[TheHug]

So the stealth program doesn't fully hide an icon, just renders it as something innocuous, right?

Say I log onto a node, without hacking an account yet (public level) if there is a spider or agent in the same node, is it immediately aware of the new icon? If it then performs a matrix perception roll, could it then alert security without me ever actually attempting the hacking rolls?

This would be especially true in cases where the spider is familiar with whatever icons are supposed to be on the node at a given time, or if the spider knows that no one else is supposed to be on, wouldn't the mere presence of an icon (even stealthed) be enough to trigger a security response?

Am I reading this right?

[ArkangelWinter]

You can't log on without an account, for starters. And no, agents and spiders are nit immediately aware of a new icon. Spiders are still metahumans, and can certainly miss details, especially with one spider watching on his own. Agents are more likely to spot you almost immediately, but they have simple dog-brains and can't make judgments like "too many .exe icons are on this system" without beating your Stealth.

[_Pax_]

If you legitimately log on with a Public account, and haven't done anything ... what is there for the Spider or Agent to see, that would prompt them to trigger an alert?  You'd still be a legitimate Public-level user ...

[Tagz]

What you DO have to be careful about though is what you do while stealthed around things that can see you.  An innocuous background file probably doesn't edit the Access Log for instance, so be sure that no Agents, IC, or Spiders are in that part of the node before you do it.  Doesn't matter how high your Stealth is, if you do something like that in front of a spider they're going to suspect something.
As a spider, if an icon like that did something out of the ordinary I'd do this: 1) Analyze, 2)Edit.  If the spider can't edit the file (because it's really a persona, Agent, etc) then they know there's some hanky panky, if they can edit it, then look for the code explaining why it would do what it did and correct it.

This is why I really like it when runners try to get a legitimate icon for use in a node instead of running Stealth.  It's like using the Disguise skill instead of Infiltration, with the added benefit that there is no opposed roll to see through it.  Sure, they can run Analyze on it and perhaps figure out it's not the regular person using the Icon, but most of the possible questions raised could be answered socially: "Oh, different Access ID?  I called out sick and am using my new commlink to telecommute today.  Why's the System so high?  Cause I got a top of the line link, of course.  Running an Armor program?  Is THAT what that program is, because I'm still learning what this thing came with.  I'll deactivate it of course." Etc, etc.

[Sengir]

What you DO have to be careful about though is what you do while stealthed around things that can see you.  An innocuous background file probably doesn't edit the Access Log for instance, so be sure that no Agents, IC, or Spiders are in that part of the node before you do it.  Doesn't matter how high your Stealth is, if you do something like that in front of a spider they're going to suspect something.

STEALTH (HACKING)
Stealth is a clever hacker program that attempts to hide the hacker from other system processes. While it cannot make an icon completely undetectable, it makes the hacker seem innocuous by obfuscating his activities, erasing system tracks, and mimicking authorized traffic.

Breaking through Stealth requires a good Analyze roll, otherwise the Stealth program will make everything look like it should be.

[TheHug]

Think this makes sense now. A spider doesn't automatically know another user is in the node, however it is reasonable for him to find the hacker on an analyze roll once the hacker starts messing with stuff, even if the hacker hasn't set off an alert.

[Tagz]

What you DO have to be careful about though is what you do while stealthed around things that can see you.  An innocuous background file probably doesn't edit the Access Log for instance, so be sure that no Agents, IC, or Spiders are in that part of the node before you do it.  Doesn't matter how high your Stealth is, if you do something like that in front of a spider they're going to suspect something.

STEALTH (HACKING)
Stealth is a clever hacker program that attempts to hide the hacker from other system processes. While it cannot make an icon completely undetectable, it makes the hacker seem innocuous by obfuscating his activities, erasing system tracks, and mimicking authorized traffic.

Breaking through Stealth requires a good Analyze roll, otherwise the Stealth program will make everything look like it should be.

Ok, so by this reasoning if a Hacker used an Attack program on an IC, didn't kill it in one shot, and the IC failed to beat the Hacker's Stealth, just what happens?  Everything reports that the file has the permissions and instructions to do so and everything is as it should be.  So does the IC just let the file Attack it?  Shouldn't it, if everything reports back that the file is doing what it is supposed to be doing?  What if it was a Spider instead of an IC getting hit?

My point is that some actions are just out of character for any file and should provoke interest and investigation.  There is rule support with this under Perceptions tests not calling for any test that is "Immediately Noticeable".  After all, roll whatever you like on an Infiltration test, if you then start shooting an unsilenced AK-97 in a room with guards, I think any rational GM will say they take notice.  An Icon Attacking an IC I think would be fairly similar situation.  I think perhaps you might take more issue with my particular example then with my reasoning itself.  I could get into why I DO think it's a good example, but won't as it will make the post a lot longer and my real point is already made.

Anyhow, TheHug, yes, you nailed it.  And I still support that even if a Spider fails to beat the Stealth that the Spider can still be suspicious if the actions taken by the icon warranted it.

[Falconer]

Tagz... IIRC check unwired... I think there were some agents which did nothing but monitor the logfile... especially watching for changes to the logfile.


Look at p228...as a simple action you can set your analyze program to autoscan... every round it will scan the node and give you a list of what's present or not.  Including the checks against stealth rolled secretly by the GM.


As far as attacking from stealth... the rules don't cover that attacking automatically breaks stealth.  Though I'd probably give a free analyze check each time it happened.  If the targets gung ho, he can hang out on full defense til the aggressor is found.

The defense test itself for cyber attacks is response + firewall...  something jabbed at the icon but you're not sure what...  it didn't make it through the firewall to actually damage code.   Defense tests in the matrix don't really seem to involve surprise like they do in meat.  There's nothing that automatically breaks stealth in the cybercombat section that I can find at all.  And similarly nothing allowing you to surprise something and not allow it to defend itself (flatfooted).

That's just my rough reading of things... feel free to tear apart if I have parts wrong.