JudgeDeath
Warlord
- Joined
- Nov 14, 2005
- Messages
- 191
A suggestion to the moderaters: Moderate!
WARNING! Civ4 Ships With Critical Security Vulnerabilities!
- Thread starter CivIndeed
- Start date
- Status
CivIndeed said:
Everybody but you already understood that english is not my first language.
The amount of crap you write is simply astonishing. I've never seen someone write so much with so little to say. You must be proud. And then, attacking someone because he makes spelling mistakes. What a classy and effective discussion technique.
player1 fanatic
Fanatic
unsubscribing...
Noitazilivic 4
Chieftain
- Joined
- Nov 19, 2005
- Messages
- 2
It's somewhat alarming how deliberately obtuse some people are being. If someone walks up to you and says "Hey, idiot, you dropped your wallet, someone could pick that up and steal it," do you start yelling at them for not being nice enough to you?
CivIndeed said:
You missed my point. I know there is a vulnerability, but has there been an exploit developed to affect the game?
A PoC needs to be done to show the vulnerability. The version shipped with Civ4 may have been patched at the source level by the developers through their own work.
Does that clear up what I was getting at?
cesareDH
Chieftain
Morning.
I am new to all of this stuff, especially dealing with DLL files, etc, but I followed your advice and instructions, and hope I'm more secure than I was, (even tho I didn't know I was) so thanx.
My story: I pre-ordered CIV IV, picked it up and installed it the day it hit the store. TOOK FOREVER to install; 4hrs & 10min.
My system was/is:
WinXP Pro
2.8mHz
1024 RAM
160g HDD
Radeon 9600
The game ran fine, but after 3 or 4 hours play, the game would start to slow down, so I went to an iNvidia GeForce 6600 256MB card, which has made all the difference.
I've played many hours with no problems; now all of a sudden, the game won't start. Using the desktop icon, going to the CIV IV folder and using that icon, or opening then closing the CD door, and then clicking on PLAY when it pops up, the game will NOT start. It acts like it wants to start, then just shuts down completely.
I'm not very computer savvy, but I do need some advice here; it just needs to be in simple terms and or precise instructions.
Thank you for your time and trouble. I'll just go read a book til someone can help.
I am new to all of this stuff, especially dealing with DLL files, etc, but I followed your advice and instructions, and hope I'm more secure than I was, (even tho I didn't know I was) so thanx.
My story: I pre-ordered CIV IV, picked it up and installed it the day it hit the store. TOOK FOREVER to install; 4hrs & 10min.
My system was/is:
WinXP Pro
2.8mHz
1024 RAM
160g HDD
Radeon 9600
The game ran fine, but after 3 or 4 hours play, the game would start to slow down, so I went to an iNvidia GeForce 6600 256MB card, which has made all the difference.
I've played many hours with no problems; now all of a sudden, the game won't start. Using the desktop icon, going to the CIV IV folder and using that icon, or opening then closing the CD door, and then clicking on PLAY when it pops up, the game will NOT start. It acts like it wants to start, then just shuts down completely.
I'm not very computer savvy, but I do need some advice here; it just needs to be in simple terms and or precise instructions.
Thank you for your time and trouble. I'll just go read a book til someone can help.
I agree.CivIndeed said:
- Joined
- Oct 5, 2001
- Messages
- 30,080
Moderator Action: Rather than tryng to clean-up the garbage, I've deleted it.
Stop with the abuse and flaming - and start posting in a constructive manner or the thread will be closed.
WoodenEye, ZouPrime & CivIndeed warned.
Please read the forum rules: http://forums.civfanatics.com/showthread.php?t=422889
Stop with the abuse and flaming - and start posting in a constructive manner or the thread will be closed.
WoodenEye, ZouPrime & CivIndeed warned.
Please read the forum rules: http://forums.civfanatics.com/showthread.php?t=422889
cesareDH said:
Hi cesareDH, welcome to the board. Many people are experiencing problems with Civ4 and until the patch comes out, there not much to do about it. I doubt the issue your are experiencing have anything to do with the topic of this thread. For your problem, I would suggest you try to update your videocard driver and maybe reinstall the game.
cesareDH
Chieftain
I was going to try and reinstall the game. I really didn't want to go through another 4 hour installationZouPrime said:
.Thanx
randallman
Chieftain
- Joined
- Jan 11, 2002
- Messages
- 68
JudgeDeath said:
Why is everyone angry at the original poster. Vulnerable code is vulnerable code. It's already proof positive that OTHER apps using this vulnerable code is exploitable.
DON'T SHOOT THE MESSENGER!
Also don't spend your time trying to convience the original poster that what he found was 'not in fact a vulnerability'. Its black and white... There IS no grey area here. The vendor has released code that is utilizing libraries that have KNOWN vulnerabilities.
<personal belief>
IMHO - Sooner than later, vendors will be held LEGALLY accountable for thier security vulnerabilities. The issue of security flaws has become so widespread and the amount of data available online has become so large that it is the only logical way to handle the situation. Creating accountability above and beyond the end-user who typically has no clue about security risks or code exploits is mandatory. In the event that this does happen, take2/firaxis/whatever coder/developer/publisher would be LEGALLY liable for releasing code with these bugs.
</personal belief>
JusNaturae
Chieftain
- Joined
- Nov 9, 2005
- Messages
- 6
CivIndeed said:
Coming from someone whjo likes to quote "Standard English", you should know that it's not an fact. It's a adjective, which implies opinion and judgment. Like saying someone is self-righteous. Rude. Obnoxious. Boring.
Next.
Moderator Action: I've warned them for this kind of post - the same goes for you.
Please read the forum rules: http://forums.civfanatics.com/showthread.php?t=422889
cesareDH
Chieftain
JusNaturae said:
Why do y'all feel it necessary to be ****ty to each other in the forum? Why don't you set up a nice personal chat and go at it; leave the rest of us out of it. Thanx
Clown2TheLeft
Prince
Everyone refrigginglax. Please! C'mon, folks...
Whether someone is comitting usage errors due to lack of familiarity with the language, or whether Standard English usage places punctuation INSIDE the quotes rather than out is rather secondary to the topic.
It's not CivIndeed's attitude which interests me (then again, I'm not looking to be offended, either). It is rather these security issues.
So.
CivIndeed: can you please _briefly_ explain to me, in Human, what I am at risk of due to this code, and what can be done to prevent/fix this. I've tried reading the thread, but keep getting distracted by the ongoing pissing match.
Later!
--The Clown to the Left.
Whether someone is comitting usage errors due to lack of familiarity with the language, or whether Standard English usage places punctuation INSIDE the quotes rather than out is rather secondary to the topic.
It's not CivIndeed's attitude which interests me (then again, I'm not looking to be offended, either). It is rather these security issues.
So.
CivIndeed: can you please _briefly_ explain to me, in Human, what I am at risk of due to this code, and what can be done to prevent/fix this. I've tried reading the thread, but keep getting distracted by the ongoing pissing match.
Later!
--The Clown to the Left.
oldStatesman
Cybernaut
For what it is worth, replacing these files, along with using the Blue Marble Graphic mod, has really lessened my CTD - in fact, I have played all night without one - first time that has happened. This is a preliminary result however - I have not yet reached the later ages; though in the past the game has crashed early on too.
But it deserves some more research.
But it deserves some more research.
OK I DL those files and followed the instructions game actualy ran pretty good before, but mid game it would abruptly crash. Hoping this will help.
Would be nice though if someone could kinda verify these fixes as either productive or at least causeing no harm. I read through them looking to see if its safe to do before I do it as i dont want to mess up my os
Would be nice though if someone could kinda verify these fixes as either productive or at least causeing no harm. I read through them looking to see if its safe to do before I do it as i dont want to mess up my os
oldStatesman
Cybernaut
You won't mess up your OS by updating these files. The game may be affected - so far for me it has been a positive change. But the jury is still out on that, not enough play time to really judge.danegeld said:OK I DL those files and followed the instructions game actualy ran pretty good before, but mid game it would abruptly crash. Hoping this will help.
Would be nice though if someone could kinda verify these fixes as either productive or at least causeing no harm. I read through them looking to see if its safe to do before I do it as i dont want to mess up my os
It is probably pointless to post anything constructive here, but I'll try anyway.randallman said:
Using library that has known vulnerability does not necessary make your product vulnerable. Commonly, vulnerability arises from some memory overrun in some function when it's provided with particular input. Then the application that never calls this function (directly or indirectly) never risks this overrun and doesn't have this particular vulnerability. The application may even use this function and as long as it ensures that the set of parameters that would cause memory overrun can't reach that function. This can be either due to the progammer being aware of vulnerability and adding safeguard or due to the only limited inputs arising from within the application (not from external sources) being fed to this functions.
Because of these reasons it's impossible to say if Civ4 has any of those vulnerabilities or not without detailed investigation. It would be nice to get a statement from Firaxis on this issue. Having the source code it shouldn't be too hard to find out if their appllication is vulnerable or not.
Still, as long as one doesn't allow Civ4 to access the internet and doesn't load any mods or savegames from untrusted sources, he will be save from exploits.
oldStatesman
Cybernaut
Rather than go to such extents and cripple the game experience, why not just replace the dll's with the secure ones...it is very easy to do. Takes under ten minutes. No worries and problem solved.alexti2 said:
at least someone gets it.- Status
