On 7/16/06, James Hofmann <[EMAIL PROTECTED]> wrote:
For games I've implicitly decided to favor simplicity of implementation over absolute security, for reasons that are more ideological than technical.
I agree with this sentiment, but I think in the context of the original question, it's kind of missing the point...
2. This is the exact same security issue the user faces when running any downloaded executable currently - without thoroughly scanning the code beforehand, there's no telling what the program will do. So while this solution is no *better* than running a downloaded game, you can't construe it as being *worse*. The only "trust" one can put in downloaded games is that of branding and communal relationships.
I think the reason people would like to have game engines with a sand-boxed environment is that user made content encourages "spoofing", where the submitter of malicious content gets to look like they are someone who the end-user is more willing to trust (thereby messing with the trust model). If "Safe to Download Games, LLC" distributes user made levels, but "Shysty McShysterson" submits a level pack that turns computers into a zombie box when they beat it, then if the level testers post that level (which they might cause they don't beat every level) then a bunch of people who trust "Safe to Download Games, LLC" may get slammed. Thereby Shysty gets a chance to infect users who would never ever trust him... and many users stop trusting Safe to Download. ... but again, I agree that chasing perfect security is a bad approach ideologically (because there is nothing inherently & universally different from actions that are malicious and those that are intended for good)
