Anti-Virus Company Says PeerGuardian is Malware
Written by Ben Jones on February 24, 2008Over the past week, some servers used for updating the anti-virus software NOD32 were labeled as anti-p2p by a popular list maker for PeerGuardian. In response, NOD32’s company, ESET, has categorised PG2 as malware in some of its latest updates.
It started off with Bluetack adding some IP addresses to its “Level 1 blocklist” that belonged to ESET (NOD32) update servers. “Level 1” is the term that Bluetack use for their lists containing (according to site admin ‘monk’):
- Companies (Or organizations. I won’t repeat orgs. over and over) who are clearly involved with trying to stop filesharing.
- Companies which anti-p2p activity has been seen from.
- Companies that produce or have a stong financial interest in copyrighted material.
- Government ranges or companies that have a strong financial interest in doing work for governments.
- Legal industry ranges.
- IPs or ranges of ISPs from which anti-p2p activity has been observed.
The IP addresses added were 89.202.149.32 to 89.202.149.63, 89.202.157.88 to 89.202.157.95 and 89.202.157.128 to 89.202.157.159, according to this forum post on the NOD32 support forum. These blocked IP ranges contain many of the servers used to provide anti-virus signatures for NOD32. These were added to the blocklist for alleged anti-p2p activities. However, what kind of anti-p2p activity was taking place is unclear.
Bluetack administrator ‘m00re’ told TorrentFreak that the IPs were added because “someone noticed them on a torrent”. ‘m0nk’, another administrator later told TorrentFreak that he noticed an IP belonging to ESET on a private tracker’s movie torrent that he was on. “It was only 1 IP, but since they’re a commercial software company with a strong financial interest in copyrighted material, they go on level 1 regardless”.
However, ESET didn’t take too kindly to this disruption of its business. A representative from ESET tried to contact Bluetack, to see about the removal from the list. He later posted a screenshot of the discussion to the ESET support forum.
This was the same kind of attitude experienced by Ludvig Strigeus almost exactly two years ago, after utorrent.com was added to the Bluetack lists. Similarly by the Opentracker people, and the German Chaos Computer Club.
Based on the feedback from Bluetack, ESET added PeerGuardian to their anti-virus updates. Two signatures called Win32/PeerGuardian were added in update number 2894 on the 21st of Feb, with another 5 added in update number 2895 the following day. These updates identify the PeerGuardian application as malware, and offer the user the ability to deal with the ‘infection’. Those that do, have been unable to use PeerGuardian afterwards.
Phoenixlabs, which makes PeerGuardian, put out this statement in response. Their representatives would not comment further on the subject, referring only to the statement. Bluetack, on the other hand, have been very vocal about it. ‘m00re’ said “whomever the person/persons are that made the flawed decision to maliciously target a non threatening application like PG2 is clearly a moron.” whilst ‘firstaid’ suggested that “people call them and have them stop having their product remove PG2 from their systems.”
ESET defended the addition, “By blocking update and threatsense servers detection of PeerGuardian as potentially unwanted application is fully justified as it could disrupt normal operation of NOD32 and or ESS.”
However, ESET has now changed it’s mind, saying “We have reconsidered detection of PeerGuardian and it will be removed in the upcoming update. However, we will actively continue protecting our users from blacklists that contain the IP addresses (ranges) of our update servers and thus preventing our paying or trial users receiving updates and keeping their computers protected.”
Previously: Mininova: Serving Billions of Torrents and Buying Bugattis
Next: Oscar Winners 2008 Popular on BitTorrent
215 Responses (Add yours or TrackBack)
Pages: « 1 [2] 3 4 5 6 7 8 9 » Show All
I have no problem with PG2.
thats bullshit
Frankly, its wrecklessly irresponsible for PG to block antivirus update service. Antivirus PROTECTS people’s machines from malware that is in P2P networks, PG opened the door for newer malware and viruses to infect a user.
As a typical (not a power) user, do you EVER want your antivirus NOT to get ???? thats insane. we are not talking about “rules” we are talking common sense. Common Sense is that you want the virus protection.
[quote comment="297071"]Something to remind ourselves of here also is that PeerGuardian is OpenSource.
The source code clearly has no malware or other malicious stuff in there. Anyone who needs to is very able to check this for themselves, Norman, ESET, whoever included.[/quote]
What is Malware? Malware is something that has an undesirable effect on a system. There is malware that has perfectly clean code, but in use gives undesirable results.
You admit that nod32 is a legitimate antivirus program? Thus, bluetack has disrupted, or attempted to disrupt the operations of a legitimate antivirus program. If that doesn’t fit the definition of malware, i don’t know what does.
“Lets also remember that people chose to run nod32, and chose to update to the lists that ESET provides, and tens of millions of people have made that decision. It is easy enough to circumvent the entry, and put it in the allow list, but we err on the side of caution, in an attempt to protect our users, but we still want to keep them informed”. (if you hadn’t noticed, this is the standard argument that bluetack makes when it adds a block, swapping PG with nod32 and bluetack with ESET - why doesn’t the same arguments work the other way?)
Blocklists are also compiled using user data/reports. While this is a good thing, this data/report really needs to be verified somehow, rather than blind inclusion.
But the question remains as to why an ESET server IP was sitting on a torrent.
agree with 28 - its stopping peeps from updating, which is what a handfull of other nasty progs do that are quite rightly labeled as malware or what ever they fall into.
I would be more understanding if bt actually did more investigation into the ips they blocked. I mean comon … those update servers are gonna have great connectivity, we can’t blaim some board admin for wanting a seedbox can we???
Once they tag a non-malicious app as a reprisal (or hostage) I am off the bus. Anti-Virus is a business about trust. If you delete my port-scanner, my penetration tests, disable my firewall or my malware blacklist, you are a security risk instead of a solution, and I don’t want your software in my computer anymore.
The next obvious step is to tag competing products as malware and delete it, that is, if you want a nazi signature scanner to reach complete control over your computer.
However, and to be balanced, if you disable the updates of the antivirus, that could be malicious and it is a security risk instead of a solution, too.
Shitty managers destroying good software. Nothing for you to see here. Please move along.
Sounds like both sides are playing silly buggers here.
Sounds more like Bluetack’s fault..
If you cant update your anti-virus because a program is blocking it yes it WILL be considered malware..
“whomever the person/persons are that made the flawed decision to maliciously target a non threatening application like PG2 is clearly a moron.”
Whoever the person/persons are that made the flawed decision to maliciously target a anti-virus company and preventing its users to update their payed programs is clearly a moron imo..
An employee use bittorrent, most likely to download a movie or music hardly to do any network sabotage ;)
Bluetack were too trigger happy.
Nice post on N2N Ben.
Bluetack never admit to mistakes, because they don’t have to. It’s not just a case of being anonymous, there’s also a massive fanboy culture surrounding them. I hate to think what your inbox looks like right now.
Not everyone uses Nod32 or needs access to an ESET server for def updates. People who use PG2 should know how to remove entries or at least how to do a manual allow. I think this is a case of making a mountain out of a molehill on both their parts, moreso on the part of the folks at ESET. We all already know what the folks at bluetack are like, but they are a product of the internet. I expected more than tit for tat from ESET.
who?
PeerGuardian is no malware per se. But as it uses the Bluefuck uhh tack list, it evolves to malware.
I completely agree with Ben Jones blog entry.
ben, what if companies like the mpaa and riaa are working from behind virus companies? isn’t it corrent then to have them in the blocklists?
bluetack make mistakes. it took me 4 months of badgering them to remove the CentOS repo servers from their Level1 … for 3 months they were blocking ALL CentOS updates. however, they were reasonable about it and eventually removed the IP’s from the list
do not listen to the people who say filtering does not work because of the high availability of off-campus IP ranges which can be used by anti-p2p phishing operations. these IPs are very quickly identified by their behaviour and added to the lists
ipfiltering is a strong weapon against the anti-p2p agencies and i wish every tracker and every client ran a blocklist (and every client disabled the evil-DHT). consequently, blocklists and the groups who manage them are gonna come under increasing attack from the enemy
look what new VERY worrying trend has started with multi-tracked torrents. multi-tracker torrents are a security risk. it takes only one of those trackers to operate without a blocklist OR belong to Media Defender for the whole swarm to be revealed. multi-tracked torrents are a stupid stupid idea. what we need is more trackers better secured
Peerguardian has had its day.Its trying to spoil Eset reputation.
Eset softwares are super.
I hope they blow the shit out of PG.
PG admins made a mistake. a big one. Not beeing able to update one’s antivirus is a big problem.
BlueTack has already shown to everyone in the past that they are over paranoid geeks. This just adds another nail to their already over nailed coffin.
PeerGuardian is not Bluetack you fuktards
another anti-p2p attempt to confuse the picture by pissing in the media pool. like equating filesharing with piracy or tort with criminal
fuktards fuktards fuktards fuktards fuktards fuktards fuktards fuktards fuktards fuktards fuktards fuktards
thank the FSM the enemy are all fuktards or we might be worried
PeerGuardian sucks.
Doesn’t seem like it would be to hard to allow Eset to get threw on updates. anyone who has been using Pg2 should know how .
As for the PG2 anti-fanboys claim of it blocking “half of the internets”
When you do surf “half of the internets”. Have fun cleaning the tracking cookies left behind that pg2 would have blocked on the fly.
@31
Since when did the average user used a port scanner and ran penetration tests?
“Disable my firewall”
Quit crying and get one from SonicWall or the Cisco ASA 5500 Series already.
Move along. Nothing to see here.
It’s obvious..
Some donkey at ESET tried to do some P2P on one of their servers.
They got caught and put on a blocklist.
PG (a separate app) uses that blocklist.
Every bugger sties to assume it’s someone’s fault.
It’s not Bluetacks as they were doing what they were doing.
It’s not PG as it’s not their blocklist
It’s ESET for doing some p2p when they should not have.
EST try to cover there arses by blaming anyone but them self and it just shows that they were messing about cause they put PG on they list as Malware and then took it off days later.
Peerguardian is just an IP blocker, It can only block or allow whatever list you point it to.
To those saying PG is “blocking half of the Internet”…does it matter?
Do you have some verifiable statistical proof (DNS and Wireshark logs) that you have been unable to access half of the IP addresses available in the IPv4 address range that it has compromised your way of life? Post them on pastebin and give us the link.
127.x.x.x, 192.x.x.x, host 0, host 255, and class D addresses are reserved. So before you had PG, IANA actually took a chunk out of that already.
It blocks a gazillion addresses, so what, I can still browse normally with it. Its not like I need to *actually* NEED to access THAT much IP addresses in my life.
[quote comment="297210"]PeerGuardian sucks.[/quote]
You suck.
Now blow me…
Pages: « 1 [2] 3 4 5 6 7 8 9 » Show All
Add your response