I use a free model chat, that is 100% free of viruses, I reuploaded the module with minor changes.
Will stuff like that break?
Lately I have been seeing “Script detected as malicious, will not run.” in my virus script testing place (dont ask, it’s for finding them and finding ways around the virus and getting myself better at removing them without deleting their main function), so i’m guessing it’s phase 1 of this?
This could be great if carried out well, but given the quality of Roblox moderation, I suspect that many innocent users will have their assets removed and their accounts terminated.
this is really good! this is why i almost never used the toolbox, all kinds of viruses. i only took meshes and decals. this is a really good update!
yeah, theres deffinantly going to be some mistakes. but its still better than having the toolbox full of viruses. maybe soon we’ll be able to look at it as a place for assets instead of a place for random stuff and viruses.
when the code is sus 
Seriously though, this is great. I’ve always been curious as to why Roblox didn’t do this. My asusmption was that Roblox wanted devs to determine the security of their games for themselves, and creating an intelligence barrier before entry to development. Perhaps Roblox is scrubbing themselves of this rule as a way to combat Core Games and dominate as the Metaverse.
Wouldn’t making require() a toggle just like loadstring() fix the problem?
Which then they would resort to a emulator(FiOne) and httpservice.
Then suggesting to make an HttpService domain whitelist and ensure place teleportation is disabled.
They cannot be removed from games. what they are talking about is they might think that a model is malicious and remove it but in reality it is perfectly safe with no malicious intent
Not always require() most of the time it’s obfuscated. but thanks finally taking a major step against backdoors.
The Roblox team can start by simply doing the following:
While I appreciate your point, there are several issues with it.
This would result in bots claiming every single possible name, and would be worse than it is currently. Verification could in theory fix this, but look at the number of bot users that get past it right now. You might even have to add numbers to your model! Also, how do you determine the current “real” model for items that have 1000s of identical names, and how do you process all those requests?
While this in theory would work, it poses the same issue of dealing with current items. Also, there’s not much that prevents the person from changing a few noticable pixels to mess up the “detection”. If you then “improve” the detection, you start to get a bunch of false positives.
This is actually already done with plugins & UGC, the issue is you can’t really automate this process easily, which is an issue for a platform the size of Roblox. Also, the DevFourm is not the best sign of “reputation” as anyone can get to a posting level easily.
While this works for most cases, there is the case of false positives still. What happens if a dev gets banned accidentally? Do they have to reupload everything now?
Yep, I see your point on the bot issue. But maybe there’s something where a known verified user like SLeitnick or CloneTrooper can “register” a name (kinda like trademarking it) so that after that point, only that person can use the name.
On the issue of removing items from banned users, it’s simple (well, simple in concept)… if a user is on temporary ban, make their items unavailable to add to your inventory but don’t remove or archive them, so you could still use them if they are already in your inventory. If the player is permanently banned, then you can remove/archive them.
This is a great idea, and works wonderfully in theory, but it requires a means of determining who gets verified. What makes a popular dev / artist / builder / ect? Also, you couldn’t automate it, which would require more workers & resources. I doubt Roblox would integrate something like this to the point where it would be used for filtering assets. However, it would still be a nice addition.
And this is my main point again. Sure, this works. However, there will always be a chance of false bans & players depending on content that a banned user had. I believe this is the main reason that you can’t delete assets - it has the potential to break other people’s stuff. What would work is a package manager approach to assets, where you request a specific version. Consequently, you get into the issue of storage and moving data around, and are back to the same issue as before.
If anything, there should be an integrated permissions system (which already exists) with the feature of disabling third party modules. Ideally, all APIs used by a third party should need to be approved, but that’s impossible to enforce.
The reality is while a lot of these ideas are great - and work in theory - there is no perfect “one size fits all” solution for a platform as diverse as Roblox.
instead of removing the asset why not remove the script within the asset, some of those assets that are going to be removed might be some high quality assets, but there just infected.
Also perform a search for getfenv
now i you can use free models and dont scare
The racing template uses a require module.
Will models derived from this template be stung?
Are there some IDs which will be whitelisted as ‘Requires’?
Does this mean the issue of people being auto-banned from inappropriate content immediately after inserting a model will be resolved? I don’t care about typical viruses (I can always clean those) but this right here is the reason I don’t use free models.
Additionally, show us the module ids that are getting required already! 
Gimme Modules in my dev console, or something! 
I’ve been almost a little sad that there hasn’t been something like a warn for when require(id) is used with the id. I guess it could be argued that that’d clutter up the output, but, maybe it could be its own devconsole section. Or, maybe its only controlled by a setting.
I wish I could see what’s happening without being afraid of using a piece of obfuscated code in my game, because, a simple Ctrl+Shift+F require will never find a require that’s well hidden enough for that.
No, not all, only some that have been detected and that Roblox has looked at
They already do this actually!
I’ve noticed that a lot of existing usernames of developers and community members were “inappropriate for Roblox” when I last checked
Examples:
BusyCityGuy
Davidii
Defaultio
Roblox
Builderman
There’s more, I can’t really think of them off the top of my head.