Anti-Virus Company Says PeerGuardian is Malware
Written by Ben Jones on February 24, 2008Over the past week, some servers used for updating the anti-virus software NOD32 were labeled as anti-p2p by a popular list maker for PeerGuardian. In response, NOD32’s company, ESET, has categorised PG2 as malware in some of its latest updates.
It started off with Bluetack adding some IP addresses to its “Level 1 blocklist” that belonged to ESET (NOD32) update servers. “Level 1” is the term that Bluetack use for their lists containing (according to site admin ‘monk’):
- Companies (Or organizations. I won’t repeat orgs. over and over) who are clearly involved with trying to stop filesharing.
- Companies which anti-p2p activity has been seen from.
- Companies that produce or have a stong financial interest in copyrighted material.
- Government ranges or companies that have a strong financial interest in doing work for governments.
- Legal industry ranges.
- IPs or ranges of ISPs from which anti-p2p activity has been observed.
The IP addresses added were 89.202.149.32 to 89.202.149.63, 89.202.157.88 to 89.202.157.95 and 89.202.157.128 to 89.202.157.159, according to this forum post on the NOD32 support forum. These blocked IP ranges contain many of the servers used to provide anti-virus signatures for NOD32. These were added to the blocklist for alleged anti-p2p activities. However, what kind of anti-p2p activity was taking place is unclear.
Bluetack administrator ‘m00re’ told TorrentFreak that the IPs were added because “someone noticed them on a torrent”. ‘m0nk’, another administrator later told TorrentFreak that he noticed an IP belonging to ESET on a private tracker’s movie torrent that he was on. “It was only 1 IP, but since they’re a commercial software company with a strong financial interest in copyrighted material, they go on level 1 regardless”.
However, ESET didn’t take too kindly to this disruption of its business. A representative from ESET tried to contact Bluetack, to see about the removal from the list. He later posted a screenshot of the discussion to the ESET support forum.
This was the same kind of attitude experienced by Ludvig Strigeus almost exactly two years ago, after utorrent.com was added to the Bluetack lists. Similarly by the Opentracker people, and the German Chaos Computer Club.
Based on the feedback from Bluetack, ESET added PeerGuardian to their anti-virus updates. Two signatures called Win32/PeerGuardian were added in update number 2894 on the 21st of Feb, with another 5 added in update number 2895 the following day. These updates identify the PeerGuardian application as malware, and offer the user the ability to deal with the ‘infection’. Those that do, have been unable to use PeerGuardian afterwards.
Phoenixlabs, which makes PeerGuardian, put out this statement in response. Their representatives would not comment further on the subject, referring only to the statement. Bluetack, on the other hand, have been very vocal about it. ‘m00re’ said “whomever the person/persons are that made the flawed decision to maliciously target a non threatening application like PG2 is clearly a moron.” whilst ‘firstaid’ suggested that “people call them and have them stop having their product remove PG2 from their systems.”
ESET defended the addition, “By blocking update and threatsense servers detection of PeerGuardian as potentially unwanted application is fully justified as it could disrupt normal operation of NOD32 and or ESS.”
However, ESET has now changed it’s mind, saying “We have reconsidered detection of PeerGuardian and it will be removed in the upcoming update. However, we will actively continue protecting our users from blacklists that contain the IP addresses (ranges) of our update servers and thus preventing our paying or trial users receiving updates and keeping their computers protected.”
Previously: Mininova: Serving Billions of Torrents and Buying Bugattis
Next: Oscar Winners 2008 Popular on BitTorrent
215 Responses
Pages: « 1 2 3 4 5 6 7 [8] 9 » Show All
I bet bluetrack blocks their own ips on level 1
i say this if they block other antivirus update servers they should be classifed as malware, also their list
“it is extremely lame to label peerguardian as malware when it clearly is NOT.”
Were you not paying attention?
This started because PG labelled an AV update service as malicious when it clearly isn’t.
PG should rightly be disabled by the AV software because it interferes with people updating their virus definitions.
PG should be labelled snakeoil.
2 products, each claiming to provide the user protection from 1000s of threats and only 1 of these products can substantiate that claim.
Could you get any clearer example of the complete and utter worthlessness of PG ?
Some retard saw his AV checking for updates and thought he was getting attacked = highest priority threat.
That means everything below level 1 is less threatening than BS like this. LMAO.
“why no one is questioning how did that ip got blacklisted? why did some update server connected to torrent?”
Nobody is questioning why an AV update server was connecting to BT because they are smart enough to figure out it didn’t.
You do realise that the IP addresses blocked by PG have nothing to do with people connecting to BT right ?
The last time I bothered looking at what they do block, they had a whole IP range in there because it was a webserver that hosted the website of a security screen door company. Because the company’s domain name had “security” in it.
Why not question that instead ?
There isn’t a website on the internet that is trying to connect to your BT, just like there’s not a billboard that will steal your car if you park in front of it.
Only retards believe this nonsense.
i bet most of the people having a dig at pg2 have never even used it fucking retards
ben jones anti-piracy employee of the month your bonus cheque is in the post
[quote comment="298428"]Were you not paying attention?
This started because PG labelled an AV update service as malicious when it clearly isn’t.[/quote]No it did not. PG only uses a blocklist in which a few update server addresses were listed. Any other software that makes use of bluetack lists would show that ‘problem’.
And by the waym bluetack blacklisted those addresses for a reason. They were peers in downloading nod32 torrents with ESET cracks. You know, like http://torrentz.com/searchA?q=nod32+eset
[quote comment="298445"]Nobody is questioning why an AV update server was connecting to BT because they are smart enough to figure out it didn’t.
You do realise that the IP addresses blocked by PG have nothing to do with people connecting to BT right ?[/quote]Sorry, they do have something to do with torrents. Not everything about this affair has leaked to the public, you know?
There are reasons for those blocks, trust me on that. And instead of being thankful, or at least secretly thankful, to bluetack for blocking them, you bash them without knowing what goes on behind the scenes.
Stop pretending you know everything when all you have done is read some forums and websites. There’s more to bluetack than just that.
[quote comment="298514"]
And by the waym bluetack blacklisted those addresses for a reason. They were peers in downloading nod32 torrents with ESET cracks.[/quote]
Nope, Sorry, According to m0nk, as it says in the story, he spotted one IP belonging to them, on a movie torrent he was downloading off a private tracker. Nothing to do with nod32 torrents at all.
Stupid asses could not suffer a free software which is infact of great use.
“Stop pretending you know everything when all you have done is read some forums and websites.”
You BlueTicks must read this sentence very often.
The really “stupid” folks seem the zealots compiling and asking folks to utilise a blocklist that is overbroad and used to maliciously block ppl whilst the core users have no idea of what is added and when, so a great deal of whats asked of blocklist users is mainly trust.
The problem with that is that should you find yourself on the blocklist some unhelpful personality from BISS takes this as an opportunity to abuse you and claim all sorts of things when in fact there is no evidence or technical information forthcoming of how your IP ended up on their blocklists, not only will they not remove the IP they will add the forum posters IP to their lists also in many cases.
Anyone with a functioning brain can see this is “power tripping” pure and simple, there is no trust and instead of creating some their own members troll the forums in mindless attempst to shout down those questioning the validity of either their blocklist or them.
Whilst common sense says a quantity of BISS members are trying to do a good job the facts speak for themselves:
1) The blocklist is always increasing in size.
2) the amount of IP,s actually removed from their lists are so small as to be unoticable and likely maybe 20 a year in total, this despite adding at least to my knowledge at least 10 million new IP,s and ranges a year, it stands to reason with this sort of addition rates to the lists there cannot possibly be enough time or folks to be certain that the reported IP’s are in fact genuine.
People are human and prone to mistakes so BISS in effect unstatedly relies on its members to report IP’s and keep an eye on them, the trust is moving down the chain you notice whilst to question any of this obviously “open to mischief” process is heresy.
If BISS want trust and respect they need to take action on why folks have lost their trust. here is a list of recommendations to ensure we dont have to battle their trolls each time the PG name is mentioned blocking something that should never have been blocked.
1)Be firm but fair, investigate concerned or affected folks claims when you find they have been added to your blocklist.
Make your findings public so there is a level of transparency over how the claim was handled.
2) Do not become involved in blocking sites that are outside the scope of the core usergroup, many folks are not aware what is being blocked to “protect them” it public knowledge that the blocklist has been used to settle personality clashes or personal gripes, this must cease, there is never any excuse to do this and is a clear abuse of those trusting the blocklist compilers, root this activity out and restore confidence that the list really is only blocking those who deserve to be on it.
3) And this is the most important, remove some of the dead wood IP,s from those lists.
In converations with BISS I have had it stated to me that if an IP has been used by the anti filesharing folks once it should stay on the list permanently, this is lunacy of the highest order, most filesharers etc use dynamically allocated IP ranges given to them from an ISP, blocking any of these for any elongated period of time impacts only on the users of filesharing programs who are the most likely group to be affected by this sort of blanket banning.
There should be a specialist group of BISS trackers set up to look after dynamics such as this as to block them for ever will be the death of PG and asociated programs, the logic is you cannot chop your leg off to spite one of your toes, and it makes sense that after a sensible period of time they will not be using theses ranges themselves anyway, after all they do have access to the blocklist too dont they.
Paranoia is ok in moderation but cannot ever be an excuse in itself to block sites on spec, I have the tools to examine packets and network activity for my area of expertise , I expect the same of you BISS folks, weed out some of the lesser talented folks or reassign them to tasks more fitting of their talent level. this will ensure confidence is regained in the tracker teams and in those staffing them and I,m sure you will appreciate that its sometimes hard to pull the cart out of the mud but better results are obtained once you have done so, Now please stop fighting potential allies and sort your house out.
I look forward to reading something positive in the future if you guys want a future that is.
Please, somebody can tell me wtf is going on? i’m brazilian and i do not understand absolutely nothing in english. put some comments in spanish please! what we must use to protect ourselves agaist the pirate hunters?
[quote comment="299260"]You BlueTicks must read this sentence very often.[/quote]You can’t even spell the name right. It’s bluetack, with an A.
And that brazilian poster here, use this: http://phoenixlabs.org/pg2/
but I don’t know if there is even a need to worry if you’re in Brazil.
yeah quartz anti-p2p company’s make it so easy for you to spot them
inetnum: 12.158.x.x - 12.158.x.x
netname: p2p anti piracy company
descr: yeah im an anti piracy company plz add me your blocklist
descr: im on p2p looking at you
everyone listen to quartz because if you dont him and his friends at winmx will ddos you forgot to mention that ay quartz
[quote comment="298572"]Nope, Sorry, According to m0nk, as it says in the story, he spotted one IP belonging to them, on a movie torrent he was downloading off a private tracker.[/quote]According to my sources it’s something else. m0nk isn’t the be all end all decider at bluetack..
He can jump in here and deny this. He won’t, which might tell you something you didn’t know ;-)
Quartz:
You go and start your own blocklist. For now, bluetack is the BEST option for us, by far. And I don’t notice a particular adverse/negative effect of using their list on my download speeds in p2p land. So there.
Peerguardian’s memory usage idles (normal use) around 2 Megs, peaks at 75 Megs. This just doesn’t impact my 2 GB DDR3 system-performance at all.
I love how everybody is getting their panties in a bunch over this. You know, you can do manual updates of both PG and Nod32. So just disable PG for 1 minute and let Nod32 go on it’s away.
If any member of BISS wants to make libellous and defamatory statements that allege some sort of illegal criminal offence they should report me to the police in the first instance so both I and the police can laugh at your false and inane attempts to smear ppl who dont follow your party line.
Perhaps a little refresher for you BISS folks I am not kingmacro, so you have now no excuse to start throwing unfounded accusations around except to show your obvious malice towards a filesharing support site operator.
I have unlike yourselves only ever told the truth of the matter regarding my dealings with BISS and have a quantity of missing BISS posts to prove they abuse folks who ask how the heck they ended up on a BISS blocklist.
For the poster of 187:
I do in fact already operate a superior blocklist to any that BISS generate it is updated whenever necessary and can block interlopers in about five minutes from initial detection, there are two teams watching out for the cartel each covering a 12 hour segment, ask any WinMX user and you,ll be told straight that no cartel lacky can join the WinMX network to flood or share fake files with the WinMXGroup patch installed, this is 100% effective and proven to be so.
I actually feel sorry for you guys at BISS it must be so hard to know I,m correct regarding the problems with your bloated blocklist but instead of resolving them you all huddle together to plan childish attacks on peoples characters and how to add them to your list for spite, make your move and prove how you abuse your list to try to censor opinions you cant hide from.
If but one of you guys had any common sense and honesty you would be taking action to resolve the problems with your blocklists I indicated.
I warned BISS when they acted like the RIAA and tried to close down the WinMX P2P network by blocking our network connection sites (peer caches in fact) some time ago that I would make it my business to expose their continued abuse of the PG blocklist and its users trust.
You reap what you sow BISS.
wow, your list provides more security than the Biss lists? give me a link so I can look at it please. Will it protect me in torrents? Will it protect me in emule? How big is your list?
I doubt your claims that your list protects better, show me the proof.
My list is not for anything but winmx, in short it works well and is well maintained, If I had a whole group of folks each looking after the network they use as we do the RIAA and their lackies would give up.
Please take the time to read through what I,m trying to get bISS to undestand, any group can make a list, to keep it well maintained is alwys going to ba a challenge, meeting the challege should be their goal, not wasting time arguing with me.
They did the same thing to my web host, NearlyFreeSpeech.NET. They blacklisted a range of their IPs, so they contacted them. Then m0nk decided they weren’t asking nice enough, so he kept them up.
We shouldn’t be using services like this to secure our P2P connections.
By all means, show us the money!
I don’t see PG2 making an option out of your list. Why would that be?
PG has nothing to do with m0nk, so it shouldn’t be too hard to pick a different one. Easy to implement in the current setup of the software. Even when they would, bluetack’s list somehow gives me a safer feeling..
To 194:
All WinMX users know where to obtain the WinMX list I make no pretence it does anything other than what it does for WinMX.
PG is a decent enough program but BISS is an ongoing blocklist compilation project relying on its members who could be working for anyone.
As stated previously even when handed an active anti P2P list in a public test BISS scored zero, this of course is only likely to occur because someone had “friends” they where protecting, that is my honest belief.
I think anyone operating a blocklist has a responsibility to ensure the list is well maintained and also to ensure others dont abuse the list in ways the original compiler had not forseen, to this end we monitor and unblock Dynamic IP’s (after a time of zero activity) this keeps the list from becoming overbroad and more of a hindrance than a benefit.
BISS and other do not practice this themselves and its a tragedy but given time their list will be so full of false entries that any filesharer operating PG with the BISS lists would effectively be unable to fileshare or take part in P2P activities, this is counter to what PG was designed to implement, protection is the word we should strive to focus on not P2P prevention.
The currrent tally of blocked IP is a mind staggering eight hundred and sixty four and a half million IP’s
(864,502,226) Does anyone really believe all these addresses are the enemy ?
Moving forward what will happen when BISS have blocked the entire internet as at the rate their currently blocking it will occur in less than ten years.
It has often seemed to me that trying to get P2P users informed of problems and issues is an uphill struggle due to the widespread dynamic nature of the group, but as long as I have drawn atention to the potential pitfall of being lazy and blindly implementing a blocklist then my work is done, thanks for reading this far fellow P2P users, I believe there is nothing more constructive to add at this stage.
Any closed source antivirus program is malware itself.
Switch to Linux, use ClamAV which is free and open source if you feel you need an antivirus, you can examine the code yourself.
Fuck Windows, fuck closed source antivirus programs, fuck the corporations who lie to us, and fuck you if you’re a stupid Windows user who funds these rogues.
Switch to Linux, breathe easy.
[quote comment="298522"][quote comment="298445"]Nobody is questioning why an AV update server was connecting to BT because they are smart enough to figure out it didn’t.
You do realise that the IP addresses blocked by PG have nothing to do with people connecting to BT right ?[/quote]Sorry, they do have something to do with torrents. Not everything about this affair has leaked to the public, you know?
There are reasons for those blocks, trust me on that. And instead of being thankful, or at least secretly thankful, to bluetack for blocking them, you bash them without knowing what goes on behind the scenes.
Stop pretending you know everything when all you have done is read some forums and websites. There’s more to bluetack than just that.[/quote]
Yes there is, as I mentioned, there is a complete lack of technical knowledge, quality control, vetting and accountability to go with the obvious lack of credibility.
“The currrent tally of blocked IP is a mind staggering 864,502,226″
This isn’t something that deserves debate. Either you can look at that number and take 2 seconds to figure out what blutack is or you can’t.
That’s how gullibility and snakeoil work kid.
[quote comment="300111"][quote comment="298572"]Nope, Sorry, According to m0nk, as it says in the story, he spotted one IP belonging to them, on a movie torrent he was downloading off a private tracker.[/quote]According to my sources it’s something else. m0nk isn’t the be all end all decider at bluetack..
He can jump in here and deny this. He won’t, which might tell you something you didn’t know ;-)
[/quote]
Ok, official statements by bluetack, made to our researcher
M0nk> It was only 1 IP,
TorrentFreak> Oh yes, could you tell me what sort of torrent it was spotted on? (the name, tracker etc)
TorrentFreak> and the name of the spotter
M0nk> it was on a private site, so no not the tracker
M0nk> And the movie, good question. there have been many dls i’ve done since then
TorrentFreak> so it was you that spotted it, M0nk?
M0nk> that’s correct
TorrentFreak> it was a movie?
M0nk> right
As far as research goes, again, according to m0nk and m00re,
m00re> and just for the record we dont just add ips that are seen on torrents and p2p downloads
m00re> people research everything
m00re> ip databases and companies
TorrentFreak> what sort of research?
M0nk> yes, very time consuming
m00re> following the rabbitholes to see where they lead
M0nk> we search the regional registries for ranges of companies, look at ASN numbers, investigate domains, look into reports of ap2p activity
M0nk> do a lot fo search engine work
m00re> start with somehting like a list of compnies who hire places like baytsp and media sentry
M0nk> to find out what companies are associated with certain comapnies or organizations, subsidiares, etc
m00re> and malware companies as well, no one can hide
Basically, no actual research, just hearsay, and so-and-so maybe hired a server there, or has a company there that did a non-p2p-related deal there a few years back.
Pages: « 1 2 3 4 5 6 7 [8] 9 » Show All
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.