Anti malware in assemblies

Started by fireant, August 24, 2014, 09:25:59 AM

Previous topic - Next topic


Hello, this is my first post but i have been reader of these forums for a while.

Attachment contains sample mod (and its source) that will read your username, google it, and write result to 'maliciousFile.html' next to executable as soon as you build 'Malicious Blasting Charge' building. All this works, and it is a problem. Mod could as well (with bit more effort) read your browser passwords, report them to hacker's server and download something like bitcoin miner.

Definition of the problem
Mod code is not sandboxed and mods can use System.IO and System.Net namespaces.

Proposed solution #1
Blacklisting System.Net and System.IO namespaces (maybe creating wrapper for game related IO) in mod .dlls should do the trick. Even better could be whitelisting only specific namespaces like unity stuff, math, collections, linq and serialization.

Proposed solution #2
Everything in #1 but with opening mod's source code and using compiler as a service on it. So every time mod is loaded it is compiled. Then comunity would be able to easily check mod contents and verify that it does not do anything malicious. It would also improve mod-dev's learning curves because they would be able to use other mods as reference.

[attachment deleted by admin: too old]


This is actually fairly important and should be fixed straight away, I don't know how many of you played garrys mod 9, but there was similar problems with various mods and maps which would variously delete system files, force you to download spyware and similar.


It is important indeed, sooner this is done the better. Because as soon as coding-modding community starts growing it will be too late...