Agent Surefire is a game created by ESET, a cyber security company best known for their NOD32 antivirus program. It was published online in 2010. The game is set in an office where the protagonist, Agent Surefire, is investigating a security breach, thought to have been conducted by the infamous hacker Cyrus.
As Agent Surefire, your task is to investigate the office. This is presented in a point-and-click adventure style, with the main task being to locate clues regarding the identity, location, and activity of the criminal under investigation. You are also tasked with finding any other security violations (unlocked drawers, open computer terminals, etc.) that could cause any future security breaches.
You move through the office with north, south, east, and west controls, and can reorient yourself to face any of these directions. There are many clickable items that you can further investigate or change the state of (open disk drives, turn off screen savers to access computer terminals, investigate the contents of wastebaskets, etc.). By clicking the “tag” icon, you enter tag mode, where a larger set of items become “taggable.” You can attempt to tag these items as violations, if you feel that they might be.
Tag mode is the major mechanic of the game. In this mode, your mouse cursor becomes a tag, and you can attempt to tag several different things. When an item is chosen to tag, you’re given a host of options for categories of security violations. The object is to correctly identify what violation is occurring, netting you the maximum points. There is no penalty for attempting to identify something as a violation that is not (i.e. tagging a stapler as any violation won’t lose you any points, because it’s not a violation), but tagging something that is a violation incorrectly (i.e. a business document in a wastebasket as a “leaving computer terminals unlocked” violation) will cause you to not gain the maximum points.
Every time you tag something as a violation, a dialogue will come up informing you whether or not you have correctly identified the item. It will then display the information regarding the correct violation on the screen. This is the major educational aspect of the game. It will inform you of what the violation means, give you information about the violation, and give you tips on how to avoid doing this in the future.
Your main tool is your “Agent Gadget,” a small computer that enables you to communicate with headquarters, investigate objects in the environment (such as external hard drives), and get information about the items in your inventory. It is also the main means of delivering the story of the game. When you find a clue (or a certain time has elapsed, as it seems), headquarters will give you a call with an update on what’s going on in the investigation.
The game is set in an office building. It is a very sterile building, exhibiting the colors in the ESET logo (turquoise, grey and white). The main investigation area is an office with several cubicles and drawers, among other items you are tasked with investigating (for example, a key to a drawer is located in a potted plant). There are computers around that all have ESET NOD32 antivirus installed on them.
Agent Surefire: Breach Buster offers a lot of information in an interactive way. This enables the company to share important information in a fun way. Here is an excerpt from the description of a “Possesion and/or use of software and/or storage media that management deems illegal and unsafe” violation:
“Users may not install any software that has not been tested by the IT department. Seemingly harmless e-cards, screen savers, games, or potentially very useful but free-of-charge software can indeed be spyware and/or may allow other spyware to slip in to the system”
This is something your casual internet user likely doesn’t know. While those who are experts in information security won’t find any new information, those with little experience will find the experience valuable. A practical application of the game would be in a business setting. New employees will be required to complete the game and pass a small test thereafter. It makes the process of learning corporate information security fun and inviting, while offering the benefit of informing employees and potentially eliminating several security breaches. Any business with sensitive information or a lot of employees, or any individual that works for such a business, can benefit from playing through this game.