Is PB2 Launcher a malware?

Tutorials and guides for Plazma Burst and community features.

Is PB2 Launcher a malware?

Postby Nyove » 4 January 2021, 17:23

Hey everyone,

When you run the PB2 Launcher, you probably receive a similar security popup.
Spoiler: Show More

Is the PB2 Launcher a malware?

No. By uploading the PB2 Launcher executable to virustotal, a website popularly known for looking out for common viruses, it does not detect any signs of it being a virus.
https://www.virustotal.com/gui/file/bda ... /detection

Try it out yourself.

So why does this security popup appear?

Let us first have a basic understanding of executables and malwares.

Executables (.exe) are basically programs, which is able to run on your computer (with the help of your Operating System e.g Windows). The PB2 Launcher is an executable.

Executables can be safe or bad.
Safe executables are normal applications that we use in our day to day lifes like Google Chrome, Powerpoint, Discord, so on so forth.
Bad / dangerous / malicious executables normally exploit a certain security vulnerability and perform damage to your computers, like the infamous WannaCry ransomware.

Virustotal is able to detect common viruses, but it is not foolproof. Certain malicious executables may be able to slip past the scans of virustotal and other similar applications.

Therefore, Windows plays extra safe and only runs executables from a trusted publisher (developer). Windows will only run if the executables is (digitally) signed. This process is called code signing, and Windows requires the executable to be signed from a trusted source.

Code signing an executables have some benefits:
- Ensure that the executable is not modified (integrity)
- Ensure that the executable is indeed from a trusted publisher. (authenticity)

Getting a executable to signed by a trusted source requires money. Therefore, I believe Eric did not get this executable code signed, which results in Windows prompting the security error.
Read the error in the popup, it mentions 'unrecognized app' and 'unknown publisher'.

So when is it safe to run an unsigned .exe?

Unsigned executables means the developer of the executable is not recognised by Windows. It does not mean it is a malware. So ask yourself this, do you trust the developer of the program (i.e Eric Gurt) and the place you are downloading from (i.e https://www.plazmaburst2.com . Yes, "https", not just "http" - extra "s" means that connection is secure and MITM-attacks aren't possible)?

Additional non-important text

If you made it to the end, congratulations in learning a part of cryptography! If you are interested in how does code signing exactly works, you can follow the links under the references. You need to understand how encyption works, asymmetric key encryption, as well as certificate authorities as a prerequisite.

Take care, be well! :)

References:
https://github.com/godotengine/godot/issues/16235
https://en.wikipedia.org/wiki/Code_sign ... 0integrity.
https://www.websecurity.digicert.com/se ... ning-works

Best regards,
Nyove
Proud to be part of something meaningful.
Need any assistance? Join the PB2 discord server at https://discord.com/invite/Bhe9rNz or raise a support ticket at https://www.plazmaburst2.com/support

Contact me on discord for quickest reply possible.

User avatar
Nyove
Moderator
 
Posts: 255
Joined: 7 July 2016, 10:26
Location: Cicada 3301

Re: Is PB2 Launcher a malware?

Postby yi en » 4 January 2021, 17:30

Summary: if you trust eric gurt, run it. Otherwise, don't run it and have a good day.
User avatar
yi en
Civil Security Boss [500]
 
Posts: 556
Joined: 20 August 2013, 09:10
Location: What do you need, then?

Re: Is PB2 Launcher a malware?

Postby Eric Gurt » 4 January 2021, 18:28

Well, just in case if you don't trust me - there's full source code of a launcher. Also Flash Player .exe that comes with launcher could be got from web archive's saved version of Adobe website (I assume older versions don't have EOL timer built in, also seem to run better for some players. Launcher will work with any Flash Player version, you can even manually replace it - it just expects specific file name and location).

You could assume that I have customly-made .swf file that abuses lack of security patches Flash Player could have had in past, but there wasn't any reports of that by players who did reverse engineer game file. Game servers do filter out any unknown traffic and don't let other players connect directly with each other so I don't feel like anything can be abused here.

It is all interesting considering how I always initially been making Flash games (Flash Player interprets its own custom bytecode, it is even surprising how that could end up being unsecure) rather than .exe games (that can literally do anything on Windows), and I still believe that Adobe could quite easily fix existing security vulnerabilities.

I still feel like that was more of a market share decision rather than anything else. Maybe also due to Adobe staff putting a newly released iPhone into a mixer during some public event (that is when Steve Jobs released a message about Flash being outdated with sometimes questionable reasons). I also remember Adobe Flash CS6 crashing on iMac in quite random ways but not sure if it was always like that. Photoshop never crashed like that, also both Flash CS6 and Photoshop CS6 didn't crash at all on PC (at least not to the point where application couldn't start). And now, Adobe still apparently has Flash Player updates that will apparently will only work in China (it says so here https://helpx.adobe.com/flash-player/re ... otes.html# ). I could probably care less but project of Plazma Burst 2 scale doesn't export to HTML5 (same empty error message even in trial Adobe Animate CC, which crashes on PC as well during simple actions), and I have doubts any SWF-to-HTML5 converter will ever work with proper performance - most of them just crash (out-of-memory errors in case of PB2) or show 2 frames per second and high amount of input delay (PB:FttP).
Work it harder
Make it better
Do it faster
Makes us stronger
More than ever hour
After our work is never over.
User avatar
Eric Gurt
PB2 Developer
 
Posts: 409
Joined: 14 July 2013, 16:46
Location: dn.ua

Re: Is PB2 Launcher a malware?

Postby phsc » 6 January 2021, 09:48

Eric Gurt wrote:It is all interesting considering how I always initially been making Flash games (Flash Player interprets its own custom bytecode, it is even surprising how that could end up being unsecure) rather than .exe games (that can literally do anything on Windows), and I still believe that Adobe could quite easily fix existing security vulnerabilities.

The issue with this according to Adobe as far as I know is that flash will just run on websites, a program has to be installed and such, you need to execute it, for flash to function in a practical way (with the original intetions it had such as making banners, videos, whatever), that was not needed, games were not part of their original intentions, limiting functionability and such, in the case of games if you upload a game to Steam as far as I know they check if it has viruses and all, so the .exe files and all are not dangerous, doing that for flash is much more complicated, if Adobe did try to fix it it probably would not be hard but very annoying to deal with, it would be a ton of resources and could make flash even slower than it already is, there is also the issue that easier to use and faster alternatives were made (for the original intentions of flash, which are functions for websites), competition is not really going to work out for them.

I still feel like that was more of a market share decision rather than anything else. Maybe also due to Adobe staff putting a newly released iPhone into a mixer during some public event (that is when Steve Jobs released a message about Flash being outdated with sometimes questionable reasons). I also remember Adobe Flash CS6 crashing on iMac in quite random ways but not sure if it was always like that. Photoshop never crashed like that, also both Flash CS6 and Photoshop CS6 didn't crash at all on PC (at least not to the point where application couldn't start). And now, Adobe still apparently has Flash Player updates that will apparently will only work in China (it says so here https://helpx.adobe.com/flash-player/re ... otes.html# ). I could probably care less but project of Plazma Burst 2 scale doesn't export to HTML5 (same empty error message even in trial Adobe Animate CC, which crashes on PC as well during simple actions), and I have doubts any SWF-to-HTML5 converter will ever work with proper performance - most of them just crash (out-of-memory errors in case of PB2) or show 2 frames per second and high amount of input delay (PB:FttP).

It was mostly about how they would not last long term and they knew it, Adobe generally used to sell things in lifelong licenses and such so updating things was not a big preocupation of theirs, making sure flash would work would not really be profitable and simply having people running flash would not give them money, but people buying their products and programs to develop things would, but since it was already going down and they imagined it would not last long term they just changed their focus to other products of theirs, Flash Professional CS3/6/etc is not really sold anymore but Adobe Animate still is and it does what Adobe did best, make programs that allow people to create stuff, instead of creating what such programs will run in.
SWF-to-HTML5 converts and such are also mostly made with simpler things in minds, not full games and such but more like website elements and such.
I think the biggest issue with flash is not really running things that are fancy downloaded SWFs, but mostly websites made with flash as core features, these are not even properly saved in archive.org/waybackmachine and will be lost to time, even if Adobe kills their product old versions can be used and emulators can be made - this is a lot of work and I am unsure if they ever will be high quality - but even if they try to for real kill it, people will find ways to break the program just like they did/do to pirate Adobe products and Adobe will just not care, I think that is why they did not completely kill it.



And yes, PB2 is not malware!
User avatar
phsc
Noir Lime [600]
 
Posts: 694
Joined: 27 July 2013, 13:58
Location: Brazil

Re: Is PB2 Launcher a malware?

Postby Eric Gurt » 7 January 2021, 02:06

Games actually were, both initially (according to test samples that came with IDE) and eventually even more (proper GPU support in late versions, which PB2.5/3 did use in videos with turret).

I feel like they could easily get rid of banner .swfs (since HTML5 does really provide better implementations for that except for impossibility to limit time scripts can take in these) and keep .swf games and maybe even movies accessible by simply implementing simple enough .swf file signing where IDE license owners could be able to submit limited amount of verifications (which could basically be .fla project upload with server-side IDE publishing it, if trust level is low enough for example). Verify rate could be lowered even more over time if needed.

This could be a somewhat more proper way of discontinuing Flash. Actually that could even mean possibility to implement better optimizations if in the end Flash applications could just become executables that do not verify for vulnerabilities that were possible to make only outside of official Flash IDE.

Websites had a huge infrastructure for exchanging single file games. HTML5 games just don't have that as well (it is not as obvious).

Additionally, Adobe could try to implement a better ways of monetisation for Flash game developers, something instead of Ads. Maybe even take cut from that if they really needed it. Or, again, if they wanted to terminate its support in more interesting way, from my point of view at least.
Work it harder
Make it better
Do it faster
Makes us stronger
More than ever hour
After our work is never over.
User avatar
Eric Gurt
PB2 Developer
 
Posts: 409
Joined: 14 July 2013, 16:46
Location: dn.ua


Return to Tutorials

Who is online

Users browsing this forum: No registered users



cron