a reminder to everyone please do a virus check and tell everyone if you wad is safe to download

[Paulkdragon]

there are a ton of Doom wads out there but sometimes a virus or something can slip in so please do a virus check before uploadeding your wad and tell everyone if its safe to download

 

and to those people downloading the wads run a URL virus scan to see if the file has a virus in it or not 

 

you can't be to careless these days 

[Shepardus]

Not that you shouldn't be vigilant, but if you somehow get a virus from a WAD or let one "slip in" to one of your creations, you're doing something very wrong.

[Doom-X-Machina]

Thankfully my work is uploaded to ModDB which has it's own virus and malware scanning tools that block uploads going live if anything malicious is found. Additionally, it's the ONLY place I've "officially" uploaded it and included that in the write-up that if it's found or obtained anywhere else, it's not my upload and could be potentially tampered with.

[RataUnderground]

Am I the only one to whom this seems an extremely unlikely case?
Wads with viruses? They're not even executable binaries.

[RHhe82]

7 minutes ago, RataUnderground said:

Am I the only one to whom this seems an extremely unlikely case?
Wads with viruses? They're not even executable binaries.

 

No, you're not. I can't figure out just how a WAD could be infected without malicious intent, for example. masquerading an executable binary as a wad file – and even then one would have to use the wad file in a manner we don't normally use them (with a launcher, -file parameter, etc.)

 

But then, I'm no expert, and I'd be interested to hear if and how such a thing has transpired.

[Milkeno]

9 minutes ago, RHhe82 said:

 

No, you're not. I can't figure out just how a WAD could be infected without malicious intent, for example. masquerading an executable binary as a wad file – and even then one would have to use the wad file in a manner we don't normally use them (with a launcher, -file parameter, etc.)

 

But then, I'm no expert, and I'd be interested to hear if and how such a thing has transpired.

I used a bat file in a doom wad's zip folder that was a keylogger that not only recorded my key presses but also spat out a file that I could use in most source ports that would replay my key-presses back, I've heard this kind of keylogging virus exists in the original quake. Those id guys were developing scary stuff, even scarier when you realize this has been happening since way back in the dos days. /j

[VeryRandomMan]

Shouldn't we do this with pk3s instead?

[bobstremglav]

I wonder are arbitrary code execution wads possible for modern source ports.

 

Also, did anybody made virus with vanilla ACE Engine?

[Stupid Bunny]

Did something happen to prompt you to make this PSA? Like it's fine if not, I'm just curious because, yeah, this really shouldn't be a risk most of the time, and if you got virused (or something you uploaded did without your knowledge) then you need to figure out why lol

[Gez]

Technically a wad with a virus is possible; I refer you to the research into arbitrary code execution done by @kgsws that culminated in the ACE Engine.

 

Of course that's extremely specific to one exe in particular, and given how many source ports out there are used, and how we can presume that most of them have closed off the vulnerabilities from vanilla that made such arbitrary code execution possible, it's quite unlikely that wads would be an effective vector for viruses.

[Redneckerz]

What a weird thread to post out of nowhere after the last posts were from July.

 

But ill join in: Reminder that its Righty Tighty, Lefty Loosy whenever you want to screw or unscrew something.

[ETTiNGRiNDER]

I mean, IIRC some of the old Terry WADs could do stuff like change your Skulltag player name to something insulting and otherwise mess with your settings, but also IIRC it was a Skulltag-specific vulnerability.  And a virus scanner probably wouldn't even pick up something like that.

[DevilMyEyes]

Doom lost

[printz]

There can be insecurity bugs in DEH parsers and all over the DOOM code. Just put some junk data in the WAD, and the app will crash or lock up trying to allocate too much. Now try and figure out maybe you can actually put a payload that works. Then yeah, you got the vulnerability.

[Jayextee]

I just checked and unfortunately every single .wad I've put out has a virus that replaces some of the stock DOOM/DOOM II maps with shit I've made. Whoops.

[Amaruq Wulfe]

What prompted this thread though? Did you find an infected one? Did you yourself did something? Feels rather random.

[valkiriforce]

To this day I still laugh about a comment I got in the thread for Reverie which read, "Guys! due not download this bad file, it is a virus disguized as a virus"

[rita remton]

5 hours ago, RataUnderground said:

Am I the only one to whom this seems an extremely unlikely case?
Wads with viruses? They're not even executable binaries.

i agree. to be fair, microsoft word ".doc"/ ".docx" files and such are not ".exe", yet they could contain viruses. i do hope ".wad", ".pk3" or zipped wads do not contain viruses and the hosted zip files do not get "injected" (added ".exe" files and then re-zipped) by bad people. especially standalone releases. but then again, most [pc]s have anti-virus software for protection against such threats imo. please do correct me if i'm wrong though. tq.

[giwake]

.doc files that contain viruses usually use stuff like word macros and visual basic to infect, modify or create new files on the hard drive. (e.g. modifying windows' autoexec file to wipe your C:\ drive.) as far as i can tell gzdoom doesn't really have that kind of capability. plus, most of these "viruses" aren't as common anymore because word usually detects them.

[vanilla_d00m]

I get most of my .wad (megawads) from doomworld.com, the ID database thing.  I never checked.. I trust the site for hosting the files.

[MFG38]

3 hours ago, rita remton said:

to be fair, microsoft word ".doc"/ ".docx" files and such are not ".exe", yet they could contain viruses.

 

Fun fact: .doc(x) files are essentially just renamed .zip's.

 

Now I'm not a file extension expert, but I'm inclined to believe that has something to do with how malware can be injected into them.

[Milkeno]

37 minutes ago, MFG38 said:

Fun fact: .doc(x) files are essentially just renamed .zip's.

Same with pk3's  ;)

[MFG38]

3 minutes ago, Milkeno said:

Same with pk3's  ;)

 

That much is true.

[Chookum]

5 hours ago, MFG38 said:

 

Fun fact: .doc(x) files are essentially just renamed .zip's.

 

Now I'm not a file extension expert, but I'm inclined to believe that has something to do with how malware can be injected into them.

Huh, reminds me of the containerisation of the maligned .webp format, where people were putting all sorts of horrible things inside the container with the image. It is possible to embed secondary images into them, and other nasty things as well. A lot of "Discord Viruses" work this way.

[prfunky]

Ah! Found them:

Doom Virus

 

heh; Word

Spoiler

 

 

[Sneezy McGlassFace]

Wait, your wads don't include chrome extensions and fortnite skin swappers? 

[Paulkdragon]

1 hour ago, Sneezy McGlassFace said:

Wait, your wads don't include chrome extensions and fortnite skin swappers? 

No i don't make Wads i play them

[Martin Howe]

Don't forget that advanced engines like GZDoom have to include limits on console commands from within scripts, to prevent real exploits such as an ACS script writing to the host machine's filesystem. So it is possible. The real risk, however, is somebody making a virus .exe file and renaming it to have a .wad extension or something like virus.wad.exe

 

(Windows hides some filename extensions by default).

[Grazza]

32 minutes ago, Martin Howe said:

(Windows hides some filename extensions by default).

One example of why it is essential to disable this appalling "feature" ("Hide extensions for known file types"). It's among the first things I do when getting a new computer or O/S.

[kgsws]

On 8/25/2024 at 1:04 PM, Gez said:

we can presume that most of them have closed off the vulnerabilities from vanilla that made such arbitrary code execution possible

In fact, they did not. At least not every bug present in vanilla.

Yes. Bugs that lead to code execution in vanilla are still present in some modern source ports.

 

On 8/25/2024 at 1:04 PM, Gez said:

Of course that's extremely specific to one exe in particular

That is true. It would be difficult, or maybe even impossible, to create a single WAD with code execution for multiple source ports.

And if you account for different version of each source port, it is even less likely.