Anti-Virus Company Says PeerGuardian is Malware
Written by Ben Jones on February 24, 2008Over the past week, some servers used for updating the anti-virus software NOD32 were labeled as anti-p2p by a popular list maker for PeerGuardian. In response, NOD32’s company, ESET, has categorised PG2 as malware in some of its latest updates.
It started off with Bluetack adding some IP addresses to its “Level 1 blocklist” that belonged to ESET (NOD32) update servers. “Level 1” is the term that Bluetack use for their lists containing (according to site admin ‘monk’):
- Companies (Or organizations. I won’t repeat orgs. over and over) who are clearly involved with trying to stop filesharing.
- Companies which anti-p2p activity has been seen from.
- Companies that produce or have a stong financial interest in copyrighted material.
- Government ranges or companies that have a strong financial interest in doing work for governments.
- Legal industry ranges.
- IPs or ranges of ISPs from which anti-p2p activity has been observed.
The IP addresses added were 89.202.149.32 to 89.202.149.63, 89.202.157.88 to 89.202.157.95 and 89.202.157.128 to 89.202.157.159, according to this forum post on the NOD32 support forum. These blocked IP ranges contain many of the servers used to provide anti-virus signatures for NOD32. These were added to the blocklist for alleged anti-p2p activities. However, what kind of anti-p2p activity was taking place is unclear.
Bluetack administrator ‘m00re’ told TorrentFreak that the IPs were added because “someone noticed them on a torrent”. ‘m0nk’, another administrator later told TorrentFreak that he noticed an IP belonging to ESET on a private tracker’s movie torrent that he was on. “It was only 1 IP, but since they’re a commercial software company with a strong financial interest in copyrighted material, they go on level 1 regardless”.
However, ESET didn’t take too kindly to this disruption of its business. A representative from ESET tried to contact Bluetack, to see about the removal from the list. He later posted a screenshot of the discussion to the ESET support forum.
This was the same kind of attitude experienced by Ludvig Strigeus almost exactly two years ago, after utorrent.com was added to the Bluetack lists. Similarly by the Opentracker people, and the German Chaos Computer Club.
Based on the feedback from Bluetack, ESET added PeerGuardian to their anti-virus updates. Two signatures called Win32/PeerGuardian were added in update number 2894 on the 21st of Feb, with another 5 added in update number 2895 the following day. These updates identify the PeerGuardian application as malware, and offer the user the ability to deal with the ‘infection’. Those that do, have been unable to use PeerGuardian afterwards.
Phoenixlabs, which makes PeerGuardian, put out this statement in response. Their representatives would not comment further on the subject, referring only to the statement. Bluetack, on the other hand, have been very vocal about it. ‘m00re’ said “whomever the person/persons are that made the flawed decision to maliciously target a non threatening application like PG2 is clearly a moron.” whilst ‘firstaid’ suggested that “people call them and have them stop having their product remove PG2 from their systems.”
ESET defended the addition, “By blocking update and threatsense servers detection of PeerGuardian as potentially unwanted application is fully justified as it could disrupt normal operation of NOD32 and or ESS.”
However, ESET has now changed it’s mind, saying “We have reconsidered detection of PeerGuardian and it will be removed in the upcoming update. However, we will actively continue protecting our users from blacklists that contain the IP addresses (ranges) of our update servers and thus preventing our paying or trial users receiving updates and keeping their computers protected.”
Previously: Mininova: Serving Billions of Torrents and Buying Bugattis
Next: Oscar Winners 2008 Popular on BitTorrent
215 Responses (Add yours or TrackBack)
Pages: « 1 2 [3] 4 5 6 7 8 9 » Show All
Peer Guardian makes me feel safe, and I think in the long run, it becomes harder for anti-p2p companies to track you the larger the blocklist becomes.
The simple solution for people that want to get their full updates is to just disable Peer Guardian while doing so.
@45
Tracking cookies? Really? Afraid someone is going to know what you do online? OH MY GOD! A quick Google search usually turns up a lot about someone anyway, and that’s not something you can block.
I’ve used ESET products before, they are top-notch. I agree with OP. While ESET should have more control over their employee’s activities on the server, it’s overzealous to block the update servers. If another program did the same, would you call it malware?
Avast is the best antivirus ever created! its free and it walks all over nod32!
[quote comment="297243"]Avast is the best antivirus ever created! its free and it walks all over nod32![/quote]
quoted for truth! :)
[quote comment="297082"]
What is Malware? Malware is something that has an undesirable effect on a system. There is malware that has perfectly clean code, but in use gives undesirable results.
You admit that nod32 is a legitimate antivirus program? Thus, bluetack has disrupted, or attempted to disrupt the operations of a legitimate antivirus program. If that doesn’t fit the definition of malware, i don’t know what does.
[/quote]
Where did I admit that nod32 is a legitimate antivirus program?
I simply stated that Peerguardian is open source and free for you or anyone to check for anything malicious.
By the way, a quote about malware from wikipedia.
http://en.wikipedia.org/wiki/Malware
[quote]
Malware is software designed to infiltrate or damage a computer system without the owner’s informed consent. It is a portmanteau of the words “malicious” and “software”. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.
Many normal computer users are however still unfamiliar with the term, and most never use it. Instead, “computer virus” is used in common parlance and often in the general media to describe all kinds of malware, though not all malware are viruses. Another term that has been recently coined for malware is badware, perhaps due to the anti-malware initiative Stopbadware.
Software is considered malware based on the perceived intent of the creator rather than any particular features. It includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, and other malicious and unwanted software. In law, malware is sometimes known as a computer contaminant, for instance in the legal codes of California, West Virginia, and several other American states.
[/quote]
What I find amusing, is these tards at ESET cannot even figure out the difference between PG2 and Bluetack, so they develop a destroyer for PG2 even though there are like 20 other softwares using the same blocklist!.
Another thing, WHY was there p2p activity from their servers? Was some IT guy grabbing some free bandwidth? OR are they really fronting for an ANTI-P2P org?
Do you really want these guy’s AV protecting your computer?
I would like to know also why someone from this company was connecting to a .torrent file. Especially when P2P is supposed to be responsible for spreading viruses, trojans and malware. Most hardcore p2p’ers know that blocklists are not infallible but when used in conjunction with other tools and common sense they definitely add some degree of security. I myself do not use Peerguardian but use bluetacks list in my favorite bittorrent app and will sometimes modify it to my usage. I would think with savvy users that this is no big deal, just remove the ip or ip range and update the definitions. But this whole episode makes me just a tad curious about ESET.
Not just someone, but an Update Server?? What would an Anti-Virus update server have to do with connecting to a .torrent file?? Very fishy…
Peerguardian is great and all, but there is zero oversight of what IPs go on the list. It’s essentially maintained by some random dudes. So if you’re fine with blocking all access to IPs based on what some random dudes think, go for it. Personally I’ve had a number of instances where I had to remove IPs from the list that were on it for no good reason, and it’s more of a pain in the ass than it’s worth.
Not all of Eset’s update servers were blocked and you could still update nod32 wtihout fucking with pg. Hell, I don’t even use the official Eset update servers.
It was kind of annoying, but all I did was add pg2.exe to the amon exclusion list.
I don’t really see the big deal?
Why was (someone from) ESET on a movie torrent? Odd.
P.S. Rapper Alliance’s raps are getting better.
As many have stated already the PG application is great but the bozos compiling the blocklist are rude arrogant and technically inept, I have had first hand experience of “first aid” and “moore” from the BISS forum in regard to their blocking of the entire WinMX p2p networks peer caches for reasons known only to themselves,they have subsequently stealthily removed the abusive posts they made to me when I asked on behalf of the communities 1/4 million users why they they where blocking our essential connection method.
I support Nods actions in regard to these children playing at god by adding IP,s they “guess” might be dangerous, to their list without any technical evidence or public notification, and would like to bring it to folks attention that using this app with the BISS lists will leave you blocking connections to many p2p resources, networks and genuine users.
Many have wondered if this org is a front for the cartel as its clear they have made no effort to halt disruption of any of the p2p apps or their users with their half-baked list.
Can folks really afford to use an app with a default list compiled by guys who dont know what a peer cache is or anything regarding p2p protocols in general ?
I did not understand what you say about this can you give me some more informetion about torrentfreak?
My E-mail is at Paulgmazzola68@msn.com thank you for your help.
Just wondering - does NOD32 automatically “call home” to verify that it’s not a pirated copy?
I always hate that sort of thing.
While they’re at it why don’t they remove every firewall as well? You know they could be infected by these dangerous blocklists blocking the update servers…
i am just random anonymous user. no one would listen to me.but, anyway i hold my right to repeat myself again, and to expand a bit.
why was av update server on torrent download? only 2 options.
eset crew used a update server to download something… do i really need to comment that?
second, they used av update server in anti-p2p action. that can be a bit disturbing, dont you think so?
i dont want to take sides. but all thing just bounces back on eset. so will anyone make post worth reading or i can just continue to read posts like “this sux that sux blablabla”?
what i wonder is how many comments on torrentfreak threads and sites like it are from anti-p2p companies or people working for them spreading bad propaganda about blocklists for there interest
You know, I was going to try out nod32 one of these days to see if it really lived up to the hype. Then I see this news and my interest fades completely. How fucking INEPT are you if you can’t tell the difference between an application and the blocklists it utilizes? seriously? This just makes me think that nod32 are no better than the paranoid bluetack people. Yes, I adore peerguardian 2, it’s a GREAT ip blocker but I seriously am going to tell everybody to avoid using NOD32, because they’ve obviously shown that their software is based on the age old principle of “money talks”..
Avast! yaaarrrr!
PeerGuardian has served me well for many years. I only have the highest respect for them. I have been using computers for 38 years (mainframes to pc).
[quote comment="297414"]what i wonder is how many comments on torrentfreak threads and sites like it are from anti-p2p companies or people working for them spreading bad propaganda about blocklists for there interest[/quote]
You may wish to ask the same of the bluetack editors who repeatedly block various ranges that contain trackers and seedboxes. Would the antip2p lot simply mention that blocklists do not offer the protection claimed, or would they block trackers and the fastest seeders?
But then again, most of the pro-bluetack comments are coming from the army of fanboys they told to come here.
As to other comments about why an update server was using p2p, nobody knows what it was doing because bluetack seem reluctant to say anything other than they noticed the IP. They wont say whether it was seeding/leeching, simply listed by the tracker or involved with bittorrent at all (as opposed to some other form of p2p).
PEER GUARDIAN AND BLUTAC FAIL SO FUCKING HARD IT IS UNBELIEVABLE.
Both of these pieces of software are utterly useless and exist to combat problems that are non-existent for anyone with an ounce of common sense.
I’m not rooting for either program here.
[quote comment="297244"][quote comment="297243"]Avast is the best antivirus ever created! its free and it walks all over nod32![/quote]
quoted for truth! :)[/quote]
avast blows it uses way to many resources compared to nod32..I honesly don’t care what you use as long as its not mcafee or norton ( besides ghost)
peerguardian IS malware. it does nothing except block legit ip addresses despite what they claim.
1 references to this post
Pages: « 1 2 [3] 4 5 6 7 8 9 » Show All
Add your response