auto download enabled by default only for trusted sites?

[cactusfrog]

I just thought of an idea that i think is a good one. I remember a whole thread about how auto download should be enabled by default but people rejected this because if it were to be enabled by default it would leave people subseptible to downloading viruses and other malware. Well i just thought of a way to fix this. What if instead of just the option to allow autodownloads and disallow autodownloads you could select a third option that allows auto downloads only for trusted sites like mercenary Guild and Trem central. Adding this would allow trusted auto downloads to be enabled by default because there would be a much lower chance of installing malware. THis would make severs with custom maps and mods a lot more popular.   

[Archangel]

or, just sanitize the QVMs from actually being malicious?

[Hendrich]

Okay, so, how can the client even know which servers are to trust? You might say the devs could tweak thier upcoming client to do so, but what happens if the server closes and/or re-names itself, or if a server is trusted and it decides to go rouge? And why should the devs even bother for som,ethign that a noob should be aware of?

Obviously, if theres a server you would normally trust, turn autodownload on, if not, turn it off. Maybe (For the sake on an example) Amaneiu could go rouge and make the new version of his/her client allow attacking servers to hack int your PC, hell, it doesn't even have to be Amanieu. The idea of this thread just cannot work, and its too much work for the devs just for a problem that rarely happens, but the thought does count.

Sorry CactusFrog, but I don't think this idea could work. 

[Bissig]

Why should ANYONE, having millions of customers of unsecure default installation OSes in mind, target a few thousand trem population with a custom trojan/virus/whatever. The question is already invalid, thus there is no answer that is relevant.

[Archangel]

Why should ANYONE, having millions of customers of unsecure default installation OSes in mind, target a few thousand trem population with a custom trojan/virus/whatever. The question is already invalid, thus there is no answer that is relevant.

Um, somebody in the community?

[gimhael]

I think trusted download servers are the wrong approach, because someone could write a malicious qvm and get that uploaded onto a trusted server. The server owner basically has no reliable method to verify that the qvm is clean.

The only person that has a chance to verify this is the qvm builder, so signed qvms would be a better concept.

[Amanieu]

The first thing that should be done would be to fix the qvm jit compilers and interpreter. (I know a few exploits which haven't been fixed yet) Then put the whole thing in a *real* sandbox, like vx32.

About the issue of downloads: Risujin made a download prompt, but nobody is using it (Tremfusion will have it in the next release)
http://bugzilla.icculus.org/show_bug.cgi?id=3038

Although the download prompt doesn't fix the source of the problem (hacked qvms), it will shift the blame from the developer to the user, because it is their fault they downloaded a virus, even though they were warned.