Removing Support for Third Party Closed Source Modules

I absolutely understand the reason for this update but this isn’t going to stop backdoors at all.
Most models with backdoors are not even what they say they are or are stolen.
This person does not care if he makes it open sourced or not because they most likely didn’t put any effort into it anyway.
Their only goal is to scam or annoy as many players as possible.

Besides that, a lot of groups and games will be destroyed because their application system or their guns use closed source modules.
I understand people can script their own application and gun system but the majority of the people that used these closed source modules do not know how to make those systems.

1 Like

It most definitely is going to stop backdoors. Models will be forced to become open source, or go out of commission. Models can be easily looked through and any popular ones which would affect more games most certainly will be looked through, because more developers will decide to have a look at what it does and so more will find any backdoors in the script. Then, ROBLOX will be able to filter out which models are likely to be backdoors based on the quantity of reports, and moderation will have a lot less work to do - it is far easier to look through only models which have been reported much by the public, than to look through every model that is ever uploaded. Realistically, only models which are probably backdoors, and also popular should need to be looked into. Moderation might not even need to get involved, it could simply be a matter of enough reputable devs saying not to use a particular model will be enough to minimize the chances of that backdoor being put into games.

If you don’t want people reading your code, don’t release it.

If your “service” has to piggyback on other services, and does nothing more than act as a middleman, then you aren’t really providing a service. Actual services can provide api keys and the rest can become obsolete.

I’m not going to give a long response to this because the above posts already answered these arguments,

Small sumary though

  • This will NOT stop backdoors (easy workarounds)
  • Moderation will only take more time to look trough (false) reports
  • Filtering something out based on quantity of reports won’t happen, don’t forget bots…
  • Open source = bots stealing, copying, virusses

I will also not respond to these types of posts anymore because

  • It has no effect, everyone keeps posting the same arguments
  • It will likely happen anyway
  • Nobody cares
10 Likes

No this will definitely stop a lot of backdoors. Mass moderation isn’t entirely needed, like I said people will listen to reputable devs. It won’t be long until there is a thread or compilation of popular models which are deemed as unsafe, or a backdoor by the community. Filtering based on quantity of reports will work, because you don’t need to check anything which isn’t reported a lot. You only need to check models with many reports, and that greatly reduces the amount of work a moderation team might need to do. Models are uploaded constantly, every second and that can’t be kept up with. Bots can’t mass report every model - ROBLOX would be able to automatically moderate accounts used for mass reporting many models. Also with the new captcha updates, using bots is an unfeasible way to mass report a model on the kind of scale you would need to garner moderators attention. Open source does mean it will be possible to steal models, but it will also be much easier to find out and prove that a model did in fact steal your code. You are no longer fighting your enemy blind. You can look at examples of this in the real world - freeware is much less likely to be a conduit for malware than other software.
The pros just massively outweigh the cons on this one. There is almost no reason to keep private modules, versus a plethora of reasons to get rid of them, backdoors only being one of these, which for some reason people seem to keep focusing on. I’m glad you aren’t going to respond anymore because it’s late and I’m going to bed.

I feel like this is a decision that should have had a better alternative before they removed the feature.

There are clearly TONS of people that are going to be upset and effected by this change and there is no denying that.

3 Likes

I very much disagree with this. As Roblox currently stands, yes, I completely get what you’re saying. Free models, as they’re currently named, should be free and open sourced. If someone uses a free model, then they should be able to view and edit all of the code provided. It’s just in the name.

However, people are trying to take the free model concept to a different level and provide their own services, and the only channel that they currently have for doing that is through free models. Therefore, until there is an alternative, private modules should be allowed. Give people an alternative that still allows them to sell services before breaking their code.

If players are only given one location on site to upload their services to, they’re going to use that location, even if it is deemed “free.” It’s their only choice.

Forcing players to use external websites in order to manage their services properly is not a great alternative. It’s frustrating because this should be a service provided by Roblox itself, and they’re just making things difficult.

I’m not exactly arguing that closed source modules are fantastic. I’m just arguing against the reasoning they have behind removing it, and the fact that they didn’t provide an easy-to-access alternative on this very platform.

6 Likes

Well, ive never seen backdoors from plugins so take this with a grain of salt. But the most viruses and backdoors ive seen are from free models, so sure you’re stopping one faucet, but another has existed since the beginning which us models. In some games ive seen tons of viruses where ive had to pull a scanner to help me. So, we still have one faucet going…

2 Likes

yes, but this update is taking care of alot of models that are malicious and take a big impact in the roblox community. We shouldn’t be arguing about things that have already been discussed in this topic. Yes, there are quite alot of pros and contras of this update, but afterall this update is for the safety of robloxians and we’ll find a workaround soon enough. Again, repeating arguments over and over wont change anything.

I don’t fully believe this is for the better, honestly. (If I’m moderated for this umg)

There are so much better ways to handle this, instead of removing a feature because inexperienced devs who bot their favorites/likes on their game to front page don’t know that their free model tree has a script in it, why not instead teach?

Honestly this is a much better alternative to everyone. Many front page games are by inexperienced people who bot their likes and favorites, but don’t know how to develop. A good way to combat this issue is to release a thread by a Dev. Relations member explaining how to ‘background check’ their game. A good one is Ctrl+Shift+F, look for ‘require’. Take the assetId being required, and find where it’s coming from. If it isn’t something you think you want in your game and believe it’ll be a malicious asset, then don’t use it and report it. Most people implementing backdoors aren’t smart enough to use that getfenv() method (not being rude).

7 Likes

I’m sure people who aren’t as experienced in development won’t know if the asset they are using is malicious or not as they cannot see the source code which is what they’re going to focus on rather than checking if the asset is botted etc. Thats the main reason of why private modules can be so malicious.
Though I must agree on the first part, teaching inexperienced developers will reduce the amount of backdoors being inserted into a game. Then again there’s going to be alot of people who won’t bother reading the devs post.

There’s still the possibility that known models etc have backdoors on them even if they are not botted, which makes it pretty much undetectable. Not only would this be bad for inexperienced developers, but for experienced developers it could become a problem aswell.

So what I’m saying here is that whatever people try to do to stop people from inserting backdoors into their games, there’s still going to be alot of people who either ignore or don’t realize they have a potential malicious code inside of their game.

Actually it’s not even that hard to tell if it’s malicious or not. Based on my example, why would a tree need to require anything? It’s suspicious, just might as well be malicious. All it takes is common sense, to be fair, to know what’s not supposed to be there and what is. Not being able to see the source does not mean you can’t judge for yourself whether it is malicious or not. Also, I’m pretty certain experienced developers would not insert a free model without checking it for themselves, as that’s an easy way to get a backdoor into the game. If you don’t have the sense to check for yourself, don’t be a developer. Learn to be a developer first and check the utilities you use yourself.

See one of my previous posts. Features should not be removed due to inexperience and gullibility. That’s a terrible way to go about things. Just because some people are too lazy to learn how to check for malicious code, does not mean that a feature should be removed for everybody. Those lazy people should suffer from their own laziness. Nobody else should.

8 Likes

I agree on everything you said except for this part,

I ment scripts like admin systems etc, you use the script without knowing whats actually going on in the code. Now I know lots of experienced developers would propably make their own systems instead of using free models, but most of the games I visit have systems that use private modules that the game doesnt own. Even if the owner is someone who’s known around the community, he could still do whatever he wants with the code.

Most free admins, like Adonis, don’t have any backdoors because they’re open sourced. Why would you use any admin that needs to be required?

I can assure you there are free admin systems that arent open sourced which have more features than Adonis, people would rather use them as they have functions that adonis for example, doesn’t.

People can obfuscate code - players might be too lazy to figure out how deobfuscate code. Let’s just remove coding entirely, because people are obfuscating their scripts and players are using them while being totally unaware as to what they actually do.

This is how I’m viewing this entire situation, and it seems pretty crazy to me.

4 Likes

Not sure what other admins have that Adonis doesn’t. Pretty decent anti-cheat, all needed commands, some custom features. What ‘free’(required) admins have things Adonis doesn’t?

1 Like

Theres less known admin systems specifically designed for certain areas of roblox, one of them being abacu for example, it an admin system specifically designed for ro-aviation, though it uses require.

You got a good point there, its just that people may be too lazy to deobfuscate code, but they’re not able to get the source of a private module. I mean this is my view of this update, it got pros and contras, theres going to be work arounds though which are propably gonna be more time consuming, but then again, developers shouldnt be too lazy and not use the workarounds.

1 Like

A certain admin just for a certain reason, did I read that right? Sounds like it’s something needed for only some people, not all. This gives reason to keep private modules, well, private.

I understand that they can’t get the source of a private module, I was just arguing against the whole “lazy” argument that you had going on. My biggest issue with most of the posts on here is the reasoning behind these actions. If a feature is going to be removed, I expect a better reason than “a few people are gullible” or “some people are too lazy.”

If the admins offered us a better explanation than “some people r bad,” and they provided a reasonable alternative before removing support, then I would probably be totally okay with removing closed source modules.

1 Like