Post by redonihunter in I think I need to rather sue or deal with It

Viewing post in I think I need to rather sue or deal with It

Itch does have scanners.

The problem is, that the malware uploaded on Itch often does not even trigger on virustotal and they scan with about 70 different scanners. Meanwhile lots and lots of games do trigger there with false positives.

But a good scanner on your system will do other things to protect you.

Unfortunately, a common threat of the malware is things like cookie theft. A software does not need to do many virus like things for that. Read files, upload to internet. It's a Windows design flaw.

What does protect against this type of attack is using a sandbox. Curiously enough, the Itch app provides one. https://itch.io/docs/itch/using/sandbox.html

I guess it was just too easy to implement, so they just added the feature. You can do this by hand too, without the app. Just create a user like they do, that does not have rights to view other user's files. If you shift-right-click an exe you get the option to run the exe as a different user. You need to enter that username and password and then the app will not be able to steal the cookies of your main users's browser. And those cookies would be your access to logged in accounts.

Will not protect against system exploits and such, but hopefully those get caught in one of the scanners.

Ultimately, Itch needs to change something fundamentally. It is just too easy to upload malware. And it is trivial to upload malware that bypasses scanners. Just try differently till it works. The criminals do not upload 1 game a year, they upload 10000+ malware per year.

Like Reply

4347573573712 days ago

I do agree that they should implement a better system, but the thing is, I'm on meta quest and not pc and idk really how to even download an anti-virus on it. Which makes it a lot easier to put malware on headsets.

I think I went too far in this topic, but I really do prefer that they actually spend some money on a working virus that detects viruses other than saying "Goodluck on getting no malware and if you do, we will absolutely not care and we're totally sorry for loosing 200$ on your stupid computer or headset."

Like Reply

redonihunter12 days ago

Meta Quest runs on a special version of Android. Traditional malware is basically unknown on that operating system. Something like an anti virus app is mostly a placebo on Android. For one, it would not even work, since you would have to install it with admin privileges, which you typically do not have.

The app you used seems to have done bad things. It could be a case of an amateur developer releasing something that just does not work properly. Or intentionally would mess with your device. Or, of course, some sort of attack. The internet tells me, that this is super rare on that device.

If you still have or can access the download file, you can try testing it on virustotal and see, how "scanners" would judge those files.

Btw, what happened to the project page? Does it still exist? Even if it is not malware, you should report it for not working properly. Itch does remove malware, but if no one tells them, that it is malware, how should they know? Scanners obviously did not catch it, or how else could you have downloaded it.

Like Reply

4347573573710 days ago

Don't mind the "Yeah" reply but first of all how am I supposed to scan this on virustotal if they took over my headset?

Second of all They are probably waiting to attack.

Lastly they probably won't want me to scan it on virustotal because like why would they want you to delete your hacked file?

But more Info on the original post I didn't really read what game I clicked before it Powering off my Headset.

But thanks for the help, man!

Like Reply

redonihunter10 days ago

I have no clue what you are talking about.

Itch is a website. Virustotal is a website. You downloaded a file from Itch by using a webbrowser. You currently access Itch with a webbrowser and write comments.

So download the file that you suspect was malware with the webbrowser you currently use on the device you currently use and then upload it to virustotal. Then you will see what several scannes would have said about the file.

Or you can probably just use your current device and a usb cable and transfer the file for inspection. Or at least look how that file was named.

If I read correctly. you currently have a Meta Quest device that you think you cannot operate, because you think there is malware on it and are afraid when you power it up, someone on the internet will attack you.

You can always just go somehwere where there is no internet and power it up and try removing the files. Or if that fails, use the reset mechanisms that device is bound to have. I would suggest disabling internet access for the device in your router, but I fear that is above your technical ability, so doing it literally by foot is easier.

There is also bound to be support message boards for that Meta Quest thingy. The things you describe sound like very specific things that would only happen on that device. Just search for your specific problems or ask one of those ai chatbots. They are good at these things.

Like Reply