Maps killswitch?

[Vercas]

Seeing the recent exploits found in Wc3, I think it would be wise to create some sort of killswitch functionality for any map (/campaign) at Hive, from maps and spells to attachments.

By killswitch I really mean disabling them, like showing a message that downloading maps is forbidden until the issue is over.

 

[Dr Super Good]

So you want to permantly remove maps from this site?
Blizzard has not even annouced that they recognize the issue publically let alone started work on fixing it as far as I know.

Atmost a warning banner should be added by the download button warning of potential risks when going to download a map.

 

[Vercas]

So you want to permantly remove maps from this site?
Blizzard has not even annouced that they recognize the issue publically let alone started work on fixing it as far as I know.

Atmost a warning banner should be added by the download button warning of potential risks when going to download a map.

Not permanently nor temporarily, not even remove. I meant blocking the links, like refusing the requests from the server's side.

 

[WherewolfTherewolf]

Ahh, so you mean after the maps been tested and found to have a virus have it removed? Well I'm pretty sure the mods would delete it anyway if they had found malicious files in it and have the user permanently banned

 

[Vercas]

Ahh, so you mean after the maps been tested and found to have a virus have it removed? Well I'm pretty sure the mods would delete it anyway if they had found malicious files in it and have the user permanently banned

Am I really that unclear? Don't allow maps to be downloaded when the killswitch is on! The killswitch is on when an issue like this is detected! The killswitch is off when an issue like this is solved!

 

[WherewolfTherewolf]

Well note that viruses like that are most likely going to show up in new maps made by inexperienced mappers, old maps are safe - I doubt a hacker would put tons of time into developing a quality map just to deliver a virus, thus it'd either be something made swiftly or an alteration of someone elses map (which atm is already illegal here anyway - of course there's other ways to get around this, like jacking a map already in production).

Also note that the way the thing works (from what I've heard) is that it runs when the map runs causing you to download the virus from some other location, thus anything uploaded here is technically virus free - if someone opens up the map to look at the code then they'd most likely notice something odd if they know what they're doing.

So really, the danger atm is protected, new maps by untrusted users
Perhaps the site should advise against downloading unapproved maps

 

[Dr Super Good]

Come to think of it, a script to detect when the bug is used would not be too difficult. The problem is it would put additional load on the server everytime a map is uploaded.

 

[Vercas]

Well note that viruses like that are most likely going to show up in new maps made by inexperienced mappers, old maps are safe - I doubt a hacker would put tons of time into developing a quality map just to deliver a virus, thus it'd either be something made swiftly or an alteration of someone elses map (which atm is already illegal here anyway - of course there's other ways to get around this, like jacking a map already in production).

Also note that the way the thing works (from what I've heard) is that it runs when the map runs causing you to download the virus from some other location, thus anything uploaded here is technically virus free - if someone opens up the map to look at the code then they'd most likely notice something odd if they know what they're doing.

So really, the danger atm is protected, new maps by untrusted users
Perhaps the site should advise against downloading unapproved maps

What about protected or optimized maps?

 

[Dr Super Good]

Vercas wheres the problem with them? Afterall, you can still extract them with any half decent .mpq file editor.

You just need an automated script picking up the signature of the preload bug.

 

[Vercas]

Vercas wheres the problem with them? Afterall, you can still extract them with any half decent .mpq file editor.

You just need an automated script picking up the signature of the preload bug.

Not when the MPQ is damaged intentionally to reduce the file size or just to protect the map!
Now optimization is a pretext for viruses.

 

[Dr Super Good]

Vercas, if that is the case I would not be concerned of any virus cause WC3 would be unable to open the map so nothing within it can run...

How can WC3 play maps? Well it has to load them... How does WC3 play "protected" maps? Well it has to load them...

If Warcraft 3 can run a map, anyone can read the map data. Thus why protected maps are not protected...

An automated script would not tell the difference between a damaged map and a non damaged map.

 

[Vercas]

Vercas, if that is the case I would not be concerned of any virus cause WC3 would be unable to open the map so nothing within it can run...

How can WC3 play maps? Well it has to load them... How does WC3 play "protected" maps? Well it has to load them...

If Warcraft 3 can run a map, anyone can read the map data. Thus why protected maps are not protected...

An automated script would not tell the difference between a damaged map and a non damaged map.

Maps are MPQ archives but the process of "loading" a map and, generally, opening does not require as much information as "browsing" it, so plenty of it's information can be removed, making the map unbrowsable but STILL OPENABLE.

 

[Kwaliti]

If Warcraft 3 can read data from it, a script can mimic the actions and read it perfectly well. It's only the editor data you remove when optimizing. If you really protected your map, then not even Warcraft 3 could be able to open it.

 

[Vercas]

If Warcraft 3 can read data from it, a script can mimic the actions and read it perfectly well. It's only the editor data you remove when optimizing. If you really protected your map, then not even Warcraft 3 could be able to open it.

I was talking about MPQ damaging, not editor files removal.

 

[Kwaliti]

Regardless, you can still open it.

 

[Dr Super Good]

If WC3 can still read the trigger data to start the map, so can proper MPQ file editors.

I am aware that damage to the one table inside the MPQ and the mpq version will crash some interfaces but that is cause their makers did not program robustly.
MPQ files work via hashing strings rather than names, so as long as you know what file you are after, you can extract it.

 

[Vercas]

Regardless, you can still open it.

I couldn't manage to.

 

[Kwaliti]

Then you're going in the wrong direction. DSG pointed out how the system works above your post.

 

[Vercas]

Then you're going in the wrong direction. DSG pointed out how the system works above your post.

Okay. I suppose no one wants this so close it.

 

[Cihparg]

They wont close the maps quick you know.
It would take time.

Tho, whenever the new Hive is coming up, there's probably going to be more secure resource section, and a lot less spammy. Also I wish that they'll use a keyword system to shrink the value of Copies and Double-Posts.

Well, whatever it's going to be, it'll take time, no matter what danger is within at the time.

I'd like to say a little reminder to all:
1. Do not download maps from unknown sites, nor download randomly from Battle.net or Garena.
Download your maps from places you trust.

2. If the host of the map doesn't seem like it wouldn't be OK, do -not- download/join it.

3. Whenever you can, always host your own maps from your secure selection of maps.

 

[Dr Super Good]

Closure of the map section would be detrimental to this site non the less. The most practicle solution, as mentioned eariler, would be a once off run script every time a map is uploaded/updated that analyses the script for signs of bug abuse.

The bug has a very clear signature due to its compiler tricking nature. However due to the program language aspects of JASS it is very easy to trick just by using generators.

Maps which contain the Preload statment anywhere in their script could flag up as potentially dangerous. This will allow people to easilly tell garunteed safe maps as the bug requires the preload native be called (only that bug though, other unpublished sucerity issues will always be a problem).
A second hyristic detection could be used to try and find definite bug using maps and thus high risk maps. This looks for string patterns involved with bug abuse, keywords of the scripting language involved and words for the common startup run folders in your bootdrive and other common destinations of dangerous software.

The first preload detector is probably the easiest to do and should not take too long to run through every map (depending on script size). It also is probably the easiest to do from the administration point of view as you are basically looking for lines that first non space characters are "call Preload".
The second better detector would take a lot of work as it would need to detect multiple parts involved in the bug to be reliable. This is not a viable solution unless trojen maps become a real threat as by the time a soltuion is devised, it will probably be obsolete (if blizzard patches).

Thus my plan of action would be to add a warning near the download button of maps warning of this bug and the potential dangers it brings.
If by February no patch has fixed this problem (looking likly that it will never be fixed), then a Preload warner should be added.
If there is a major outbreak of trojen maps and blizzard is not responding (as they will likly patch then), then a hyrisitic analyser should be developed.