Jump to content

Distrusting mods


0something0

Recommended Posts

My (older) brother believes that mods (from all games) and free or indie software in general will cause harmful things to happen to the computer. Him (and the rest of my family) believes this because he claims that he gets ad popups and his performance is negatively impacted after I download them on the computer. And recently, the OS (Windows 10) broke after I used a modded KSP save on the computer, along with OBS and a PS4 controller driver (DS4Windows). I of course, have never experienced this. The main suspects are, just for complete info, are

-All KSP mods

-All Minecraft mods (Tekkit/ATLauncher modpacks in particular)

-Roblox(yes I know, I actually don't play it anymore but its relevent)

Brother's computer specs

-CyberPower custom-built

-Windows 10 Home(?)

-8GB RAM

-i5 4690k Overclocked 3.5 Ghz

-R9 200 3GB

My computer Specs

-HP Pavillion dv8

-Windows 7 Home/Ubuntu 14.04 Dual Boot

-4GB RAM

-i5 3rd gen (?) Duo Core 2.5Ghz

-Radeon 6700M 1GB

I believe we both use the same antivirus. Of course, as a community, we trust in our modders and mods right? So, how do I convince my brother that mods are a safe and enjoyable part of KSP and gaming in general?

Link to comment
Share on other sites

Well all KSP mods are required to post their source code(the code that makes them go). it isnt easily readable if you arent familiar with C# or cfg syntax, but its there. Why is he so convinced all mods are bad for your computer? There's also the fact that hundereds of people use many mods simultaneously with no issues at all.

Link to comment
Share on other sites

1 hour ago, 0something0 said:

My (older) brother believes that mods (from all games) and free or indie software in general will cause harmful things to happen to the computer.

 

Quote

Thanks largely to False Authority Syndrome, users now often panic at the first sign of any odd computer behavior, sometimes inflicting more damage on themselves than a virus could do on its own (assuming they even had a computer virus in the first place). -- Rob Rosenberger

Note that folks usually learn the hard way about this, myself included. Learn from my mistakes.

Link to comment
Share on other sites

my mom still thinks that CDs can pass viruses between computers, or that barring that, malicious parties could put viruses on CDs at the factory, she also refuses to allow any of her software to update because she's afraid it will stop working on her computer and "it works fine as it is."  Yes, using software that isn't trusted can be harmful to your computer, but so could normal use.  It's smart to be careful what and where you download, but fearing the risks can be just as harmful.

In general, any mod you download from a community like this is probably safe, just avoid the more sketchy sites.

Edited by Capt. Hunt
Link to comment
Share on other sites

I haven't used a lot of mods for KSP personally, but judging by the general lack of freaking out over mods on the forums, I have to guess that KSP mods themselves aren't causing PC issues.

That being said, people usually browse websites to find mods, and websites themselves can be the transmission source of malware/adware. KSP mods all largely come from a few generally regarded as safe websites (again, judging by the lack of people reacting negatively on the forums). However, mod sites for other games, especially extremely popular games like Minecraft, can sometimes be a source of problems. How well do you trust the places you use to find and download mods? Compromised websites can potentially compromise your PC even if you never actively download a single thing from them.

Any mod can have malicious code in it, but, as others point out, most/all KSP mods should be making their source code available which reduces the risk of malicious KSP mods. It seems highly unlikely that KSP mods are responsible for the issues you describe. I would strongly suspect unsafe browsing habits by one or more users to be the problem.

Also, be wary of any free software you have to install with an installer. For mods or just in general. It's become a not uncommon practice, even for some decent, legitimate free software, to have installers install malware/Potentially-Unwanted-Programs alongside whatever you're actively trying to install. If you just click next/continue through the installer without carefully reading each screen, you might inadvertently allow the installer to install unwanted software.

This might turn out to be a good learning experience for you and your brother both in how to detect, remove, and avoid problematic/unwanted software. I wish I could recommend further reading, but I'm going by the accumulation of many years of personal experience and many learning experiences of my own. Good luck to you and your brother.

Link to comment
Share on other sites

And if he's so worried about pop ups and such, tell him to quit looking at certain websites.  It's not the KSP mods, I can tell you that.

Anybody that paranoid should have better firewall and malware control going.  Then you could easily isolate the various suspects and identify the cause. 

1 hour ago, Capt. Hunt said:

my mom still thinks that CDs can pass viruses between computers, or that barring that, malicious parties could put viruses on CDs at the factory,

 A CD may not pick up a new infection from a computer, but it could certainly spread one if it's already infected...

Link to comment
Share on other sites

To be the most generous to them as possible, perhaps when visiting untrusted sites on the internet in search of mods, or a file hosting service, you may pick up spyware/tracking cookies.

The mod itself is not going to be the problem.

Link to comment
Share on other sites

Respectfully, your brother is being tinfoil-hat levels of paranoid.

Technically yes, mods can screw you up IF written to be malicious... IF the game is dumb enough to be running modded code with elevated privileges. It is however super rare to find a malicious mod unless you're using malicious websites to get things from in the first place. TLDR, people would work it out and the mod's comments/forum thread would be full of complaints about it. The KSP community would not put up with mods that did weird stuff to our PCs.

So source your mods on this forum, and you won't have a problem :)  The KSP modding community is not made of hackers and phishers. They just like the game and want to make it better.

Now, mod installers on the other hand... they could potentially come with ads. But you probably don't need the installer. Neither KSP nor Minecraft mods require you to install anything; everything should be available as zip files, and if you get a Windows popup asking if that program can make changes to your PC - say no.

Link to comment
Share on other sites

Aside from the above cited Sony BMG scandal, there was also an incident where thousands of installation CDs from a major computer manufacturer (I don't recall which one, on short notice, and it doesn't really matter anyway) were issued with malware included.  A CD-ROM, however, can't transfer malware that wasn't on it when it was pressed.

I'll go with the above consensus relative to KSP mods -- at present, I'm running *57* mods on one of my installs, for Realism Overhaul/Realistic Progression/Real Solar System/Principia (n-body physics).  Once I got the install set up correctly, it works fine and I've seen no new OS problems (Ubuntu 16.04, however; much less vulnerable system than Windows in any version).

Link to comment
Share on other sites

1 hour ago, 5thHorseman said:

Heh, don't worry about the mod authors or the small open source developers. Worry about the big commercial software vendors... or in this case, record labels. They are far more likely to think they can screw you without being found out.
Sometimes they even think they have a right to hijack your computer in the name of "intellectual property". :confused:

 

3 hours ago, Mako said:

I would strongly suspect unsafe browsing habits by one or more users to be the problem.

IME, unsafe browsing habits (i.e clicking without thinking),  p...... (word I'm apparently not allowed to say here) software and outdated web browsers or plugins are the source 90% of the time.
The other 10% is mostly downloads from compromised websites, or from "app stores" that don't understand what maintainers are for and care more about numbers than quality control.
The main download sites for KSP mods do indeed lack maintainers, but the KSP modding community is small enough and open enough that any malicious code would be spotted very quickly.

 

3 hours ago, Mako said:

It's become a not uncommon practice, even for some decent, legitimate free software, to have installers install malware/Potentially-Unwanted-Programs alongside whatever you're actively trying to install.

Any software that does that is not decent or legitimate. Do people really think this is okay, and keep using software that comes with "partner offer" malware in the installer?

Edited by steve_v
Link to comment
Share on other sites

9 hours ago, Gargamel said:

 A CD may not pick up a new infection from a computer, but it could certainly spread one if it's already infected...

This ^^  Disks from dodgy sources, e.g. a friend of a friend of a friend who copied a few films once, may contain viruses if the PC that wrote it had a virus. But commercially bought optical disks are read-only, and there's no mechanism for them to pick up a virus. It's not a physical thing that you can smear onto it :D 

7 hours ago, steve_v said:

Any software that does that is not decent or legitimate. Do people really think this is okay, and keep using software that comes with "partner offer" malware in the installer?

Isn't it Firefox that still tries to infect you with a copy of Mcafee? :/   *edit* It isn't! Stop telling me, I got the message :P

Edited by eddiew
Link to comment
Share on other sites

2 minutes ago, steve_v said:

Any software that does that is not decent or legitimate. Do people really think this is okay, and keep using software that comes with "partner offer" malware in the installer?

Many computer users are ignorant in this regard, and technically naive; they may not realize they have a choice -- and the "with malware" installs are ALWAYS easier to find than their legitimate counterparts.  Java and Flash Player updates are fine examples of this -- the core software is generally unchanged by "packagers", but both are the subject of "your plugin is out of date" popups from advertisers on legitimate (if negligent) sites, and even Google searches will find "free downloads" that include side-along installation of PUP/malware higher in the results than the developer sites.

Link to comment
Share on other sites

Maybe if you download mods from shady sites? But I have never in years had a popup, and I have a crapload of mods, but I do have personal experience with a poorly kept computer from several years ago. I played Minecraft very frequently and downloaded Minecraft mods from shady websites. I had a ton of pop-ups and viruses.

Edited by Athen
Link to comment
Share on other sites

35 minutes ago, eddiew said:

Isn't it Firefox that still tries to infect you with a copy of Mcafee?

Nope, no Mcafee in the ebuild that I can see. :P
I'd certainly report it to the maintainers if there was, the bugtracker is handy for stuff like that.

 

33 minutes ago, Zeiss Ikon said:

the "with malware" installs are ALWAYS easier to find than their legitimate counterparts.

Reminds me why I can't stand the Windows "search the net and run random executable" software management system.
If one is going to use such a dodgy system, clicking the first thing you see might not be a terribly good idea...

 

33 minutes ago, Zeiss Ikon said:

the core software is generally unchanged by "packagers", but both are the subject of "your plugin is out of date" popups from advertisers on legitimate (if negligent) sites

Doesn't everybody run an adblocker? Why would you not run an adblocker?

Edited by steve_v
Link to comment
Share on other sites

4 minutes ago, Blasty McBlastblast said:

I always rinse new mods in lemon juice under the light of a full moon to remove viruses...

oh, I always use lime juice under a waxing gibbous for best results.

but seriously. I've been playing modded KSP since 2012 and I have never had a mod cause any PC issues or do anything "bad" (apart from crashing KSP, but KSP used to do that on it's own perfectly well).
As far as damaging a PC's performance, obv a low end machine won't be able to do much else while KSP is running, but it won't leave any lasting effects.  Although I would say, I'm not totally convinced that all the RAM used by KSP+mods gets properly freed up after closing KSP, (if a mod has a memory leak that may be the case). But just rebooting the machine will sort that out.

It is theoretically possible for a mod to be malicious, but mods posted here are well peer-reviewed (and there is the requirement to post the source code). If you want to play it safe then stick to popular (mainstream) mods that lots of people use and you won't have any worries about negative impact on your computer.  If you find some random mod on some shady website that doesn't have any user following then probably don't use it, but I'd honestly be more concerned that it was just badly written and therefore slows KSP down that it actually doing anything evil. 

Link to comment
Share on other sites

6 hours ago, eddiew said:

Isn't it Firefox that still tries to infect you with a copy of Mcafee?

Ahh, the original viral marketer, John McAfee himself. With Kaspersky being a modern version of him. No wonder some people don't trust updates.

I have a long history with scared clients and updates. Even remember one assistant general manager who nearly fired an IT director over putting Windows 7 on their PC in 2010. Vendors also suck with regards to OS updates because they don't bother testing their [censored] on them.

Back to the topic of distrusting KSP mods, I do have a problem with how KSP runs in general, in that it requires read/write access to its installation folder. This leaves that folder's program files open to infection even to non-administrator users. It's also the standard installation method, if you could call it a 'method,' for add-ons. It seems to me Unity encourages this sort of insecure design.

If I wanted to attack KSP players specifically, I'd write some browser exploit that targets (Steam folder) / steamapps / common / Kerbal Space Program / GameData and insert malicious plugins, and then insert that exploit into a forum signature here or into posts on the KSP reddit. And there'd be nothing anyone could do until it was too late. What's worse, is it would still work for non-admin users on Windows 10 using Software Restriction Policy, because the Steam client makes that steamapps / common folder read/write for non-admins and it resides in Program Files, which has a default allow rule in SRP and AppLocker.

A modern Windows application doesn't need this, and instead should write settings and game saves to the user's home or profile folder. But this then disallows add-ons unless those add-ons use a proper installer; CKAN could fill this role if it were allowed to run as a service or an administrator. But then I'd go into a rant into how I'd redesign KSP, and that is a whole other tangent away from this. This is also Windows-specific; you'd need to alter this slightly for MacOS and Linux players.

6 hours ago, steve_v said:

Doesn't everybody run an adblocker? Why would you not run an adblocker?

I remember a day when web ads were just annoying, and didn't try to install anything behind your back. I shouldn't need to block web ads solely in the name of safe computing. Annoyance prevention, sure, but that's it.

Link to comment
Share on other sites

3 minutes ago, TheSaint said:

No, that's Adobe <spit>.

Might have been Acrobat... I'm not sure. Something fairly legit and business-class I had to install recently at work tried to give me Mcaffee and Yahoo toolbar :/ 

If we're lucky, GDPR has made it so they're not allowed to tick the box by default on the installer any more :P 

Link to comment
Share on other sites

This thread is quite old. Please consider starting a new thread rather than reviving this one.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...