I'm so confused how people who are looking at a game that has been so rewritten can be offended by people rewriting something.

I'm trying to offer a way of looking at it that is being ignored. I'm trying to generate thought along a different line. I'm expressing my point of view as strongly as most other people are here. I'm not trying to directly insult people or make personal statements.

I am debating with you and you are trying to tell me that you can't deal with this - go away?!?!??!?!?!?!? If you can't see someone elses point of view then don't. Just ignore anything you can't deal with.

But why should I stop giving my opinions because you don't agree with me?

I have changed my matrix house rule several times based on feedback from this forum. I highly value reason and even YOU can change my mind about something if you present a great case.

I have listened to your point of view every time it was in a thread I read. It will not bother me if you skip over my posts and threads from now on.

Realism? You're going to need a solid fluff reason why I can't write a program to go and do some research for me when such things sort of already exist today. And IC. IC is essentially an agent, is it not? An independent and often mobile program. Hard to imagine a Shadowrun universe without IC.

But that model is obsolete. Read my article for my take on how the Matrix works. It actually offers quite strong fluff explanations for how the Matrix is different to the Internet of today. Does my browser leave my computer when I do a search? No, but my browser is not doing my search. It's merely submitting a request to Google or Yahoo who's "agents" have already done research on keywords. This isn't my browser accessing all of those sites. It's an agent of kinds. But your example is a limited one. What happens when I want to do my search in a private corporate network? Does each network have its own search engine? What happens when I want to do research on multiple networks? Is there a metasearch engine that combines these? No there can't be because that would be a gaping hole in security. It has to work only on my permissions - the corporations I do work for, the Matrix resource sites that I have paid my membership dues to, etc. And agents do far far more than just search for hits on keywords. They organise, they verify. They arrange meetings for you and pilot cars. Imagine a search engine that not only finds links but then checks for accuracy of the data returned by cross-referencing with known sources or author profiles. Is all this a program running on your commlink spewing out thousands of connections? Probably not as it makes a great deal more sense for the operation to be distributed in a network like the Matrix. Just like your browser isn't doing the search but merely submitting the request, so the agent isn't doing all this on your comm but running various searches and operations on other systems concurrently. But you need a way of tracking all these operations, co-ordinating them and representing the activity to a human user that doesn't drown him in detail. So a sophisticated interface was created and this was called an agent. The structure of the Matrix abstracts the software into a thing that you can talk to. And if you read the piece I wrote, you'll see very good fluff reasons why such software should be handed off to other systems as needed.

For the needs of 2070, a roving, independent entity that can operate separately from your own computer / commlink is a necessity. You wouldn't drive your car with a program on your mobile phone. You'd want the program running on the car itself!

And for historical reasons (i.e. Crash of '29), the Matrix would have measures against self-replicating entities built right into the low-level protocols of its structure.

IC needs to move so that it can Chase you!

Well if an agent can send out mini-agents (and I love the image of the baby icons , btw), then the same principle should allow a user to send out the agents themselves.

I think agents are here to stay. I also think that a swarm of agents is a bad, game-breaking, setting damaging idea, too. Putting the two together leaves the issue for me as how best to eliminate the problem of Agent Smith from both a rules and fluff approach.

My opinion is that a self-replicating agent is a virus and the Matrix of 2070 should have numerous and powerful impediments to self-replication. This can be an issue of transferring running processes or comparing instances of programs across nodes as I went into in the other thread, or of tracing the source of all agents. Either way, we shouldn't be looking at swarms of agents.

Okay, that works. You can run it that way. But you need a fluff reason why these things don't exist, I feel. Probably not hard to come up with something, but if a human can enter various commands to a system he's logged into, you have to ask why an intelligent computer system can't do the same. And we know there are intelligent computer systems because we have things that can fly drones around, pick out targets, etc. I would say that based on my experience with computers, you could make a strong argument that this sort of real world interactivity is [i]more]/i] complex than running around the matrix and hacking. After all, hackers today run exploit packages that search for weaknesses and there are automated tools that you can buy. So you need a reason why not agents. I don't have one and I'm not going to come up with one because I like them in my game. They make sense to me.

Have you read about my rats, Garrowolf? What you are describing sounds a lot like my 'Utilities' and 'rats'.

as i've pointed out several times, it's unrealistic to just yank them out of the game. you'd have to come up with some explanation for why the technology that allows drones to act independently can't be applied to the Matrix. beyond that, they're cool. they open up a huge range of options for hackers. getting rid of something cool because it'd take five seconds to fix seems counterproductive.

the question of whether an agent has to leave its node or not is basically irrelevant. the problems they present are not in the node-hopping--that's just a bit of fluff that doesn't affect whether or not agents are broken or unbroken, just whether or not they make sense. whether or not an agent has to node-hop in order to operate, agents are broken as long as you can directly control indirectly subscribed agents (ie, agents that are subscribed to devices that are subscribed to your commlink). that's a concept that works for drones but not for agents, mainly because you can't just copy drones.

disallowing indirectly subscribed agents is not a realistic option, because you can do it with drones. drone pilots and agents are, basically, the same technology--it's all just AI; the only difference is that drone pilots are specialized for controlling vehicles, and agent AI is specialized for surfing the Matrix. therefore, you've got to do something with all those indirectly subscribed agents that a) keeps you from controlling them directly, but b) doesn't make them disappear.

That makes things more expensive, but it doesn't fundamentally solve the problem. It would generally stop runners from using armies of hundreds of agents, but it's not a barrier to corps.

Any big corp could just shell out for hundreds or thousands of different IC programs and flood their systems with them. Any time you try to hack into one of their systems, you have dozens of IC instances trying to notice you (so one of them will probably succeed), and then they can all gang up and Black Hammer you to death within one initiative pass.

Except that that's paranoid.

And while corps may well be Paranoid, with that many IC actively scanning for intrusion, one of them is going to twinge on legitimate user activity, then BLAM! Some poor wageslave gets the wrong end of 500 Black Hammers. Maybe not so bad, but it happens again the next day - and this time it was an upper management guy.

By now, of course, nobody will jack into the 'trix to do their job unless you have security threatening to blow them away in order to get them to jack in, and of course efficiency is shot to hell.

Great idea, except that this violates the idiotic "your icon has to be on the host" basis that underlies how SR computers work. SR is based on the idea that all computers will happily load and execute random code submitted to it by anyone. And you wonder why they have problems with hackers. . . .

Not their higher-level security measures; they don't give a crap about that.

I mean their basic systems. All fundamental arcitecture must have these rock-solid foundation architectures preventing self-replicating code, to prevent the Agent Smith problem from arising again.

Except that your icon doesn't have any code in it. The icon is just a grpahical representation of something in the Matrix. In the case of the icon of an independent actor such as a Hacker or an Agent, the Icon just represents the fact that they've logged into an account - it doesn't mean that any code has been transferred or is running on this system.

Shadowrun computers do some idiotic things, but the fact that anyone who detects the fact that you've logged into a node will see an icon that represents that fact isn't one of them.

-Frank

Yes. But the concept of SR computers as described doesn't exactly suggest that there is much rock-solid there.

ShadowDragon has taken my idea and run with it. I love the idea that standard systems will refuse to interface with ones that didn't support the same protection protocols. I reckon that's the last piece I need to make the concept internally consistent.

As to stopping players wielding hordes of agents... that to me was the fundamental problem so if it is prevented, then I for one am more or less content. As a GM I can handwave corps not using agent swarms as an issue of cost and system performance.

Of course players can go the route of trying to purchase / write lots of agents if they wish, but I've taken on board Serbitar's points about stealth being the over-riding concern of the hacker. It's no different to the way samurai players can load up with assault rifles. The confrontation style can be used, but ultimately, going toe-to-toe with the corps means you lose.

In terms of justifying corp security level against cost and efficiency of their systems, maybe we should bear in mind that the average rating in SR4 is three. Okay, we don't see many hacker PCs with rating 3 skills and programs, but if that's what the corps are used to facing, then their half-dozen rating 3 IC would normally be considered adequate measures. Why spend so much more (unless you're something special).

I don't see why those protocols couldn't be put back in as easy as they were taken out. In fact, if you consider that all protection protocols are the same, they should be even easier to add and remove. You could even have an agent to do it for you.

I also don't see why a Stealth program couldn't make the agent appear to have legitimate protocols.

I really think that a better analogy would be a samurai player loading up with tanks. Lots of tanks, with no kinds of limits like cost or availability or how many can fit in a small room. The Matrix equivilent of an infine army of intelligent, Independant roaming tanks. Yep, that's a problem.

Yeah, this all sounds right to me...
Except that a lack of perfect copy protection means that its just as free to get Rating-6 IC as it is to get Rating-3 IC. Presumably this might be illegal... and corps in Shadowrun would never do anythng illegal or dishonest when designing their security, right?

We're not talking about something that happens at the level of the software, a sort of my programs says X, you say Y. We're talking about something analoguous to TCP/IP. The Internet today is structured according to something called the OSI model. Have a look here for information on that. Basically you have the Application Layer at the top which is browsers, web-servers, IRC and email all doing their thing. At the bottom, you have the physical stuff - phone lines and copper and what not. In between there are actually several layers of complexity. Your agent would be operating at the very top and we're talking about something that is implemented below that where it can't be affected. This sort of low-level of the Matrix could be (would be?) implemented in firmware - not something you could edit. As to an agent pretending to have the legitimate protocols, well in theory it could, but there wouldn't be much point as it would then merely be pretending to be filled with copies of itself. The point about breaking a protocol is not that you can't do it, but that by doing so you find no-one is talking to you anymore. The Matrix is a lot more sophisticated than the Internet with a lot more intelligence built in. I think we can deduce that from various cannon behaviour. If you want fluff expansion on that, I put some in my article.

You have misread my post there. I am likening the hacker player purchasing six high rating agents to the samurai with the assault cannons or the rigger with the five steel lynxes. Not to the Agent Smith problem. I'm basically saying that it's acceptable for a player to go and buy multiple agents because it has the same constraints as these parallel situations. As Serbitar said - once you've blown the stealth part of the run, firepower is only going to help so much.

Well I can come up with several reasons why this isn't so. For one, there is a difference between a lack of perfect copy protection and no copy protection. There could well be a lag between software being developed and it propagating to everyone. And whilst corps might be happy to do things that are illegal, are they willing to be caught? Because that's what happens when Fuchi deploys Renraku Counter Intrusion Package v.8.54 on all their nodes. And even if that weren't the case, there's all the time reverse engineering it and checking it. "I'm sorry - you were going to depend on a rival's software for your protection? Backdoors? No - never heard of them." So you're developing your own IC or your buying it from someone you trust. If you're developing your own IC, then maybe you do have higher rating stuff all over the place. But then a hacker breaking into "IC Manufacturing Ltd." really should expect that. But most corps aren't actually in the IC manufacturing business (and aren't good enough to be, anyway). So they're buying it from third parties like Renraku. What do they go for? Do they licence the nova-hot governmental package at 1.4million per system per annum, or do they save themselves a few billion with the standard package? And don't forget that realistically, both IC and hacking software will degrade in effectiveness over time as new exploits are found, old techniques dropped. And that process accelerates with exposure. You might have got your virtual paws on a rating 6 stealth program, but if you spread a copy of that around to every 2-bit hacker on the Matrix, then you can be sure that the IC you try to sneak past next week will have been patched to deal with some of your best tricks. The same is true for corps deploying the latest and greatest IC in every little office. So it's not just a case of system maintainers having to keep every single node up to date, it's also a question of whether they should and how little they can get away with!

I can come up with more, but my fingertips are getting pretty bruised by this point. Plenty of reasons for IC rating 3, anyway.

Where the heck does this millions stuff come from? Assuming you pay list (which is never the case for volume purchases), it's 12K more for a level 6 than a level 3. Let me also point out the concepts of "site licenses" and "support contract with software upgrades" are popular for a reason.

So no, it makes absolutely no sense.

This is a fine fundemental theory to work with, but I really think you should question it. The whole principle in cyberpunk is that increases in information technology have changed certain principles (like this) that we've become accustomed to dealing with or ignoring in the real world. There's no reason why this assumption should carry forward into an advanced computer society except "the GM/game designer said so".

Hackers can do extraordinary amounts of damage, construction, and editing to a remote system within the span of a few minutes or hours. It's hard to believe they couldn't copy a legitimate program in the same timeframe using their own custom software, agents, and hardware. Unless copy protection was perfect or so incredibly sophisticated compared to the best maximum-security datanode.

Btw, I really think copy protection should be "IC" rather than an abstract feature. If we could have abstract security features instead of IC, why don't we have more?

Why? Agents and trid pirates specialize in distributing illegal information, and not just to people out there looking for it. Furthermore, in the Shadowrun society, software (and even hardware) could well find themselves in the hands of everyone before it's been officially developed and released commercially.

Wait. In your world everyone must program their own IC?
Okay, no wonder your IC ratings are so low.

But commercially bought software from Renraku is just as likely to have bugs and back doors in it! It's actually better and more reliable to go to the black market for pirated software from reputable hackers. And copy protection could be removed along with the backdoors. (If you say copy protection is firmware, I really don't see why hidden backdoors shouldn't be, too. And hackers *do* have hardware skills.)

All the more reason to pirate all the latest software for free rather than wait for an official release or patch after the software's become useless or bugs have been exploited.

See the problem with assuming that selling software is somehow easier or better than pirating is that in the Matrix, both the pirate and the megacorp share similiar distribution channels. They can each distribute their stuff just as effectively and just as quickly. In many cases, the pirated versions may actually be released first and have had all of their advertisements, backdoors, inconvinient features, spyware, and copy protection removed by expert hackers.

One has to wonder how software development is profitable at all. (I have my theories about that, actually... they rely on a new social/business/legal system that disregards the copyright "information is exclusive property" principle. Basically, people get paid to develop stuff as a service rather than getting paid to buy stuff developed as property.)

But you have this exact same case if you just buy the programs rather than buy pirated versions. Like I said, they're the same distribution channels. I suppose an artificially high price will curb demand a little, but it seems weird that the effectiveness of a program would be reliant on social dynamics influenced through price controls. And the theory breaks down so long as there is any group out there that can develop or pirate free software, effectively lowering the value of all other software.

Basically you have the same problem either way. Presenting it in this faction just makes the argument kind of circular, "Price is linked to effectiveness which is linked to distribution, therefore rating 6 IC will be rare because they will be effective and higher-priced. They will be effective and higher priced because they are rare."

Actually cost of IC with any useful programs at rating 6 actually comes to at least 21,000:nuyen: But regardless, I find it highly unlikely that when Seattle Power Inc. purchases their IC software from Renraku with an 84 node, two year licence with support contract and update rights, that you can use the SR4 gear list to calculate cost. Heck, Microsoft will charge you according to how many processors you run their software on and we can rely on 2070 megacorps to charge whatever the market will bear and I think that has to be more than would allow people to treat rating 6 software as a commodity.

But whatever, this is a side point and I have to deal with Cetiah's post next which is going to take a bit more work. Let me just clarify that what I am doing is providing a good solid fluff reasons to support the BBB. We know that rating 3 is the midpoint for most things and under your justifications, you're going to end up with a world where everyone has Rating 6 IC everywhere. This doesn't line up with what we see in the RAW and it certainly doesn't line up with a fun game. So while I get what you're saying, if you reject my suggestions, then you're going to need to come up with your own or face a lot of dead hackers in your game.

I find the entire concept of writing rules designed to recreate TRON to be silly and pointless, not to mention that the SR4 version is pretty darn hosed in other ways. I keep hoping someone will try to come up with rules that produce a system that seems less silly.

kzt, Have you seen my custom hacking rules?
I'm not saying its perfect, but it was meant for GMs that didn't want to deal with VR but wanted something more akin to command-line hacking security devices while on runs.

It has little to no loyalty to the Shadowrun hacking rules. Check it out. You might be interested.
Cetiah's Custom Hacking Rules

Here is the thread where the hacking rules were first introduced.

Cetiah,

I'm afraid that I disagree very strongly with your conclusions.

This is an aside, but I neither realised that the whole prinicple of cyberpunk was that I.T. had changed certain principles such as copy protection nor that Shadowrun was necessarily "cyberpunk."

We know that there is copy protection in SR because we have rules for it and the gear list for software implies that regardless of whether or not it is perfect, it is at least sufficient to have an effect on the market. You went straight from copy protection can be broken to instant transmission of anything anyone produced. The effect of copy protection was only one of my arguments for software not being universally free, but it's one that I'm not happy to discard. I think it's still a factor. Not the be all and end all, but that's not what I said. It is a factor.

I'm not in agreement that the former (able to wreak great damage) implies the latter (able to crack encryption in no time). If I have access rights to a server, I can wipe all the files with a keypress, but I can't crack the 256-bit encryption on a PGP encrypted email with all the years in the Universe. I think if we're drawing from the real world, then the likely case is that no hacker would be able to crack even half decent encryption at all. But I'm not allowed to draw from the real world if I wish to stay compatible with RAW as we have rules that tell us how easy / hard it is to crack encryption. For my purposes, I don't want to break with RAW unless RAW is very silly indeed, and given my lack of knowledge about 2070 encryption, I can't judge that. So I'm taking the RAW over your preconception that encryption would be insignificant to break. Unless you can give me good solid reasons why this would be so.

I do like the idea of encryption as IC and in fact this was the case back in SR1. You could even copy the file with the IC still attached and do battle with it in your cyberdeck later, after the run.

I have great pity for the trid pirate that posts Renraku's cutting edge security packages on a public bulletin board. But really, I think you have too simplistic a view of this. If you re-read what I wrote, you'll find I made points about reverse engineering the software, about trusting it and cracking it. If (and I'm not going to grant you that it's something other than an 'if) you were to get hold of the Renraku Security Tools Suite (Orichcalcum Edition) as a non-running, installable package, then I'd invite you to consider the following stages that must be gone through.

1. Cracking the encryption on it.
2. Cracking it so that it can be installed without the various keys, codes and licences.
3. Reverse engineering it so that you can identify any sneaky-weaky gotchas and traps in it, such as contacting Renraku HQ every now and then to let them know where and how it is deployed (note that for purposes of updates, verification that the package hasn't been corrupted / compromised, etc. that this feature would be desirable to their customers).
4. Reverse engineering it so that you can be sure that there aren't any security holes in it, such as backdoors for approved Renraku security personnel.
5. Distributing anonymously and avoiding the might of some of the big players (and if we're talking Rating 6, still, then we're talking big players).
6. The fact that the wider you distribute this package, the more the hacking community in general become familiar with its techniques and weaknesses (effectively its rating drops).

I think that's a good starting point to justify a lag in distribution, personally. And remember that any lag can again result in a lower effective rating because the impression I get from Shadowrun fluff is that this is a fast moving world. For any updates to the IC, most of the above steps will still apply whilst the legitimate customer just gets them and can relax, knowing he's patched and up to date.

I didn't say that. And in fact the next part that you quote from me states explicitly that I think most people would puchase from a third party. And as to being "so low" I said that the average IC would be rating 3. This is backed up by the BBB which gives 3 as the average rating for most pieces of gear. If everyone has rating 6 everywhere then it's going to be a dull game for hacker characters.

I'm afraid that you lost me when you said that a corporation would be more likely to purchase their office security systems from a "reputable hacker" than from an internationally recognised and successful corporation such as Renraku in my example. I will list the problems with this that spring immediately to mind (I'm sure I could list more):

1. Reprisals from Renraky or whoever when they notice you're running a pirate copy of their latest software. Believe me that a lawsuit from them would cost a whole lot more than buying a legal copy.
2. Support contracts, updates, legal guarantees, etc. I would be seriously worried if I found out my company's security depended on a guy called "The Amazing Electric Samurai" who might be shot, imprisoned, bored or grounded by his mother the day I get an intrusion.
3. Knowing that what I'm getting is actually what I'm paying for. If I get v.2.65 from Renraku, then I know that's what I got. If it's been through a chain of two dozen hackers, then I have much more reason to doubt it. (And if I'm dealing with the guy who ripped it off from Renraku himself then that's double the reason not to expect him to be around much longer)
4. Backdoors. To me you have this completely backwards. Something from a criminal hacker is far far more likely to have security holes deliberately introduced into it than something from the manufacturer. I introduced the issue of backdoors earlier to illustrate a reason why a big megacorp wouldn't use ripped off security software from another, not to say that because you've taken one small risk, you might as well take several very big ones. Even if a megacorp has a backdoor in their product, they'd need a massive reason to take the publicity hit that would go with being caught using it. Mr. Criminal hacker? He's already up to his eyes in it and one more crime wont make a difference.

I don't know why you thought I would claim the backdoors lie in firmware. Firmware is kind of the program that lives at the hardware level. You wouldn't find it in an agent. Well, you could postulate the Cisco BlackHammer hardware ICwall, but that's not how I see this and the BBB suggests otherwise quite strongly. I raised firmware to explain the level that protocols against self-replication in the Matrix may work. The point still stands.

They are not the same. Distribution method for Renraku is go to their public site, add IC package to your account and await delivery / support engineer. Distribution for pirate version is hang out in hackers' Matrix club (having found it first), ask someone who's icon is a giant jet propelled penis if this is really the latest Renraku IC package, take their word for it, convince your manager that you can save the company lots of money by installing this instead of buying a legit copy but that he really doesn't want to fire you if you're wrong. Repeat.

So how much did you pay for your last CD? DVD? The oil in your car? Of course the megacorporations are going to screw you out of every bit of profit they can get away with. Especially in a world as dystopian as Shadowrun. I don't think this is the way the real world is going, but it's absolutely the way 2070 works. When distribution and replication costs are zero, controlling supply and demand is the only way to make a profit.

Well, that's my take on it, anyway.

EDIT: We've now gone wildly off the original topic of replicating agents, so can I take it that we've now dealt with that problem and it is resolved?

Well then you're kind of playing the wrong game, a bit?

Yeah, obviously we have radically different preconceptions of the way security software works in Shadowrun. In my campaigns, corps are paranoid and heavily involved in the shadows, organized crime, and are in fact the cause of many "openings" in the system we refer to as Shadows. They are not inherently good, honest, dependable, reliable, community-serving members that want omni-compatable up-to-date software for all of their clients - citizen, criminal, and corporation alike.

In my campaign the hackers have developed Data Haven communities that are kind of the equivilent to open--source communities today, except that major corp influence have made these communities illegal. They are constantly exposing the nefarious corporate agendas to the public and working for private employers to hinder their convoluted schemes toward economic manipulation.

Also, in my world economies are demand-driven rather than supply-driven and corps can't just "stick it to the consumers" whenever they want. I also do follow on the idea that communication is so advanced and abundant that once any info hits the Matrix, it's pretty much public. Essentially, there is no lag when it comes to distributing information. This is a problem, yes, but one I can't find a way to work around while still keeping these themes.

So yeah I think our fundemental concepts of the world are just different. Our opinions on economics, data distribution, and hacker communities differ greatly.

Cetiah, your future sounds like how I see the real world going in many ways and it makes sense. But I'm arguing from a point of view that I feel is as close to cannon as I can. I assure you that corps in my game are far from honest, community-serving entities as you imply and I don't think the business comparisons that I drew between corporate and pirate providers of programs would require them to be. I guess I'm responding in this way mainly because I don't want a misconception about me that what I'm presenting is anything other than RAW. I think everything I've said is consistent with both rules and fluff.

I guess I'm also posting about this because I want to establish that the agent smith solution I proposed was entirely reasoned out on technical grounds and the logic isn't affected by whether we play in your political interpretation or another. The fact that you used that reference as the quoted introduction to comments on the differences between social-economic settings made me concerned that others would read the solution as dependent on an issue of setting flavour which it is not. It's based on cannon SR technology.

None of this is a criticism of your setting, by the way. Just wanted to say that because sometimes forum discussions get a bit tennis-like, with each post being seen as a counter-argument to the one before it. Thanks for your insights as you've very much helped me flesh out my interpretations and fill in several holes.

Maybe go with it. The potential damage for misinformation is even more increased in such circumstances. And a successful backdoor or IC trap that did make it through the screening effectively would be devastating. If you could wrap up some sort of data bomb that did Black IC style damage in something very popular with hackers such as an advanced, prototype attack program, then it could be devastating to the world hacker community. Run idea: the players are the ones who are initially set up to steal the prototype program. Then once they're basking in the fame and glory of having given the world this popular tool... worldwide hacker coma party! Just a thought.

But that was the point.
The PCs wouldn't just download the advanced attack program and pass it on. They would decrypt it and defuse it first. Thus, the program that was eventually released through the PCs (hackers) would be better than the trapped ones they initially got from the corp or that the corp is distributing commercially.

They could remove flaws from the program and THEN distribute the data. Whereas buying or stealing from the corp forces each hacker to do it themselves. (They might even take the time to remove the "bug" that causes the system to crash whenever they try to move it to another datanode...)

The pirated program distributed by the PCs would be better, less buggy, and cheaper. The PCs could even distribute as many free copies as possible all they want once they were paid for the run.

In order to prevent this, you need copy prevention security that is so good that even PC hackers couldn't break it. That's what I define as "perfect security". Because all it takes is a couple of hackers to be doing something like this. And its likely more than a couple will be trying... for some, it's a job, for others its a hobby, for yet others its a way of life.

No, you've not got the point. The idea is that the corps, knowing that the PCs will distribute it to everyone, take advantage of this by booby-trapping it so that the PCs don't catch the booby trap. You're giving your hackers a level of competence that I can't get my head around. If you want them to be that good, then so be it, but I have a very good friend who is a very good programmer and I get the impression that reverse engineering something as massively complicated as a rating 6 (or 7 as we're talking plot device here) attack program is a hugely complicated task. It occurs to me that as the program is intended to cause people damage, hiding a booby trap might even be easier than you'd think. And it has nothing to do with copy protection. I don't know where you got that from. The point is that it can be copied.

Take it or leave it, anyway.

Essentially computer security in SR is much worse than in the RW, in that it's much more likely for useful and valuable data to go missing. This would tend to suggest that the logical way to get access to a really cool package would be to steal the source code.

Once you have that it's pretty trivial to remove all the junk that isn't useful. Then you can sell black market versions. Or you could just post the entire package's source for other people to play with.

>>>Never programmed professionally?

Actually, if we were talking booby trapping something so that it calls home or somesuch, then it could be quite possible to do this in such a way that it was a lot of work to be certain you'd rooted it out. I agree it would be far more feasible to do this if you had the actual source code (which would be guarded like a dragon guards his testicles), but I still think it would be a big task. What if one of the accompanying libraries had a "call home" boobytrap that activated when a particular parameter was passed to it. Something innocuous and unless you study the code to exhaustion you'll never spot it. Now you not only have to have the source code for the libraries but also examine them. And breaking compatability with any existing hacked libraries that your enemy might have is trivial.

Just to check I wasn't talking rubbish (I don't think I am), I downloaded the source for Firefox. Uncompressed it runs to 220 MB which is who knows how many lines of code. And I would guess that this is an order of magnitude smaller than a high-rating attack IC program of 2070.

I agree what you say is possible when lots of people are involved in the "cleansing" project. I disagree quite a lot with the word 'trivial' that you used. And again, I'll highlight the time constraints as you're working on a moving, updating target.

Okay, but in the world of Shadowrun this is just a Software test.

What you consider incredibly difficult is... what? Threshold 4? 5?

Seriously? It would have to be an extended test, I think, to account for the time span and the fact that it will be a team effort (probably). SR4 gives a target of 12 hits for an extremely difficult test, but anyone with 10 dice in their pool is likely to make this quite easily. Even 16+ for Extreme difficulty is too low, really, when you don't have any time constraints. So probably I'd set it at 25 - 30 with an interval of 1 month. The way you've portrayed it, it sounds as though there will be a team of hackers working on it, so it still wouldn't be difficult. Really the Shadowrun system doesn't handle it very well.

For me I'd either just rule it as a plot device or more likely mislead the players into not bothering to check. If the set-up is good enough, then they'll believe they've just boosted bleeding edge software from the most secure parts of a megacorp. They might do their routine scans to remove any call-home / update software but might not scan it for the line that reads: if (date == 20701213) {user.brain_fry();}

If that doesn't work then with the amount of money the megacorps have, it shouldn't be hard to turn one of the hackers to their side. I've learnt as a GM, that neither murder, nor wealth, nor deviancy in a villain riles the players up as much as simple treachery and getting away with it.

Anyway, looks as though the Agent Smith problem is kind of answered now, which is what I was mainly interested in.

Regards,

-K.