Developer Zach Posted April 26, 2016 Developer Share Posted April 26, 2016 This is a development release focused on security of local scripts, but also affects SDN scripts. Historically we've been one of the most open and welcoming bots for any new scripters. However in recent weeks, we're aware that there have been instances of malware in the local/downloadable scripts section. This has led us to reconsider our position. To protect our users, we've chosen to begin activation of the security systems we've been developing for both local and SDN scripts. It severely limits the abilities of scripts to damage your computer in a number of ways. For example, it: -Blocks reading/writing any files outside the OSBot/Data directory. So scripts will no longer be able to access files all over your computer and any of their configurations will be limited to that directory. They will continue to have access to the temporary files directory. -Blocks Robot to prevent native use of mouse/keyboard -Blocks full screen capabilities to prevent spoofing your desktop -Blocks creating new classloaders that could further load malicious code -Blocks runtime permissions and native library loading -Etc. We have chosen to continue allowing limited reflection use and unrestricted internet access for the time being. We believe that unrestricted internet access won't be as significant of an issue with the new restrictions, but we will continue to monitor it. If you need additional permissions for something, let us know in the Client Bugs and Suggestions section. Scripters can post in the Client Bugs and Suggestions section or the thread in the Scripters' section. 2.4.55: -Fixed bug with loading local scripts -Removed deprecated constructor from InteractionEvent -WebWalkEvent handles Area destinations-Patched WebWalkEvent spamming final destination tile 2.4.56: -Fixed more bugs -It will now block the attempt and stop the script instead of printing that an attempt could have been blocked. -Please continue to report any additional permissions you need. 18 Link to comment
Realist Posted April 26, 2016 Share Posted April 26, 2016 very nice update this will help a lot of ppl :] it was 10:48 and this was posted at 10:49, spooky to say the least. Link to comment
GaetanoH Posted April 26, 2016 Share Posted April 26, 2016 Really nice update Zach! A lot of people will like this update! Link to comment
Saiyan Posted April 26, 2016 Share Posted April 26, 2016 Very nice man! This was really needed as there was an influx in ppl hosting malicious fake gdk/bdk's in local recently haha 1 Link to comment
debug Posted April 26, 2016 Share Posted April 26, 2016 Great update - will help a lot of users. Link to comment
solvingpi Posted April 26, 2016 Share Posted April 26, 2016 Great update, safety is key! Link to comment
itzDot Posted April 26, 2016 Share Posted April 26, 2016 Does this apply to sdn scripts as well? Link to comment
Developer Zach Posted April 26, 2016 Author Developer Share Posted April 26, 2016 Does this apply to sdn scripts as well? Yes both local and SDN Link to comment
Keven Posted April 26, 2016 Share Posted April 26, 2016 (edited) Does this apply to sdn scripts as well? To protect our users, we've chosen to begin activation of the security systems we've been developing for both local and SDN scripts. SDN scripts. Edited April 26, 2016 by Keven Link to comment
DragonAlpha Posted April 26, 2016 Share Posted April 26, 2016 With these restrictions eventually SDN could be automatic right? Link to comment
