I use a free model chat, that is 100% free of viruses, I reuploaded the module with minor changes.
Will stuff like that break?
Lately I have been seeing “Script detected as malicious, will not run.” in my virus script testing place (dont ask, it’s for finding them and finding ways around the virus and getting myself better at removing them without deleting their main function), so i’m guessing it’s phase 1 of this?
This could be great if carried out well, but given the quality of Roblox moderation, I suspect that many innocent users will have their assets removed and their accounts terminated.
yeah, theres deffinantly going to be some mistakes. but its still better than having the toolbox full of viruses. maybe soon we’ll be able to look at it as a place for assets instead of a place for random stuff and viruses.
when the code is sus
Seriously though, this is great. I’ve always been curious as to why Roblox didn’t do this. My asusmption was that Roblox wanted devs to determine the security of their games for themselves, and creating an intelligence barrier before entry to development. Perhaps Roblox is scrubbing themselves of this rule as a way to combat Core Games and dominate as the Metaverse.
Which then they would resort to a emulator(FiOne) and httpservice.
Then suggesting to make an HttpService domain whitelist and ensure place teleportation is disabled.
They cannot be removed from games. what they are talking about is they might think that a model is malicious and remove it but in reality it is perfectly safe with no malicious intent
The Roblox team can start by simply doing the following:
disallow creating an item (model, plugin) with the same exact name as an existing item.
disallow creating an item with the same (or vastly similar) thumbnail to an existing item.
disallow users without sufficient reputation creating marketplace items (they do it for forum posts, so why not)
remove all marketplace items for people whose accounts have been banned. There are way too many plug-ins and models still out there where you go to the creator profile and it’s not a valid account anymore.
While I appreciate your point, there are several issues with it.
This would result in bots claiming every single possible name, and would be worse than it is currently. Verification could in theory fix this, but look at the number of bot users that get past it right now. You might even have to add numbers to your model! Also, how do you determine the current “real” model for items that have 1000s of identical names, and how do you process all those requests?
While this in theory would work, it poses the same issue of dealing with current items. Also, there’s not much that prevents the person from changing a few noticable pixels to mess up the “detection”. If you then “improve” the detection, you start to get a bunch of false positives.
This is actually already done with plugins & UGC, the issue is you can’t really automate this process easily, which is an issue for a platform the size of Roblox. Also, the DevFourm is not the best sign of “reputation” as anyone can get to a posting level easily.
While this works for most cases, there is the case of false positives still. What happens if a dev gets banned accidentally? Do they have to reupload everything now?
Yep, I see your point on the bot issue. But maybe there’s something where a known verified user like SLeitnick or CloneTrooper can “register” a name (kinda like trademarking it) so that after that point, only that person can use the name.
On the issue of removing items from banned users, it’s simple (well, simple in concept)… if a user is on temporary ban, make their items unavailable to add to your inventory but don’t remove or archive them, so you could still use them if they are already in your inventory. If the player is permanently banned, then you can remove/archive them.
This is a great idea, and works wonderfully in theory, but it requires a means of determining who gets verified. What makes a popular dev / artist / builder / ect? Also, you couldn’t automate it, which would require more workers & resources. I doubt Roblox would integrate something like this to the point where it would be used for filtering assets. However, it would still be a nice addition.
And this is my main point again. Sure, this works. However, there will always be a chance of false bans & players depending on content that a banned user had. I believe this is the main reason that you can’t delete assets - it has the potential to break other people’s stuff. What would work is a package manager approach to assets, where you request a specific version. Consequently, you get into the issue of storage and moving data around, and are back to the same issue as before.
If anything, there should be an integrated permissions system (which already exists) with the feature of disabling third party modules. Ideally, all APIs used by a third party should need to be approved, but that’s impossible to enforce.
The reality is while a lot of these ideas are great - and work in theory - there is no perfect “one size fits all” solution for a platform as diverse as Roblox.
instead of removing the asset why not remove the script within the asset, some of those assets that are going to be removed might be some high quality assets, but there just infected.
Does this mean the issue of people being auto-banned from inappropriate content immediately after inserting a model will be resolved? I don’t care about typical viruses (I can always clean those) but this right here is the reason I don’t use free models.
Additionally, show us the module ids that are getting required already!
Gimme Modules in my dev console, or something!
I’ve been almost a little sad that there hasn’t been something like a warn for when require(id) is used with the id. I guess it could be argued that that’d clutter up the output, but, maybe it could be its own devconsole section. Or, maybe its only controlled by a setting.
I wish I could see what’s happening without being afraid of using a piece of obfuscated code in my game, because, a simple Ctrl+Shift+F require will never find a require that’s well hidden enough for that.