PSA: Marketplace Asset Removals

Its great to see that everyones game that uses assets are going to be safe.

1 Like

I’m not expecting a detailed rundown of the process they’re going to use to prevent system gaming but just roughly how they intend to determine this.

Malicious code is nigh indistinguishable from regular code which brings up the issue of understanding whether or not Roblox’s plan of action is thorough and correctly catches bad actors or if safe modules may get caught in the crossfire. There’s not even any information if this is automated or not.

A secondary concern is that if moderation action is attached to the cleanup, then innocent developers could lose everything at an incorrect trigger pull.

11 Likes

This is showing the real Roblox moderation and how the moderation team is finally taking steps to ensure malicious code isn’t being added to games.

What it will prevent:

  • malicious code being implemented
  • backdoors, viruses being removed
  • prevent multiple assets from being stolen and reused because of a malicious code
  • etc.

I think we are seeing some major changes towards the marketplace and toolbox assets that we can use for new learners and those who just want to make a quick game out of toolboxes.

6 Likes

Was this in response to the recent callout about the plugin marketplace being swarmed with malicious code?

It would also be nice if a developer could manually blacklist require(id) using ServerScriptService or some other security setting.

12 Likes

Actually i still prefer to make everything by myself

5 Likes

Agree with the second point. Time to plug a feature request:

9 Likes

Private Module Removal accomplished nothing.

3 Likes

This is such a good move in the right direction! It will certainly make taking assets from the marketplace a bit safer now. Will this affect plugins tho?

3 Likes

That would be nice but unfortunately it will take a LONG AMOUNT of time in order to blacklist every backdoors, viruses, etc.

1 Like

I like this idea but would this any remove obfuscation? Currently I use this stuff for whitelist and also when selling my products through stuff like PodTech so people don’t leak code for my products?

2 Likes

I meant a blanket ban on the function.

require(123456789) --> ERROR: This experience has disabled Third Party modules
11 Likes

This is great news. Thank you so much!

2 Likes

This is what should have been done in the first place instead of banning innocent new players that add free models from the Roblox Platform into their game and getting their games deleted!

If you guys ever have an issue with something that has been uploaded to the Roblox Platform, take it down and deal with that user who uploaded it, not the people innocently using them!

5 Likes

Definitely something that is needed for the toolbox, although i don’t use the toolbox it’s good to know that other developers are/can be safe on the platform.

1 Like

I think they aren’t going to say what the check is, because people might start editing their malicious scripts to hide from the check.
As for what the suspicious scripts will be replaced with, the whole model will probably be turned into a single red truss piece (as per the usual for “[ Content Deleted ]” models).

2 Likes

Well done Roblox, you’ve finally solved one of the biggest issues on the platform.

2 Likes

I’m dumbfounded that Roblox had to remove the ability to load private modules for the sake of preventing backdoor effects like this. Yet, nothing changed, people are simply just making the modules public and still generating backdoors awhile ruining perfect projects in which other developers wanted to share amazing tools and was refused to from the removal of this private module feature.

I’m astonished that Roblox had yet provided a feature to just outright block requiring out-of-game modules and/or a whitelist/blacklist for HttpService.

4 Likes

The only thing I have to say about this is… At least Roblox is getting rid of bad models/scripts.

1 Like

I’m genuinely curious now.

Would it be possible to share the statistics regarding how many assets were detected and removed once this process is complete, if these exist? It’s obviously not necessary, but this leaves me very curious about the potential number of assets that have stacked up over time.

Glad to know the Marketplace is being freed up from a lot of these malicious assets!

5 Likes

This is shaky for me. The fact that the word “potentially” was used means there is undoubtedly going to be some false positives here which brings up the topic of detection method. Is this some sort of automated thing or is it just manual flagging that’s been sitting for a while and things are just now getting deleted? I cant imagine this would work against more sophisticated backdoors and malicious scripts that are obfuscated.

I don’t think this is as exciting of an update as people think it is because it can only target old and overused viruses without actually sandboxing the code and getting the output which seems out of the scope of Roblox’s detection vectors. Nice to see some of the lower level stuff getting taken down but the major issue of backdooring still isn’t solved. Even if I’m completely wrong here and major backdoors do get taken down they will 100% be back up within the week.

7 Likes