Limit 3rd Party Developer Access in FS2024 for Protection

I understand the principal of a sandbox environment. Add-on developers such as A2A are going to have to make compromises. That’s better than letting add-on developers running unrestricted code.

I don’t believe developers are malicious but some are. A zero trust safeguard is better for system security. Unfortunately, that does mean good developers are going to be restricted but it’s a reasonable compromise to protect users.

Can we now get into specifics. What has a dev done that you feel is wrong? You youself say that the OS has built in protections. Is that not good enough?

“whereas Google has people who are highly trained and knowledgeable in information security protocols to ensure compliance to standards.” - I’m sorry but I don’t believe that - again my opinion

I can see your point on some of the things you listed. However I believe they would be logistically un workable. It takes MS a long time just to approve the Partner add-ons now, Adding “ALL” add-ons would be a disaster in my opinion.

Of course, any sandbox environment is not 100% secure, nothing is. It’s going to take time to build correctly. The whole point of the post is to propose that in FS2024 add-on developers are restricted in the code they are allowed to run on a system. This is going to cause compatibility problems and add-on developers are going to have to make compromises but user security is more important than a few add-on developers. I believe Microsoft Flight Simulator on XBOX is going push this.

M

Although the OS does have built in protections that does not mean developers should have unrestricted access to system resources. Security is a layered approach and nothing is 100% guaranteed secure. A sandbox environment is another layer on top to provide user protection against malicious code.

I haven’t been harmed by a single developer but that doesn’t mean we should be lazy about security. Millions of people play flight simulator everyday and they also do banking on that computer. Add-on developers need to stop running unrestricted code.

1. The only “sandbox” that MSFS provides is itself and its SDK. A developer can write non-executable files that describe an object (i.e. plane) within the context and confines of that SDK. The MSFS API implementing the SDK may also have features that could be exploited maliciously so there’s no absolute safety in that.

2. Windows itself has basic security features these days with UAC, Firewall and Defender. Developers DO NOT have unrestricted access to the system.

3. A2A has NO OPTION but to run their own executable because they are doing calculations that cannot be run with the MSFS API.

You just almost if not every 3rd party developer.

Let me turn the table and ask you something:
If you can’t secure your system without sandbox, maybe you shouldn’t use it?

0/10 on this idea unless your aim is to kill top-tier third-party devs and limit the sim to Carenado-style reskins of default airplanes.

X-Box is going to be as secure and sandboxed as MS can make it, mainly because it is a closed system, and if it gets infected, there is little an end user can do to fix it. (and its a MAJOR embarrassment to MS, that will cost them BIG in the Console market !!)

PCs are a very different matter.

Whats the points of sandboxing a single application (like MS FS), when most other apps are wide open, as is your pc.

You only have to visit one “inappropriate” website, or open an attachment in an email, to find out just how Messed up a talented hacker can totally compromise your system.

These day, expect any time you start your PC, it may have got compromised, and the only way to be 100% sure you can get it back to an uncompromized state, is to have multiple past Full backups, to restore your system to its pre-compromized state.

But backups are only of use, if you do them, and its so easy to skip doing them, so an Automatic backup system is very desirable.

My computer systems do a backup EVERY night , automatically, while I sleep, both Incremental, and weekly a Full, keeping at least 2 months of full backups .

Large mechanical Hard drive are reasonably inexpensive now, and far less costly than days of rebuilding & re-installing a mass of applications, and recreating lost data .

or

Dump the PC, and play on a more “secure” X-box, with its associated limitations. (Your Choice)

True I saw this thread and got me thinking but please no arguing or anything feedback is welcome tho as we know some 3rd party use Asobo default modals and change the outside, and a few have a working outside model but no working cockpit, I hope theres a way in fs2024 where the market team can denie a addon if it doesnt have a working cockpit, Not only for us but think of all the new simmers fs2024 will bring and they will see an addon and get excited buy it and be let down, Feedback welcome but keep it civil

Andy2790

I do not believe devs have access to “unrestricted” aspects of the windows OS. If so then this is a Windows OS issue and not a Flight Sim issue.

I agree with your point - keep yourself protected, and users should be mindful of what they download and from where.

No layer of protection is 100% secure and can be exploited under the right circumstances but having some protection is important. People use their computer for banking purposes so it’s important to keep them safe as much as possible.

It really depends on the type of account the application is running on. That affects the amount of access the application can get.

If you don’t like such addons then don’t get them. Don’t even give Asobo/MS the idea of restricting others.
The external apps communicate with the sim using the public API’s like SimConnect and there is NOTHING wrong with that.

Do I understand correctly that you’re not running any applications on your computer except those from Microsoft? An addon running a process outside of MSFS is just like any other 3rd party program running on your computer. A browser, photoshop, any game from Steam or whatever.

• All add-ons should be required to run in a sandbox environment without exception.
  They already do. What is running outside of the sim is not the stuff that MSFS loads.

• All add-ons in the “Community Folder” should not be loaded by default. The user must enable community folder mode to run these add-ons.
  Maybe. Although given how clumsy the UI is in the game I would rather have 3rd party apps like addon linker for that

• All add-ons in the “Community Folder” should not have any permissions by default. Only the user can enable permissions per add-on.
  You’re mixing up addons (configuraiton files, textures etc.) with external applications that communicate with the sim. The sim is not owning those processes and doesn’t care about them.

• All add-ons that are not in the “Community Folder” have to be installed using an in game interface that probably checks the files are legitimate and safe to use.
  You already have an antivirus and firewall and various other tools built into the operating system for that. It’s not the sims job to hold my hand. My computer, my choice.

• WASM support should only be enabled by default if the add-on has been approved by Microsoft and downloaded from the official Flight Simulator store.
  Why? What is so special about WASM that it should have this special treatment

In general all the points you propose are perfect from a corporate greed point of view, but not from a gamers one. It’ll only limit what developers can do to get out of the game limitations and actually create high quality addons.

This topic really made me angry, like no other before. I just don’t get how you can seriously propose things like this.

A simple way of addressing your security concerns would be to just avoid buying addons with executables. As I said, it is impossible to have the A2A Comanche without an executable so you just need to live without it. There’s nothing anyone can do about that.

There are some things you can’t achieve without external binaries. Have you ever seen the terrain radar in the FBW A32NX? It’s running externally, because MS is incapable of providing a terrain API.

I’d also like to point out limiting SDK access is present in one of the major sims - DCS. Do you know what the result is? Many VERY talented people are unable to make accurate replicas of aircraft past the 1970s, because you can’t event implement a proper radar without the SDK. Do you want an MSFS without thought out addons? Do you want an MSFS where no addon can be called study-level?

We all have to make compromises and that means add-on developers are going to have to change. Security is an important component of modern computing and that means limiting the abilities of development to prevent malicious or unsafe code execution. There is things Microsoft/Asobo can do to mitigate the risk and this post is to reach out and let them know some of the things that could help.

After all, an add-on is an entertainment package not a standalone program. They should be treated differently than a browser.

You can implement most of your suggestions today by buying an Xbox Series S or X: network SimConnect is disabled so you can’t use external executables running on your PC where they could damage your files, and any Wasm code using SimConnect in-process is sandboxed and has been reviewed by Microsoft ahead of time.

I don’t think there’s much to be added by removing SimConnect from the PC version, and a lot to be lost.

[In particular – losing the ability to connect to the simulation environment from an external program would eliminate: LittleNavMap, Spad.next, Axis And Ohs, FSUIPC, Navigraph Charts (except as an in-game panel), connectors that mirror your position to ForeFlight or other EFB apps, etc. None of these are possible with the Xbox version of MSFS because SimConnect is disabled, preventing external programs from accessing the sim. Without this restriction, the entire proposal falls apart.]

What operating system are you running? Unless it’s a fully open-source distro of Linux, you can’t be sure it’s not doing anything malicious - in fact, if it’s Windows, they are most likely stealing at least a subset of your personal data.

What about unsafe code execution? If you mean memory safety and stuff, no program is 100% safe.

If you don’t feel safe, why are you proposing limiting people who know what they’re doing, instead of just not doing stuff when you don’t know what you’re doing?

A reminder to keep this topic on-topic. If you want to continue participating, avoid posts aimed at other users and focus solely on the discussion.

From the Code of Conduct - SOP:

• The Skies are Open for All - Everyone is welcome to Microsoft Flight Simulator regardless of age, gender, race, sexuality, or creed.
• One World, One Community - No matter how you play – regardless of platform, experience level, or reason – we are one community of aviation lovers.
• Follow Your Checklist - Adhere to the set of rules from each community space. Skipping a checklist item can ground a flight quickly.
• A Pilot is a Pilot - Treat everyone in the community with respect, and seek to have positive experiences with your fellow pilots.

• A Pilot is a Pilot - Treat everyone in the community with respect, and seek to have positive experiences with your fellow pilots.