Thu May 8 10:36:36 PDT 2008
security perspective, total nightmare. I don't know that a case-by-case
basis is any better, from a security perspective. All it will do is train
users to rapidly press F1 until the annoying messages go away and they can
play on the server. Usability-wise, better for people trying to spread
content because it's as though autodownload was enabled by default.
Security-wise, it's got the same risk as though autodownload was enabled
Maybe I'm extrapolating too much, but in general, end users are stupid.
You have to try and out-think their stupidity. People who play Q3 and
Urban Terror and Patman aren't all RH-certified linux admins, they are the
same people who get spyware-infested windows boxes because they click on
every link in spam emails.
Have there been any known security exploits relating to Q3-based game
engines? ET, Q3, etc? I haven't heard of any, offhand. Probably the
installed userbase is far too low to be an attractive target for people
trying to create botnets. It's like, Q3 players, or... everyone running
Windows XP. Mmm which one is more worth the time to try and exploit.
Which one nets a larger botnet with a higher resell value on the black
What's the risk of the Q3 security hole? Everyone who logs into a certain
compromised server can then themselves be compromised? I figure if a
gameserver or unix box gets compromised, the last thing a typical hacker
would care about is specifically targeting Q3 gamers (or gamers in
general, really). That'd draw attention if it gets found out and the
compromised server is probably more useful when no one knows its been
Anyway, I am sorry for being so off-topic and verbose. I find the whole
programmer versus end user mindset thing interesting as it crops up in UI
design, program implementation, technical documentation, etc. I'll stop
yammering on the subject so the list can get back to more down-to-earth
More information about the ioquake3