[...] I was disappointed in Avast, he did not consider the file problematic and kept silent even after loading it in the game [...]
Breaking news, anti-virus can only be preventively efficient against effective code, whatever direct one (software) or indirect one (embedded in data).
When the first JPEG flaw appeared, offering the possibility to execute code through the simple display of an image, not a single one got it, because not a single one expected to have active code processed through a passive data file. And it happen that not only it's the same for Ren'Py save files, but the flaw itself do
not rely on effective code. No anti-virus will ever protect you against this.
As long as there is no need for it. There was still no protection that would not be hacked.
But there's need for it... As I said Ren'Py save files security is based on a method that is the base of all encrypted communication since more than three decades... While the implementations obviously had some flaws among the time, the method itself don't have one.
And for once I'm affirmative in my saying, because it's been more than a decade that all the security agencies around the world are fighting against that method in order to find a global way to break all encrypted exchanges.
As for Ren'Py's implementation of the method only have three flaws:
1) An already compromised host permit to get the key and therefore to fake the security header. But there's no need for that since you already have full access to the computer.
2) The redistributed version of the game can have been altered to bypass the security check. But there's no need for that because, if you can alter that version, you can directly put your malicious code in it.
3) You can simply remove the security header, but then Ren'Py will warn you that the save is potentially dangerous, and ask you if you want to continue.
But there is almost no sense in it. A person with a 99 percent guarantee will pass the game in a different way than I will. It's easier for me to try again if the saves don't work. The only point is to send a save to the developer if you managed to make a save before a recurring bug / error in the game.
Five years that you're a member here, and you still haven't noticed that a vast part of the members pass their time asking for save files because they don't care about the game and just want to beat their meat to the new porn...
And here you still didn't want to understand what I wanted to tell you.
Make no mistake, I totally understood you.
It's not because I'm responding to what you write, that I'm talking to you. I'm addressing the points you try to make, but to the attention of the readers, not to yours.
This because there's obviously no reason to explain whatever to you, you know nothing about what you talk about and will never question what you think you know. You also are totally unable to project your thought outside of your personal reality and to understand a concept as basic as the fact that not everyone is you, and therefore not everyone act like you ; refer to the metaphor you discarded at the starts of your answer.
As it was said in the article you cited, the probability of the spread of infected saves is extremely small.
Like the probability to be involved in a car crash or to have your house damaged by a gas leak... Yet people take precautions against this, because they aren't idiots.
Also like the probability that you get a virus on your computer, yet you use an anti-virus, or like the probability to have a bike crash, yet you... Yeah, no, you surely don't wear a helmet...
And if it goes on like this, then mods will soon be under a similar ban, because it's even easier to spread viruses through them.
My god, nothing less than a ban... Life must be hard for someone who, like you, take every little constraint as a personal attack against his freedom...
Developing paranoia further, who prevents the release of a game with already embedded malicious code? The same DDLC proves that no one prevents.There, the game itself removes saves, learns the name of the user account in the system, etc. But only now the developers of the engine are stirring (I wonder what has changed, that they are stirring?).
Critical thinking isn't your strength, right ?
Of course, it's perfectly possible to spread malicious code directly through the game, and through mods. It's a threat that have always existed. Most users are totally aware of it, taking their precautions.
But there's way to partly prevent it beforehand, and they are applied. Every games linked in a game thread is scanned before being presented to the members. And if someone raise a legit suspicion regarding the integrity of the game, the links will be immediately removed, the time to investigate further.
Exactly like there's way to partly prevent the security issue caused by Ren'Py saves, ways that are applied through the mechanism that offend so much your vision of the world...
But here I disagree. It's one thing to just edit a save and quite another to look for variables in it, copy their console (which still needs to be turned on, which is a waste of time) and edit them there already. And so most likely more than once.
Oh god... Dropping a one line file into the "/game" directory is a waste of time... A one second operation (when done correctly) is a waste of time compared to the need to upload, then download, a save file to edit it...
