CREATE YOUR AI CUM SLUT ON CANDY.AI TRY FOR FREE
x

Joshy92

Devoted Member
Mar 25, 2021
11,281
24,915
I think one of the big reasons I like all the girls in this
Is they are beautiful on the outside and the inside

Take Macy for example
People might think she is just some typical mean girl
But once you start talking and spending time with her
You know she is actually really sweet
And cares deeply about the people she loves

The girls have had to go through so much in their lives
They deserve some good luck for a change
 

SSBBSNAKE

Active Member
Jul 27, 2017
721
1,611
Well, in my case, i like reading lots of spicy shit and naughty jokes, even at church so i don't fall asleep listening how im going to burn in hell for all eternity (fr its been like 3 sundays in a row the priest keep telling us we all going to burn in hell) so im good for a full ride of LoML, don't care for people saves
 
  • Like
Reactions: naughtyroad

PowerFlower

Newbie
Jul 1, 2017
71
178
I am going to bookmark that video and answer everyone who ask for save with it. I might get myself a couple of facepalms but I think it is worth it to spread the awareness. It only takes one ill intent person to ruin a computer.
It's certainly a good idea to do that, but if you do, I think it's also important to put this in the proper context.

1) This isn't something that's newly discovered, it has always been true since the very beginning of Ren'Py.
Save game sharing is pretty common here, but I haven't seen a single post from anyone suspecting something fishy is going on after using someone else's save file. So, is it possible? Absolutely. Is it likely? Not really.

2) Ren'Py can execute code in the context of the current user running the game. Which means if you run your games as Administrator, any bad code could theoretically modify your OS, steal your files, passwords and so on...
But who actually runs their games as Admin? My guess is the answer is somewhere between a few people and absolutely nobody. If you run your games as a regular user there isn't much any possible malware could do, because it lacks the necessary Windows permissions to access anything interesting.
 

naughtyroad

Well-Known Member
Donor
Game Developer
Jan 8, 2019
1,005
13,472
It's certainly a good idea to do that, but if you do, I think it's also important to put this in the proper context.

1) This isn't something that's newly discovered, it has always been true since the very beginning of Ren'Py.
Save game sharing is pretty common here, but I haven't seen a single post from anyone suspecting something fishy is going on after using someone else's save file. So, is it possible? Absolutely. Is it likely? Not really.
(...)
It is something that is newly getting some more attention, that vid coming out just over 6 months ago, and the change in renpy where it warns you when loading a save is from last May. And be honest, did you know ren'py saves are basically software? I sure as heck didn't, and I guess 99% of people on thread didn't either.

IDK about you, but I don't wanna put security of user level access to my computer down to "it's probably gonna be fine, no-one's been targeted yet that I know of so it's unlikely they ever will".

(...)
2) Ren'Py can execute code in the context of the current user running the game. Which means if you run your games as Administrator, any bad code could theoretically modify your OS, steal your files, passwords and so on...
But who actually runs their games as Admin? My guess is the answer is somewhere between a few people and absolutely nobody. If you run your games as a regular user there isn't much any possible malware could do, because it lacks the necessary Windows permissions to access anything interesting.
I can tell you from personal experience with my user base that most of them will do absolutely nothing of the sort, and wouldn't even know that's even a thing.

As to can't access anything important when not an admin (and mind, in my estimation, that's a small minority of users that protect themselves that way), just, you know, take a scroll through your documents and photos. Any financial info there? Copy of your passport from a few years back when HR asked for it. All those scans and forms for when you applied for that loan? How about them cookies in your browser caches, any chance it'll be able to get onto a ton of websites without having to log in if executed from within the context of that user? Yum yum, scrape all that data, and put it up on the dark web for the highest bidder.

Bottom line though is "Don't ever use a ren'py save you did not create yourself. Ever."
 

Joshy92

Devoted Member
Mar 25, 2021
11,281
24,915
This just further proves why I think Naughtroad
Is one of the coolest & Nicest devs here

Thank you for the warning Naughty
I honestly had no idea before your post yesterday that saves could be harmful.
Hopefully more people read your message.
Because I see so many people in other threads asking for saves

And with how everything is connected these days it's better to be safe than sorry
 

manneychin

Member
May 8, 2017
440
1,254
It is something that is newly getting some more attention, that vid coming out just over 6 months ago, and the change in renpy where it warns you when loading a save is from last May. And be honest, did you know ren'py saves are basically software? I sure as heck didn't, and I guess 99% of people on thread didn't either.

IDK about you, but I don't wanna put security of user level access to my computer down to "it's probably gonna be fine, no-one's been targeted yet that I know of so it's unlikely they ever will".



I can tell you from personal experience with my user base that most of them will do absolutely nothing of the sort, and wouldn't even know that's even a thing.

As to can't access anything important when not an admin (and mind, in my estimation, that's a small minority of users that protect themselves that way), just, you know, take a scroll through your documents and photos. Any financial info there? Copy of your passport from a few years back when HR asked for it. All those scans and forms for when you applied for that loan? How about them cookies in your browser caches, any chance it'll be able to get onto a ton of websites without having to log in if executed from within the context of that user? Yum yum, scrape all that data, and put it up on the dark web for the highest bidder.

Bottom line though is "Don't ever use a ren'py save you did not create yourself. Ever."
I also have to admit I didn't suspect it's that bad. I imagined Ren'Py does heavy serialization to support its fundamental roll back<>forward feature but I didn't imagine it saves code in save files, I thought it saves some public object properties but mostly it saves just a list of public simple (int, etc.) variables capturing game state. Indeed NOBODY should ever use saves from untrusted sources. You are literally downloading an .exe from a random person who might pass it on to you from someone else and any modern evil code is not easily obvious, it may not even manifest for some/most if it doesn't find something juicy. It's very bad.

As a side-note, it's a VERY good idea to at least run all these games under a separate Windows desktop session opened with a dedicated non-admin account. Even better would be to run them in a VM but I don't know if this solution has any smooth path because it runs into the non-trivial problem of having "enough" video/3D hardware acceleration in a VM. I've been meaning to look into it for ages...
 
4.70 star(s) 504 Votes