Question about the possibilities of a virus being included in the downloads of WADs and other such things

[dudewhatxoxo]

So im pretty new to the modding scene, and i have some questions. How high is the possibility of a virus being included in with WADs? 

I was going to download the Guncaster Gameplay mod, but i got suspicious because the download site was MediaFire, and then i got even more suspicious when the download was going to last 60 minutes. 

I ended up canceling the download because i didnt trust it and i want to know how often viruses and other malware are included within these downloads. Im just a bit scared of downloading stuff off of these websites, being new and all.

 

P.S. English is not my first language. Sorry for any typos

[MFG38]

Unless someone was dumb enough to deliberately package a virus with a mod, the chances of you getting one from downloading a WAD are extremely low. That said, I would advise caution when it comes to which sites you download WADs and mods from. MediaFire is generally one of the safer sites, as well as (obviously) /idgames. Rule of thumb: if a URL looks suspicious, don't download anything from there.

[smeghammer]

4 hours ago, dudewhatxoxo said:

So im pretty new to the modding scene, and i have some questions. How high is the possibility of a virus being included in with WADs? 

I was going to download the Guncaster Gameplay mod, but i got suspicious because the download site was MediaFire, and then i got even more suspicious when the download was going to last 60 minutes. 

I ended up canceling the download because i didnt trust it and i want to know how often viruses and other malware are included within these downloads. Im just a bit scared of downloading stuff off of these websites, being new and all.

 

P.S. English is not my first language. Sorry for any typos

 

Some mods are pretty big and will take some time to download if you have a slow connection. I would also suggest some sort of malware/av protection (e.g. Avast) to check all your downloads.

 

FYI I have never had any issues with anything downloaded from /IDGames or moddb etc.

[Major Arlene]

I've not heard of any cases of viruses being included, but absolutely keep an antimalware program if you can. if they're uploaded to /idgames or moddb they're very unlikely to have viruses.

[roadworx]

i'm not entirely sure how a wad file could contain a virus, but if the archive it comes in contains an executable file then i suggest scanning it just in case

[Edward850]

A virus requires executable code in some form and replication. Doom mods can't provide either*. There is less than zero concern here and isn't something you need to worry yourself with.

 

*Yes, some ports provide scripting and VM solutions, however these don't offer any kind of direct execution. They deliberately don't provide anything that could modify arbitrary external files and there's still no form of replication.

[seed]

On 2/10/2021 at 9:26 PM, MFG38 said:

MediaFire is generally one of the safer sites

 

Other way around, Mediafire is an aggressive dumpster filled with ads - adblockers nonwithstanding. Got redirected to other pages and had pop-ups there in the past, and it got infested with malware in the recent years. Run that shit with a script blocker.

 

If you want to upload stuff outside of /idgames or Moddb, use MEGA or Google Drive instead, they're much better alternatives.

[Ar_e_en]

5 minutes ago, seed said:

 

Other way around, Mediafire is an aggressive dumpster filled with ads - adblockers nonwithstanding. Got redirected to other pages and had pop-ups there in the past, and it got infested with malware in the recent years. Run that shit with a script blocker.

Mediafire may be trash, but I've honestly had a worse experience with Sourceforge. With Mediafire - at least the download button is recognizable, Sourceforge is so ugly in its design that I'm more likely to press some ad that takes me to a different website, despite the fact that I have an adblocker (I don't even know how that is possible, but it does somehow happen).

[Maes]

WELL... a handful of older mods (usually TCs) did come with bundled .EXE files in the zip -usually utilities such as DEUTEX/DEUSF to merge sprites and the such into the IWAD, a few came with pre-DeHackEd custom DOOM.EXE/DOOM2.EXE executables, and even in more recent times, some Doom mods are distributed with a bundled source port, ready-to-run (but usually not on idgames).

 

All of the above are indeed opportunities to bundle a Honest-To-God, oldschool computer virus into the .EXEs.... but I'm not aware of any notable cases.

 

Of course, the recently discovered possibility of random executable code injection through savegames does open a host of new possibilities....

Edited February 12, 2021 by Maes

[Gez]

I found that with Mediafire, if I first right-click the download button, it bypasses the ad script they have there and the left-clicking it to download stuff works without opening unwanted pages.

[seed]

1 hour ago, Gez said:

I found that with Mediafire, if I first right-click the download button, it bypasses the ad script they have there and the left-clicking it to download stuff works without opening unwanted pages.

 

So the ad script is still in place up to this date (went there over a year ago last time, not like I expected much changing since) ? Wow, okay, it can kiss my furry ass then... screw it...

 

I'm equally frustrated by websites which block the page completely if you use adblockers. Adblocker gets blocked? Sure thing website, but also, goodbye. Your ad revenue is less important than not infesting my PC with malware, thanks.

 

2 hours ago, Ar_e_en said:

Mediafire may be trash, but I've honestly had a worse experience with Sourceforge. With Mediafire - at least the download button is recognizable, Sourceforge is so ugly in its design that I'm more likely to press some ad that takes me to a different website, despite the fact that I have an adblocker (I don't even know how that is possible, but it does somehow happen).

 

Nah I know what you mean actually, I've seen a few sites like that which had extremely badly designed Download buttons and pages, stuff you'd expect from a fake website, not something legitimate, so I can totally see where you're coming from.

Edited February 12, 2021 by seed

[Maes]

29 minutes ago, seed said:

I'm equally frustrated by websites who block the page completely if you use adblockers. Adblocker gets blocked? Sure thing website, but also, goodbye. Your ad revenue is less important than not infesting my PC with malware, thanks.

 

 

At least those sites are being upfront about it -they are telling you "We run on ads or other crap, and it's MANDATORY to accept them". Even in those cases, you can usually F12 your way out of any obtrusive messages (through the developers' console, although a few sites have found ways to make its use frustrating). It's interesting how there's an ongoing arms race between ad delivery and ad-bypassing technology (that is, when the "ad blockers" themselves don't sell out and allow "few and safe" ads through...). Some sites still go for the good, old-fashioned right click-disabling JavaScript trick, which TBQH I'm surprised that modern web browsers don't disallow it yet. At least they removed the possibility of changing the text and/or functionality of JavaScript popup buttons and added the ability to dismiss them simply by using the ESC key, after they were abused to death by various scams/ransomware.

 

29 minutes ago, seed said:

Nah I know what you mean actually, I've seen a few sites like that which had extremely badly designed Download buttons and pages, stuff you'd expect from a fake website, not something legitimate, so I can totally see where you're coming from.

 

 

It would be interesting to see in exactly what kind of deals the webmasters of such pages have to get with the ad providers -there's no deny that they suffer a visual and functional downgrade to their site, and have little control over how the ads are displayed or how ambiguous they will be for the users (still going for the good old "Click here to download" super-visible trick button, I see)...I guess the same kind of deals that bind developers into bundling toolbars, bonzi buddi and other malware into their software.

[seed]

15 minutes ago, Maes said:

(that is, when the "ad blockers" themselves don't sell out and allow "few and safe" ads through...). Some sites still go for the good, old-fashioned right click-disabling JavaScript trick, which TBQH I'm surprised that modern web browsers don't disallow it yet. At least they removed the possibility of changing the text and/or functionality of JavaScript popup buttons and added the ability to dismiss them simply by using the ESC key, after they were abused to death by various scams/ransomware.

 

Yeah, about that... that's pretty much how I got rid of Adblock Plus years ago, after I learned it started whitelisting "safe ads" and pages. Switched to uBlock Origin and never looked back.

 

It seems tracking and ad prevention is intensifying though. I've been recently messing with browsers again after I got bored of how Chrome has started behaving, getting more sluggish, the sort of typical thing to expect from it. So I tried a few, specifically Brave and Firefox, and Brave seems to have a built-in adblocker and it also automatically promotes all connections to HTTPS, but the adblocker is not as good as other alternatives - I could see broken ads on mobile and empty spaces on PC. It was also way too catered to crypto miners, so... yeah.

 

Firefox seems to have really catched up now though, after Quantum. Last I used it in 2016 it was in a pretty dire situation, especially in terms of performance, not memory hungry but being ridiculously slow and way behind other important aspects. Seems to have gotten way better since, and on mobile it even supports addons now, and the important stuff, for me at least, such as UB, NoScript, Dark Reader etc, is there now. Finally browsing the web on mobile is no longer a pathetic, ad-infested experience.

 

But what surprises me most by far, is how some people still don't use adblockers at all. Maybe I've become spoiled but for me the internet has basically become unbearable without one nowadays, it's getting progressively worse. YT without one is insufferable nowadays... and that's just one of the many...

[PeterMoro]

Some wads are so bad that a virus might be preferable. 

 

[Maes]

10 minutes ago, PeterMoro said:

Some wads are so bad that a virus might be preferable. 

 

Then there are the various (Z)Doom-specific creepypastas about "killer PWADs" that do scary and weird shit to they player's PC (and not only). Kinda like the Sad Satan of Doom.

[GraphicBleeder]

I've been downloading and playing WADs for at least 12 years now and not once have I ever once encountered a virus in a WAD package.


But I guess if you really wanna be safe, if a URL or file looks/seems suspicious, don't download it until you know it's safe.

[printz]

Even if wads may be "harmless" data, they can be crafted in such a way to exploit source port vulnerabilities. I would watch out for malicious DEHACKED lumps.

 

Also, I wouldn't trust every port author to be mindful about their script boundaries.

[Roebloz]

I think I would be interested in seeing a WAD with a virus just to see how such a thing would be possible.

[Misty]

First of all, if wad with virus inside would be uploaded in idgames, it first would infect idgames maintainers computers as they check wads from any suspicious lumps, if you comply with upload rules and iwad stuff(even if it's funny to be rejected, because of poison sign in your level), then they would just reject it and scan their computers from any virus, idk if entire archive would be checked too. That's how I imagine things.

[Clippy]

I love to find random wads to play from all sorts of ppl on here, in the last year I have a huge folder of all the maps I ever downloaded from random doomworld ppl and my computer hasn't exploded yet

[Maes]

A "WAD with a virus" would have to be highly OS specific, for one, and in order for the virus to be executed there would need some mechanism that allowed for arbitrary code execution (ACE) from within WAD lumps. There's a way to get ACE in vanilla DOOM, as linked before, but that one relies on savegames, at least for kickstarting the ACE process. So in order to catch an actual virus from THAT one, you'd need to 1) Run on pure DOS (or Win9x, I guess) and 2) Somehow coax or trick the user into loading your WAD and the triggering hacked savegame.

 

For other source ports, different exploits would need to be crafted, and of course for different OSes, different viral payloads (though we all are thinking good old Win32 here...so just one to catch them -almost- all).

 

But AFAIK, the worst that you can download today from idgames/ or other Doom-related websites is either a Terrywad with really abusive/disruptive scripts or a "ZIP bomb" in the form of a malformed ZIP file that e.g. expands from 50kb to several GBs.

 

I'm sure if you dig deep enough you might find some oldschool ZIP packs with actual Doom-related .EXEs (utilities, modified Doom.exes or source ports) carrying actual viruses, but shame on you if you really execute those without some checking first.

[mrthejoshmon]

.Wad files are fine, items in .zip will require inspection beforehand however (never, ever, unzip a file without looking inside first, there could literally anything in there).

 

I'm unsure of .pk3 files, aren't they basically just .zip files?

[seed]

24 minutes ago, mrthejoshmon said:

I'm unsure of .pk3 files, aren't they basically just .zip files?

 

To my knowledge, yes, that is essentially what pk3 archives are, it's just a different extension for zips, originally introduced in Quake 3.

[Yumheart]

On 2/10/2021 at 8:13 PM, dudewhatxoxo said:

i got suspicious because the download site was MediaFire

Mediafire sadly is pretty common for wads. Even though the site sucks, I never got any actual viruses from it. I'd say don't worry, unless it's really suspicious looking.

[Andromeda]

On 2/12/2021 at 12:49 PM, seed said:

and on mobile it even supports addons now, and the important stuff, for me at least, such as UB, NoScript, Dark Reader etc, is there now. Finally browsing the web on mobile is no longer a pathetic, ad-infested experience.

Wow, how did I not know this? I avoid web browsing on mobile like the plague due to the ads, thank you so much for this info!

[seed]

3 hours ago, Andromeda said:

Wow, how did I not know this? I avoid web browsing on mobile like the plague due to the ads, thank you so much for this info!

 

BTW "Edgium" (read: Chromium Edge, just the way I like to call it) might support addons on mobile too in the future, this was suggested to the maintainers last year.

 

Considering one of the built-in apps is AdBlock Plus, it might indeed happen, but knowing Microsoft, it might take a few centuries before that. I actually like Edgium on mobile the most now, the interface alone makes it feel like it's five years ahead of its competitors at the very least. And it's fast, and has quite a few more privacy enhancements over Chrome, similar to Firefox in this regard.

[Maes]

TBQH I thought that mobile browsers were made "naturally more robust" to ads -after all, you don't have much CPU horsepower and/or bandwidth to waste on mobile.

[seed]

58 minutes ago, Maes said:

TBQH I thought that mobile browsers were made "naturally more robust" to ads -after all, you don't have much CPU horsepower and/or bandwidth to waste on mobile.

 

Perhaps, but it seems the tide is definitely seeing a turn.

 

Clearly developers themselves are also tired of the rubbish mobile experience, and are making some changes to rectify that.

[xX_Lol6_Xx]

Always try to download wads from sites you know that are safe. If a site has a stupid or suspicious name like "downloadthisithasnovirus.net" or something like that, stay away from them. I think the only games I have downloaded from mediafire are @Roebloz's 32x ROM hacks, A game from a buddy, and a couple of mods, luckily, no virus had been interested in my potato PC. I usually download stuff whether from here or moddb.

[Roebloz]

6 hours ago, Lol 6 said:

Always try to download wads from sites you know that are safe. If a site has a stupid or suspicious name like "downloadthisithasnovirus.net" or something like that, stay away from them. I think the only games I have downloaded from mediafire are @Roebloz's 32x ROM hacks, A game from a buddy, and a couple of mods, luckily, no virus had been interested in my potato PC. I usually download stuff whether from here or moddb.

I cannot (yet) include viruses in Doom 32x ROM Hacks im afraid. And even if I could, I would just put a virus that turns the game into Sonic 1 or something.