Trojan boinc installation by rogue member

Dex
Dex
Joined: 21 Sep 06
Posts: 646
Credit: 4,381
RAC: 0

From what I have read, it

From what I have read, it seems the full properties of this 'trojan' program has not been investigated. With the 'trojan' that is supposedly disguised as a Windows Update, could be a 'small print' disclaimer, allowing the user to agree to load BOINC, and join the malicious users team. I am not stating I condone his actions, but many of us, quickly scan over, or disgard the END-USER-AGREEMENT with installation programs... Just a thought...

NOTE: But this could be a non-disclosure 'trojan' with no notification to the user.

d3xt3r.net

Alinator
Alinator
Joined: 8 May 05
Posts: 927
Credit: 9,352,143
RAC: 0

Agreed, that's why I thought

Agreed, that's why I thought the cries of criminal activity were somewhat amusing. However, the reaction of every other project has been that this type of "distribution" is outside the scope of their rules and took action.

Apparently PAH has looser standards of integrity in this regard.

Alinator

FalconFly
FalconFly
Joined: 16 Feb 05
Posts: 191
Credit: 15,650,710
RAC: 0

I quit PAH a long time ago

Message 61103 in response to message 61102

I quit PAH a long time ago for exactly these reasons, as they never cared about or listened to the Community.
Therefor, I find their actions (or lack thereof) not surprising. CPDN is heading in a very similar direction, but not as bad yet.

Nothing But Idle Time
Nothing But Idl...
Joined: 24 Aug 05
Posts: 158
Credit: 289,204
RAC: 0

RE: I quit PAH a long time

Message 61104 in response to message 61103

Quote:
I quit PAH a long time ago for exactly these reasons, as they never cared about or listened to the Community.

I have no first-hand knowledge of this topic or P@H. Could it be that some projects are discovering that the "community" is simply too demanding?
My own observation is that participants don't really "volunteer" unused cpu cycles. Their attitude from the outset is that of a barter: "I give you cpu cycles and in return I get to dictate the circumstances and environment in which I participate, otherwise color me gone." And every time a new batch of volunteers sign up I see the message boards are replete with more demands covering the same old topics that were hashed out (sometimes in flame wars) months before.
As I say, I have no first-hand knowledge about P@H, but frankly I find the constant demands of the participants both over the top sometimes and quite tiresome. Some good has come of it and some projects have implemented some very good upgrades(like Rosetta implementing the ability to select your own individual run time). Still, I wish people would do more volunteering and less demanding, IMO.

gravitysmith
gravitysmith
Joined: 8 Nov 04
Posts: 55
Credit: 84,170,993
RAC: 7,132

RE: Still, I wish people

Message 61105 in response to message 61104

Quote:
Still, I wish people would do more volunteering and less demanding, IMO.

Interestingly I actually think a lot of it is misguided support for the project, although I generally agree with your sentiment. According to Boincstats there are actually 40 projects to choose from right now. We all choose our priorites for whatever reason. More importantly we invest our time, effort, and money because we want our priority projects to succeed!

Still, there is bound to be disagreements at times over how things are run. When the issue becomes major enough, we "complain" because we want the project to become even better. If our complaints go unheard or the response isn't satisfactory, we are left with "living with it" or shifting our resources to another project. The silent majority probably just do this, but if a person is invested enough in the goals of the project, they sometimes complain louder or "demand" changes ... probably to vent frustration and perhaps to build support for their change.

I write this from personal experience with an issue regarding the main BOINC client. I really like BOINC and want it to succeed. As a person without the skills to change the code myself, my choices were to quit BOINC all together, live with the problem I saw, or try and convince one of the devs about my point. The latter wasn't working, and I got frustrated to the point I started "complaining" and "demanding" a bit. I am sure some people do it for different reasons, but reading the forums about the Predictor issue, most sentiments sound similar to my reactions which were based on frustration and wanting the project to succeed.

Although I too sometimes wish the "demands" in the forums would be less, I now see it as a sign of how much the author liked the project, but how the issue also conflicts with their beliefs. It takes time to write these posts, and a person who really didn't care about the project succeeding wouldn't spend the effort. In short, I think the "demands" are usually a reflection of people's frustration with a particular problem. If you keep that in mind, perhaps you can see a way to help them with their frustration.

Perhaps projects and/or participants could create polls about issues they feel are not being addressed. Although I wouldn't know how to implement it, I think a highly voted upon poll would give the devs a clear indication that a concern is wide-spread among the participants and not the result of "a few trouble makers".

gravitysmith

tullio
tullio
Joined: 22 Jan 05
Posts: 2,080
Credit: 46,798,520
RAC: 14,234

I think the era of innocence

I think the era of innocence is over even for BOINC. Maybe every user should be asked to declare his computer/s in order to avoid theft of credits by malware.
Tullio

Annika
Annika
Joined: 8 Aug 06
Posts: 720
Credit: 494,410
RAC: 0

Well, I think that may be a

Well, I think that may be a bit too pessimistic. After all, we are talking about a single case here. Where there are humans, there will always be some who try to take an unfair advantage of others, but that doesn't necessarily mean the whole system is in danger.
To avoid falling victim to someone like Wade, I think it's better to learn a bit about how computers and operating systems actually work and follow basic security rules.

tullio
tullio
Joined: 22 Jan 05
Posts: 2,080
Credit: 46,798,520
RAC: 14,234

RE: To avoid falling victim

Message 61108 in response to message 61107

Quote:
To avoid falling victim to someone like Wade, I think it's better to learn a bit about how computers and operating systems actually work and follow basic security rules.


This is why I am running Linux but most BOINC users are Windows users and fall easily prey to malware, in this as in other cases.
Tullio

Brian Silvers
Brian Silvers
Joined: 26 Aug 05
Posts: 772
Credit: 282,700
RAC: 0

RE: This is why I am

Message 61109 in response to message 61108

Quote:

This is why I am running Linux but most BOINC users are Windows users and fall easily prey to malware, in this as in other cases.
Tullio

Linux has it's share of security issues as well. Linux Security

Linux Malware on the Rise

It is not completely the OS in use that is the cause for security breaches, but it can also be the behavior of the user. That behavior can be cross-platform.

Can I get you a smaller brush to paint with next time? ;-)

Brian

tullio
tullio
Joined: 22 Jan 05
Posts: 2,080
Credit: 46,798,520
RAC: 14,234

RE: Can I get you a smaller

Message 61110 in response to message 61109

Quote:

Can I get you a smaller brush to paint with next time? ;-)

Brian


I am not a Windows expert, but I know that Windows, by default, lets a file named FILE.TXT.VBS to be seen as FILE.TXT by the user. He then clicks on it and hell breaks loose. This applies also to Vista.
Tullio

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.