Just a heads up-- Some of the content linked to from this site is not safe

[Winterfire]

Why a SSD with VM would be overkill?

If you are paranoid or simply do not trust F95Zone/The developers of porn games, there is nothing wrong with firing up a VM and allocate 8gb ram to play your porn. It also keeps them separate from your main system for other various reasons you may have.

 

[Deleted member 1536527]

I haven't used an AV in nearly a decade, and only started again this year as Windows Defender isn't all that resource intensive and I'm too lazy to fuck around with uninstalling it. But reading your other posts, you sound paranoid. Just like how many VM/AV companies want people to be. I've never had a virus from this forum, and the many who say they do are using way too trigger happy AVs. I can almost guarantee OP's supposed theft came as a result of some other website via careless practices.

Viruses are common sense, almost entirely common sense at that. Downloading a torrent for Photoshop? You're gonna need to turn off that AV regardless or you're going to get hit with a false-positive on a keygen, same goes for GenP/CCMaker/Zii or any other kind of patcher. The obvious answer is downloading from a trusted uploader. Same goes for movies, music, game, porn, etc. Don't go to sketchy porn sites without some kind of ad-blocker. Downloading some sketchy shit off Tor? Then you probably have it coming.

An SSD with a VM is absolutely overkill. The reality is that AVs are basically useless in 2021. You can have a good AV, two-factor authentication, strong passwords, not download weird extensions, not click on random links from spam emails, and still end up with a virus. Any meaningful virus is always going to be ahead of any kind of defense, and those that are, aren't after a nobody like you or me. That's not even getting into how a lot of AVs make you more vulnerable than not, or are selling your data. Windows Defender is enough for almost everyone, anything more and you're better off just going to Linux or Mac.

Lately I agree I have been more and more cautious. I personally don't see anything wrong with having some extra security. If VMs are overkill then don't do it I'm not dictating anyone to do it. I haven't used any AV apart from windows defender either. For the average joe windows defender is more than enough. Microsoft has come a long way in the past decade and Defender is actually pretty decent. But torrents are a thing that are unavoidable for me, and some of my friends from uni have had their PCs encrypted cause of ransomeware, sucks ass and scary as shit let me tell you. Most likely due to stupidity on their part, but you can't really trust yourself every time, as I've seen it happen to people who I'd have never thought would fall for it. So personally I feel the need to. I've been using VMs since uni for projects so they're not really overkill for me. Its just plug and play quite literally.

How can they do anything about it if they don't realize it's happening? Specifically referring to games on here, many devs barely understand what they're typing into Ren'py sometimes, I wouldn't really expect them to know what to do if their VN/game comes up as a virus. I know I wouldn't. I don't claim to be a professional at this, just not an idiot.

I agree its an oversight on the part of the devs. Simply uploading your file to any online site to scan for potential risks is a good start I'd say. Though it does get more complex when trying to figure out what's causing the trigger, but hey, google and stackoverflow's your friend. These are sort of standard practices, but I can understand if most indies aren't aware.

The reality is that AVs are basically useless in 2021.

I completely disagree with this btw, you can't really say AVs are completely useless but then also say VMs are an overkill in the same breath. That's kinda contradictory isn't it . Just because there are some viruses that can get through doesn't invalidate their use. Its not too dissimilar to arguments of anti-vaxxers now that I think about it.

 

[MissFortune]

Why a SSD with VM would be overkill?

If you are paranoid or simply do not trust F95Zone/The developers of porn games, there is nothing wrong with firing up a VM and allocate 8gb ram to play your porn. It also keeps them separate from your main system for other various reasons you may have.

It isn't overkill, not really at least.

I meant that more in reference to buying one just for a VM (at least that was how he/she made it sound). Obviously not my choice, though.

But torrents are a thing that are unavoidable for me, and some of my friends from uni have had their PCs encrypted cause of ransomeware, sucks ass and scary as shit let me tell you. Most likely due to stupidity on their part, but you can't really trust yourself every time, as I've seen it happen to people who I'd have never thought would fall for it

For sure. Ransomware is a bit of a bitch. I mean, I've heard about the nasty encrypting stuff, but I hope that's all I ever know about those. The one case I ran into (probably one of the simpler ones out there, lock screen ransomware. Kovter, iirc?) was easy enough to solve with a boot into safe mode and running Malwarebytes. Still scared the shit out of me, not gonna lie lol.

 

[Deleted member 1536527]

For sure. Ransomware is a bit of a bitch. I mean, I've heard about the nasty encrypting stuff, but I hope that's all I ever know about those. The one case I ran into (probably one of the simpler ones out there, lock screen ransomware. Kovter, iirc?) was easy enough to solve with a boot into safe mode and running Malwarebytes. Still scared the shit out of me, not gonna lie lol.

Yup it can be frightening. I myself don't think I'd be able to go back to just normally downloading stuff from places I sem-trust after that.

And this isn't just limited to standalone applications. I recently rediscovered an old game dev I used to watch years ago. He used to make devlogs about the game engine he was working on and also his game. He's gone big time now, works at Epic. He removed all his videos from his youtube and I decided to visit his website assuming maybe they were all there. But the moment I clicked on the link I get that dreaded chrome's red screen "Your connection is not private, attackers might steal your data" warning. Now on a personal level I know its probably fine, but the fact I even have to make this choice is absurd imo. I mean the man is a professional now, develops tools for the Unreal Engine! but couldn't be bothered to fix an invalid SSL certificate, come on now.

 

[Carrera]

I did something stupid, it's YOUR FAULT.

 

[Diconica]

Downloading some sketchy shit off Tor?

By that do you mean an union service?

AVs are only as effective as the people who use them.

Your script can be perfectly fine and still be picked up by an antivirus.

Yea, that's not as likely as you might think.
I'll clarify. There are a few methods an AV system uses to detect potential threats.
Signatures are still used to some extent.
They also use VM systems to run files on and see how they behave to try and detect them.
There is another reason. Some is self extracting in nature and uses methods similar to that of a boot system.
It extracts code into memory then sets the processor instruction pointer to the memory location.
Another method is program signing and signatures.
Google a code signing certificate to learn about it.
That's all generally referring to compiled code.

Scripts such as malicious web pages, python and so on are also handled in multiple ways.
There are a number of things beside malicious code that can set of some AVs and similar tools.
Unsafe script methods is probably the biggest. That's why it is important to keep up with security regarding the language you are using. Don't keep using deprecated crap.
Just because the code runs and does what you want doesn't mean it is safe.
Take for example you don't verify the input coming in isn't larger than the buffer you have created.
Or you don't clean the input of potential malicious code someone else can enter.
Depending on the system and resources made available through such a script it could have different effects.
It could result in something fairly benign like cross sight scripting. Still not great but minor in comparison to having your security wide open or having your entire file system or data-based deleted.

That said some times the issue isn't with your code but the compiler and the way it compiled. I haven't seen that issue in over a decade though. Most of the people working on libraries these days have a pretty good understanding of security and practice methods to prevent such issues.

So if an AV is saying their is something wrong with the program there is a good chance that's the case depending on which AV you are using.

 

[Deleted member 1536527]

Yea, that's not as likely as you might think.

Yup I'm aware. More often than not if your script is getting picked up its because you're doing something shoddy or maybe using deprecated stuff. (Every now and then though rarely you might be doing everything right and still get flagged). And yup compilers also come into play. A lot of python programs I've seen that get picked up as malicious were built using something like pyInstaller.

I only said it because as you saw above, some programmers/devs take it as an insult, that no there's no way that I could've done something wrong/anything about it surely.

 

[fried]

A significant implication of downloaded Illusion games -> crypto wallet theft.

I'd like to see more details from the OP, please. Until then, I'm skeptical.

 

[fidless]

Maybe it was some kind of mod pack. I remember FlashbangZ used to add crypto viruses. It was very very sus when he just refused to comment why the .exe with a crypto virus exists in his pack or just derail the question about it once asked.
But yeah. Have to be careful with some stuff.