Malicious as in using the plugin to cheat. There is ways to control damage dealt by bullets and projectiles, as well as controlling crit factor, player speed and a number of different important gameplay aspects using SourceMod. All you need is to know how to write a simple script.
And Cc that doesn't really do anything to justify the breaking of mods designed to be installed on the client. You know what, this whole thread really just puzzles the pinkhearts out of me, I really can't be arsed to defend this position anymore, if theres any single person out there who believes in surviving developers rights then good luck. msleeper wrote: > Yeah, I seriously am failing to see what a "malicious plugin" could > possibly be. To some people, this coming from me should be saying > something. Some people might consider some plugins to be minorly > annoying, but there really isn't any way for a game server to install > spyware on your computer or something equally retarded. As somebody > said, if you go to a server that is running "malicious" text ad spam or > something... then leave. > > > On Fri, 2010-04-02 at 19:13 -0400, Steven Crothers wrote: > >> The most a plugin can do is change your name and a few other cvars. It's not >> like srcds is an open window to your harddrive or anything... >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Cc2iscooL >> Sent: Friday, April 02, 2010 7:09 PM >> To: Half-Life dedicated Win32 server mailing list >> Subject: Re: [hlds] Plugin Loading on clients, enough is enough. >> >> I've never run malicious plugins so I really don't know what's out there. >> >> Here's a good website where you might find some more examples for your >> reference. >> >> http://www.google.com >> >> On Fri, Apr 2, 2010 at 6:01 PM, Steven Crothers >> <[email protected]>wrote: >> >> >>> I honestly thought you were going to give a "good" reason. >>> >>> I guess slapping is pretty bad in the servers you visit eh? >>> >>> -----Original Message----- >>> From: [email protected] >>> [mailto:[email protected]] On Behalf Of Cc2iscooL >>> Sent: Friday, April 02, 2010 6:24 PM >>> To: Half-Life dedicated Win32 server mailing list >>> Subject: Re: [hlds] Plugin Loading on clients, enough is enough. >>> >>> In the instance where a player can leave a modded server he or she likes, >>> it's not really that big of a deal. Now when you have people coming on to >>> legitimate community servers and causing problems with modded files and >>> plugins it's a different story, as in the first scenario, the person >>> running >>> the server has malicious intent, whereas in the second scenario, the >>> malicious user is joining a server where plugins may give them an unfair >>> advantage against other players. >>> >>> While I agree that server operators can load plugins that do nasty things, >>> the player has the option to leave, whereas if a malicious client plugin >>> user joins a server, the server operator has to ban that person, if they >>> even know they're using a plugin in the first place. I agree with the >>> notion >>> that clients should not be able to load plugins. Why? Because if you >>> >> really >> >>> want a lan server for 20 minutes you can run the server tool off your >>> computer, a VM, or something of that nature. The people who are using >>> plugins for legitimate reasons (such as testing) KNOW how to setup a >>> server. >>> >>> To Saul, >>> >>> A server owner can run malicious programs to spam users with text, sounds, >>> slap the player, and just make the game unplayable to the person. It could >>> be subtle as well, such as making clients do differing amounts of damage >>> (way lower, way higher than usual, etc.) >>> >>> But the client has the option to leave said server without much toil. >>> >>> On Fri, Apr 2, 2010 at 5:03 PM, Scott Highland <[email protected]> wrote: >>> >>> >>>> How would disabling it be best? Again, no one on the list seems to get >>>> it. I don't doubt that it's possible to load addons on the client, I'm >>>> very sure it is. You guys seem to want to make the assumption that >>>> anything that could be loaded into the client that can be malicious, IS >>>> in fact malicious. Server administrators can install malicious plugins >>>> that can do things 100x worse than any plugin on the client could do. Am >>>> I going to make the argument that the whole system that allows servers >>>> to load custom plugins should be removed, obviously not. >>>> Why is it servers should be immune to this kind of 'security' (it's a >>>> very false sense of security, what you guys are suggesting) and the game >>>> client should not? >>>> >>>> 1nsane wrote: >>>> >>>>> Right, having it disabled entirely would be the best. >>>>> >>>>> As I said before, there's the Steam SRCDS that practically installs >>>>> >>>> itself >>>> >>>>> with Source engine games/mods if you need plugins and don't want >>>>> >>>> standalone >>>> >>>>> SRCDS. >>>>> >>>>> On Fri, Apr 2, 2010 at 12:53 PM, Saul Rennison < >>>>> >>> [email protected] >>> >>>>> wrote: >>>>> >>>>> >>>>> >>>>>> They're loaded at launch, like any other DLL. It's basically treated >>>>>> >>>> like >>>> >>>>>> another game DLL (in terms of callbacks). If plugins are loaded when >>>>>> >> a >> >>>>>> listen server is created, what about after that? Even if the plugin >>>>>> >> is >> >>>>>> unloaded, the plugin could have injected anything into the engine >>>>>> >>>> without >>>> >>>>>> VAC noticing. >>>>>> >>>>>> Like I keep saying: the only way to prevent this is to have plugins >>>>>> >>> for >>> >>>>>> dedicated servers only. >>>>>> >>>>>> Thanks, >>>>>> - Saul. >>>>>> >>>>>> >>>>>> On 2 April 2010 16:40, 1nsane <[email protected]> wrote: >>>>>> >>>>>> >>>>>> >>>>>>> So tell me, if I make my own hacking plugin and have it privately >>>>>>> >>>> shared >>>> >>>>>>> with trusted people, how will any server admin be able to detect it? >>>>>>> >>>>>>> The server plugins that stop client plugins are only checking >>>>>>> >>> PUBLICALY >>> >>>>>>> known cvars such as "sm_version",if those cvars are renamed or don't >>>>>>> >>>>>>> >>>>>> exit, >>>>>> >>>>>> >>>>>>> you get to load any plugin you want and be a major HAXXOR besting >>>>>>> >>> this >>> >>>>>>> detection. >>>>>>> >>>>>>> Also the Source engine was just fine for years before people figured >>>>>>> >>>> out >>>> >>>>>>> how >>>>>>> to make/use "client" plugins. Disabling client side plugin loading >>>>>>> >>>> would >>>> >>>>>>> probably be the easiest way of fixing this. >>>>>>> Why should the game client load a VSP (Valve SERVER Plugin) unless >>>>>>> >>> it's >>> >>>> a >>>> >>>>>>> listen server? >>>>>>> >>>>>>> >>>>>>> On Fri, Apr 2, 2010 at 12:52 AM, Scott Highland <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>>> No offense, but this whole list sucks at problem solving, every >>>>>>>> >>> single >>> >>>>>>>> idea to deal with this issue suggested in this thread is just >>>>>>>> >>>> terrible, >>>> >>>>>>>> absolutely terrible. >>>>>>>> >>>>>>>> You can't disable clientside plugins just because a few admins are >>>>>>>> >>> too >>> >>>>>>>> lazy to want to install a plugin to block people using clientside >>>>>>>> plugins. People have the right to install clientside addons just as >>>>>>>> server administrators have the right to install whatever addons >>>>>>>> >> they >> >>>>>>>> want on their server. It's easy for you morons to want to impose >>>>>>>> >>> this >>> >>>>>> on >>>>>> >>>>>> >>>>>>>> everyone without seeing any consequences, Valve actually has to >>>>>>>> >> deal >> >>>>>>>> with the complaints from their customers who use legitimate uses >>>>>>>> >> for >> >>>>>>>> their plugins. Why don't you let professionals with their own >>>>>>>> >>>> companies >>>> >>>>>>>> reputation on the line deal with this intense decision making >>>>>>>> >>> process. >>> >>>>>>>> Suggesting valve should add a cvar to disable people with plugins >>>>>>>> >> is >> >>>>>>>> dumb, there's already plugins out there that does exactly this, go >>>>>>>> install it and quit complaining. Don't make Valve spent their time >>>>>>>> babying the few admins too stupid to know how to set up a serious >>>>>>>> dedicated server. >>>>>>>> >>>>>>>> This issue is basically the equivalent to the material hacks that >>>>>>>> >>> are >>> >>>>>>>> possible to use anywhere on servers that have sv_pure set to 0 >>>>>>>> >>> still. >>> >>>>>>>> It's not a big deal in the scope of things, and theres already ways >>>>>>>> >>> of >>> >>>>>>>> dealing with it. Now quit acting like this is Valve's fault and go >>>>>>>> >>>> back >>>> >>>>>>>> to blaming hackers and cheaters for your in-game shortcomings. >>>>>>>> >>>>>>>> Arg! wrote: >>>>>>>> >>>>>>>> >>>>>>>>> I doubt making a cvar would work as the plugins could simply >>>>>>>>> >>> override >>> >>>>>>>>> it as they do now. >>>>>>>>> >>>>>>>>> On Thu, Apr 1, 2010 at 2:04 AM, Saul Rennison < >>>>>>>>> >>>>>>>>> >>>>>> [email protected] >>>>>> >>>>>> >>>>>>>> wrote: >>>>>>>> >>>>>>>> >>>>>>>>>> If you aren't modifying game memory (i.e. hooking functions), >>>>>>>>>> >> then >> >>>>>> VAC >>>>>> >>>>>> >>>>>>>> won't >>>>>>>> >>>>>>>> >>>>>>>>>> mind. >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> - Saul. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On 31 March 2010 16:00, Keeper <[email protected]> wrote: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> I don't know how VAC works, but if it's loaded via a client side >>>>>>>>>>> >>>>>>>>>>> >>>>>>>> plugin, I >>>>>>>> >>>>>>>> >>>>>>>>>>> doubt VAC sees it as an "external" program altering the game's >>>>>>>>>>> >>>>>>>>>>> >>>>>> memory >>>>>> >>>>>> >>>>>>>>>>> space. >>>>>>>>>>> But not knowing how VAC works, there's no telling what they look >>>>>>>>>>> >>>>>>>>>>> >>>>>> for >>>>>> >>>>>> >>>>>>> or >>>>>>> >>>>>>> >>>>>>>> how >>>>>>>> >>>>>>>> >>>>>>>>>>> they are detecting it. >>>>>>>>>>> >>>>>>>>>>> Keeper >>>>>>>>>>> -----Original Message----- >>>>>>>>>>> From: Michael Krasnow [mailto:[email protected]] >>>>>>>>>>> Sent: Tuesday, March 30, 2010 9:31 PM >>>>>>>>>>> To: Half-Life dedicated Win32 server mailing list >>>>>>>>>>> Subject: Re: [hlds] Plugin Loading on clients, enough is enough. >>>>>>>>>>> >>>>>>>>>>> doesn't VAC check the memory? but +1 to the option for server >>>>>>>>>>> >>>>>>>>>>> >>>>>> admins, >>>>>> >>>>>> >>>>>>>> but >>>>>>>> >>>>>>>> >>>>>>>>>>> somehow someone would find a way to change that or spoof it, >>>>>>>>>>> >> idk, >> >>>>>> its >>>>>> >>>>>> >>>>>>>>>>> weirds >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>>>>>>> >>>>>>>>>>> >>>>>>> archives, >>>>>>> >>>>>>> >>>>>>>>>>> please visit: >>>>>>>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>>>>>> >>>>>>>>>> >>>>>> archives, >>>>>> >>>>>> >>>>>>>> please visit: >>>>>>>> >>>>>>>> >>>>>>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>>>>> >>>>>>>>> >>>>>> archives, >>>>>> >>>>>> >>>>>>>> please visit: >>>>>>>> >>>>>>>> >>>>>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>>>>>>> >>>>>>>>> >>>>>>>> signature database 4989 (20100331) __________ >>>>>>>> >>>>>>>> >>>>>>>>> The message was checked by ESET NOD32 Antivirus. >>>>>>>>> >>>>>>>>> http://www.eset.com >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>>>>>> signature database 4993 (20100401) __________ >>>>>>>> >>>>>>>> The message was checked by ESET NOD32 Antivirus. >>>>>>>> >>>>>>>> http://www.eset.com >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>>>> >>> archives, >>> >>>>>>>> please visit: >>>>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>>> >>> archives, >>> >>>>>>> please visit: >>>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds >>>>>>> >>>>>>> >>>>>>> >>>>>> _______________________________________________ >>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>> >> archives, >> >>>>>> please visit: >>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds >>>>>> >>>>>> >>>>>> >>>>> _______________________________________________ >>>>> To unsubscribe, edit your list preferences, or view the list archives, >>>>> >>>> please visit: >>>> >>>>> http://list.valvesoftware.com/mailman/listinfo/hlds >>>>> >>>>> >>>>> >>>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>>> >>>> signature database 4995 (20100402) __________ >>>> >>>>> The message was checked by ESET NOD32 Antivirus. >>>>> >>>>> http://www.eset.com >>>>> >>>>> >>>>> >>>>> >>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>> signature database 4995 (20100402) __________ >>>> >>>> The message was checked by ESET NOD32 Antivirus. >>>> >>>> http://www.eset.com >>>> >>>> >>>> >>>> _______________________________________________ >>>> To unsubscribe, edit your list preferences, or view the list archives, >>>> please visit: >>>> http://list.valvesoftware.com/mailman/listinfo/hlds >>>> >>>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlds >>> >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlds >>> >>> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds >> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds >> > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > > > > __________ Information from ESET NOD32 Antivirus, version of virus signature > database 4995 (20100402) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > > __________ Information from ESET NOD32 Antivirus, version of virus signature database 4995 (20100402) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
