when I create game it sends me to random servers with different and / or strange languages. My question is if they are safe to be able to play in them or better I avoid them. THANK YOU
Server ARE RANDOM SERVERS SAFE?
- Thread starter EXE
- Start date
You cannot create games despite the name, you'll be sent to servers that have the take-over feature enabled. Click "Browse Servers" on the main menu and adjust filters to your liking if you want full control.
Upvote
0
Upvote
0
That's a super good question.
For short answer is yes, they are safe with a very high degree of confidence. The worst thing that can typically happen to you is you download unofficial mods that can take a lot of space in your userprofile but it's easy to delete. They can also get in the way you play vanilla game, but it's easy to revert by verifying the game files via steam client.
But. The way UE3, on which KF2 is built, works, is it uses compiled intermediate language files which are executed on a UScript virtual machine, similar to Java/C#. This theoretically provides additional layer of security as the malicious code will have to somehow escape the virtual machine sandbox. Which is not impossible and in the past bugs were found in similar solutions that allowed that.
However, most of the time we trust the code produced by TWI as benign. Most community servers don't run any mods, which you can verify (but only with slightly below 100% certainty) by noticing this sign in front of a server in an in-game server browser:
.
Otherwise the server most likely runs mods, which are compiled UScript bytecode binaries that get automatically downloaded to your PC and executed by the UE3 virtual machine. If there's an unknown vulnerability exists (chances are rather high) this code can escape the sandbox and can get executed in a regular user security context in which kfgame.exe is executed. From there the malicious code would need some Windows privilege escalation vulnerability to get admin rights on your machine, but even without it a lot of data on your PC can be 1) encrypted and ransomwared 2) stolen.
Other than that, another thing I can think of is client UE3 functions, that get taken from the server and executed client-side. The code that runs on community servers is under control of community members (thank you TWI for allowing that) and they theoretically can modify it to either forego the icon mentioned above or run modded code that doesn't involve the mutator mechanism that triggers the server browser to display the icon.
For short answer is yes, they are safe with a very high degree of confidence. The worst thing that can typically happen to you is you download unofficial mods that can take a lot of space in your userprofile but it's easy to delete. They can also get in the way you play vanilla game, but it's easy to revert by verifying the game files via steam client.
But. The way UE3, on which KF2 is built, works, is it uses compiled intermediate language files which are executed on a UScript virtual machine, similar to Java/C#. This theoretically provides additional layer of security as the malicious code will have to somehow escape the virtual machine sandbox. Which is not impossible and in the past bugs were found in similar solutions that allowed that.
However, most of the time we trust the code produced by TWI as benign. Most community servers don't run any mods, which you can verify (but only with slightly below 100% certainty) by noticing this sign in front of a server in an in-game server browser:
Otherwise the server most likely runs mods, which are compiled UScript bytecode binaries that get automatically downloaded to your PC and executed by the UE3 virtual machine. If there's an unknown vulnerability exists (chances are rather high) this code can escape the sandbox and can get executed in a regular user security context in which kfgame.exe is executed. From there the malicious code would need some Windows privilege escalation vulnerability to get admin rights on your machine, but even without it a lot of data on your PC can be 1) encrypted and ransomwared 2) stolen.
Other than that, another thing I can think of is client UE3 functions, that get taken from the server and executed client-side. The code that runs on community servers is under control of community members (thank you TWI for allowing that) and they theoretically can modify it to either forego the icon mentioned above or run modded code that doesn't involve the mutator mechanism that triggers the server browser to display the icon.
Upvote
0