Anti-Virus Company Says PeerGuardian is Malware
Written by Ben Jones on February 24, 2008Over the past week, some servers used for updating the anti-virus software NOD32 were labeled as anti-p2p by a popular list maker for PeerGuardian. In response, NOD32’s company, ESET, has categorised PG2 as malware in some of its latest updates.
It started off with Bluetack adding some IP addresses to its “Level 1 blocklist” that belonged to ESET (NOD32) update servers. “Level 1” is the term that Bluetack use for their lists containing (according to site admin ‘monk’):
- Companies (Or organizations. I won’t repeat orgs. over and over) who are clearly involved with trying to stop filesharing.
- Companies which anti-p2p activity has been seen from.
- Companies that produce or have a stong financial interest in copyrighted material.
- Government ranges or companies that have a strong financial interest in doing work for governments.
- Legal industry ranges.
- IPs or ranges of ISPs from which anti-p2p activity has been observed.
The IP addresses added were 89.202.149.32 to 89.202.149.63, 89.202.157.88 to 89.202.157.95 and 89.202.157.128 to 89.202.157.159, according to this forum post on the NOD32 support forum. These blocked IP ranges contain many of the servers used to provide anti-virus signatures for NOD32. These were added to the blocklist for alleged anti-p2p activities. However, what kind of anti-p2p activity was taking place is unclear.
Bluetack administrator ‘m00re’ told TorrentFreak that the IPs were added because “someone noticed them on a torrent”. ‘m0nk’, another administrator later told TorrentFreak that he noticed an IP belonging to ESET on a private tracker’s movie torrent that he was on. “It was only 1 IP, but since they’re a commercial software company with a strong financial interest in copyrighted material, they go on level 1 regardless”.
However, ESET didn’t take too kindly to this disruption of its business. A representative from ESET tried to contact Bluetack, to see about the removal from the list. He later posted a screenshot of the discussion to the ESET support forum.
This was the same kind of attitude experienced by Ludvig Strigeus almost exactly two years ago, after utorrent.com was added to the Bluetack lists. Similarly by the Opentracker people, and the German Chaos Computer Club.
Based on the feedback from Bluetack, ESET added PeerGuardian to their anti-virus updates. Two signatures called Win32/PeerGuardian were added in update number 2894 on the 21st of Feb, with another 5 added in update number 2895 the following day. These updates identify the PeerGuardian application as malware, and offer the user the ability to deal with the ‘infection’. Those that do, have been unable to use PeerGuardian afterwards.
Phoenixlabs, which makes PeerGuardian, put out this statement in response. Their representatives would not comment further on the subject, referring only to the statement. Bluetack, on the other hand, have been very vocal about it. ‘m00re’ said “whomever the person/persons are that made the flawed decision to maliciously target a non threatening application like PG2 is clearly a moron.” whilst ‘firstaid’ suggested that “people call them and have them stop having their product remove PG2 from their systems.”
ESET defended the addition, “By blocking update and threatsense servers detection of PeerGuardian as potentially unwanted application is fully justified as it could disrupt normal operation of NOD32 and or ESS.”
However, ESET has now changed it’s mind, saying “We have reconsidered detection of PeerGuardian and it will be removed in the upcoming update. However, we will actively continue protecting our users from blacklists that contain the IP addresses (ranges) of our update servers and thus preventing our paying or trial users receiving updates and keeping their computers protected.”
Previously: Mininova: Serving Billions of Torrents and Buying Bugattis
Next: Oscar Winners 2008 Popular on BitTorrent
215 Responses (Add yours or TrackBack)
Pages: « 1 2 3 4 5 [6] 7 8 9 » Show All
[quote comment="297656"]It wont matter how many trolls you deploy BISS[/quote]The trolls deployed here are those from the wrong side of the fence, among which you are the biggest one of all, clearly. People using PG2 have made a choice, it’s good security and safety software, and the blocklists are quite an impressive effort for any outsider new in blocking spyware, malware, phising sites, governmental snooping, spying, logging, spamming and harvesting user addresses and much more. PG does protect you, and it does so quite well I might add. It’s one of the best engineered and functioning software packages I’ve ever known, to be really honest about it.
The only reason not to use it, is when you think you’re some type of untouchable high-brow fool like Quartz, who can live above the law in any circumstance. It’s like saying it’s useless to wear a helmet, or wear a seatbelt. Of course it seems useless if you’re suffering from delusions of grandeur.
The world would be a far better place without scams like Bluetack. I do hope Peter L. Davies will be sued until there’s no penny left in his pocket and Bluetack has been vanished.
[quote comment="297783"]its logical that a antivirus company PROTECTS it users when a software blocks the virus definitions update servers by making peerguardian malware
and it might well be someone spoofing ip on the torrent ?
http://en.wikipedia.org/wiki/IP_address_spoofing
peerguardin blocks many government tv stations that might well not be smart to block, as they might give users more infomation if a hurricane, tornado or any natural disasters happends![/quote]
What would be LOGICAL is for you to do your research before you spout uneducated reasoning. What would be logical is for you to change the lists in PG2 to some other source if you don’t agree with the ones you chose to currently use.
PG2 uses a list supplied from some source(s) other than PG2. Those lists have the IPs blocked that you are so concerned with. To my own determination, PG2 recommends that you should use the Bluetack lists, because they are most likely the best lists available, the ones that can protect you obvious n00bs the best. You have every opportunity to change the lists used with PG2 if you don’t agree. There is NOTHING stated in the terms of use that you must use any specific list!
FOR ALL OF THE ANTI PG2/BLUETACK COMPLAINERS, I HAVE A SOLUTION FOR YOU!!!
There is a list provided by the RIAA, FBI, CIA, NSA and the MPAA for you to use instead of the Bluetack blacklists.
It is called a GREYLIST. On this list you will find many IPs, but they will not prevent you to browse or download torrents from every corporation, government, pr0n site and antip2p site in the world!!!!
Aren’t you excited????
Aren’t you thrilled???
Every site the Bluetack blocks for your protection will now be totally accessible by your computer and all of your software!!!!
You have the added bonus that every corporation, government, antip2p, etc. will be able to completely access your computer any time they want!!!!!
You are so lucky to be included in this one time offer!!!!
Contact your local branch and beg them to allow you to use the GREYLIST!!!!!
[quote]The only reason not to use it, is when you think you’re some type of untouchable high-brow fool like Quartz, who can live above the law in any circumstance. It’s like saying it’s useless to wear a helmet, or wear a seatbelt. Of course it seems useless if you’re suffering from delusions of grandeur.[/quote]
Your point being ?
I of course expect Pro BISS posters like yourself to cherry pick through what I posted and reply in some sycophantic style, but.. please re-read what in fact was posted once more.
to quote myself:
“The end of the day comment is ppl like myself have the technical level of expertise to do the job properly and look only with sadness at BISS for making a great idea something thats an enemy to filesharers, its 2008 BISS, clean up your act, and dont waste your time shooting the messenger when mistakes are revealed, we SHOULD all be on the same side, learn to say sorry.”
Let be be even clearer for you, whilst it does not inspect traffic at packet level and is no good for network fake flooding of most commercial P2P networks PG has in the past been a useful tool for protecting file sharers, but when utilising the current BISS blocklists any supposed gain is negated by a decrease in legitimate sources due to badly out of date and poorly checked blocklists, does anyone at BISS have any clue what a dynamically allocated IP is ?
You wouldnt think so from looking at their lists.
This in essence is whats wrong with allowing yourself to be lead by the technically inept BISS folks, when comfronted with their own mistakes they attack and abuse, feel free to name call all you wish, the facts have been posted and are checkable by readers using a little common sense.
[quote comment="297789"]The MAFIAA have to prove they were able to download an actual pirated version of a copyrighted work. IOW, they actually must download the evidence that they will use in court. Just to have a data that you were hooked up to a tracker torrenting some.copyrighted.material.foo does not mean squat and could be used as supporting evidence only.[/quote]
It is a nice fantasy that the MPAA needs to *prove* that you are actually sharing the contested file to sue you, and I hope you can afford a good lawyer. But frankly this isn’t CSI. What the MPAA is looking for is not definitive, conclusive proof that they can take all the way to the supreme court; what they’re looking for is something that is good enough to get your ISP to divulge your true name to their legal department. Once they have that, they are banking on the idea that you will not spend thousands of dollars and weeks out of your life in a quixotic fight against top-notch corporate lawyers to argue in court about the fine distinctions between having your IP listed on a tracker and sharing copyrighted material.
Keep in mind that these are civil suits, not criminal prosecutions, and they don’t have the same standards of proof. There’s a reason that almost all of these cases are settled out of court. I’m not saying it’s fair, right, or just, but that’s the reality of it. If your goal in running PG is not to get sued by the MPAA, you should know that it will not help you in any way.
[quote comment="297802"][quote comment="297783"]its logical that a antivirus company PROTECTS it users when a software blocks the virus definitions update servers by making peerguardian malware
and it might well be someone spoofing ip on the torrent ?
http://en.wikipedia.org/wiki/IP_address_spoofing
peerguardin blocks many government tv stations that might well not be smart to block, as they might give users more infomation if a hurricane, tornado or any natural disasters happends![/quote]
What would be LOGICAL is for you to do your research before you spout uneducated reasoning. What would be logical is for you to change the lists in PG2 to some other source if you don’t agree with the ones you chose to currently use.
PG2 uses a list supplied from some source(s) other than PG2. Those lists have the IPs blocked that you are so concerned with. To my own determination, PG2 recommends that you should use the Bluetack lists, because they are most likely the best lists available, the ones that can protect you obvious n00bs the best. You have every opportunity to change the lists used with PG2 if you don’t agree. There is NOTHING stated in the terms of use that you must use any specific list![/quote]
my point is if someone blocks antivirus updates they should be classified malware
as far i know peergurdian blocks whole system from the ips in the list and uses bluetrack list as default
here is a quote from a ESET moderator
http://www.wilderssecurity.com/showpost.php?p=1188549&postcount=43
bluetrack just made a big hole in everyones ESET antivirus software
and eset responded to call it malware as it IS malware when it disabled antivirus updates!
no antivirus updates = wide open for viruses and spyware…
Let me add that I actually *like* PeerGuardian as a piece of software. It’s unobtrusive, flexible, and it performs well. I just don’t think anyone should have any illusions about what kind of protection it offers (which is: none).
[quote comment="297826"]Let me add that I actually *like* PeerGuardian as a piece of software. It’s unobtrusive, flexible, and it performs well. I just don’t think anyone should have any illusions about what kind of protection it offers (which is: none).[/quote]You use useless software? That’s a new one! What an idiot.
It does offer VERY much protection, not only gegarding filesharing. Show me a case where the user caught for any type of considered unlawful p2p activity was using PG2. They don’t exist. Check out the phoenixlabs forums on this subject.
Ben Jones and TorrentFreak’s behavior has been very unprofessional with their handling of this story.
For starters, someone with such a clear personal bias should not have been allowed to cover this story. And to make matters worse, the author has taken it upon himself to play the role of advocate, jumping into the discussion and attempting to influence it. If this were Ben Jones personal blog, that would be fine, but he and this site present him as a journalist and what has transpired has been unprofessional and unethical, to say the least.
[quote comment="297834"]For starters, someone with such a clear personal bias should not have been allowed to cover this story.[/quote]Have you ever read his ‘profile’ on this site? I don’t trust this man if only for that information.
I trust that flock of paranoids behind the bluetack blacklist a lot more, I can tell you that much!
PG2 is clearly a bunch of morons for still allowing Bluetack to provide the blacklist, unquestioned. And Bluetack is a bunch of morons for their “we don’t make any mistakes” attitude, and their failure to actually learn anything.
For your convenience, here’s a black list that’s clearly superior to Bluetack’s:
0.0.0.0/0
It also gives about the same performance.
Really, get off my internets, bluetack. Your behavior is disruptive, and does more harm than good.
[quote comment="297821"][quote comment="297789"]The MAFIAA have to prove they were able to download an actual pirated version of a copyrighted work. IOW, they actually must download the evidence that they will use in court. Just to have a data that you were hooked up to a tracker torrenting some.copyrighted.material.foo does not mean squat and could be used as supporting evidence only.[/quote]
It is a nice fantasy that the MPAA needs to *prove* that you are actually sharing the contested file to sue you, and I hope you can afford a good lawyer. But frankly this isn’t CSI. What the MPAA is looking for is not definitive, conclusive proof that they can take all the way to the supreme court; what they’re looking for is something that is good enough to get your ISP to divulge your true name to their legal department. Once they have that, they are banking on the idea that you will not spend thousands of dollars and weeks out of your life in a quixotic fight against top-notch corporate lawyers to argue in court about the fine distinctions between having your IP listed on a tracker and sharing copyrighted material.
Keep in mind that these are civil suits, not criminal prosecutions, and they don’t have the same standards of proof. There’s a reason that almost all of these cases are settled out of court. I’m not saying it’s fair, right, or just, but that’s the reality of it. If your goal in running PG is not to get sued by the MPAA, you should know that it will not help you in any way.[/quote]
Whatever you want to believe is fine with me, you should research your beliefs before you embarrass yourself further, posting them to the community like you are.
Why don’t you read up on ACTUAL CASES and then get back to me. Here is a good start…
http://recordingindustryvspeople.blogspot.com/
[quote comment="297826"]Let me add that I actually *like* PeerGuardian as a piece of software. It’s unobtrusive, flexible, and it performs well. I just don’t think anyone should have any illusions about what kind of protection it offers (which is: none).[/quote]
Let me add :) that I agree with you to a certain extent. It DOES add protection as a deterrent. You are protected from connectability of the IPs on the list. I don’t believe PG2 or Bluetack has ever said otherwise.
[quote]Have you ever read his ‘profile’ on this site? I don’t trust this man if only for that information.[/quote]
Heh, no I had not.
So he has worked in the entertainment industry in the past, probably has friends who still do work in it, and has also worked in IP rights enforcement for a record company, where he doubtless was in contact with IFPI/RIAA types and anti-p2p companies.
I’m almost speechless upon seeing seeing this. How could a site ostensibly for p2p users have such a person as a part of it? Anyone from MediaSentry on the payroll, TorrentFreak, you’d like to let us know about too?
At least we know now the basis of his contempt for p2p users and his attempts to mislead them into not protecting themselves comes from.
[quote comment="297845"]And Bluetack is a bunch of morons for their “we don’t make any mistakes” attitude,[/quote]Care to explain to us WHY??? I’d much rather have THAT attitude from them than any other, to be honest. They don’t make mistakes, that’s a good thing. They are cautious. That’s a good thing. They are a little paranoid at times. That’s a safe and comforting idea. And so they’re everything BUT morons.
too much anti-p2p company propaganda
on this thread blocklists are bad bla bla bla
yeah right
Ben Jones and all you other whiny little shits can go fuck a rhinoceros. Peerguardian/bluetack is giving you this service free of charge, and quite frankly if you’re too lazy or stupid to make an exclusion in PG for your AV update, it’s your own damn fault. Would you rather PG NOT block commercial software companies like Eset so they can come and sue you when they catch you DLing their warez? For all the fud that gets spread about PG and Bluetack, I think they do a great job, and I’d gladly pay for their service if it wasn’t free.
OF COURSE the blocklists aren’t going to provide 100% protection, but it’s sure a lot better than no protection. Anyone who thinks otherwise is a moron and deserves the DMCA letter they’ll inevitably get. But I’ll bet most of you babies only use bittorrent to download stuff like linux distros, lol, so I can see where it’d be pointless to use a blocklist in your case.
Bluetack eg there blocklists will end up in the signature base from many Antiviruses. Phoenix will deny implementing the blacklists in a while as well.
And the world will be a better place after all that for all.
kashmir anti piracy employee of the month goes to you
Too much honor. Now, let’s wait and see how Mikhail Zakhryapin from Agnitum will act as for their OutPost software firewall and the use of Bluetacks blacklist…
[quote comment="297918"]Bluetack eg there blocklists will end up in the signature base from many Antiviruses. Phoenix will deny implementing the blacklists in a while as well.[/quote]No they will not, and no, phoenix labs will not deny using them.
Here’s an idea for you and Mr. Jones:
Go start your OWN IP lock/blacklist, after it’s been up a while we’ll see which one most users will pick. I’m sorry, but I use bluetack’s lists for many of my systems, not even in PG2, they’re simply very reliable, very trustworthy, and thus valuable.
I even use bluetack lists on one of my webservers, to keep the stupid visitors I don’t want to have on my website out. It works like a charm!
“No they will not, and no, phoenix labs will not deny using them.”
Just have a little patience…
[quote comment="297862"][quote]Have you ever read his ‘profile’ on this site? I don’t trust this man if only for that information.[/quote]
Heh, no I had not.
So he has worked in the entertainment industry in the past, probably has friends who still do work in it, and has also worked in IP rights enforcement for a record company, where he doubtless was in contact with IFPI/RIAA types and anti-p2p companies.
I’m almost speechless upon seeing seeing this. How could a site ostensibly for p2p users have such a person as a part of it?[/quote]
i notice you use ‘probably’ and ‘doubtless’ to imply certainty, rather than the ‘i don’t know but i’m going to say so anyway’ it really means. Not every record company is a member of the BPI/IFPI.
As to why it would have a person such as myself on it, perhaps because I have a different perspective, maybe because, unlike a majority of people claiming knowledge on the subject, I actually do, and have a provable work history. Just for reference, though, I did copyright enforcement in the late 90s, right when Napster was at it’s peak, and I dealt mainly with physical piracy. Usually singers selling CDs of covers to tourists. I was actually pushing for usage of napster by the company.
it’s great that there are only two groups of people, peopel either 100% behind you, and ‘the enemy’.unfortunatly, its precisely these attitudes that cause the problems this article describes. There are no absolutes, there is more than two, or even ten positions. Even amongst the different Pirate Parties around the world, there are different attitudes held by each on their core issues. Thats a group of people united by a common theme, and they’re all different.
There will be no agreement on this. Those that believe a list of IPs that are claimed to work, or be involved in antiP2P activities, without proof, by an annonymous list of people of unknown affiliation, will continue to do so. Those that likewise always questioned the basic viability and usefullness of the program and/or it’s lists will also do so still. Those in the middle, well, I provided my information, and sourced it. I have noticed that Phoenixlabs have already deleted the statement referenced in the article. Just remember, if someone makes a claim, ask for proof. If their claim is valid, they will show it, if not, they won’t. To my knowledge, bluetack has yet to ever provide any proof on any claim.
[quote comment="297918"]Bluetack eg there blocklists will end up in the signature base from many Antiviruses. Phoenix will deny implementing the blacklists in a while as well.
And the world will be a better place after all that for all.[/quote]
Look, I know it’s tough, but drink some booze for a week or two and it will help you quit the crack pipe.
Pages: « 1 2 3 4 5 [6] 7 8 9 » Show All
Add your response