How PC Game Modders Are Evolving 98
Lanxon writes "Wired has a lengthy investigation into the state of PC game mods, and the amateurs keeping the scene exciting in the wake of draconian DRM placed on many PC titles by major studios. It highlights a number of creative modders, such as Scott Reismanis, founder and editor of Mod DB, and his community-driven alternative to Valve's Steam — Desura — which is 'a distribution system, and, like Steam, will sell games and champion indie titles. But the way it handles mods makes it even more exciting.'"
What stops malicious content? (Score:3, Interesting)
I'm just trying to figure out, what exactly stops malicious content? Does it rely on the community to say "Woah this mod does some bad stuff to your PC!" or is there some other way to catch it? What if someone is the editor on a hugely popular mod, get's his account hacked (or just has a malicious roomate) and starts uploading some content that does harm to users computers? Or is that not possible due to the mods being sandboxed? The article is quite lacking in what exactly this system does or is capable of doing...
Re:What stops malicious content? (Score:3, Interesting)
Lack of exposure. Even a popular mod for a popular game has so little exposure -- especially among non-technical users -- that it's not worth exploiting as a vector. It's easier to go with the familiar vectors discussed here all the time.
Malware still shows up in packages claiming to be pirate copies. My bro tried to grab a copy of Worms Armageddon. What he got was Worms Armageddon with the installer replaced by a trojan neatly disguised as the installer. I had a good laugh while I removed that. I've never seen, or even heard of a malicious mod, though.
Re:What stops malicious content? (Score:3, Interesting)
Sounds like an unsolvable problem.
How do you safely download and run executable code without risk of an exploit vector? You can't.
Linux distributions deal with a slightly less difficult version of this, in terms of packaging and shipping public source code. Given that a lot of what they do (in order to package, resolve bugs etc) is inspect the source, there's some level of overview, and necessary precautions built into the blessing of packages before they are made availble, but still exploits are possible.
If I were designing a site like this, I would put the following pieces into place.
1 - categorize mods into no-executable content, sandboxed executable content, and unsandboxed executable content
2 - For sandboxed executable content, use an automated software tool to unpack the mod and sniff the files for object module headers. If any files are executable, reject.
3 - For no-executable content, sanitize as sandboxed, but also mark unploaded mods as unverified until some people manually review the package to identify that it doesn't contain lua, python, etc
At this point you can get a pretty informed level of risk on the mods you download.
Of course these people are probably more interested in features for gaming than features for safety. I hope they end up with both.
Some games got it right... (Score:3, Interesting)
A game I pulled off the shelf and played the other day when I redid the XP Bootcamp partition was Star Trek: Bridge Commander. Turns out after all these years, new models and patches are still being made and maintained. Well going through the documentation, the designers developed and distributed a SDK that was largely Python based scripting. With the added mods, the game is still interesting and even more fun that it was years ago when I bought it.
Look at Falcon 4: Allied Force. I bought the original Falcon 4 in 1998 for $15. Graphics were cool for its day, but it is the definitive modern combat flight simulator however, it's dynamic campaign engine was so buggy it was broken. Well, the mod community stepped in, formed a company, got a license from Atari and produced Falcon 4: Allied Force which fixed the campaign bugs and turned it into a playable and really interesting combat simulator. (This was the last game I purchased)
The mod community has kept those titles going strong.
How we've fallen! (Score:4, Interesting)
If you want to see how heavily modded a game can get take a look at Microsoft's Flight Simulator series, especially the 2004 version. There are terrabytes of free and paid mods for EVERY aspect of the game. Aircraft models and artwork, instrumentation (including binary mods), weather, scenery, visual controls, sounds, special effects. Even hardware manufacturers that could sell you specialised consoles and panels to integrate You name it. The default simulator is very game like. With addons you can replicate fine details like the flight dynamics and starting sequences of aircraft so that you can follow real airliner manuals while flying over scenery based on satellite imagery. The simulator was built with extensibility in mind, but the modders really pushed the limits too. It's a pity this franchise died. Even though mods are still made for FS2004 and FSX, the team that build the simulator were disbaned a couple of years ago and in a lot of ways what we have now is a zombie mod community. A shadow of what it once was.
Re:What stops malicious content? (Score:1, Interesting)
It also requires planning from the developers. I can say from experience that, for example, Westwood Studios (C&C) didn't plan that far ahead and their mod-support code features great things like user controlled sprintf formats and unsized strcpy.
(Semi-related: I lead an unofficial patch for C&C:RA2 at http://ares.strategy-x.com/ [strategy-x.com] , we developed a way to write new features into the game using C++ and ASM. How's that for evolution?)