Paulkdragon Posted August 25 there are a ton of Doom wads out there but sometimes a virus or something can slip in so please do a virus check before uploadeding your wad and tell everyone if its safe to download and to those people downloading the wads run a URL virus scan to see if the file has a virus in it or not you can't be to careless these days 2 Share this post Link to post
Shepardus Posted August 25 Not that you shouldn't be vigilant, but if you somehow get a virus from a WAD or let one "slip in" to one of your creations, you're doing something very wrong. 41 Share this post Link to post
Doom-X-Machina Posted August 25 Thankfully my work is uploaded to ModDB which has it's own virus and malware scanning tools that block uploads going live if anything malicious is found. Additionally, it's the ONLY place I've "officially" uploaded it and included that in the write-up that if it's found or obtained anywhere else, it's not my upload and could be potentially tampered with. 1 Share this post Link to post
RataUnderground Posted August 25 Am I the only one to whom this seems an extremely unlikely case? Wads with viruses? They're not even executable binaries. 14 Share this post Link to post
RHhe82 Posted August 25 (edited) 7 minutes ago, RataUnderground said: Am I the only one to whom this seems an extremely unlikely case? Wads with viruses? They're not even executable binaries. No, you're not. I can't figure out just how a WAD could be infected without malicious intent, for example. masquerading an executable binary as a wad file – and even then one would have to use the wad file in a manner we don't normally use them (with a launcher, -file parameter, etc.) But then, I'm no expert, and I'd be interested to hear if and how such a thing has transpired. 1 Share this post Link to post
Milkeno Posted August 25 (edited) 9 minutes ago, RHhe82 said: No, you're not. I can't figure out just how a WAD could be infected without malicious intent, for example. masquerading an executable binary as a wad file – and even then one would have to use the wad file in a manner we don't normally use them (with a launcher, -file parameter, etc.) But then, I'm no expert, and I'd be interested to hear if and how such a thing has transpired. I used a bat file in a doom wad's zip folder that was a keylogger that not only recorded my key presses but also spat out a file that I could use in most source ports that would replay my key-presses back, I've heard this kind of keylogging virus exists in the original quake. Those id guys were developing scary stuff, even scarier when you realize this has been happening since way back in the dos days. /j 7 Share this post Link to post
VeryRandomMan Posted August 25 Shouldn't we do this with pk3s instead? 1 Share this post Link to post
bobstremglav Posted August 25 I wonder are arbitrary code execution wads possible for modern source ports. Also, did anybody made virus with vanilla ACE Engine? 2 Share this post Link to post
Stupid Bunny Posted August 25 Did something happen to prompt you to make this PSA? Like it's fine if not, I'm just curious because, yeah, this really shouldn't be a risk most of the time, and if you got virused (or something you uploaded did without your knowledge) then you need to figure out why lol 2 Share this post Link to post
Gez Posted August 25 Technically a wad with a virus is possible; I refer you to the research into arbitrary code execution done by @kgsws that culminated in the ACE Engine. Of course that's extremely specific to one exe in particular, and given how many source ports out there are used, and how we can presume that most of them have closed off the vulnerabilities from vanilla that made such arbitrary code execution possible, it's quite unlikely that wads would be an effective vector for viruses. 4 Share this post Link to post
Redneckerz Posted August 25 What a weird thread to post out of nowhere after the last posts were from July. But ill join in: Reminder that its Righty Tighty, Lefty Loosy whenever you want to screw or unscrew something. 3 Share this post Link to post
ETTiNGRiNDER Posted August 25 I mean, IIRC some of the old Terry WADs could do stuff like change your Skulltag player name to something insulting and otherwise mess with your settings, but also IIRC it was a Skulltag-specific vulnerability. And a virus scanner probably wouldn't even pick up something like that. 2 Share this post Link to post
printz Posted August 25 There can be insecurity bugs in DEH parsers and all over the DOOM code. Just put some junk data in the WAD, and the app will crash or lock up trying to allocate too much. Now try and figure out maybe you can actually put a payload that works. Then yeah, you got the vulnerability. 0 Share this post Link to post
Jayextee Posted August 25 I just checked and unfortunately every single .wad I've put out has a virus that replaces some of the stock DOOM/DOOM II maps with shit I've made. Whoops. 23 Share this post Link to post
Amaruq Wulfe Posted August 25 What prompted this thread though? Did you find an infected one? Did you yourself did something? Feels rather random. 0 Share this post Link to post
valkiriforce Posted August 25 To this day I still laugh about a comment I got in the thread for Reverie which read, "Guys! due not download this bad file, it is a virus disguized as a virus" 13 Share this post Link to post
rita remton Posted August 25 (edited) 5 hours ago, RataUnderground said: Am I the only one to whom this seems an extremely unlikely case? Wads with viruses? They're not even executable binaries. i agree. to be fair, microsoft word ".doc"/ ".docx" files and such are not ".exe", yet they could contain viruses. i do hope ".wad", ".pk3" or zipped wads do not contain viruses and the hosted zip files do not get "injected" (added ".exe" files and then re-zipped) by bad people. especially standalone releases. but then again, most [pc]s have anti-virus software for protection against such threats imo. please do correct me if i'm wrong though. tq. 0 Share this post Link to post
giwake Posted August 25 .doc files that contain viruses usually use stuff like word macros and visual basic to infect, modify or create new files on the hard drive. (e.g. modifying windows' autoexec file to wipe your C:\ drive.) as far as i can tell gzdoom doesn't really have that kind of capability. plus, most of these "viruses" aren't as common anymore because word usually detects them. 1 Share this post Link to post
vanilla_d00m Posted August 25 I get most of my .wad (megawads) from doomworld.com, the ID database thing. I never checked.. I trust the site for hosting the files. 0 Share this post Link to post
MFG38 Posted August 25 3 hours ago, rita remton said: to be fair, microsoft word ".doc"/ ".docx" files and such are not ".exe", yet they could contain viruses. Fun fact: .doc(x) files are essentially just renamed .zip's. Now I'm not a file extension expert, but I'm inclined to believe that has something to do with how malware can be injected into them. 1 Share this post Link to post
Milkeno Posted August 25 37 minutes ago, MFG38 said: Fun fact: .doc(x) files are essentially just renamed .zip's. Same with pk3's ;) 0 Share this post Link to post
MFG38 Posted August 25 3 minutes ago, Milkeno said: Same with pk3's ;) That much is true. 0 Share this post Link to post
Chookum Posted August 25 5 hours ago, MFG38 said: Fun fact: .doc(x) files are essentially just renamed .zip's. Now I'm not a file extension expert, but I'm inclined to believe that has something to do with how malware can be injected into them. Huh, reminds me of the containerisation of the maligned .webp format, where people were putting all sorts of horrible things inside the container with the image. It is possible to embed secondary images into them, and other nasty things as well. A lot of "Discord Viruses" work this way. 0 Share this post Link to post
Sneezy McGlassFace Posted August 26 Wait, your wads don't include chrome extensions and fortnite skin swappers? 0 Share this post Link to post
Paulkdragon Posted August 26 1 hour ago, Sneezy McGlassFace said: Wait, your wads don't include chrome extensions and fortnite skin swappers? No i don't make Wads i play them 0 Share this post Link to post
Martin Howe Posted August 26 Don't forget that advanced engines like GZDoom have to include limits on console commands from within scripts, to prevent real exploits such as an ACS script writing to the host machine's filesystem. So it is possible. The real risk, however, is somebody making a virus .exe file and renaming it to have a .wad extension or something like virus.wad.exe (Windows hides some filename extensions by default). 2 Share this post Link to post
Grazza Posted August 26 32 minutes ago, Martin Howe said: (Windows hides some filename extensions by default). One example of why it is essential to disable this appalling "feature" ("Hide extensions for known file types"). It's among the first things I do when getting a new computer or O/S. 7 Share this post Link to post
kgsws Posted August 31 (edited) On 8/25/2024 at 1:04 PM, Gez said: we can presume that most of them have closed off the vulnerabilities from vanilla that made such arbitrary code execution possible In fact, they did not. At least not every bug present in vanilla. Yes. Bugs that lead to code execution in vanilla are still present in some modern source ports. On 8/25/2024 at 1:04 PM, Gez said: Of course that's extremely specific to one exe in particular That is true. It would be difficult, or maybe even impossible, to create a single WAD with code execution for multiple source ports. And if you account for different version of each source port, it is even less likely. 1 Share this post Link to post