents" cont...)
The first seems to indicate that it works FROM your persona and the second one that it is active on a separate node that one cannot access (perhaps uploaded to create a diversion at a later point in time as you hack another system…)
Also, remember that if your Response is 4 you can run agents at rating 4 but if the agent runs 4 programs it reaches its own virtual "response" of 4 and its rating drops to 3.
| QUOTE (Mistwalker) |
| Hmm, will have to look into if an agent with 3 programs running on it counts as 1 item for the system limit, or 4 of them. If it is 4, that will definately rule out running multiple agents. Anyone know? |
It never says. But, I look at it like this:
1) The agent is a program running on your comlink.
2) The programs it uses are also programs running on your comlink - when it is actively using them (just like you).
So an agent running analyse on a comlink that is also running analyse and encrypt has 4 programs running.
If the agent notices an intruder and brings up an attack program, it now has 5 programs going on the comlink.
As for the problem of multiple agents - I just use a little sense:
If 1 copy of IC doesn't notice the signature of a hacker on your system, why would additional copies running the exact same procedures at the same time notice anything different? These things didn't just "overlook" the hacker when they fail to notice him- The hacker's traces just didn't fit their preprogrammed search parameters. Having multiple copies going isn't going to make that more robust.
_____________
On a related note, remind me: Do the agents get the "free" analyse tests every time the Hacker does something the same way the OS does? Or do they operate merely by spending their actions each pass looking for intruders?
| QUOTE (Lantzer) |
| If 1 copy of IC doesn't notice the signature of a hacker on your system, why would additional copies running the exact same procedures at the same time notice anything different? These things didn't just "overlook" the hacker when they fail to notice him- The hacker's traces just didn't fit their preprogrammed search parameters. Having multiple copies going isn't going to make that more robust. |
Well, for one thing the hacker can instruct the agents or IC to use different search parameters and make continous checks for intrusion.
| QUOTE (Lantzer) |
| On a related note, remind me: Do the agents get the "free" analyse tests every time the Hacker does something the same way the OS does? Or do they operate merely by spending their actions each pass looking for intruders? |
They would operate by simply spending their actions during search tests.
I would use teamwork rules for multiple agents running Analyze. We use them for Perception tests, right? And lots of other stuff.
So four agents of equal ratings throw on average double the dice of a single agent. Not too bad, and it avoids possibly awkward house rules that might cause other problems or simply seem unrealistic within the in-game flavor.
So four agents of equal ratings throw on average double the dice of a single agent. Not too bad, and it avoids possibly awkward house rules that might cause other problems or simply seem unrealistic within the in-game flavor.
20+ Agents on Node issue
Proposed solutions:
- only when a hacker performs an illegal test, the IC is allowed to scan for the hacker. If the Hacker does not do something illegal for his account he can not be caught (see my matrix guide for that)
- glitches: 20+ agents will generate much more glitches and thus false alarms than 3. Maybe one should calculate the odds for that
- one could apply a penalty of X dice when X + 1 matrix entities are scanning something at the same time (enter fluff reason here)
@Slithery:
Your solution kills hacking. Remember, that in a teamwork test, dice are added. It is much more probable that you hit an arbitrary threshold with Y/2 times X dice only rolling once than rolling Y times X dice and trying to beat the threshold at least once.
In numbers: It is much more easy to beat a threshold of, say 5 with rolling 20 dice once, than rolling 10 dice 4 times.
Proposed solutions:
- only when a hacker performs an illegal test, the IC is allowed to scan for the hacker. If the Hacker does not do something illegal for his account he can not be caught (see my matrix guide for that)
- glitches: 20+ agents will generate much more glitches and thus false alarms than 3. Maybe one should calculate the odds for that
- one could apply a penalty of X dice when X + 1 matrix entities are scanning something at the same time (enter fluff reason here)
@Slithery:
Your solution kills hacking. Remember, that in a teamwork test, dice are added. It is much more probable that you hit an arbitrary threshold with Y/2 times X dice only rolling once than rolling Y times X dice and trying to beat the threshold at least once.
In numbers: It is much more easy to beat a threshold of, say 5 with rolling 20 dice once, than rolling 10 dice 4 times.
Good point; I don't do much with the hacking rules.
| QUOTE (Serbitar @ Oct 12 2006, 09:58 AM) |
| - glitches: 20+ agents will generate much more glitches and thus false alarms than 3. Maybe one should calculate the odds for that with rolling 20 dice once, than rolling 10 dice 4 times. |
Very good point.
Let's look at a rating 6 agent running a rating 4 analyze (I think) - that's 10 dice.
So we need 5 1's to glitch.
Per a dice calculator, that's a 1.55% chance to glitch. And from what I can tell the odds of it happening on 20 dice is 1.55*20-1.55^20, which is about 30%.
If you're using a rating 3 agent with rating 3 analyze, that's 6 dice, so 3 glitch. That's a 6.23% chance. So 20 agents is 6.23*20 - 6.23^20, which is about 125% chance of it happening.
Edit: I stand by my statement. I hate probability. Multi-variate calculus, that's easy. Odds? Suck. Annoyingly, I've learned some odds doing this. But my math may be bad.
Here's hoping that some of what comes out in the FAQ answers clears up the issue.
OK, got out my book and did a little reading
P 212, Response, degrades if too many programs running
p 227, Agents: use the response rating of the node that they are in
p 228 Payload: Independantly operating agents have to have their programs active, with a reference to p212 for possible response problems.
All this leads me to believe that an agent with active programs (say analyze, trace, attack) running in your commlink would be the equivalent of 4 programs, not one.
So I do not think that you could have encrypt, analyze, 4 agents running 3 programs each, in a rating 6 commlink, without having the response drop down by 2, to rating 4.
P 212, Response, degrades if too many programs running
p 227, Agents: use the response rating of the node that they are in
p 228 Payload: Independantly operating agents have to have their programs active, with a reference to p212 for possible response problems.
All this leads me to believe that an agent with active programs (say analyze, trace, attack) running in your commlink would be the equivalent of 4 programs, not one.
So I do not think that you could have encrypt, analyze, 4 agents running 3 programs each, in a rating 6 commlink, without having the response drop down by 2, to rating 4.
The problem is that if that is the case then you'd have to have a separate commlink for just running an agent - seems a wee bit extreme.
Solution:
Since all the other programs can be run one at a time on a commlinks (with a slight exception to encryption on devices and signal) I'd go with maximum of 1 agent and 1 IC per commlink.
Running agents on external nodes is another ball of wax and has subscription rules but maximum 1 agent per node.
Since all the other programs can be run one at a time on a commlinks (with a slight exception to encryption on devices and signal) I'd go with maximum of 1 agent and 1 IC per commlink.
Running agents on external nodes is another ball of wax and has subscription rules but maximum 1 agent per node.
| QUOTE (The Jopp @ Oct 12 2006, 08:27 AM) |
| The first seems to indicate that it works FROM your persona |
Yes, and counts against your normal loaded/running program limit.
| QUOTE |
| and the second one that it is active on a separate node that one cannot access (perhaps uploaded to create a diversion at a later point in time as you hack another system…) |
What do you mean by this bolded part? Because you have to be able to access that node to upload it, or the Agent had to be able to log in and move itself there.
| QUOTE |
| And here’s the problem. It seems one does not HAVE to upload an Agent to a node you wish to hack and/or monitor. There are two ways to “load” your agents. |
Only for the first case. For the later case if you want it to do anything on the target node it has to get itself to that node somehow. Which entails a separate login for the Agent since it isn't running on whatever account you are using.
If the Agent isn't on the target node it can't do much in the way of distraction other than erroneous login attempts. Which is likely only going to serve to raise security scrutiny.
| QUOTE (The Jopp @ Oct 12 2006, 01:08 PM) |
| Since all the other programs can be run one at a time on a commlinks (with a slight exception to encryption on devices and signal) |
Encryption only needs to run when establishing the an encrypted link. After that it doesn't even need to be loaded for the connection to remain encrypted.
So, let me make sure that I have this straight ...
Take, for example, a Commlink. Every Program loaded into (or just active?) an Agent counts towards the total for the purposes of determining whether the Response is affected?
If so, these people running around with Commlinks containing 9 Agents, each of which is running 3 or 4 Programs would really be sucking wind, even on Response/System 5 or 6 'links.
Also ...
As a non-Hacker, if I am running an Agent on my Commlink, would there really be any need for other Programs to be loaded seperately?
Take, for example, a Commlink. Every Program loaded into (or just active?) an Agent counts towards the total for the purposes of determining whether the Response is affected?
If so, these people running around with Commlinks containing 9 Agents, each of which is running 3 or 4 Programs would really be sucking wind, even on Response/System 5 or 6 'links.
Also ...
As a non-Hacker, if I am running an Agent on my Commlink, would there really be any need for other Programs to be loaded seperately?
I really don't see the need to use an agent to run programs on your own commlink. There are examples in the book showing the use of an Analyze or Browse program running in the background and alerted the player when xyz was found. And just like a foreign node, even without IC in the node, Analyze is running and all that needs to happen is pass the intruder's Stealth to flag an alert. And an alert is a very generic term that can be customized by the system.
So, what I have asked my players to do, is just set their commlinks to continually run an Analyze on their own node and let me know what it is supposed to do when an alert is triggered. Besides the immediate +4 to Firewall, they normally just want a visual cue or email of sorts to let them know.
I suppose you could use overkill and have a ton of agents, but I just don't see that as being needed...
So, what I have asked my players to do, is just set their commlinks to continually run an Analyze on their own node and let me know what it is supposed to do when an alert is triggered. Besides the immediate +4 to Firewall, they normally just want a visual cue or email of sorts to let them know.
I suppose you could use overkill and have a ton of agents, but I just don't see that as being needed...
| QUOTE (blakkie @ Oct 12 2006, 03:02 PM) | ||
Encryption only needs to run when establishing the an encrypted link. After that it doesn't even need to be loaded for the connection to remain encrypted. |
I would not sign that.
Encyrption has to berunning to encrypt live traffic.
@deek:
the idea is: mroe agents = more checks = more security
Don't you still have to use a command utility and try and get the agents to do stuff, doesn't that limit them?
| QUOTE (Cognitive Resonance) |
| Don't you still have to use a command utility and try and get the agents to do stuff, doesn't that limit them? |
Command is used for controlling devices like cameras and drones not Agents/IC.
| QUOTE (GrinderTheTroll) | ||
Command is used for controlling devices like cameras and drones not Agents/IC. |
PG 226 of BBB4 disagrees, command lists agent.
See Comlink thread
| QUOTE (Serbitar) |
| @deek: the idea is: mroe agents = more checks = more security |
Yeah, I suppose that since I don't constantly attack my player's comms, we don't have to spend so much time devising ways to defend it. If they have data that they want to stay really secure, they either take it offline or put it on a datachip...at the very least, take it off their active comm.
I understand the logic, but really, as a GM, the only time I am going to be screwing with a player's comm is if it furthers a plot (in which case, no matter how much security they have, I'm going to get what I need to get for the plot) or if it is in retaliation to some comm hacking they are doing. But, in our games thus far, even our hacker doesn't spend a great deal of time messing around with individual comms...
well, personally:
| QUOTE |
| (in which case, no matter how much security they have, I'm going to get what I need to get for the plot) |
Is way to much railroading for me.
Has your hacker never tracked somebody oder listened to guards, or looked at ones personal timetable, or found some commumbers or such, or used feeds from other peoples cybereyes, or blocked cyberware, or inserted false traffic, on other peoples commlinks? My hacker does this all the time. After all, thats what hackers do.
The bigger risks of a glitch happening with a lot of agents on the node is a good way of considering how too much security might set off too many false positives.
For example, to avoid people breaking passwords by trial and error, you flag as "hacker" anyone typing a wrong password 20 times in a row. You don't risk seeing many legit users getting flagged as hackers, but a hacker may find in less than 20 tries. So you lower the limit to twice in a row. Your system is far more secure but now you'll also flag as hackers a lot of legit users who just forgot to remove caps-lock.
For example, to avoid people breaking passwords by trial and error, you flag as "hacker" anyone typing a wrong password 20 times in a row. You don't risk seeing many legit users getting flagged as hackers, but a hacker may find in less than 20 tries. So you lower the limit to twice in a row. Your system is far more secure but now you'll also flag as hackers a lot of legit users who just forgot to remove caps-lock.
Actually one of the security features that I saw in a game was that anytime there was an alert about someone making password mistakes too much (more the 4 times I think) it would shunt you into a false system that had a lot of good 'looking' data around but did nothing except record everything you did.
If they did nothing except try and get back to their proper desktop then they allowed to after awhile. If they tried to go through the fake data it would provide more fake data and trace you.
If they did nothing except try and get back to their proper desktop then they allowed to after awhile. If they tried to go through the fake data it would provide more fake data and trace you.
Maybe I was wrong but I thought it worked this way:
Agent subsribed to YOUR persona. Counts a a program on 'your commlink' with all applicable rules. Goes anywhere YOU are.
Agent on 'remote service' mode (ok I play Technomancer more
. Agent is loaded in a node with all applciable progams (note ALL programs count as 'active' and limit as appropriate. JUST LIKE A HACKER, IF agent travels to another node (to hack, etc), the agent counts as running on THAT node. (with possible loss (or gain) of ratings). Basically the agents pilot+exploit test is to 'load' itself on the respective node.
This limits the 20 commlinks/nodes each running an agent all hitting a node (most likely just crashing system down to system 0 and crashing it, USUALLY in favor of the host system)
The 'probing' (or hacking on the fly) test would be from the 'source' node; however if the agent gets 'in' it is now running on the destination node (with possible crash results if too many agents).
Likewise to 'anaylse' a node to watch for bad traffic, the agent would have to be loaded in the actual node it is watching.
This limits 'effective' agents per node and allows them to be effective (and a hardened system) if it goes into an alert is very painful.
On all but the 'most' paranoid system though if multiple 'firewall' to IC I have the system designers set it so it requires 2 agents to report an alert before going into an alert status (reduces false alarms greatly)
Now one very very very strong system so far...
System 1 / reasontion -1 'firewall' subsribed to your main commlink.
Force 6 spirte on remote system guarding it.
Takes a technomancer, but while possible to 'hack' the firewall aint nobody getting 'through' the system when they suddenly hit the sluggish processor with a major sprite protecting it.
Agent subsribed to YOUR persona. Counts a a program on 'your commlink' with all applicable rules. Goes anywhere YOU are.
Agent on 'remote service' mode (ok I play Technomancer more
. Agent is loaded in a node with all applciable progams (note ALL programs count as 'active' and limit as appropriate. JUST LIKE A HACKER, IF agent travels to another node (to hack, etc), the agent counts as running on THAT node. (with possible loss (or gain) of ratings). Basically the agents pilot+exploit test is to 'load' itself on the respective node.This limits the 20 commlinks/nodes each running an agent all hitting a node (most likely just crashing system down to system 0 and crashing it, USUALLY in favor of the host system)
The 'probing' (or hacking on the fly) test would be from the 'source' node; however if the agent gets 'in' it is now running on the destination node (with possible crash results if too many agents).
Likewise to 'anaylse' a node to watch for bad traffic, the agent would have to be loaded in the actual node it is watching.
This limits 'effective' agents per node and allows them to be effective (and a hardened system) if it goes into an alert is very painful.
On all but the 'most' paranoid system though if multiple 'firewall' to IC I have the system designers set it so it requires 2 agents to report an alert before going into an alert status (reduces false alarms greatly)
Now one very very very strong system so far...
System 1 / reasontion -1 'firewall' subsribed to your main commlink.
Force 6 spirte on remote system guarding it.
Takes a technomancer, but while possible to 'hack' the firewall aint nobody getting 'through' the system when they suddenly hit the sluggish processor with a major sprite protecting it.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.