Re: unexpected token bgt runtime error, how to solve
@53
Microsoft determines that something is a virus by having seen it being a virus before, and then develops patterns to try to detect similar executables. BGT works by taking the same executable for every single game, and attaching some non-program data to it that BGT interprets.
Executables start off assumed to be viruses, actually, and are sort of proven otherwise. Microsoft won't flag every executable that's new, but a new executable is given extra scrutiny. So in addition to similar code patterns between viruses, if it does virus-like things it might get flagged. What exactly causes this is unknown on purpose, and it should be noted that Microsoft isn't necessarily only looking at the executable either, it will also examine the files alongside it or whatever else to make the determination.
My guess is that either Angelscript gets generally flagged, or someone made a virus with BGT and distributed it and Microsoft got sent a copy. In the latter case, because the executable part of BGT is the same for everyone, it is nearly impossible to avoid false positives.
To fix this there's a reputation system. If you're a good citizen in other words, and your executable gets unblocked on lots of systems, it'll stop being flagged. But BGT is just different enough once your game is packaged that the reputation can't be shared among the community.
And let me be clear: if this sounds like I'm saying it's possible one bad actor wrote a virus and ruined BGT forever for everyone, yes, I am saying exactly that.
So that leaves you plan B, which is code signing. You can transition the reputation system from your executables to you as a developer by buying a code signing certificate (which is like $100 a year) and releasing software, and over time your code signing certificate will become trusted. Or you can start an LLC, prove your identity, pay $600+ a year, and follow a few other restrictions and get trusted instantly. In either case though, the main point is that your code signing certificate says who you are and that if this executable is a virus come knock on your door for the arrest, which is why this works.
Code signing certs can't be shared because they've got developer real names in them. If a cert gets used in a virus the cert is ruined, and potentially the developer who owns it is liable.
The difference with mainstream languages is one of two things. For the compiled languages, every executable is very different--it's not the same code plus some scripting data, it's actually different machine instructions. For the interpreted languages, the executable running it is the same, but they're popular so that executable is widely understood not to be a virus by the antivirus software developers and gets a pass (presumably with the signature stuff looking at data files around it instead, but again, they don't tell us because that's telling hackers how to break it),.
-- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector