[quake3] Re: Auto Downloads

monk at rq3.com monk at rq3.com
Wed Jul 25 13:25:38 EDT 2007


> ET is probably even worse as it's able to use shared libs contained in pk3
> files IIRC. Ie you don't have to exploit some buffer overflow or vm
> deficiency
> but can conveniently write malicious code in C and put it in a shared
> library.
> Games in general are not designed for security, it's advisable to run them
> as a
> user different from the one you do your daily work with.

It's just a different mindset.  How many gamers, millions of gamers, know
or care about different user account access?  How many just find it easier
to set everyone as admin/root so they don't have to deal with programs
whining that they can't install or update themselves with a new patch? 
Vista's UAC is only worsening the trend of training users to just click
through any warning messages and disregard them as annoyances to ignore.

I think only programmers and IT professionals care about proper security. 
You can do what you can to inform users and try to force them to decide if
they are dealing with a trusted source or not, but ultimately they are the
weakest, most horrible link in the whole chain of trust.



More information about the quake3 mailing list