Okay, I've read the Matrix rules a few times over now, but I'm still stuck on a couple of things.

1: Our hacker has been doing typical hacker things: hacking into Lonestar drones, deleting footage from their memory banks, that kind of thing. I've been rolling the drone's analyse against each of his attempts to hack in, but once he's in... what now? Does he have free reign to run around fiddling with things?

p222 (Hacked!- Once Inside) mentions the possible nasties that can arise even when inside, but how do I determine when they come up? Or do I just decide "welp there's a BlackOut ICE here."

2: Do you roll matrix perception (p217) before or after you enter the node?

For example, once our hacker had detected the drone's node, could he roll perception and discover that it has a rating 3 firewall, a sprite loaded with ICE and a security hacker wandering around inside? Or do you have to actually hack into the node before you discover this?

Thank you for any help!

All very practical things and ones that have come up in my games.

1) He'll have free reign if he's hacked an admin account. Then the drone won't be analyzing anything. You might allow similar with a security account, but that's your choice. Just remember, that regardless of account, there is a data trail, so if the hacker isn't cleaning up the log before he leaves, there are still some traceable clues left around. In fact, even if he does clean everything up, there's still a logout beign logged. It doesn't hurt the hacker at the time of the hack, but may be used to find him later or be more ready for him next time...

2) You kinda have to plan that yourself. You can set them up to randomly scan every so often, or not at all. Its really GM discretion. You kind of have to think of it like a patrol at a warehouse the team is breaking into. They may have security walking the perimeter, checking on everything, or they may not.

3) As to matrix percpetion...I've always allowed a roll before entering the node, but it only gives stats e.g. firewall, system, response and signal. I often also give general information, like if its a commlink or a security node, etc, if the roll is high, but I normally don't give any info on what's actually inside. And the general information could just be fake or "stealthed" anyways.

I've been treating matrix intrusions like physical ones. Moving around in nodes like moving around in buildings, random analyze and patrols have chances of spotting you.

Even if you have admin access and and keep you logs clean other Hackers can still run into you and ruin you day.

I agree with the inside and outside of the node perception tests being separate.

QFT.

This is advice that I have been harping on for awhile that many people don't seem to "get." I never see threads where people say "I don't know how to design security for a corp office! How do I tell if the guards see the characters?" People have an intuitive grasp on physical intrusions, so just treat Matrix intrusions the same way!

What information can they tell by observing a node before hacking? Well, what could you tell about a building by looking at it from the outside? What its made of, what kind of building, but you couldn't tell how many people are inside right?

When do I roll to see if IC sees the player? Well, if it was a guard patrolling a building when would your roll? Whenever the guard happens to stroll by, right? So, that's when you to see if the IC spots the player. A general "rule of thumb" is to roll to see if the Node detects the Hacker every time they do something that involves the Hacking skill.

Remember: keep the Matrix stuff moving. Previous editions' Matrix rules were way too slow to resolve because of all the detail in the rules. SR4 has blessedly removed most of that detail, so just go with it. Keep it fun, keep it fast.

Thanks for the tips, blokes!

Well spoken, Malachi.

It may be that i take it too literal, but nevertheless: I have a question.
A Node is just one Place. There is no "strolling around" for an IC. If it is active, it can detect you if it is programmed to scan for Intruders, whether it is near you or not. The same reason you can't hide behind a pillar icon, it's just not there and the Analyze-Tool won't get any penalties for detection (Except your Stealth uses that as preprogrammed metaphor)
I try to play along. AFAIK it is written somewhere that the "Location" of an icon in a node represents the point where it focuses its attention. So, a hacker who is decrypting a file hovers in the vicinity of the file, a Sec-Hacker reviewing the access log is near the access log icon and so on. "On Patrol" would then be a metaphor for the sweeping of access logs or memory banks and so on. Would you agree?

Well... maybe. I freely admit I'm working in a "reverse logic" method here. If the Analyze program of an IC can observe all things at all times then that creates an unplayable situation where the GM must roll every IP to see if an IC program detects an intruding Hacker. Besides that taking way too long, it creates nearly unhackable systems since the laws of probability say that if you roll enough times, eventually the IC will roll well and the Hacker will roll poorly and they'll be discovered.

There is precedent in the rules that Analyze programs must be "focused" on a particular Icon in order to determine more detail. One must make a Matrix Perception test on the specific file for instance to determine if it Encrypted or if it has a Data Bomb attached to it. An action must be spent "observing in detail" a particular icon in order to gain more detail about it. A Stealth program disguises a user's icon to appear to be "mundane" or just "part of the landscape" of a node. Ergo, without "observing in detail" and spending time to look "specifically" at that icon a Hacker running Stealth will go completely unnoticed from casual inspection. There are far too many icons flying through most Matrix system for any one (or even a group) of IC to analyze every icon in detail. Therefore, IC must split their attention by either randomly scanning different icons as they move through the system ("random stop checks"), or refining their interest to a particular sub-system that may be especially sensitive (the research datastore, for instance).

An IC simply looking at the access log would be like a Spider or Security Guard sitting at the security desk and watching the building's automated system. They might see signs of suspicious activity or they might not. It might take them time to mobilize to a part of a system where a possible intrusion has happened or is happening. Yes, I do think that their is some form of "space" in the Matrix. This could mainly take the form of "focus of attention." An IC program could be monitoring the system at a very high level ("at the desk" so to speak) and if it sees something suspicious it could then "move" to that area by shifting its attention to the specific programs and processes involved in that particular sub-process.

I'm a Software Developer and I have a degree in Electronic Engineering. I know how computers of today do their thing, but I have absolutely no interest in translating that into any direct manner into my Shadowrun game. Accurate dice simulation of computers would be extremely boring. I was talking to another engineer friend of mine and we agreed that the entire concept of Cybercombat with variable "program damage" that can be "healed" is utterly ridiculous from a contemporary standpoint. So too is the concept that there are "locations" inside of a computer that programs must "move to." However, Cybercombat does make a very fun and exciting game, therefore I like it. Also, I find that thinking about SR computers as physical "places" that have "rooms" in them were someone can "hide" while IC programs "walk by" is also fun, so that's how I play.

As mentioned before, you could treat the matrix as a physical place. You could just say "You turn the corner, and there is an attack agent!" But, you could also apply some common sense. If a lonestar cop is looking at the party through a spy-drone, and then suddenly that drone desides to fix it's gaze upon a street sign, the cop is gonna figure out something is off. Then the cop can use his analyse+Computer skill to find the hacker.



Rolling analyze+computer skill will give you information on a firewall before you hack it. But, you have to get inside to see what is inside.

Malachi: I understand. It was an enlightening reading, thank you

You're welcome. I also forgot another key rule about Access Logs (I believe it was mentioned in Unwired): they are only updated every System Combat Turns. Therefore an IC or Spider simply monitoring the system Access Log will be slow to react to something since it could have happened up to 18 seconds ago. That may not seem like long in the meat world, but it is a near eternity in the digital world. That is why most corp's go with IC actively monitoring their most sensitive systems.

i would do it simple. if a hacker uses hacking skill to perform a action, roll a matrix spot check on any present spider, or IC packing a analyze prog.

That's certainly a quick and easy way to do it, for sure.

We use a slightly modified version of that, and it works out just great...

What if one where to leave an agent behind in the node with the instruction to edit out the log-out, then delete itself?