Mod Distribution and Virus - Concern

[einarabelc5]

I've been looking with excitement at many popular youtube channels of DCS and the mods they display, at that point I was already familiar with many of the DCS official modules so I could tell them apart.

When I first started DCS I figured all files were distributed on the main website under User Files:
https://www.digitalcombatsimulator.com/en/files/

 

I've noticed though that there is a pattern of mod contributors offering their files at their discretion and that there's no unified way to monitor for malware. Does either the community or Eagle Dynamics plan to address this issue. There is plenty of evidence in this forum itself of users getting infected or having to deal with infections in some way shape and form from module installation. This might completely and entirely happen unbeknownst to both the modder and the user who's installing the mod as there are many steps in between. But at least it would be a positive shift to address the concern that when a file is uploaded to the network and distributed for consumption that file in those specific systems is free of malware.

At the time being though, this seems to be quite loose and remember, just because you don't notice there is a virus in your computer it doesn't mean you might not get something like a worm, a specific type of malware that distributes itself to several computers and then it is controlled remotely to harness its distributed power to attack real systems, making your computer effectively a platform to attack somewhere else on the internet.

[Rudel_chw]

1 hour ago, einarabelc5 said:

There is plenty of evidence in this forum itself of users getting infected or having to deal with infections in some way shape and form from module installation

really? Can you provide actual links to this plenty of evidence? Because your experience seems to be totally different from mine: I’ve downloaded plenty of files from ED’s users files and other places and during my almost 10 years here have never catched an infected file. What I have seen plenty, are users who have had their antivirus falsely flagged DCS files as malware … but that is not the same as actually getting infected.

But even if there is an infected file somewhere within ED’s files, wouldn’t your antivirus catch it when you download it? Why do you need an unified way to monitor those files for malware?

[speed-of-heat]

Agreed.  I have not seen any evidence that a mod has been the route of an infection. And again your AV would catch it, on download.

[Devrim]

13 hours ago, einarabelc5 said:

There is plenty of evidence in this forum itself of users getting infected or having to deal with infections in some way shape and form from module installation.

This is the very very first time I read something like this. Who has been infected? Plenty of evidence???

Also I've never seen any post or thread to report this.

Edited July 17, 2022 by Devrim

[einarabelc5]

Thank you so much for replying!

A simple search for the keyword "virus" in this mod forum has 36 results of antivirus desktop applications from users saying their downloads trigger antivirus with recommendations to ignore them or turn them off to actual infections, like @Rudel_chw pointed out.
https://forum.dcs.world/search/?q=Virus&quick=1&type=forums_topic&nodes=184

Why would an AV falsely flag a mod file as a virus only to proceed to ignore it?

As for the centralized place, excellent question!!

A desktop software antivirus is not a bulletproof method, which is the assumption everyone has made from the days before the internet exploded. The server where you make the request to get the file from is also at risk of infection, and therefore infecting you, even if the files are clean, simply by the way it communicates with your local browser. Heck, even your personal Google Drive account can be infected even though Google maintains their servers clean, feel free to google that one.

Also, there's a common misunderstanding of how virus resolution works due to lack of education in how things have changed in the last 20 years or so. A virus signature database is what allows your AV to do a 100% identification of viruses. There's no way that db stays up to date with stuff that keeps coming up. The rest it's called heuristics, which is not more much than educated guessing based on trends and file activity in your system, as well as traffic, if you got an up to date AV. There are ways to get around those, ever heard of a Zero day vulnerability? That's when a virus or an exploit is discovered after lurking for a long time.

There's also the possibility that the mod files when and IF (and that's a big IF) so consider it a remote possibility, can be used to exploit machines just by the way their source code works, even if there are no malintentions.

Like I mentioned in my OP, there are also worms, which remain dormant and are only activated remotely at a later time.

Which is why a more sophisticated system with real threat monitoring, file behavior and traffic analysis as well as other measures implemented at a network level rather than on a single machine, like Web Application Firewalls and so on are put on servers to protect them from attacks. Some systems won't even let you execute a file if a new version of it is downloaded/installed because the hash signature of the file has changed.

My point is, going willy nilly installing random files downloaded from random places was fine for Internet 1.0, but nowadays, 20 years later that's just not secure. Which is why Microsoft and Apple now make money from developers having to buy a certificate to sign their applications(just like with HTTPS hand shakes) with so their OS recognizes it as a valid application. It's complicated, convoluted and there's always ways to take advantage of the situation, but at end it is the end user who's at risk.

Edited July 17, 2022 by einarabelc5

[Chump]

In my experience, I have seen very few executables for DCS which could potentially contain a virus/worm/whathaveyou. Most are simple graphics and text files. One who does their homework should know who is reputable when providing an executable for public consumption. If you are wary of downloading from a random dropbox or Google drive, then don't. I'm sure others will let everyone else know if something fishy is going on. Obviously, the safest place to download from is the User Files section hosted by ED. I'm not sure that most people in this community will agree with your fears. When in doubt, ask. The posts you refer to, in my opinion, talk about false positives from "sensitive" AV software. We all use different ones, and have different settings. If you stick to downloading LUA scripts and graphics mods (DDS/BMP/etc.), I don't think that you will encounter any issues that would cause your AV any issues, or have any dormant shenanigans to worry about. </2¢>

[speed-of-heat]

False positives are a thing...

[Rudel_chw]

3 hours ago, einarabelc5 said:

A desktop software antivirus is not a bulletproof method, which is the assumption everyone has made from the days before the internet exploded. The server where you make the request to get the file from is also at risk of infection, and therefore infecting you, even if the files are clean, simply by the way it communicates with your local browser. Heck, even your personal Google Drive account can be infected even though Google maintains their servers clean, feel free to google that one.

 

Well, that makes you wonder why we even bother to worry about this, if there is no real protection afforded by the AV software, nor Servers can be clean, nor even our Google drives can be clean ... doesn't that mean that we can't do anything about it and we will get infected no matter what?

[speed-of-heat]

He is just trolling...

[einarabelc5]

On 7/17/2022 at 10:09 PM, speed-of-heat said:

He is just trolling...

No, you just don't have the education to understand what I'm talking about so using a straw man argument is easier, which is a tendency most everyone has and that you chose to take. For example, what do you mean by trolling and how did you arrive at that conclusion? If you're going to accuse someone who is spending their time on something, you better have an argument as to why you're making that accusation, least you might look like you're being intellectually lazy and just like to insult people's character at random when they don't agree with you. At least @Rudel_chw is asking the right questions, which is an actual DIALOG. Is not that hard.

Besides those two questions, what do you mean by trolling and how did you arrived at that conclusion here are a couple more for you?

Is it possible? Every forum post could be for trolling

Is it probable? Perhaps, depending on how much effort you put into engaging and find out, you're also free to leave if that's what you think.

Is it plausible? Why would I spend all this time and thought on such a thing. There are HOT threads in these forums where trolling is much easier to do. That to me is the insulting and berating part.

 

Here's my argument as to WHY I'm not trolling, which is why I came here to follow up on the first place until I found that jewel above. 

Here's an example, with an relatively new mod, which is actually been in the works or mentioned for about 2 years since I first purchased DCS:

Non secure/dubious way to do it, which is why I started this thread:

 

In short the installation is: download from discord, copy/paste, run, rely on your single node machine to do all the work. You don't know where the Discord LINK to the file points to, might as well be a random server that you don't know anything about.

 

Better way to do it. The person who wrote these lua scripts also uses github which opens a world of possibilities:
DCS User files for the same mod:
https://www.digitalcombatsimulator.com/en/files/3320335/

That links here:

Step 0, accomplished. You're not downloading files from random servers anymore but from trusted verifiable software development website: github.com, your machine won't get attacked by talking directly to github.com, they take good care of that.

Step 1, accomplished: You now have full access to the source code, you can look for vulnerabilities, which are not necessarily viruses, see more at the end of Step 3.
https://github.com/RedK0d/CLICKABLE-FC3

 

Step 3, the actual VIRUS scan BEFORE it hits your machine:

https://github.community/t/performing-virus-scan-on-git-hub-repo/1880/4

https://github.com/marketplace/actions/git-anti-virus-scan

 

And that's it, as a dev all you need now is a way to run a github pipeline and use Clam Antivirus which is a popular scanning tool used in IT. Even if the developer's machine gets infected, you'll make sure that the files are scanned before they're distributed to people. You can actually also scan for code vulnerabilities using Sonarqube just like you do viruses.

 

The only question remaining is, can github run pipelines on free accounts? I do not know the answer to that one since I don't use it to distribute code. But other than that:

 

Problem solved.

 

@Rudel_chw Thanks for using logic to engage. To answer your question, there's always hope. Not necessarily, what you do is a "sufficient" amount of effort to make sure that the files, the server and the code itself are as safe as possible. It's always a best effort approach to security, rather than a minimum, which is what my OP is precisely asking about. The way I exemplified here, it shouldn't cost a ton. It just depends on what the developer is willing to share. As far as I know LUA files are just scripts, which means, anyone who downloads them can read their source code. So I don't see a problem with devs sharing and using github with pipelines.

 

[einarabelc5]

On 7/17/2022 at 12:14 PM, Chump said:

In my experience, I have seen very few executables for DCS which could potentially contain a virus/worm/whathaveyou. Most are simple graphics and text files. One who does their homework should know who is reputable when providing an executable for public consumption. If you are wary of downloading from a random dropbox or Google drive, then don't. I'm sure others will let everyone else know if something fishy is going on. Obviously, the safest place to download from is the User Files section hosted by ED. I'm not sure that most people in this community will agree with your fears. When in doubt, ask. The posts you refer to, in my opinion, talk about false positives from "sensitive" AV software. We all use different ones, and have different settings. If you stick to downloading LUA scripts and graphics mods (DDS/BMP/etc.), I don't think that you will encounter any issues that would cause your AV any issues, or have any dormant shenanigans to worry about. </2¢>

This is a great first logical step, basically crowdsourcing. I see you addressed the nuance I pointed to that viruses/vulnerabilities are not always known to developers so I also thank you for that. I totally agree with if you're not sure about a mod don't download as a first approach. What I've noticed though is that more and more mods are not uploaded to the DCS main website User Files section since after I left the game for a hiatus. The modders simply post links to the mods, mostly to random places. As for relying fully on the crowd I also mentioned the example of zero day exploits, etc. 

The issue is, which obviously I haven't been able to communicate until now is that it doesn't have to be one or the other.  Anyone who would LOVE the features developers/modders are sharing can also be able to rest knowing good steps are being taken to ensure sufficient security and that the rest, is up to them. That can be accomplished without breaking the flow of mod distribution if developers are willing to collaborate and distribute their files through sites like github.com, gitlab.com, and so on. As long as a pipeline is included, they can scan their code the moment they upload it to those servers for both viruses and security vulnerabilities. Pipelines may not fix zero day exploits either, but they sure are much faster than the crowd, since they're automated.

 

 

[cfrag]

On 7/19/2022 at 6:17 AM, einarabelc5 said:

No, you just don't have the education to understand what I'm talking about so using a straw man argument is easier

Ouch. I think there is no need to become hostile - this is an important topic and we are all friends here  

There are a number of important take-aways:

• Yes, DCS can definitely be used as a vector for malicious code to run on your machine. Writing such an exploit is trivial (creating a proof of concept took me less than an hour). For it to work, however, requires some non-trivial preconditions that aren't very likely to exist on standard DCS installations. But there clearly is the possibility to exploit DCS for malicious purposes
• Although Mods, DLC and Missions are obvious vectors to watch out for, there are many more that aren't obvious, so it's good to be vigilant. If you get caught, it's usually through something not obvious (a cleverly disguised audio perhaps?)
• If you disable certain DCS security features (e.g. omit some 'sanitzeModule' invocations in MissionScripting) your exposure to risk (likelihood and damage) can increase
• Even if you don't enable these features, and add some security of your own on top, you will always be exposed to some residual risk
• Currently, there are no reports of active or successful attacks with DCS as vector in the wild (by means of DLC, Mod, Mission or other) that I am aware of
• Just because none are known does not mean they don't exist nor will exist in the future
• The known safety advisories all pertain to false positives. Again, no guarantee that this won't change within the next hour.
• So, always be careful, check what your kids, friends, and even yourself (after celebrating too much) did on your computer, don't unnecessarily accept too great a risk. Obviously, don't download from dodgy sources, and if possible (if you have the means) keep your gaming machine separate from your main net.

Aaaaaaaand don't get paranoid. Truth be told, although DCS can be an attack vector, it so far hasn't yet risen to a level of popularity that would make it a likely target for malware authors (compare that to, e.g., MineCraft). If you follow the basic safety precautions laid out in the posts above, I currently estimate it to be more likely to be scammed online than getting attacked through your DCS installation.

As always, let's hope for the best and expect the worst

[cfrag]

On 7/17/2022 at 3:14 AM, einarabelc5 said:

I've noticed though that there is a pattern of mod contributors offering their files at their discretion and that there's no unified way to monitor for malware. Does either the community or Eagle Dynamics plan to address this issue

To address one of the initial very interesting points: 

This (publishing content outside of ED's user files) indeed happens, and when it happens, it usually does for reasons that make sense to the content providers. These may be myriad, and if we suppose they do it for non-malicious reasons, I think it would be in ED's interest to find out why - the reasons usually point at some issue with ED's own user hosting feature and may include: poor content development pipeline integration, convoluted upload/sharing process, no automation, toxic community, difficult updates/uploads, inelegant presentation, obscure rules, quirky backend (why does it, when you post a file's description, randomly insert blanks into the words "update" or "set"? Some anti-code injection algorithm going amok?), poor discovery of your work, poor attribution, no notification of feedback, ...

It should be in ED's interest to make their user files part as attractive as possible to use for both content developers and consumers. Currently, it has a rather long way to go.

The community can't really address the issue as it would rely on the contributors to opt in and can't enforce it otherwise. Neither can ED, but they have a stake here and they (ED) can make it so attractive to use their own hosting that everyone wants to opt in. Let's fantasize: imagine you had a button 'Share Mission' in ME that would allow you to post/update your mission at the push of a button, with perhaps a dialog for some meta data to fill in that is auto-filled when you merely update a shared mission. Click 'Upload', and - boom - that mission is updated and available in the User File's section (after an integrated mal scan). Add some niceties like regular stats sent to you (number of downloads, alerts to comments) and we have something to talk about. Then build a mission manager that players can use to discover and download stuff right there in DCS. THAT will make content creators perk up.

Currently, I may prefer to just sync my google drive or run GitHub Desktop or Kraken and update my repo with a single click and be done.

And so, people use their google drive or some other hosting solution to provide content in a way that they (the provider) prefer to ED's currently-not-very-attractive solution. And yes, that opens the door for people with malicious intent to potentially provide malware. If it hasn't happened yet, it's because of sheer luck. it's sure to happen some time in the future when DCS continues to grow in popularity. 

Edited July 22, 2022 by cfrag

[einarabelc5]

On 7/22/2022 at 6:16 AM, cfrag said:

To address one of the initial very interesting points: 

This (publishing content outside of ED's user files) indeed happens, and when it happens, it usually does for reasons that make sense to the content providers. These may be myriad, and if we suppose they do it for non-malicious reasons, I think it would be in ED's interest to find out why - the reasons usually point at some issue with ED's own user hosting feature and may include: poor content development pipeline integration, convoluted upload/sharing process, no automation, toxic community, difficult updates/uploads, inelegant presentation, obscure rules, quirky backend (why does it, when you post a file's description, randomly insert blanks into the words "update" or "set"? Some anti-code injection algorithm going amok?), poor discovery of your work, poor attribution, no notification of feedback, ...

It should be in ED's interest to make their user files part as attractive as possible to use for both content developers and consumers. Currently, it has a rather long way to go.

The community can't really address the issue as it would rely on the contributors to opt in and can't enforce it otherwise. Neither can ED, but they have a stake here and they (ED) can make it so attractive to use their own hosting that everyone wants to opt in. Let's fantasize: imagine you had a button 'Share Mission' in ME that would allow you to post/update your mission at the push of a button, with perhaps a dialog for some meta data to fill in that is auto-filled when you merely update a shared mission. Click 'Upload', and - boom - that mission is updated and available in the User File's section (after an integrated mal scan). Add some niceties like regular stats sent to you (number of downloads, alerts to comments) and we have something to talk about. Then build a mission manager that players can use to discover and download stuff right there in DCS. THAT will make content creators perk up.

Currently, I may prefer to just sync my google drive or run GitHub Desktop or Kraken and update my repo with a single click and be done.

And so, people use their google drive or some other hosting solution to provide content in a way that they (the provider) prefer to ED's currently-not-very-attractive solution. And yes, that opens the door for people with malicious intent to potentially provide malware. If it hasn't happened yet, it's because of sheer luck. it's sure to happen some time in the future when DCS continues to grow in popularity. 

 

It sounds like an investment on DevOps or a media distribution platform that plugs into their environment is necessary. Again, mOER money...perhaps a marketing campaing would help finance it, like a mod contest but then again, there's the licensing issues. So, we should be glad they even have it.

Finally, I was looking at Github actions to scan URLS and ultimately ran into this multi scanner web application (probably API based or it could be container based IDK):
https://www.virustotal.com/gui/home/url
 

Through one of the Github Actions:
https://github.com/marketplace/actions/virustotal-github-action


Then I tested it against these two Module downloads:
F-22:
https://grinnellidesigns.com/f22/  -> Go to bottom and copy the mediafire.com URL:  https://www.mediafire.com/file/d75yuv540r38qr4/Community_F-22A_Mod_Version_II.zip/file

Su-57 - EFM:

Cuban Ace Shares:

https://drive.google.com/file/d/1t4PRNeyB6gaq0E2BCHx6x71GhpBZg-y_/view?usp=sharing

The F22 comes clean (being from 2021) but Su-57 throws a malware alert (being less than 1 month old) from 1 out 88 Security vendors:

CMC Threat Intelligence

 

Googling that vendor and the drive.google.com backend returned this:
https://www.tanium.com/blog/cyber-threat-intelligence-roundup-july-27/

So it seems feasible that they are JUST flagging the URL. I will have to build a pipeline that downloads then scans with that action to get more details.

Imagine that, Ruskies actually using Google Drive and Dropbox to distribute malware.

 

But that was an interesting experiment and easy to do for your every day user:
 

 

On 7/22/2022 at 5:29 AM, cfrag said:

Ouch. I think there is no need to become hostile - this is an important topic and we are all friends here  

There are a number of important take-aways:

• Yes, DCS can definitely be used as a vector for malicious code to run on your machine. Writing such an exploit is trivial (creating a proof of concept took me less than an hour). For it to work, however, requires some non-trivial preconditions that aren't very likely to exist on standard DCS installations. But there clearly is the possibility to exploit DCS for malicious purposes
• Although Mods, DLC and Missions are obvious vectors to watch out for, there are many more that aren't obvious, so it's good to be vigilant. If you get caught, it's usually through something not obvious (a cleverly disguised audio perhaps?)
• If you disable certain DCS security features (e.g. omit some 'sanitzeModule' invocations in MissionScripting) your exposure to risk (likelihood and damage) can increase
• Even if you don't enable these features, and add some security of your own on top, you will always be exposed to some residual risk
• Currently, there are no reports of active or successful attacks with DCS as vector in the wild (by means of DLC, Mod, Mission or other) that I am aware of
• Just because none are known does not mean they don't exist nor will exist in the future
• The known safety advisories all pertain to false positives. Again, no guarantee that this won't change within the next hour.
• So, always be careful, check what your kids, friends, and even yourself (after celebrating too much) did on your computer, don't unnecessarily accept too great a risk. Obviously, don't download from dodgy sources, and if possible (if you have the means) keep your gaming machine separate from your main net.

Aaaaaaaand don't get paranoid. Truth be told, although DCS can be an attack vector, it so far hasn't yet risen to a level of popularity that would make it a likely target for malware authors (compare that to, e.g., MineCraft). If you follow the basic safety precautions laid out in the posts above, I currently estimate it to be more likely to be scammed online than getting attacked through your DCS installation.

As always, let's hope for the best and expect the worst

I agree, but take a look at the info above. File distribution platforms are getting targeted, just like with the OSI model pattern, once you abstract enough, it doesn't matter what you're doing precisely, just how and everything falls under a common set of tools.

Edited September 7, 2022 by einarabelc5

[cfrag]

5 hours ago, einarabelc5 said:

File distribution platforms are getting targeted, just like with the OSI model pattern, once you abstract enough, it doesn't matter what you're doing precisely, just how and everything falls under a common set of tools.

Unqualified yes. What are your thoughts on how to progress this - assuming that we want people to share their work, and players to be able to download other people's freely offered contributions? How would you think this be addressed best? 

Edited September 7, 2022 by cfrag

[einarabelc5]

2 hours ago, cfrag said:

Unqualified yes. What are your thoughts on how to progress this - assuming that we want people to share their work, and players to be able to download other people's freely offered contributions? How would you think this be addressed best? 

 

A CICD pipeline on a common repository hosting service that scans for both vulnerabilities and file infections. I said that a couple of post ago before you got involved and that's why I used the FC3 clickable cockpit mode as an example, it's already on github. It's a matter of figuring out where to put the runners to manage expense or deal with free mode runtime limitations.

The pipeline can be called by mod repositories to perform scans on their code. It doesn't have to be part of their main code. Only the calling part.
Github supports workflow dispatch and workflow to workflow calls, Bitbucket supports a Pipe to call another pipeline and so on. They all Support REST API calls for passing the data in. The calling repository has the basic pipeline that passes some details and invokes the CICD pipeline, the CICD pipeline clones the src code of the calling pipeline and acts on it.

You can also use URLs of the code being hosted elsewhere (since it's mostly LUA scripts and assets) to download to the CICD pipeline and scan, I already posted a link to a Github action that does just that using the scanner VirusTotal I sent, but keeping everything on an actual development environment will make things much simpler and easy to manage.

Edited September 7, 2022 by einarabelc5

[einarabelc5]

On 7/17/2022 at 2:33 PM, Rudel_chw said:

 

Well, that makes you wonder why we even bother to worry about this, if there is no real protection afforded by the AV software, nor Servers can be clean, nor even our Google drives can be clean ... doesn't that mean that we can't do anything about it and we will get infected no matter what?

There you go, use it yourself, now you can scan files with much more than a single, local antivirus before they even get to your system:
https://www.virustotal.com/gui/home/upload

[cfrag]

Just now, einarabelc5 said:

It's a matter of figuring out where to put the runners to manage expense or deal with free mode runtime limitations.

Apologies for being obtuse. I understood the method. The only question is who pays for this, and why should we trust those who run this. IMHO, only ED can be trusted since with this, as their business is then also tied to the reputation of the repository. And it should be a compelling experience, since that is the only way to convince content creators to use their curated platform.

And we should also acknowledge that as soon as we connect our computer to something (anything really, including a USB drive) we run a risk, and there never will be absolute safety unless we leave the computer off. Everything else is managed risk, and it's up to the individual's risk appetite to determine what they will or won't do.

[MAXsenna]

15 hours ago, einarabelc5 said:

Imagine that, Ruskies actually using Google Drive and Dropbox to distribute malware.

I might be missing the point here. But you're not actually suggesting that @cubanace who is American, and just have become a 3rd party dev in DCS, are distributing malware through a module of a Russian aircraft?  

[einarabelc5]

6 hours ago, MAXsenna said:

I might be missing the point here. But you're not actually suggesting that @cubanace who is American, and just have become a 3rd party dev in DCS, are distributing malware through a module of a Russian aircraft?  

Thanks for thinking of the possibility that you might be wrong because you're misinterpreting what I said from lack of information to see the nuance. Next time, read the links provided. Look for tanium.com in the links provided and make sure you  understand the language being used and I quote:
"Googling that vendor and the drive.google.com backend returned this:"
https://www.tanium.com/blog/cyber-threat-intelligence-roundup-july-27/

 There's also a key piece of information, which I already mentioned at the top and that's that an entire drive.google.com account might be infected, again do a Find on your browser on this page for this:
"Heck, even your personal Google Drive account can be infected even though Google maintains their servers clean, feel free to google that one. "

As for me accusing someone like @cubanace, I would've told him about the scan results but since we don't know if it's a false positive I haven't bothered since I'm way more interested in his mod to keep going than to do something as preposterous as what you thought. Again, thanks for at least asking, you never know these days. But yes, I noticed you quoted him so unless you can prove that he works for APT29, I don't see the point of thinking that and starting a fight because of a mis-representation. All I know is one of the scanners returned a positive on his file on Sept 06 2022, I have no idea why.

And just to be clear APT29 are the Ruskies that the article above refers to. You're making the wrong connections, thank you for asking to clarify.

Sigh...

Edited September 8, 2022 by einarabelc5

[einarabelc5]

13 hours ago, cfrag said:

Apologies for being obtuse. I understood the method. The only question is who pays for this, and why should we trust those who run this. IMHO, only ED can be trusted since with this, as their business is then also tied to the reputation of the repository. And it should be a compelling experience, since that is the only way to convince content creators to use their curated platform.

And we should also acknowledge that as soon as we connect our computer to something (anything really, including a USB drive) we run a risk, and there never will be absolute safety unless we leave the computer off. Everything else is managed risk, and it's up to the individual's risk appetite to determine what they will or won't do.

There's nothing obtuse about what you said,you're just missing details, and that question it's also my concern, I thought I made clear with the text you quoted above.

"It's a matter of figuring out where to put the runners to manage expense or deal with free mode runtime limitations."

I said OR too
So, if everyone used one of the major code repository platforms they could leverage those platform runners to perform the scans on their respective clouds.  All major platforms offer free time on their own cloud runners: github, gitlab, circleci, bitbucket.org. That means you don't have to configure and pay for a runner, it's part of the platform that hosts your code.

All they have to do is add a pipeline script to their repository on the platform of their choice and be done with it. I doubt their commit cycle is so heavy they'd run out of free time. Plus, distributing it across multiple creator accounts will keep their time allotted to each individual not having to worry about paying for anything.

Of course ideally ED will have to "pay" for it, but since mods are literally open source code, there's no reason NOT to go the open source way. As long as the modder licenses it as such. I honestly don't see the point except for marketing, as long as your repository requires pull-requests and you keep unkonws out, you mitigate the risk.

TBH, you do sound like a Security Engineer and the avatar doesn't help that much...I almost feel like I'm being interviewed...

I already posted one github example of a DCS mod here, lmc:
https://github.com/RedK0d/CLICKABLE-FC3

All the creator has to do is go here:
https://github.com/RedK0d/CLICKABLE-FC3/actions

 

And write his pipeline script, which in github lingo is called a workflow. That'll execute during an event, for example, when he publishes a new version and then call the virus scan action from another github repo to perform the scan. That way, when the zip file with all the contents of the mod gets published, he can print the scan results for users to see and minimize runner execution time for  the quota.

Edited September 8, 2022 by einarabelc5

[MAXsenna]

7 hours ago, einarabelc5 said:

Again, thanks for at least asking, you never know these days.

Exactly, because you started this thread with nonsense, false claims and disinformation.

 

On 7/17/2022 at 3:14 AM, einarabelc5 said:

There is plenty of evidence in this forum itself of users getting infected or having to deal with infections in some way shape and form from module installation.

 

Edited September 8, 2022 by MAXsenna

[Hiob]

We should start to give yearly awards to threads in categories.

Like, "Most helpful thread", "Most interesting thread", "Best Story Thread", "Best tech thread", "Best community efford".... and so on.

This one would be a strong contender in "Most pointless thread" and/or "Most sophisticated trolling"....

[einarabelc5]

On 9/8/2022 at 2:02 AM, MAXsenna said:

Exactly, because you started this thread with nonsense, false claims and disinformation.

 

 

 

Thanks for the warm welcome and the attacks and the false accusations. But specially thanks for the gratitude.  Some people just don't like to think but be my guest, have your own opinion. Since you're an IT DevOps expert, by all means have it with your greatly informed opinion. I won't discuss anything further with you, since you're so wise, self-righteous and self-sufficient, not to mention incredibly arrogant and accusatory. Really you combed through my entire post to try to find one sentence to accuse me with? Why don't you look at yourself? Do you have anything to contribute except that? If you don't understand the topic, please refrain from talking, least you sound like the Donning Krueger effect.

Feel free to nit pick and deconstruct and find excuses and twist and manipulate information at your leisure to satisfy your own quest for self-righteousness and censorship, it really reflects GREAT on the culture wars we have nowadays, sign of the times of utter mediocrity. For some reason Dietrich Bonhoeffer's work comes to mind. I haven't seen so much trolling and totalitarian behavior in these forums before, even in the most heated technical discussions about weapon systems simulations.

It's sad, to watch how freedom withers away in the minds of people. With that mentality you're ripe for "Comite de Defensa de la Revolucion". Go ask Cuban Ace what that means since he's Cuban and all and you seem to claim you're his friend.

 

On 9/8/2022 at 2:39 AM, Hiob said:

We should start to give yearly awards to threads in categories.

Like, "Most helpful thread", "Most interesting thread", "Best Story Thread", "Best tech thread", "Best community efford".... and so on.

This one would be a strong contender in "Most pointless thread" and/or "Most sophisticated trolling"....

I believe I already addressed that assumption on the posts above. Sophisticated trolling, must be self-fulfilling prophecy of some sort because the plausibility must be so high. If I wanted to troll, I wouldn't spent my time doing research to solve a problem. But thanks for the vote of confidence. But since you're Sherlock Holmes and can also read people's minds, believe what you want, you should start by looking at your own post, since it's so twisted and backhanded that I don't know whether to think is hilarious or depressing. 

I'll go ahead and write my own pipeline to deal with the issue at hand and call it a day, now that I've thought it through. You can go play thought police somewhere else. I don't have to deal with people that don't get what I'm talking about and like to read between the lines instead of learn how to use Google, like they train them in Social Media, and News networks. What was it? Guilty until proven innocent? 

 

Oh I see, Norway and Germany. Well that explains a lot.

Edited September 9, 2022 by einarabelc5

[NineLine]

Guys, if you have an issue with files from mods, then please report to the creator, and if you get not satisfaction there them skip the mod. If you have issues with our files, please open a bug thread. Thanks, I am closing this now as I am starting to see personal attacks where none are needed.