Terasync IS fatal in 2018.2.1
Ran Terasync because I wanted to spawn on a ship at EGOD.
FG Began stuttering and generally being weird after a few min. It wouldn't let me exit it, screen froze, but I could still here FG running in the background.
Eventually killed it off but on my desktop I found that EDGE had opened up and was continually opening a new tabs, all linked to the IOS and Andriod Download page for Edge. IE was also opening new tabs, each with " page not found errors". I couldn't access anything. Ctrl Alt Del was non functional, and I had to watch as the CPU + RAM usage all maxed out. I had to kill the power.
Tried again tonight, same settings for spawning on a ship. It Ran ok, exited, and I went for dinner. Returned to find the PC completely locked up again.
I have scanned my terrasync folder, it came up clean, so were talking legit code used in a non legit way within terrain tiles.
I removed the tile that was downloaded via terrasync, and FG runs fine again.
Good shout. But it's possible it may not show up as recognised malware, as it's possibly just an amateur attempt at using Nasal to create mischief, like we've seen in some of the aircraft produced by the troublesome groups.
I tell you one thing, though - this is disturbing enough that I plan to recommend to the other admins that absolutely no code from any source that isn't considered completely trustworthy by all of us gets into FlightNights. By that I mean to include custom scenery in scenarios, and aircraft associated with problem flying groups. If it means we have to tighten up the operation and not permit certain suspect people or aircraft from taking part, so be it.
Do we have any examples of what people have tried via Nasal in aircraft & scenery?
I've just been looking at what nasal can do with file io & how it's limited via a whilelist - it would take a while to run but it would be relatively easy to run a grep through the model xml in Terrasync to see if anything odd has crept in
I'd like to know this too. As far as I know, it's one of the few things you CAN do without difficulty to make a web page request open in a browser - I experimented with an HTML manual for the Lightning, opening a web page by clicking a menu item, and it was extremely simple if I recall correctly. That's why I'm suspicious - it's an easy way to cause trouble for someone with limited coding/hacking skill.