The world of online gaming is not that different from the real world: There are those who play by the rules and those who cheat. The issues of security and ethics in cyberspace provide a preview of problems that will emerge in the next generation of computing, according to one of the presenters at a conference on electronic crime being held in Oakland today and tomorrow.

Gary McGraw, chief technology officer of Cigital Inc., a software security firm, said the client-server architecture of "massively multiplayer online roleplaying games," which allows a hundred of thousands of people to play a game at the same time, is "catching on in other domains" as businesses seek to exploit the interactive potential of the Internet more fully.

"The kinds of problems that are experienced by the games are a bellwether of the kinds of problems we can expect as software continues to move toward these modern architectures," he said.

"Exploiting Online Games" will be the topic when Mr. McGraw gives the keynote address this morning for the opening of "eCrime '07," an academic conference on electronic crime. The conference, at the Oakland Holiday Inn Select, is being presented by the Anti-Phishing Working Group, a consortium of businesses and law enforcement agencies working to combat Internet-based criminal activity, and hosted by Carnegie Mellon University's Cylab, a research program in cyber-security.

Peter Cassidy, the anti-phishing groups' secretary general, said about 120 people were expected to attend the conference, which follows the organization's annual general meeting, held here Tuesday and yesterday . The organization chose Pittsburgh because it is home to such cyber-security agencies as Hazelwood's National Cyber-Forensics and Training Alliance, and the CERT Coordination Center, housed at the Carnegie Mellon University Software Engineering Institute, he said.

The interactivity that is typical of online games is increasingly being touted as the next big thing for everything from social networking sites to Web-based applications that will allow users to write documents and assemble spreadsheets online. Whether described as "service-oriented architecture," "software as service," or "Web 2.0," Web sites or applications that allow one to work from any machine that is connected to the Internet, rather than being restricted to one's personal computer, are hot, and getting hotter.

But that interactivity can come with a price, Mr. McGraw said.

For example, he said, when a game player moves about in the imaginary environment of Blizzard Entertainment's best-selling "World of Warcraft," his position is controlled by his personal computer. The game server, which continually updates all players' activity, "believes whatever the PC tells it."

As long as a player is merely walking around, that is fine. But a hacker can teleport across the imaginary world, thus gaining an unfair advantage over those who are playing according to the rules. The server's total trust of the individual player's PC becomes an invitation to mischief.

A more sophisticated cyber-miscreant can gain even more of an advantage by creating a "bot," a computer "robot" that functions automatically -- in this case, playing a game and accumulating virtual treasures while its creator sleeps.

In the non-game world, Internet scammers already use bots on a large scale to send out fake e-mails purporting to come from merchants and banks. With an increased use of client-server architecture, such activity could become even more prevalent.

"As long as there's going be value available to them … they're going to try to exploit that," said CERT internet security analyst Jason Milletary of online criminals. "It's not new crime, it's just new vectors of old crime."

While merchants and law enforcement officials alike continually strive to educate users how to interact more securely, Mr. McGraw directs his message primarily to developers.

"Most people who build our [computer] systems don't think about bad guys when they build, and that turns out to be a mistake," Mr. McGraw said. "There are in fact people who want to cheat and who want to make your program fail in interesting ways.

"Think about what those people might do and design your programs to prevent that."