SHAR MP Developer Log #1 - Security

Posted in Announcements
Please login to contribute to the conversation.
Hi everyone,

I wanted to release a small little developer log detailing the recent issues people have been having with SHAR MP.

To start, I think it is important to give a little back story of SHAR MP:

SHAR MP is a rudimentary experiment demonstrating the ability to synchronize multiple players and their vehicles in the Simpsons: Hit & Run. When we initially demonstrated it, the community clamored to have access to it which we reluctantly gave. Because of how difficult a fully-fledged multiplayer service is to develop, we've not yet been able to add any real notable features to it and have no intentions currently of doing so as we have much more important priorities. We want to eventually come back to it, but we've only updated it with features that were made possible by Lucas' Simpsons: Hit & Run Mod Launcher.

SHAR MP and Lucas' Simpsons: Hit & Run Mod Launcher share the same codebase which makes this all very possible. In fact, the core logic that allows SHAR MP to work is bundled as its own always-enabled hack when using the SHAR MP launcher. Going even further, the window you see when you launch SHAR MP is the same window you're familiar with for any mod that implements settings. The SHAR MP launcher essentially skips the launcher window and opens the Multiplayer hack's settings window. The only notable difference with the Multiplayer launcher is that it replaces the "OK" button with a "Launch" button. As we began synchronizing updates between the two, we started to see a trend of false virus detections in SHAR MP, but not in Lucas' Simpsons: Hit & Run Mod Launcher. Most antivirus will claim it detected it through the use of machine learning (!ML) or artificial intelligence (AI).

One reason we believe the SHAR MP launcher is being detected as a virus is simply because of how far less code is in the executable. We're not sure if this is a direct reason that it is being labeled malware by false positives, but this is a popular theory.

The reason this theory exists is viewing VirusTotal data shows us that Lucas' Simpsons: Hit & Run Mod Launcher 1.25.1 is labeled as safe by all engines:
www.virustotal.com/gui/file/7e27087c0ad35571618ea0a5e13b6fbf4e7c92c8bb618da26064346480e0d8b8/detection

Whereas SHAR MP is labeled as a virus by 23/67 engines:
www.virustotal.com/gui/file/abd5ea58fc24be22c45faa13dad3c8e69ebbaf37cdbc351f6b250210d8b3fbfa/detection

Here's a breakdown showing detection rates between Lucas' Simpsons: Hit & Run Mod Launcher 1.25.1, SHAR MP and what is being detected in SHAR MP as a virus:

Donut Team stands behind SHAR MP and our other software and maintains there is no malware or other dangerous software running behind the scenes. However, due to the false positives outlined by SHAR MP 33, we've made the decision to pull that version from distribution.

We're quickly working to find a new solution to the problem and figure out exactly why we're being detected as a virus when it is just the same Mod Launcher you all know and love, stripped down to a settings window. We can verify the hacks included in SHAR MP, which do the heavy lifting, are not being detected by 99% of the available antivirus engines. The thing being detected as potential malware is the launcher window itself.

Because of this detection, our SHAR MP site has been flagged by Google as potentially dangerous. We're currently working with Google to resolve this issue and hope to have it solved soon.

TL;DR:
  • SHAR MP is being falsely labeled as malware by some antivirus engines.
  • Google uses one or multiple of these antivirus engines and has deemed multiplayer.donutteam.com/game/sharmp unsafe for the time being.
  • We're working to resolve both of these issues.
  • We've removed SHAR MP 33 from download and rolled back to SHAR MP 32. If you're still using SHAR MP 33, you should not notice any interruptions.

I hope this developer log helps detail what is going on behind the scenes and may give some peace of mind when it comes to these false detections.

Sincerely,
Jake AndreĂžli
Community Director