Hi everyone. Great game. I have one concern though, seems there are lots of pk3 downloads almost every time I connect to a server. I see some of those contain DLLs… Should I be worried about possible viruses?
Is it... safe? (Paranoya about pk3 files)
IneQuation
(IneQuation)
#3
I don’t think so. 
These dlls are game/cgame modules that are responsible for how the game plays and looks.
<EDIT>Nail’s been a minute faster. :P</EDIT>
SCDS_reyalP
(SCDS_reyalP)
#4
It is certainly possible to create a .pk3 with malicious content. This would have to be done by the server admin, a mod maker, or someone with direct access to the server. However, attempting to spread malware this way has a bit of risk, since there is a very good chance it would be traced back to your server. I’m not aware of any instances of this actually being done.
I would suggest running ET under a restricted account (which could contain the damage of a malicious mod), but if you are on windows, punkbuster requires you to run with full admin privileges.
Calzonzin
(Calzonzin)
#5
Technically, there are a couple requirements by PB… You need the right to debug apps, and one or two others, I cannot recall… So you could theoretically run PB-enabled and run a restricted account.
SCDS_reyalP
(SCDS_reyalP)
#6
From http://www.punksbusted.com/forums/index.php?showtopic=153
[ul]
[li] Debug Programs
[/li][li] Load and unload device drivers
[/li][li] Manage auditing and security log
[/li][li] Modify Firmware environment values
[/li][li] Profile Single Process
[/li][/ul]
If you can’t root a system with those, you aren’t trying.
Sauron_EFG
(Sauron|EFG)
#9
I’m paranoid, so I usually don’t download mods from servers (other than our own). 
It would be great if there was a cl_allowdownload value that only allowed download of pk3s without DLLs, or if it’s necessary to download it then simply disconnected and renamed the file instead of extracting the binaries.