If an agent acting independently loads itself onto a target's node and gets spotted, can the spider dump it from the hacked account? If no, why not? If yes, what happens to the agent? It exists entirely on the target's node, so it can't 'go' anywhere. Does it continue running, waiting for an instruction to hack a new account?
Also, is there anything preventing a sysad from simply deleting the agent from the node? He can't give it orders without the right AID (and password if encrypted) but he can tell the node to stop providing it with system resources and memory can't he?
Full Version: Independent agents query
The agent is a program running on the node, so anyone with the right privileges can stop it like any other program (once it has been spotted).
I could allow an agent a hacking+exploit (firewall) roll to avoid getting stopped, but I don't think that's covered by the rules.
I could allow an agent a hacking+exploit (firewall) roll to avoid getting stopped, but I don't think that's covered by the rules.
You can defeat the agent in cybercombat.
QUOTE (NiL_FisK_Urd @ Feb 3 2012, 12:22 PM) 
You can defeat the agent in cybercombat.
Indeed and in the case of worms that is the only suggestion. But it seems odd that as a program loaded on the node the worm hogs system resources (+1 processor load for worm and each program it carries) and can't be deleted or deactivated.
Many malware today behave in that fashion. Killing the process just spawn a new one until you defeat the "package" as a whole. It builds safeguards into itself to keep itself running.
My guess is that the design attempt was for something similar.
My guess is that the design attempt was for something similar.
If it's supplementary to the adventure you could always treat the worm as a virus and have it removed with the Purge program, but personally I like to have my runners' TM/Hacker have to fight the occasional malware bad-ass to off-set the cheap cost of pirated programs and to demonstrate to cocky sammies & mages how truly useful their Matrix counterparts can be.
If the rules don't specify, it's a GM decision. It's a flavour choice, personally. As well it should be.
If the rules don't specify, it's a GM decision. It's a flavour choice, personally. As well it should be.
QUOTE (Fortinbras @ Feb 3 2012, 11:29 PM)
If it's supplementary to the adventure you could always treat the worm as a virus and have it removed with the Purge program, but personally I like to have my runners' TM/Hacker have to fight the occasional malware bad-ass to off-set the cheap cost of pirated programs and to demonstrate to cocky sammies & mages how truly useful their Matrix counterparts can be.
If the rules don't specify, it's a GM decision. It's a flavour choice, personally. As well it should be.
If the rules don't specify, it's a GM decision. It's a flavour choice, personally. As well it should be.
That's just it - I'm fine with the game mechanics and only being able to remove a worm through cybercombat, but you know what players are like. They ask questions. Awkward ones that don't show in the index.
So when my uber-hacker asks me why he can't remove a program from his own node what do I say? If he terminates the worm's connection, is the worm gone or still on the node?
I would say you treat it just like making resisted changes on a system.
If an admin has the proper rights to terminate resources to a program, and the program is fighting to keep them..... this falls under the hacking rules of 'if you don't have the rights to do something, you need to hack it with hacking+something relevant, opposed by system+firewall'.
So the sysadmin would roll Hacking + Edit vs the Agents System+Firewall. At least that's how I would do it. If the sysadmin failed, the agent would notice it and fire off a Restricted Alert vs the sysadmin, because the malwars knows its trying to be shut down, and is better prepared to resist further attempts at deactivating it. Edit is used to change and delete programs, so its the most sense-makey program to forcibly shut down something down. Another alternative would be Hacking+System, because the Deactivate Program Action actually says (System) next to the name in the list of matrix actions.
At least that's how I would do it. Normally, an admin would be able to load and shut down IC and agents, but in this case, he doesn't have the necessary permissions because the hostile agent won't obey his commands.
Regarding Kicking/banning the agent from the system: If its connecting remotely, I don't see any reason severing the connection wouldn't work. If its physically contaminated, though, I would say you can't really kick it off the system: Its maliciously consuming resources and you're going to have to cut it out, one way or the other.
To use a real world analogy, loading an agent onto a system is basically like thumbdriving a virus onto a computer. There's no network really involved at all once its infecting stuff. The biggest difference is the virus is actually semi-sentient.
If an admin has the proper rights to terminate resources to a program, and the program is fighting to keep them..... this falls under the hacking rules of 'if you don't have the rights to do something, you need to hack it with hacking+something relevant, opposed by system+firewall'.
So the sysadmin would roll Hacking + Edit vs the Agents System+Firewall. At least that's how I would do it. If the sysadmin failed, the agent would notice it and fire off a Restricted Alert vs the sysadmin, because the malwars knows its trying to be shut down, and is better prepared to resist further attempts at deactivating it. Edit is used to change and delete programs, so its the most sense-makey program to forcibly shut down something down. Another alternative would be Hacking+System, because the Deactivate Program Action actually says (System) next to the name in the list of matrix actions.
At least that's how I would do it. Normally, an admin would be able to load and shut down IC and agents, but in this case, he doesn't have the necessary permissions because the hostile agent won't obey his commands.
Regarding Kicking/banning the agent from the system: If its connecting remotely, I don't see any reason severing the connection wouldn't work. If its physically contaminated, though, I would say you can't really kick it off the system: Its maliciously consuming resources and you're going to have to cut it out, one way or the other.
To use a real world analogy, loading an agent onto a system is basically like thumbdriving a virus onto a computer. There's no network really involved at all once its infecting stuff. The biggest difference is the virus is actually semi-sentient.
Cheers Udoshi, that's really good advice.
Awesome stuff Udoshi!
It makes perfect sense, and doesn't violate RAW in any way I can see.
It makes perfect sense, and doesn't violate RAW in any way I can see.
QUOTE (Udoshi @ Feb 4 2012, 08:56 AM)
I would say you treat it just like making resisted changes on a system.
If an admin has the proper rights to terminate resources to a program, and the program is fighting to keep them..... this falls under the hacking rules of 'if you don't have the rights to do something, you need to hack it with hacking+something relevant, opposed by system+firewall'.
So the sysadmin would roll Hacking + Edit vs the Agents System+Firewall. At least that's how I would do it. If the sysadmin failed, the agent would notice it and fire off a Restricted Alert vs the sysadmin, because the malwars knows its trying to be shut down, and is better prepared to resist further attempts at deactivating it. Edit is used to change and delete programs, so its the most sense-makey program to forcibly shut down something down. Another alternative would be Hacking+System, because the Deactivate Program Action actually says (System) next to the name in the list of matrix actions.
At least that's how I would do it. Normally, an admin would be able to load and shut down IC and agents, but in this case, he doesn't have the necessary permissions because the hostile agent won't obey his commands.
If an admin has the proper rights to terminate resources to a program, and the program is fighting to keep them..... this falls under the hacking rules of 'if you don't have the rights to do something, you need to hack it with hacking+something relevant, opposed by system+firewall'.
So the sysadmin would roll Hacking + Edit vs the Agents System+Firewall. At least that's how I would do it. If the sysadmin failed, the agent would notice it and fire off a Restricted Alert vs the sysadmin, because the malwars knows its trying to be shut down, and is better prepared to resist further attempts at deactivating it. Edit is used to change and delete programs, so its the most sense-makey program to forcibly shut down something down. Another alternative would be Hacking+System, because the Deactivate Program Action actually says (System) next to the name in the list of matrix actions.
At least that's how I would do it. Normally, an admin would be able to load and shut down IC and agents, but in this case, he doesn't have the necessary permissions because the hostile agent won't obey his commands.
And what options/programs do you need to give an agent to make it behave that way? I.e. to make it resist an admin shut-down command?
Because basically, with an admin account you should be able to do anything - including shutting down any process. So the process restarts itself, ok. But that should take at least another action, and a smart hacker should get at least one more complex action than a worm or agent.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.