[Bf-committers] Blender security paranoia

[Benjamin Tolputt]

Joshua Leung wrote:
> Human nature means that if we started actively setting up fortress-like
> security "features", naturally some people will be drawn towards defeating
> these measures ("the tougher the better!").
 
True - those that hack things for fun will be drawn to it as soon as we
announce some form of security. That is the nature of the beast, but...


> However, I believe that due to this ease, it's really not that "fun" or 
> "attractive" for most crackers to bother.
>   

This is a fallacy people need to rid themselves of. Cracking games and
the latest anti-copying measures companies use IS fun for alot of these
people. As is writing malware. The thing people forget though (or
perhaps wishfully dismiss) is that malware is an *industry*. Those
people funding the malware authors aren't in it because they think it is
"fun", they are in it because they think it a business they can make
money from it (i.e. criminal enterprise).

Currently Blender is not worth the time of a commercial malware
developer, I agree with that entirely. A person that writes one for fun
might put one out to see how far it goes before being stopped, but that
is a low risk I agree. The issue is being discussed because at sometime
in the future Blender will be a viable vector for the commercial guys.
Regardless of how fun or not it might be to write something that is
launched via Blender - if there are enough people who will be infected
by it, it will be done.

I don't mind the core developers all coming out and stating "This cannot
be done and as such, we're not going to bother". That is a reason I
cannot argue with logically. When people claim that being cautious of
malware vectors is "paranoia" or that Blender won't be hacked because it
is "not fun" though - I will push back. Invalid reasoning should be
rejected.

-- 
Regards,

Benjamin Tolputt
Analyst Programmer