Anti-Virus Company Says PeerGuardian is Malware
Over the past week, some servers used for updating the anti-virus software NOD32 were labeled as anti-p2p by a popular list maker for PeerGuardian. In response, NOD32’s company, ESET, has categorised PG2 as malware in some of its latest updates.
It started off with Bluetack adding some IP addresses to its “Level 1 blocklist” that belonged to ESET (NOD32) update servers. “Level 1” is the term that Bluetack use for their lists containing (according to site admin ‘monk’):
- Companies (Or organizations. I won’t repeat orgs. over and over) who are clearly involved with trying to stop filesharing.
- Companies which anti-p2p activity has been seen from.
- Companies that produce or have a stong financial interest in copyrighted material.
- Government ranges or companies that have a strong financial interest in doing work for governments.
- Legal industry ranges.
- IPs or ranges of ISPs from which anti-p2p activity has been observed.
The IP addresses added were 89.202.149.32 to 89.202.149.63, 89.202.157.88 to 89.202.157.95 and 89.202.157.128 to 89.202.157.159, according to this forum post on the NOD32 support forum. These blocked IP ranges contain many of the servers used to provide anti-virus signatures for NOD32. These were added to the blocklist for alleged anti-p2p activities. However, what kind of anti-p2p activity was taking place is unclear.
Bluetack administrator ‘m00re’ told TorrentFreak that the IPs were added because “someone noticed them on a torrent”. ‘m0nk’, another administrator later told TorrentFreak that he noticed an IP belonging to ESET on a private tracker’s movie torrent that he was on. “It was only 1 IP, but since they’re a commercial software company with a strong financial interest in copyrighted material, they go on level 1 regardless”.
However, ESET didn’t take too kindly to this disruption of its business. A representative from ESET tried to contact Bluetack, to see about the removal from the list. He later posted a screenshot of the discussion to the ESET support forum.
This was the same kind of attitude experienced by Ludvig Strigeus almost exactly two years ago, after utorrent.com was added to the Bluetack lists. Similarly by the Opentracker people, and the German Chaos Computer Club.
Based on the feedback from Bluetack, ESET added PeerGuardian to their anti-virus updates. Two signatures called Win32/PeerGuardian were added in update number 2894 on the 21st of Feb, with another 5 added in update number 2895 the following day. These updates identify the PeerGuardian application as malware, and offer the user the ability to deal with the ‘infection’. Those that do, have been unable to use PeerGuardian afterwards.
Phoenixlabs, which makes PeerGuardian, put out this statement in response. Their representatives would not comment further on the subject, referring only to the statement. Bluetack, on the other hand, have been very vocal about it. ‘m00re’ said “whomever the person/persons are that made the flawed decision to maliciously target a non threatening application like PG2 is clearly a moron.” whilst ‘firstaid’ suggested that “people call them and have them stop having their product remove PG2 from their systems.”
ESET defended the addition, “By blocking update and threatsense servers detection of PeerGuardian as potentially unwanted application is fully justified as it could disrupt normal operation of NOD32 and or ESS.”
However, ESET has now changed it’s mind, saying “We have reconsidered detection of PeerGuardian and it will be removed in the upcoming update. However, we will actively continue protecting our users from blacklists that contain the IP addresses (ranges) of our update servers and thus preventing our paying or trial users receiving updates and keeping their computers protected.”
Previously: Mininova: Serving Billions of Torrents and Buying Bugattis
Next: Oscar Winners 2008 Popular on BitTorrent
208 Responses (Add yours or TrackBack)
Pages: [1] 2 3 4 5 6 7 8 9 » Show All
what if i use both of the apps all the time? will they try to block each other? :P
Norman also detects Peer Guardian as malware.
Actually I prefer to block within an application, i.e. adding a IPFilter.dat (or similar) to Amule/Ktorrent/Qbittorrent/whatever instead of using PeerGuardian. Why should I block all access to a certain range, if I’m only concerned about anti-p2p activity in that range?
Well, that all looks pretty screwed up!
hmm.. Forget it.
I tried installing Peer Guardian, but this time Norman didn’t detect it as malware.
Maybe Norman was detected as malware in an earlier version of Norman. Well well..
All good now :)
Because someone noticed them on a torrent? You call that a reliable justification to add IPs that can change anytime on a blocklist?
“Maybe Norman was detected as malware in an earlier version of Norman. Well well..”
ehm.,. :p
I guess you can see the mistake there.
I meant Peer Guardian and then Norman
Norman says, PeerGuardian is spyware.
Just a thought, but isn’t Peer Guardian entirely redundant? I mean any serious Anti-P2P activity, i mean the stuff designed to get people in court, is usually carried out by people that are reasonably savy.
PG2 and its blocklists are in the public domain, so any serious anti-P2P agent is going to ensure the IP address they are opperating from isn’t on that list before even starting. We all know that fresh IP addresses and sets aren’t hard to come by. Just a thought and MHO
I keep a blue flag hanging out my backside
But only on the left side, yeah that’s the Crip side
Whatever
Oops, bad PR for ESET!
blocklist bastards do it again lol
[quote comment="297004"]Oops, bad PR for ESET![/quote]
More like bad PR for Bluetack.
Seriously, these dimwits need to get of their high horse. Putting in IPs of anti-p2p/investigative companies is one thing, IPs of entertainment mafiaa is another, and IPs of software mafiaa is yet another. How many people actually mess with peerguardian settings? If I used PG2+NOD, I’d sure be pissed if I found that I wasn’t getting updates because of it - ESET had all the right to do what it did.
Put another way - how is this different from TPB blocking Tele2 when Tele2 blocked allofmp3? If ESET makes the signatures temporary, it only serves to get the message out which seems to be their goal.
What is even more annoying is that this wouldn’t happen if Bluetack actually made more sensible blocklists instead of putting everything into level1 - see my first paragraph.
That said, are there any other blocklist providers out there?
use ubuntu, no need of nod32, for like ever!
it is extremely lame to label peerguardian as malware when it clearly is NOT.
it will drive more confusion and maybe some people realy believe pg is infected… :S
Stupid companies
ohh demonoid come back :(
2 days ago:
http://www.virustotal.com/analisis/b3fb9400909ca3f61b0750501d31ac24
Today:
http://www.virustotal.com/analisis/edfafa71189a764e950254a147b95052
ESET wankers!
no problem with me .
usually i turn off my auto update on my anti virus. when i need to update , i turn off pg and manually update my virus list.
i don’t see any problem here, why need to make into such big issue here
Peerguardian is just a falls sense of security. no point having it installed. ESET should just leave them blocked.
Peerguardian is my favorite example of “snakeoil”.
How much do they block currently? 50% of the internet?
So stupid to block universities and such stuff, because they have good connections.
And of course useless (for security) because anyone can collect the IPs on a torrent from a dial-up connection. And injection of bad data is not a problem. (Only reduces speed a little)
[quote comment="297018"][quote comment="297004"]Oops, bad PR for ESET![/quote]
More like bad PR for Bluetack.
Seriously, these dimwits need to get of their high horse. Putting in IPs of anti-p2p/investigative companies is one thing, IPs of entertainment mafiaa is another, and IPs of software mafiaa is yet another. How many people actually mess with peerguardian settings? If I used PG2+NOD, I’d sure be pissed if I found that I wasn’t getting updates because of it - ESET had all the right to do what it did.
What is even more annoying is that this wouldn’t happen if Bluetack actually made more sensible blocklists instead of putting everything into level1 - see my first paragraph.[/quote]
This is all down to a lack of accountability on bluetacks behalf. I did also write a personal opinion on this - http://neuron2neuron.blogspot.com/2008/02/eset-nod32-is-malware.html - It’s seperate because TF is not the place to mix opinion and news.
why no one is questioning how did that ip got blacklisted? why did some update server connected to torrent?
Something to remind ourselves of here also is that PeerGuardian is OpenSource.
The source code clearly has no malware or other malicious stuff in there. Anyone who needs to is very able to check this for themselves, Norman, ESET, whoever included.
Pages: [1] 2 3 4 5 6 7 8 9 » Show All
Add your response