Sharng LEX plugins Reviewed !

[kSchmidt]

This discusion is going on for sometime on Simtropolis about how to make life easier for SC4 players wanting to build a new simcity 4 plugins directory. Now all files are downloaded and installed individaly for 90 prc of the time. Some creators now choose to go without and let the user free to unzip directly to there plugin folder without installers. Far as individual Bat´¨s I beliefe this should be remain a choice. At the point of props and mega props package I think it would be time to convert these all to a unzipable format as there´s no point in keeping those in installer format. Plagued with viruses thes installers are a pain to run, wich time maybe used more usefull with praising or at comment and addresing more important instalation issues. Give your comment how to improve the plugins instalation for espacialy attracting new player to the game !

Sincerely yours,

Kschmdit

[Tarkus]

Speaking as the owner/webmaster of the site, I agree 100% on ditching as many installers as possible.  In fact, in large part due to the Herculean efforts of the SC4 community's very own "Renaissance Man", Tyberius06, we're going to start converting many LEX files with installers over to .zip files, as part of a long-planned effort known as Project ZIP. 

Project ZIP, combined with the LEX Dependency Tracker, will mean that in theory, it'll be possible to assemble large portions of Plugins folders in one go--if not the entire thing.  The three volumes of LEX Superior Collections that xxdita created back in March are effectively a proof-of-concept of this idea.  The main issue with those collections right now in terms of ease-of-use is the installers, so Project ZIP should make them (and other similar setups) into a fully-realized solution--at least with LEX files.

I'll note, on the whole "virus" angle, that's entirely on Norton/Symantec, McAfee, etc. and their move toward heuristic-based "threat detection"--instead of actually scanning the file to look for malicious code, they instead see that it's not a heavily-downloaded file from a major corporation, and will sometimes just arbitrarily flag it, just to make it look like they're "protecting" you.  Those false positives are enough of a nuisance, however, that they do constitute more justification to ditch installers.

-Alex

[kSchmidt]

Thank you for your reaction ! I´d like to bring this matter to SC4Devotion as I haven´t yet found any forum group where this issue is discused.and SC4Devotion is part of it. What kind of way we should go; repackage props into zip files easy to decompress into the BSC props. Bat´s, Lot´sk Mod´s Mmp´s with clear instruction into the same format. This will be a masive task, but nesecary to keep the game accesible for new player´s !

Sincerely yours,

Kschmidt

[mgb204]

Yes I'll add to what Tarkus said, the comment "plagued with viruses" is wholly inaccurate.

I updated 6 variants of my TGN mod on ST over the weekend. Each one is generated from an identical script with GoFSH into a lot of DAT files. Then a script for NSIS compiles those files into an installer .exe, which is for me as a creator 150% necessary to release and support a mod with the number of options they have. The only 2 changes I make between one version and another of TGN, first is to add a 2-digit "version code", unique to each variant, for example SV = Sudden Valley. The second, only 2 of the 6 variants need one additional DAT file the others don't. Handled by toggling a "ignore line" symbol in the code.

So when I got a PM today, telling me about a potential virus being detected, by MS Windows Defender none the less, the very same AV software I use, which was running when I made said file and hasn't flagged it in the 4-5 months since, I was more than a little surprised.

Here's how to tell if you really have a virus, or just really paranoid AV software. Take the file (or a link to it), and upload it to virustotal.com. This site will run it by a huge number of AV suites and come back with a list of results, for example:

https://www.virustotal.com/gui/file/730ab42e81e5bb852364f9452d829e5f2b13203035dc68fe53dce6799e511a0b/detection

This is the file flagged to me earlier, note the user who did so, downloaded all 6 variants, so this is just as odd as stated previously. Yes, the results clearly show the MS AV software flags it with a virus. But of the 70 AV suites that checked it, the other 69 all show it is actually fine. Running any .exe file, can potentially be a problem, you as a user have to decide who and what can be trusted. I can say with 100% certainty, no virus exists in this installer, but many users will be told there is, delete it and I don't get to defend my "product". I also can't stop it being incorrectly flagged, I could try e-mailing MS, asking them to get their facts in order, but let's face it, that's unlikely to help.

Sadly, as is already becoming the case in both Windows and MacOS, we're moving to a point where by default, computers won't run "unsigned code". That means, if you want a seamless user experience, without the potential for these "False Positives", developers must pay to certify their code. It's not unthinkable that we'll get to a point, like with iOS or Android, where you simply can't run unsigned code at all. Android can, but not before you jump through some hoops disabling security features. iOS you sort of can, but only if you Jailbreak your phone first. These developments do not bode well for small hobbyists like ourselves, we simply don't have the money to be paying for certification. So when and if it gets too hard to do so, mods like the NAM and similar community, open-source and freeware apps, will be a thing of the past.

[kSchmidt]

Yes I'll add to what Tarkus said, the comment "plagued with viruses" is wholly inaccurate.

I updated 6 variants of my TGN mod on ST over the weekend. Each one is generated from an identical script with GoFSH into a lot of DAT files. Then a script for NSIS compiles those files into an installer .exe, which is for me as a creator 150% necessary to release and support a mod with the number of options they have. The only 2 changes I make between one version and another of TGN, first is to add a 2-digit "version code", unique to each variant, for example SV = Sudden Valley. The second, only 2 of the 6 variants need one additional DAT file the others don't. Handled by toggling a "ignore line" symbol in the code.

So when I got a PM today, telling me about a potential virus being detected, by MS Windows Defender none the less, the very same AV software I use, which was running when I made said file and hasn't flagged it in the 4-5 months since, I was more than a little surprised.

Here's how to tell if you really have a virus, or just really paranoid AV software. Take the file (or a link to it), and upload it to virustotal.com. This site will run it by a huge number of AV suites and come back with a list of results, for example:

https://www.virustotal.com/gui/file/730ab42e81e5bb852364f9452d829e5f2b13203035dc68fe53dce6799e511a0b/detection

This is the file flagged to me earlier, note the user who did so, downloaded all 6 variants, so this is just as odd as stated previously. Yes, the results clearly show the MS AV software flags it with a virus. But of the 70 AV suites that checked it, the other 69 all show it is actually fine. Running any .exe file, can potentially be a problem, you as a user have to decide who and what can be trusted. I can say with 100% certainty, no virus exists in this installer, but many users will be told there is, delete it and I don't get to defend my "product". I also can't stop it being incorrectly flagged, I could try e-mailing MS, asking them to get their facts in order, but let's face it, that's unlikely to help.

Sadly, as is already becoming the case in both Windows and MacOS, we're moving to a point where by default, computers won't run "unsigned code". That means, if you want a seamless user experience, without the potential for these "False Positives", developers must pay to certify their code. It's not unthinkable that we'll get to a point, like with iOS or Android, where you simply can't run unsigned code at all. Android can, but not before you jump through some hoops disabling security features. iOS you sort of can, but only if you Jailbreak your phone first. These developments do not bode well for small hobbyists like ourselves, we simply don't have the money to be paying for certification. So when and if it gets too hard to do so, mods like the NAM and similar community, open-source and freeware apps, will be a thing of the past.

Thank you, I can not judge or any installer is virus free most excecute without a Norton Security warning, those that do I had to disable my scanner for sometime, excecute the installer and reactivate scan without any result. Norton Security isn´t perfect, some programs it asks for permision, their´s no full adequate file attribute or certification as youmention info. Respect your view on distribution of custom Bat´s Lot´s or any other SC4 customs. agree custom need proper protection, yet some part of the core megaprops need to be modernized as theirs no point running up to 25 installers everytime doing the same, waiste of time. I admire your dedication to the Simcity 4 customs and the community and hope this discusion may bring some change to this situation !

Sincerely yours,

Kschmidt

[kSchmidt]

Last posting where for part focused on the archives which are present right now. What I like to accomplished that author's are gathering and discus and try to find a common ground to redo at least all props packages in a way there is less overhead installing, decompress en put those JES or CSX or all those airport AC  props into whole large archive installer where Tue user can select which they'd like to install into a plugin folder of his choice without doing this several times. Authors should decide what to do with the Bat's, which separate or which into a larger pack. What else may be a on ! What I wish this discussion is continued on this side of the spectrum as not all authoress are on Simtropolis for some reason and need to be  heard !

Sincerely yours,

Kschmidt