If we are going to talk about cheats, then why Valve bans cheaters with VAC if they want to allow cheating with plugins as a side effect of running clientside plugins? Just doesn't make any sense to me and the thing just goes against their policies. Obviously Valve cannot put sourcemod into VAC database and ban people for using it on their pc's. That would be a huge hit to the company image but something needs to be done as the lua cheating engine spreads and allows all kinds of exploits to be ran on the servers easier than before.
I don't see why a cvar for servers to allow client side plugins on the server or not would be such a bad thing. Server owners could easily decide if they allow plugins or not and the player would either be kicked out if plugins would be detected. I'm pretty sure most people don't even know how to run plugins for Valve games so they just wouldn't be bothered at all. If course this suits my needs because i run gameservers. Would make life easier. -ics 3.4.2010 3:28, Scott Highland kirjoitti: >> In a general sense, there are a couple of client side plug-ins that do in >> > fact serve a valid purpose, POV-Recorder, the ESEA Client plug-in and a > couple of others. > > Maybe you could explain why this whole list, and the company that runs it > should all agree to completely remove the ability to incorporate > modifications just because it would suit YOUR needs as an anti-cheat function > to thwart the .3% of TF2 players that are abusing it in this fashion? That's > a pretty self-centered way of thinking and kind of ridiculous, it's sad so > many of you don't seem to see it this way. > > ics wrote: > >> Perhaps you could explain why client needs to load plugins in the first >> place? Game runs just fine without any. Plugins really exist for servers >> only. They either bring out extra features or gameplay changes. Clients >> aka players need none of those. >> >> For Steve i would like to say that srcds can be open window to >> harddrive. Just that it's the servers harddrive. Files can still be >> uploaded to the server by clients and downloaded from the servers by >> clients unless they have somekind of extra protection. It is true that >> Valve fixed some of methods by preventing some files to be downloaded >> but not all. >> >> -ics >> >> 3.4.2010 1:03, Scott Highland kirjoitti: >> >> >>> How would disabling it be best? Again, no one on the list seems to get >>> it. I don't doubt that it's possible to load addons on the client, I'm >>> very sure it is. You guys seem to want to make the assumption that >>> anything that could be loaded into the client that can be malicious, IS >>> in fact malicious. Server administrators can install malicious plugins >>> that can do things 100x worse than any plugin on the client could do. Am >>> I going to make the argument that the whole system that allows servers >>> to load custom plugins should be removed, obviously not. >>> Why is it servers should be immune to this kind of 'security' (it's a >>> very false sense of security, what you guys are suggesting) and the game >>> client should not? >>> >>> 1nsane wrote: >>> >>> >>> >>>> Right, having it disabled entirely would be the best. >>>> >>>> As I said before, there's the Steam SRCDS that practically installs itself >>>> with Source engine games/mods if you need plugins and don't want standalone >>>> SRCDS. >>>> >>>> On Fri, Apr 2, 2010 at 12:53 PM, Saul >>>> Rennison<[email protected]>wrote: >>>> >>>> >>>> >>>> >>>> >>>>> They're loaded at launch, like any other DLL. It's basically treated like >>>>> another game DLL (in terms of callbacks). If plugins are loaded when a >>>>> listen server is created, what about after that? Even if the plugin is >>>>> unloaded, the plugin could have injected anything into the engine without >>>>> VAC noticing. >>>>> >>>>> Like I keep saying: the only way to prevent this is to have plugins for >>>>> dedicated servers only. >>>>> >>>>> Thanks, >>>>> - Saul. >>>>> >>>>> >>>>> On 2 April 2010 16:40, 1nsane<[email protected]> wrote: >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>> So tell me, if I make my own hacking plugin and have it privately shared >>>>>> with trusted people, how will any server admin be able to detect it? >>>>>> >>>>>> The server plugins that stop client plugins are only checking PUBLICALY >>>>>> known cvars such as "sm_version",if those cvars are renamed or don't >>>>>> >>>>>> >>>>>> >>>>>> >>>>> exit, >>>>> >>>>> >>>>> >>>>> >>>>>> you get to load any plugin you want and be a major HAXXOR besting this >>>>>> detection. >>>>>> >>>>>> Also the Source engine was just fine for years before people figured out >>>>>> how >>>>>> to make/use "client" plugins. Disabling client side plugin loading would >>>>>> probably be the easiest way of fixing this. >>>>>> Why should the game client load a VSP (Valve SERVER Plugin) unless it's a >>>>>> listen server? >>>>>> >>>>>> >>>>>> On Fri, Apr 2, 2010 at 12:52 AM, Scott Highland<[email protected]> >>>>>> wrote: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> No offense, but this whole list sucks at problem solving, every single >>>>>>> idea to deal with this issue suggested in this thread is just terrible, >>>>>>> absolutely terrible. >>>>>>> >>>>>>> You can't disable clientside plugins just because a few admins are too >>>>>>> lazy to want to install a plugin to block people using clientside >>>>>>> plugins. People have the right to install clientside addons just as >>>>>>> server administrators have the right to install whatever addons they >>>>>>> want on their server. It's easy for you morons to want to impose this >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>> on >>>>> >>>>> >>>>> >>>>> >>>>>>> everyone without seeing any consequences, Valve actually has to deal >>>>>>> with the complaints from their customers who use legitimate uses for >>>>>>> their plugins. Why don't you let professionals with their own companies >>>>>>> reputation on the line deal with this intense decision making process. >>>>>>> Suggesting valve should add a cvar to disable people with plugins is >>>>>>> dumb, there's already plugins out there that does exactly this, go >>>>>>> install it and quit complaining. Don't make Valve spent their time >>>>>>> babying the few admins too stupid to know how to set up a serious >>>>>>> dedicated server. >>>>>>> >>>>>>> This issue is basically the equivalent to the material hacks that are >>>>>>> possible to use anywhere on servers that have sv_pure set to 0 still. >>>>>>> It's not a big deal in the scope of things, and theres already ways of >>>>>>> dealing with it. Now quit acting like this is Valve's fault and go back >>>>>>> to blaming hackers and cheaters for your in-game shortcomings. >>>>>>> >>>>>>> Arg! wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> I doubt making a cvar would work as the plugins could simply override >>>>>>>> it as they do now. >>>>>>>> >>>>>>>> On Thu, Apr 1, 2010 at 2:04 AM, Saul Rennison< >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>> [email protected] >>>>> >>>>> >>>>> >>>>> >>>>>>> wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>>> If you aren't modifying game memory (i.e. hooking functions), then >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>> VAC >>>>> >>>>> >>>>> >>>>> >>>>>>> won't >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>>> mind. >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> - Saul. >>>>>>>>> >>>>>>>>> >>>>>>>>> On 31 March 2010 16:00, Keeper<[email protected]> wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> I don't know how VAC works, but if it's loaded via a client side >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>> plugin, I >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>>>> doubt VAC sees it as an "external" program altering the game's >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>> memory >>>>> >>>>> >>>>> >>>>> >>>>>>>>>> space. >>>>>>>>>> But not knowing how VAC works, there's no telling what they look >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>> for >>>>> >>>>> >>>>> >>>>> >>>>>> or >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> how >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>>>> they are detecting it. >>>>>>>>>> >>>>>>>>>> Keeper >>>>>>>>>> -----Original Message----- >>>>>>>>>> From: Michael Krasnow [mailto:[email protected]] >>>>>>>>>> Sent: Tuesday, March 30, 2010 9:31 PM >>>>>>>>>> To: Half-Life dedicated Win32 server mailing list >>>>>>>>>> Subject: Re: [hlds] Plugin Loading on clients, enough is enough. >>>>>>>>>> >>>>>>>>>> doesn't VAC check the memory? but +1 to the option for server >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>> admins, >>>>> >>>>> >>>>> >>>>> >>>>>>> but >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>>>> somehow someone would find a way to change that or spoof it, idk, >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>> its >>>>> >>>>> >>>>> >>>>> >>>>>>>>>> weirds >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>> archives, >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>>>>> please visit: >>>>>>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>> archives, >>>>> >>>>> >>>>> >>>>> >>>>>>> please visit: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>> archives, >>>>> >>>>> >>>>> >>>>> >>>>>>> please visit: >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> signature database 4989 (20100331) __________ >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> The message was checked by ESET NOD32 Antivirus. >>>>>>>> >>>>>>>> http://www.eset.com >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>>>>> signature database 4993 (20100401) __________ >>>>>>> >>>>>>> The message was checked by ESET NOD32 Antivirus. >>>>>>> >>>>>>> http://www.eset.com >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> To unsubscribe, edit your list preferences, or view the list archives, >>>>>>> please visit: >>>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> _______________________________________________ >>>>>> To unsubscribe, edit your list preferences, or view the list archives, >>>>>> please visit: >>>>>> http://list.valvesoftware.com/mailman/listinfo/hlds >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> _______________________________________________ >>>>> To unsubscribe, edit your list preferences, or view the list archives, >>>>> please visit: >>>>> http://list.valvesoftware.com/mailman/listinfo/hlds >>>>> >>>>> >>>>> >>>>> >>>>> >>>> _______________________________________________ >>>> To unsubscribe, edit your list preferences, or view the list archives, >>>> please visit: >>>> http://list.valvesoftware.com/mailman/listinfo/hlds >>>> >>>> >>>> >>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>> signature database 4995 (20100402) __________ >>>> >>>> The message was checked by ESET NOD32 Antivirus. >>>> >>>> http://www.eset.com >>>> >>>> >>>> >>>> >>>> >>>> >>> __________ Information from ESET NOD32 Antivirus, version of virus >>> signature database 4995 (20100402) __________ >>> >>> The message was checked by ESET NOD32 Antivirus. >>> >>> http://www.eset.com >>> >>> >>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlds >>> >>> >>> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds >> >> >> >> __________ Information from ESET NOD32 Antivirus, version of virus signature >> database 4995 (20100402) __________ >> >> The message was checked by ESET NOD32 Antivirus. >> >> http://www.eset.com >> >> >> >> > > __________ Information from ESET NOD32 Antivirus, version of virus signature > database 4995 (20100402) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
