Query: DLL file loading, game workarounds, paranoia?

This isn't particularly 'news' or an 'issue', so forgive me if I'm discussing it in the wrong place. A recent situation really started to confuse me lately, given what I thought I new about staying safe online. Due to the number of times I've been accused of 'paranoid', I was hoping to get an opinion from people with a more security minded mentality.

I admit that I'm a gamer, and enjoy playing games on a relatively clean system. Recently, a game (Fallout: New Vegas) was released in a rather buggy state. This is nothing new - Nor is the fact that several user-developed fixes were eventually developed to help with issues.

One workaround, though, struck me as extremely dangerous behavior that users were more than willing to engage in.

Long story short: There are significant issues with framerate in the game. Someone emerged with a "fixed" d3d9.dll file - Distributed through Megaupload - that they claimed would solve all the issues at play. All users had to do was drop the DLL file into the application folder with the game executable, and then run their game as normal.

To me, that sounded a little familiar. Something very similar to this potentially exploitable flaw.

I thought that this sounded dangerous. When attempting to advise people on the game forums about the dangers of downloading DLL files from anonymous users over free-distribution sites, I was informed I was being over-reactive. I'm a little confused, though, since this seems like excptionally risky behavior.

Am I wrong to be wary of this kind of thing? Is it paranoia to avoid working with DLL files in this way? Just curious what everyone here thinks about such a situation.

 

You're doing the right thing to stay the hell away from it. "Modded" DLL files are a HUGE red flag. I admit to having played with these in the past, especially with games. But, this was way before the DLL scares we've seen recently. The reason you're being blown off is because, gamers being gamers, they are a very vocal group when things go wrong, and they'll do just about anything to get the performance they want and the features they want. That goes from rant threads 100+ pages long, literal threats, all the way down to cheats.

You're being very bright, not paranoid.

 

If there was an issue with the game,the company that released the game sure wouldnt post up a fix on megaupload.

Sure hope other people didnt fall for this

 

The others knew it wasn't an official fix, and, obviously others went right along with it, according to the post. As I said, it's an attitude shared by a LOT of gamers, especially the FPS crowd.

 

Back in the day,when I used to play Everquest,a multi-online player game, if you werent getting the FPS that you wanted,it was time to upgrade your hardware

 

FPS in my previous post was referring to first-person shooters, lol. But, what you say is true and still holds today, low frames per second generally means you either have bad lag due to old video cards or you should stop torrenting while you play

 

Thanks, guys. Glad to know I'm not going crazy when I decline to download strange DLL files and execute them without investigating more

I did a little bit of detective work, and it's really a strange situation. There is something wrong with this game, software wise, that makes it underperform on even capable hardware, but that's no reason for this kind of risk behavior! Apparently the file is "safe", and droves of players are downloading it, saying "This fixed my problems!!!" and thus encouraging many more people to download it on the premise that, if it were a problematic file, someone would have seen something pop up by now. I guess all it takes is an echo box to convince people to download and install sketchy files from megaupload!

I admit that I skirt the edge of the gaming community, but this strikes me as social engineering waiting to happen. Between the rootkit DRM schemes and the haphazard willingness of players to download any file in pursuit of better performance, it's a wonder these people still have functioning computers.