What is this about?
Some servers have a custom texture pack that asks you if you would like to download the texture pack for the server. How about the same thing with mods? Here is how I would think of it:
The Minecraft Server would generate a mods folder, just as it does with server.properties, banned-players.txt, etc.
Inside the folder you would have a mod.config file. Here is how it would look like:
mod.config file (No tabs because it didn't let me insert them D:<):
//Minecraft Mod Config File
//Enable Mods on your server?
mods=true|false
//Drag .zip mods into this folder, make sure it contains mod_folder.zip and jar.zip
//For mod names, type the name of the mod zip file
Mod_Names:
-MODNAME
-MODNAME
-MODNAME
-etc.
//Set this to true if you want to disconnect the user if he doesn't install the mod
disconnect_no=true|false
Server Administrators:
The server owner would drag the mod file into the mods folder/directory in his server folder/directory. The mod would automatically install and prompt players without the mod if they want to install it or not. If the user selects "Yes", the mod would be installed on his client. The servers.dat file (Or create another file) will store what mos to enable on what servers.
Mod Developers:
Mojang can either hook this mod up with Forge, Modloader, etc. or release it along with their new API! . Mod devs will have to create zips in their mod zips for extraction. If they want a mod to be extracted to their mods folder, they will name it mod_folder.zip and the contents will contain what should be extracted. Same will go for the jar, and they will have to name the file jar.zip.
Fighting Security Risks: Mojang can make a system disallowing .bat, .exe, and VBscript extensions. He can also lock several files from being used by the mod, such as last login, or only allow the bin, mod, and config folders. In the small event a mod will corrupt your .jar, it won't be such a big deal, and even less worse if you have backed up your jar. In addition to that, we can have a Mod reputation. Mods can be posted to the mods list (Just as Bukkit has a plugins list where you can upload plugins) (Mojang will most likely make one). Each mod added to the list would go through a virus, malware, spyware, etc. scan from Norton, or any other anti-virus provider. When a player leaves the server aftre his first time of downloading a mod, it would ask the user to rate the mod.
Is this mod safe? The user would have an option to select 'Yes", "No", or " I don't know". He/she would also rate the mod on its quality. Now, every user who is asked to download the mod would see the mod's ratings, and the mod rating would also be published on the mod list. If only 70% or lower said the mod was "Safe", it would display "This mod is not recommended because of its low trust rating". If only 50% or lower said the mod was "Safe", Mojang would not allow anyone to download the mod, rescan for viruses, malware, spyware, etc. and ask users on the Mod List to evaluate it. Uploading a minor threat on the mod list would fill his infraction bar to 1/4. A moderate threat would do 2/4. If the user uploads a serious risk, his infraction bar would reach its full. When a mod developer's infraction bar is full, he will not be able to upload any more mods.
Most likely Mojang won't hook this up to Forge, Modloader, etc.; so this is just an idea for their Modding API they are most likely working on.
Overall, this will make modded servers much more easier to use with the upcoming Modding API!
Here is a signature (It's almost 2AM at night here, I'll make it tommorow XD):
I am pretty sure you can unpatch your minecraft with MCpatcher so it removes everything and you start fresh if you got a viru---
Seriously? What the hell can a virus do while its trapped in a minecraft folder?
I'm not knowledgeable in viruses. Maybe it it can execute itself?
But I guess you're right, since it can only extract to the .minecraft folder.
Also, who needs MCPatcher for a free start? Just go to C:/Users/YourWindowsUsername/appdata/roaming. Then right click on .minecraft, delete. Your minecraft launcher will automatically download Minecraft.
Viruses would be a serious issue. It might be a bit better to have it automatically download from a site like BukkitDev, since that's at least somewhat safe.
Steal the last login file, therefore stealing the account.
I'm sure Mojang can make a system disallowing .bat, .exe, and VBscript extensions. He can also lock several files from being used by the mod, such as last login, or only allow the bin, mod, and config folders. In the small event a mod will corrupt your .jar, it won't be such a big deal, and even less worse if you have backed up your jar.
I thought this was already a planned feature of the Mod API...
They didn't give us much information about the Mod API. I was assuming the Minecraft launcher would allow you to install mods and then launch Minecraft with the mods.
A nice idea, but it would probably need to wait untill the plugin API.
That being said... how would you avoid security exploits? Mods can do ANYthing. Auto downloads seems a bad idea.
See thread #9 for how we can fight viruses, spyware, malware, etc. Anyways, in addition to that, we can have a Mod reputation. Mods can be posted to the mods list (Just as Bukkit has a plugins list where you can upload plugins) (Mojang will most likely make one). Each mod added to the list would go through a virus, malware, spyware, etc. scan from Norton, or any other anti-virus provider. When a player leaves the server aftre his first time of downloading a mod, it would ask the user to rate the mod.
Is this mod safe? The user would have an option to select 'Yes", "No", or " I don't know". He/she would also rate the mod on its quality. Now, every user who is asked to download the mod would see the mod's ratings, and the mod rating would also be published on the mod list. If only 70% or lower said the mod was "Safe", it would display "This mod is not recommended because of its low trust rating". If only 50% or lower said the mod was "Safe", Mojang would not allow anyone to download the mod, rescan for viruses, malware, spyware, etc. and ask users on the Mod List to evaluate it. Uploading a minor threat on the mod list would fill his infraction bar to 1/4. A moderate threat would do 2/4. If the user uploads a serious risk, his infraction bar would reach its full. When a mod developer's infraction bar is full, he will not be able to upload any more mods.
Some servers have a custom texture pack that asks you if you would like to download the texture pack for the server. How about the same thing with mods? Here is how I would think of it:
The Minecraft Server would generate a mods folder, just as it does with server.properties, banned-players.txt, etc.
Inside the folder you would have a mod.config file. Here is how it would look like:
mod.config file (No tabs because it didn't let me insert them D:<):
Server Administrators:
The server owner would drag the mod file into the mods folder/directory in his server folder/directory. The mod would automatically install and prompt players without the mod if they want to install it or not. If the user selects "Yes", the mod would be installed on his client. The servers.dat file (Or create another file) will store what mos to enable on what servers.
Mod Developers:
Mojang can either hook this mod up with Forge, Modloader, etc. or release it along with their new API!
Fighting Security Risks: Mojang can make a system disallowing .bat, .exe, and VBscript extensions. He can also lock several files from being used by the mod, such as last login, or only allow the bin, mod, and config folders. In the small event a mod will corrupt your .jar, it won't be such a big deal, and even less worse if you have backed up your jar. In addition to that, we can have a Mod reputation. Mods can be posted to the mods list (Just as Bukkit has a plugins list where you can upload plugins) (Mojang will most likely make one). Each mod added to the list would go through a virus, malware, spyware, etc. scan from Norton, or any other anti-virus provider. When a player leaves the server aftre his first time of downloading a mod, it would ask the user to rate the mod.
Is this mod safe? The user would have an option to select 'Yes", "No", or " I don't know". He/she would also rate the mod on its quality. Now, every user who is asked to download the mod would see the mod's ratings, and the mod rating would also be published on the mod list. If only 70% or lower said the mod was "Safe", it would display "This mod is not recommended because of its low trust rating". If only 50% or lower said the mod was "Safe", Mojang would not allow anyone to download the mod, rescan for viruses, malware, spyware, etc. and ask users on the Mod List to evaluate it. Uploading a minor threat on the mod list would fill his infraction bar to 1/4. A moderate threat would do 2/4. If the user uploads a serious risk, his infraction bar would reach its full. When a mod developer's infraction bar is full, he will not be able to upload any more mods.
------------------------------------------------------------------------------------------------------------------
Most likely Mojang won't hook this up to Forge, Modloader, etc.; so this is just an idea for their Modding API they are most likely working on.
Overall, this will make modded servers much more easier to use with the upcoming Modding API!
Here is a signature (It's almost 2AM at night here, I'll make it tommorow XD):
And mini..
Seriously? What the hell can a virus do while its trapped in a minecraft folder?
I'm not knowledgeable in viruses. Maybe it it can execute itself?
But I guess you're right, since it can only extract to the .minecraft folder.
Also, who needs MCPatcher for a free start? Just go to C:/Users/YourWindowsUsername/appdata/roaming. Then right click on .minecraft, delete. Your minecraft launcher will automatically download Minecraft.
insert malicious .exe
.exe gets executed by the mod
.exe uses zero-day exploit in some common service and acquires superuser status
computer is compromised
Steal the last login file, therefore stealing the account.
hi
I'm sure Mojang can make a system disallowing .bat, .exe, and VBscript extensions. He can also lock several files from being used by the mod, such as last login, or only allow the bin, mod, and config folders. In the small event a mod will corrupt your .jar, it won't be such a big deal, and even less worse if you have backed up your jar.
They didn't give us much information about the Mod API. I was assuming the Minecraft launcher would allow you to install mods and then launch Minecraft with the mods.
See thread #9 for how we can fight viruses, spyware, malware, etc. Anyways, in addition to that, we can have a Mod reputation. Mods can be posted to the mods list (Just as Bukkit has a plugins list where you can upload plugins) (Mojang will most likely make one). Each mod added to the list would go through a virus, malware, spyware, etc. scan from Norton, or any other anti-virus provider. When a player leaves the server aftre his first time of downloading a mod, it would ask the user to rate the mod.
Is this mod safe? The user would have an option to select 'Yes", "No", or " I don't know". He/she would also rate the mod on its quality. Now, every user who is asked to download the mod would see the mod's ratings, and the mod rating would also be published on the mod list. If only 70% or lower said the mod was "Safe", it would display "This mod is not recommended because of its low trust rating". If only 50% or lower said the mod was "Safe", Mojang would not allow anyone to download the mod, rescan for viruses, malware, spyware, etc. and ask users on the Mod List to evaluate it. Uploading a minor threat on the mod list would fill his infraction bar to 1/4. A moderate threat would do 2/4. If the user uploads a serious risk, his infraction bar would reach its full. When a mod developer's infraction bar is full, he will not be able to upload any more mods.
Adding this to the OP.