Show the whole ancestry tree of each script instead of just saying “Parent: Folder” maybe instead like, “Parent: workspace.NotAVirus.Folder”, this may help us find an easy path to it.
A UI overhaul, from the looks of your UI there’s a limit on how much stuff can be found as the size of the ScrollingFrame is absolute instead of reactive. The ScrollingFrame’s size should be dependent on if every GuiObject inside of it fits.
Automatically put scripts that call require() and getfenv() on the quarentine list, but if they’re allowed scripts never call on them again. I saw one antivirus that quarentined every script that called require but not getfenv, which can be used to call require in multiple ways without being detected.
If the script it’s currently sifting through has been searched already at a different time, let’s say last time you accessed studio, it will not quarantine it again as you have already told it that the script was fine.
Do NOT have a whitelist key. I see you have a value called DoggetyOn and this is bad. If this opensourced and anyone can see this they can just name their scripts that and it will never be found.
Also do note that when on studio you’re allowed to access Script.Source…
If you want to compete with other antivirus’s offer more than they do.
Thank you for taking the time to respond. A few features you may have missed while reading my post.
Right Mouse button automatically directs you to the script in explorer
V1.0.3 reads scripts line by line and searches for require() currently. This currently uses Script.Source
In the next update I will look into getfenv() and the whitelist key that you brought up.
Thank you again for expressing your ideas. If you would like to follow patch notes. I update the main post under the “Updates” label at the bottom of the page.
this list should be expanded to every single accessible service in studio, I’ve personally seen a lot of viruses hiding in NonReplicatedCSGService, I really do not remember the name, but it was something along the lines of that.
Well… It sort of is an anti-virus, it detects malicious scripts and you give the ok do destroy them. Lots of malicious scripts have the bad code hidden in the script and you might miss it.
Thanks to everyone who has supported the plugin. I just released an update that will now check more cases. IF you would like more information look under the “Updates” tab on the main post.
I appreciate everyone for expressing their concerns with the plugin and will continue to add more as time goes on.
checking script names is a pretty bad technique these days since virus makers can just change the name to something not in your library, maybe look for obfuscated code by searching for one line scripts?
With the release of version 1.0.3 I added a method that not only checks against the name of the script. But reads the script line by line to search for backdoors. Scrips that use require() passed with an assetId or getfenv() will now be detected. I with 1.0.4 I added scripts that are children of RotateG to the watch list as well.
The quarantine function will remove the scripts that are found under the red box on the right side. That way the user can choose what scripts they want removed.
I mentioned the UI thing beforehand, but thought I’d touch up on it and be more specific.
Size of ScrollingFrames Relative to the amount of children inside of them
This could be preferred over a fixed size for bigger games. You can do this by detecting the Position and Size of all of the children, if the child’s position (and/or size is getting out of the UI) then change the parent’s scrolling limit to be the child’s y position plus it’s y size.
Panic button
Let’s say for some reason a free model you added and you thought it was safe because it doesn’t use require() or getfenv() but it was still dangerous because you didn’t check it prior to letting it through the system. You should be able to quarantine all scripts found in the game to find that one specific (or even possibly find even more dangerous scripts) and delete it. Another way to put this is to remove the currently stored scripts that have been whitelisted by the developer and initiate a check immediately when said Panic button is clicked.
More checking locations
NonReplicatedCSGDictionaryService (and CSGDictionaryService), this isn’t commonly used but it’s better to be safe than sorry.
ABTestService
RuntimeScriptService, perhaps, I do not know if you can add children to this but it has functions, events, and properties inherited from the Instance class.
Thank you for your response. I have been planning on doing a UI overhaul. But am also caught up in another project at the moment. Next update I will look into beautifying the plugin.
Thank you for your incredibly detailed response. With the next update I will have reworked the entire UI. Currently each element is created and placed through script so I can most likely drop this method and create a beautiful UI to go along with the plugin (And also fix the scrolling frames).
I do not completely understand the use of the panic button you suggested. If all scripts in the game are quarantined how would the user find out which one is causing issues?
The reason scripts that are disabled show up in another window. Is so users can disable their own scripts and catch any unwanted scripts in their game.
I will also look into the checking locations you suggested. Thank you again for your response.
You might want to update or read above. The release of 1.0.4 involves using getfenv in its search. Re-read through the module script labeled “Doggity” lines 13-15 and 100-111 for this feature.