Careful..Mods can be backdoored

Go to http://acmectf.com for more info and file downloads!

[virus.357]

Does the Acme q4 server require any mods other than instagib? If so, I probably don't need the security risk.

I wouldn't recommend installing a Quake 4 mod unless it was very well known, or open-source. The reason is that a4 mod authors have the ability to backdoor your system.

An unethical Quake 4 mod author can write a mod as bad as any Trojan horse or virus. Quake 4 Mods can attach to running processes on your system, scan the contents of ALL files on your hard drive (not just in the quake folder), take screen captures of your PC, read open window contents (potentially passowrds, credit card numbers, etc.).

There is no way to block the mod from sending info from your system back to the author. The reason is that such mods act like rootkits by communicating using the same TCP/IP channel that quake is using. So if you are allowing Q4 to run, then the mod data is also piped through the Q4 port that you have opened.

To give one example, here the following shows what an ETHICAL anti-cheat tool can do with your system:
http://www.rootkit.com/newsread_print.php?newsid=371

Keep in mind that Blizzard is an ethcial company, and their software is very careful to protect your privacy. I am highly in favor of professional anti-cheat products like this one. But you can see how much info a game plug-in can gather.

Unfortunately, some mods collect a lot more data than this. Now, imagine an unethical mod writer who is just out to collect Paypal addresses. He won't be bound by the ethics by which Blizzard and other companies have to abide.

I'm sure the mods WORM use are fine. But it's really about trusting the mod author. Unless it's open source, you are putting the trust (and potentially complete control) of your entire system up to the author of the mod.

If you are playing from a gaming console and you don't really care if your system is compromised, fine. Go ahead and play. You are not at great risk (other than potential sniffing attacks on your LAN). But for those of us who play from work or from an important home system, beware.

I for one won't be playing on ACME's q4 server until there is a way to verify the security of the mods used. I hope server admins will be careful, and that they will insist on as much trasparency for the end-user as possible.

[WORM]

This is true of any mod and/or any game, not just Q4.

We are currently running three Quake4 servers, I didn't announce the last one started. They are:

Instagib on port 28004

Q4Max on port 28005

Arena CTF on port 28006 (the Arena CTF that came with the game and standard maps)

I trust the mods we are running now and haven't seen any unusual traffic or processes running.

This is all a moot point anyway because we will probably take the whole  box down after the first of the year. In case anyone hasn't noticed, Q4 multiplayer is on life support already....CTF anyway.

[greider]

The instagib mod it's running now is only modified script def files and such. Anyone who knows how to get to the def files can open them and view them.

[virus.357]

yeah it's going to take a while for the hardware in people's PCs to catch up to Quake4.

also I didn't even know the game was out until this month...there was not much fanfare. It takes time for the word to spread.

I think once some good maps come out things will pick up. It took years for some of the good q2 maps to come out.

Without Punkbuster support for q2 there is no way to keep ahead of the cheaters anymore. So evolution will force us all in to q4ctf eventually. It's probably the best CTF game around, after q2ctf.

[RidetheLag]

does q4ctf have grapple?

[WORM]

does q4ctf have grapple?

No..and that was just stupid to release it without one.

[EternalJinX]

i agree.  doesnt seem like many people playin but then again how many people can actually run it.  I run it but not pretty.  I need a new vid card on a brand new screemin fast machine.  I was not really impressed with the multiplay.  With as kool as the singlplay is they couldnt come up with a little bit more for the new mellinium.  I have been a long time very loyal quake fan since q1 and have just been totally adicted to q3 since the day it came out.  I was getting lil bored with q3 and was waiting for this game for a long time.  Connected to a server and was like wtf this runs like shit.  So what did I do?  Tweeked the config.  Now it looks like q3. So what the hell was the point.  It is as if i am playing q3 with shitty maps.  I am starting to get used to some of the maps but god wtf.  I wanted to be in awe when this game came out like i was when q3 came out going from q2 to q3.  They sold us the game now they want us to make it better errr dont make no sense.

I do like the arena ctf though reminds me of team arena for q3 w00t.
well maybe i just wont be happy till insta freeze comes out for q4.  Thats my fav mod for q3

[ekauq]

wait....i thought you LIKED being backdoored...