It occured to me just now...

Not really sure if this or the tech forum is the place for this, but this occured to me while reading the thread regarding an "ignore" feature, and while reading the tech help thread, about some people needing to disable firewall software to get in. I almost posted this as a reply to Cambridge's Ignore thread, but didn't want to derail it, so here's my thoughts

Any online environment, as has already been stated, will eventually be inhabited by one or more "griefers". The potential problem is exacerbated here, by the fact that you can write and implement scripts here, which has a HUGE potential for abuse, and even outright malicious behavior, once the "script kiddies" set gets hold of it. I think I touched on that the other night with one of the Linden's (Doug I think maybe...)

So, keeping that in mind, what kind of security is planning on being implemented within the game, to separate harmful scripts from the ones we actually use? For instance...what if someone implements something that can hack files on your comp like..recording keystrokes to ascertain your account password, inserted in a script for a vending machine? A script, to insert a packet sniffer in someone's comp after they enter your building, installed as something innocous as a doorbell? Is there something WE as users can do, if firewall-disabling is necessary to play, beyond any measures the Lindens plan to take?

I know nada about scripting, so I'm asking you experts out there, is this something to worry about? I'm sure EVERYONE would want this sort of thing nipped in the bud before it ever actually became a real issue, so I think this would be a really useful issue to discuss.

Please move this to the appropriate forum if it's not in the best place for it. )

I'm also worried that the whole time I'm logged into SL, that while my firewall is disabled, some a-hole is trying to access my computer with no way to block it. So far I have two virus, trojan, worm, etc programs that I run weekly and I'm thinking of getting another. Thankfully about all anyone would find by snooping on my computer would be my pitifully low Dungeon Seige scores, but I am worried they could use me to spread to others.

Just one more think to worry about......oh well

Hmmm I see your point. The closest thing I have made was a script to run trhough "some" channels to "unlock" game doors. I just run it... and click... door has been unlocked.... but as packet sniffers.... it's an inhouse code. So the Lindens will watch what they put in. But very good point. I think we should hear from a Linden on this.

To Tracy... get a router! It's a firewall but hardware instead of software... My setup goes Modem -> Router(blocks what every I want it to) -> hub -> computer. It works very well!

I think the scripting language is fairly tight and pretty "sandboxed", such that a script can only do things in the SL simulator, so I'm not to worried about malicious scripts doing things to my computer or connection.

What I am worried about is scripts that do malicious things in linden world. The potential for this seems huge and scary. Consider something like a self-replicating annoy-bot, or something that followed you around an purposley flashed textures and sounds to kill your connection.

Even a simple thing that ran around creating walls out of 10x10x1 blocks could be really annyoing.

In the brief time I've been in this beta, I've come to really like Second Life, and it makes me sad that griefers could ruin it.

So, I wonder
a) What the Lindens think of this and what steps they taking to prevent this kind of behaviour?

b) During the beta, do they want some of us to think/act like griefers to work out some of these problems now?

As far as choice B goes, Wednesday, my opinion is an ounce of prevention is worth a pound of cure. WE might all be nice people who just want to build/test stuff. You have to accept that a certain percentage of people once this goes gold, won't be. The griefers WILL come, and like any other bully, once they figure out they can't bother you, will go away, to be replaced by a smarter, fresher set.

Luckily, this usually is a small percentage of the population. I think the Lindens *should* have people tryint to replicate annoying scripts, to find ways to shut them down. I'd, were it me, even hire a few hackers to TRY and get a script to mess up/hack a user comp. (the Lindens could run a player char/old comp specifically for this purpose, so no tester has to be subjected to it). It's an OLD adage that you set a thief to catch a thief. Look how many companies use actual convicts/hackers to test their security systems, even in the gaming world? I know for fact Verant/SOE took people that had been banned from EverQuest for hacking accounts, and HIRED them, to hackproof their login systems/servers.

Anyways, that's just my two cents.

Yes you are right for thinking your system can be "used" as a tunnel or bot to attack others if certain exploits are available. Visit www.grc.com he has great article on these issues and has links to other sites on these issues. The most common way people's systems are unknowingly used as a drone to attack others is with DDOS attacks. Thats how part of the net had big issues a while back. There are artciles on his page disscussing that. The biggest internet threat is the fact that the general public is very security nieve. No insult at all intended to anyone, just read the articles, they are quite disturbing.

I recommend personnally(and I know I could be missing some I don't know about yet) Norton antivirus, SPF (small personnal firewall), Ad-aware, Pest Patrol, Tauscan, The Cleaner, And SpyBot search and Destroy.

Also get all windows update when it comes to the critical updates, and if you use IE of any kind update those also.

If there are other scanners out there that are either better or do more than these PLEASE post them here. Cus I'm quite sure that our systems if left wide open or even slightly open could ultimately be used to DDOS Linden Labs.

I would really hate to see that happen.

Yah - they are gonna be a problem. So I have been trying to figure out how to be a greifer so I cna figure out how to defeat griefers (as everyone who was teleported from my lab last night knows). From the inherent limits of the scripting language, I think that LL is really working on this prob. Several months ago I tried to script a bot that would forcibly attach itself to you until you gave it money. I told a linden about my planned attack, and the next version, objects needed to gain perrmission to attach. So it looked to me like they want to get rid of that kinda thing.

So - if you find something that could be used to grief, let a Linden know!

BBC

I have a cag.. that Nada made... it locks the AV in it.... but you can always tele out

I made a cage also. I love caging people. Easiest way to get out is to select another place on the ground to sit. Hehe.

The scripting system doesn't actually interact with the viewer directly: it's uploaded to the simulators, and is run there inside of a sandbox.

In short: you're not in danger of a griefer writing a script that installs a keyboard sniffer onto your computer outside of Secondlife.

Firewalls don't help very much in Reallife anyway; most Windows computers get broken into by email viruses, which go right through personal firewalls. If you keep your operating system patched (Windows update makes this pretty easy to do), then you should be okay.

BuhBuhCuh has the right idea, though: if you figure out something clever and evil, let us know about it, and we can fix it.

I 3rd that idea, myself and one other person are trying to think of way to be real annoying with scripting, to discover and show scripting exploits. Maybe some of us that are trying (for the purposes of being an anti-griefer) to exploit the scripting language. should arrange times and meeting places to get together and share ideas, skills and tasks., to maybe expedite this process, not to mention with a crowd with common interest it would be easier to find someone to test it on that wont get offended, or overly surprised

Well, I can't help much with scripting yet, but holler at me next time I'm on, and I'll be happy to play guinea pig for whatever you guys can dish out. I work late nights on several weekend nights, so you won't see me on till Saturday (my day off), I'll be offline Friday and Sunday, and back on again Monday. Any night I'm not working is good for me if you need a test hamster

Oh, and while I'm thinking on the subject of annoying scripts...I don't know who it is, but SOMEONE near my house in Freelon has something or dropped something that squeaks/makes odd noises constantly, and it's driving me nuts, lol. Could whomever it belongs to make it squeak a liitle quieter or something before I go insane? =)

Those are the things that gave me the ideas I currently have for achieving the "most annoying script awards" joke really it is. lol unless a linden wants to run with this idea lol.

They did not originate from me, and although listed as creator Steller did not creat these to be obnoxious. She created a mouse for the xmas exchange and well the only mistake she may have made was to leave the mod permissions open. lol sorry Stell had to. But it isnt her fault that these annoying minature beasts are infecting the SL sims left and right. It is after all a good test for annoyance control tho (BETA)

I may have a few accidentially out there still. Mine are set so someone can delete them. But someone real nice in nature has set their variation to non deleteable.

If you find the ones that cant be deleted please tell a linden they can get ridd of them. Get the location ready before you contact a linden please so they arent trampling all over the place on a wild slime chase because you might say "There is this annoying thing in X sim aroung the ne side of the center of the sim just past tha gravel driveway then turn left."

They can't do anything with this lol.

One I see right away - is the "Von Neumann" machine. A self replicating - infinite loop device that would overwhelm a sim or more than one. Make a device that self res's copies of itself. Have it do real annoying stuff - spin - loud noises - blink - run around. every 10 seconds have it make 10 copies of it self and have them pop off in random directions 100 yards. Repeat for 100 generations. result - a gazzillion annoying lag monsters. Maybe We want to have a limit on how many objects of one type (would they all share the same UUID? ) that can exsist on SL at one time.

Charlie O, I would like to join your grief counseling group. Pick a where and when.

You want a fun script that breaks stuff?

Infinite prime calculator.

Script just sits there finding prime numbers. Have the object to which the script is attached announce each prime number as it's found. Don't bother to streamline; make the algorithm as inefficient as possible. (ab)Use arrays. Have fun.

First public computer I ever brought down was due to an infinite prime calculator, written rather poorly, and left on all night. (it also dumped a ton of output to a file and I believe I filled a disk too.) In my defense I was a college freshman and I wanted to "see how far it would go." :)

Oops.

At this point I feel compelled to provide a link to this:
http://members.surfeu.fi/kklaine/primebear.html

Rofl...ok Charlie, I'll scout around the area near my house when I can get on Saturday or late tonight, depending on how late I work, and try and pinpoint the squeak lol. If you're running past my house, see if you can't spot it too, if you have time?

LOL Wednesday

But on another note. I didn't really intend to have the suggstions posted in here I don't want to be the cause of a ton of people getting one idea on their own at one time and everyon at once running the same annoyance script and bringing down the whole SL network lol.

But I will for evesdropper avoidance issues. Will figure out how to get a message from everyone interested (like here even lol) then at a particular moment in world I will IM those intereseted with the time and place so as to not turn it into an openstudio for learning to be a griefer. lol

But I am not only thinking about finding script ideas that will bring down sims, but also scripts that are highly unruley against say the individual user or groups of users.

Maybe a Linden that has read this thread could pay attn to the replicating object post. as that one could be deadly to the network. and now that its out there maybe it should be the first one worked on to be countered against.

This would be the ultimate reason for SL to allow more then one group membership.....That would make this much easier....

There is my feature suggestion, but it has already been suggested so consider it a bump of sorts lol

I have a feeling that unless it was a very rich griefrer, they woulnd't drag down the sim. But all the objects could be annoying.

... the little stones...so many little stones...and that "CHOMP"

..nightmares

BBC

think of the scripts that could be placed in the replicated pieces......

Ever have your MP3 'explode' and start playing a screeching noise? Imagine that as an intentionally uploaded file. :\
Or worse, imagine something like country music samples
being uploaded. *shudder*