I understand this one. It's done by a lot of people who have no computer knowledge and who post for help on a forum. They expect to be understood directly from their first, at times very cryptic post, without follow up questions. They expect to get a crisp and clear answer immediately, steps to do the things they want to, without all the hassle of having to read elsewhere on the internet. You never know what nasties you might secretly download from another forum!
My mom would call me, instead of looking into Google or another search engine. Why? Because I (!!) should know all this. ;-)
[rant_start}
The post I made in the other thread, I probably should have followed up with a quick how-to. But at times I am not in the mood to answer anyone politely, or can just not be bothered and hope someone else will do so. I do have my own life as well and it doesn't consist of constantly holding hands with people who can't be bothered to even use their Start->Help & Support link in Windows to look up how to navigate around their OS.
[rant_end]
You left out the part where you said that Einstein had rescanned it files and found nothing, thereby leading you to suggest we turn off the scanning of the Boinc folder. Until you rescan your files it seems premature to suggest automatically that it is a false positive. I agree that it PROBABLY is a false positive, but I am not turning off anything until you guys say you have re-scanned the files and found nothing wrong on your end OR my anti-virus folks tell me it is their fault. Assuming is how people get problems in the first place.
Mikey,
I haven't left anything out and nor have I "assumed" anything. There is simply not the pressing need to "rescan" the files in question - the E@H data files - as you so dramatically assert. Also, you should read more carefully what was actually written. I didn't say "automatically" that it must be a false positive. I did say it was "most likely" to be that. I also said that people "should consider" turning off scanning of BOINC data folders. I chose those words to make it clear that it's an opinion that people can accept or reject as they see fit.
The files, when originally created, were protected by an MD5 checksum. If someone has subsequently "interfered" with any data file, your BOINC client would notice when it recalculated the MD5 sum and found a difference. Your BOINC client would reject the file well before any virus scanner needed to deal with it. That's why it is a reasonable course of action to advise people to consider excluding the BOINC Data tree from the list of places to scan.
Of course, these days, virtually anything is possible so I'm sure prudent staff at the project would have taken a quick look just to make sure all is as it should be. However it really serves no useful purpose to overdramatise something that is unlikely to be a problem at all.
Actually Gary I was a bit harsh in my words...and I do apologize for sounding like an alarmist. I also do understand about the MD5 sums and all that kinda stuff but if the Projects computers had been compromised and then generated an MD5 sum, my system would have accepted that as a good sum when in fact the units had viruses in them, correct? Remember the old "gigo"? If you have a virus no matter how much protection you use, you are sending it out. As I stated, I did not think you were wrong, just premature. Since you are in a 'position of authority' around here people listen to you as if you were actually running the place, I know I was a Mod on another board a long time ago now, it is not fun and people are always assuming things about you. In the end you had a perfectly good idea, although Avast, or Symantec, updating their signature files was, to me, a better solution. To blindly trust any other computer to be clean of viruses etc, is not a good thing. Yes we all have to trust something, I trust my anti-virus company to not send me a virus, I trust my anti-spyware people to not send me spyware, etc etc. But since I use Boinc to crunch for several projects, along with thousands of others, I don't trust the servers implicitly! Maybe that is from over 30 years using pc's, maybe it is just me, but I will not trust any other computer implicitly. BTW I do run online virus checks of my system periodically. And I do have more than one anti-spyware program I use too. I like the old Ronald Reagan line "trust but verify", I think it works for computers too.
... if the Projects computers had been compromised and then generated an MD5 sum, my system would have accepted that as a good sum when in fact the units had viruses in them, correct?
Yes, it would be theoretically possible to compromise some data files and also to replace the MD5 checksums for those compromised files. And then there are the various mirror sites. The data files existed a long time ago and the mirror sites got their copies way back then. An attacker would need to alter the files on one server and then convince all the mirror sites to "sync up" in such a way that all this extra traffic wasn't noticed in some log somewhere.
If a person were competent enough to do all that without the staff of the project being aware of the compromise, do you really think that that person would bother with a data file? After all there are zillions of them and unless you compromised them all, the "take up" rate would be quite low as any one data file is sent to a very limited number of hosts only. And what would be the point? How would you get someone to attempt to execute a data file? After all, the user doesn't need to go anywhere near the data files. The science app will read the contents and probably reject it if the data is not what it is expecting. I really have little idea about the techniques employed by virus writers but I did think that for a virus to spread, you had to trick a lot of people into executing the payload.
If you were smart enough to be able to break into the project and do all of the above, wouldn't you choose to compromise one of the executables rather than a data file? That way you would get complete coverage and a guarantee that the thing is going to be executed. It doesn't seem reasonable for an attacker to waste his time on a low distribution data file.
Quote:
Since you are in a 'position of authority' around here people listen to you as if you were actually running the place ...
I think you are wrong because most people are discerning enough to take things written on a message board with a grain of salt, no matter what the 'tag' of the author implies. If you want people to trust what you say you have to earn that privilege over quite a period by properly researching and constructing answers and points that you put forward. People are pretty adept in general at spotting rubbish.
Quote:
... In the end you had a perfectly good idea, although Avast, or Symantec, updating their signature files was, to me, a better solution.
Did you actually read my initial post in this thread? Here is a copy of the relevant part:-
until you receive updated virus definitions, you should consider configuring
your anti-virus software so as to exclude scanning the BOINC data folder
I'd be very interested to know how this is anything other than fully advocating that anti-virus companies should be providing updated definition files and that people should obtain them. I was suggesting to two people an interim measure they could consider using so as to avoid losing data files and crunching time whilst waiting for the updated definitions.
RE: With the greatest of
)
LOL
I had to look up "codswallop" in my English/German dictionary (online), but it sounded adequate even before that :-)
Gary, I admire your patience and eloquence!
Gruß,
Gundolf
Computer sind nicht alles im Leben. (Kleiner Scherz)
RE: If you didn't try
)
I understand this one. It's done by a lot of people who have no computer knowledge and who post for help on a forum. They expect to be understood directly from their first, at times very cryptic post, without follow up questions. They expect to get a crisp and clear answer immediately, steps to do the things they want to, without all the hassle of having to read elsewhere on the internet. You never know what nasties you might secretly download from another forum!
My mom would call me, instead of looking into Google or another search engine. Why? Because I (!!) should know all this. ;-)
[rant_start}
The post I made in the other thread, I probably should have followed up with a quick how-to. But at times I am not in the mood to answer anyone politely, or can just not be bothered and hope someone else will do so. I do have my own life as well and it doesn't consist of constantly holding hands with people who can't be bothered to even use their Start->Help & Support link in Windows to look up how to navigate around their OS.
[rant_end]
RE: RE: You left out the
)
Actually Gary I was a bit harsh in my words...and I do apologize for sounding like an alarmist. I also do understand about the MD5 sums and all that kinda stuff but if the Projects computers had been compromised and then generated an MD5 sum, my system would have accepted that as a good sum when in fact the units had viruses in them, correct? Remember the old "gigo"? If you have a virus no matter how much protection you use, you are sending it out. As I stated, I did not think you were wrong, just premature. Since you are in a 'position of authority' around here people listen to you as if you were actually running the place, I know I was a Mod on another board a long time ago now, it is not fun and people are always assuming things about you. In the end you had a perfectly good idea, although Avast, or Symantec, updating their signature files was, to me, a better solution. To blindly trust any other computer to be clean of viruses etc, is not a good thing. Yes we all have to trust something, I trust my anti-virus company to not send me a virus, I trust my anti-spyware people to not send me spyware, etc etc. But since I use Boinc to crunch for several projects, along with thousands of others, I don't trust the servers implicitly! Maybe that is from over 30 years using pc's, maybe it is just me, but I will not trust any other computer implicitly. BTW I do run online virus checks of my system periodically. And I do have more than one anti-spyware program I use too. I like the old Ronald Reagan line "trust but verify", I think it works for computers too.
RE: ... if the Projects
)
Yes, it would be theoretically possible to compromise some data files and also to replace the MD5 checksums for those compromised files. And then there are the various mirror sites. The data files existed a long time ago and the mirror sites got their copies way back then. An attacker would need to alter the files on one server and then convince all the mirror sites to "sync up" in such a way that all this extra traffic wasn't noticed in some log somewhere.
If a person were competent enough to do all that without the staff of the project being aware of the compromise, do you really think that that person would bother with a data file? After all there are zillions of them and unless you compromised them all, the "take up" rate would be quite low as any one data file is sent to a very limited number of hosts only. And what would be the point? How would you get someone to attempt to execute a data file? After all, the user doesn't need to go anywhere near the data files. The science app will read the contents and probably reject it if the data is not what it is expecting. I really have little idea about the techniques employed by virus writers but I did think that for a virus to spread, you had to trick a lot of people into executing the payload.
If you were smart enough to be able to break into the project and do all of the above, wouldn't you choose to compromise one of the executables rather than a data file? That way you would get complete coverage and a guarantee that the thing is going to be executed. It doesn't seem reasonable for an attacker to waste his time on a low distribution data file.
I think you are wrong because most people are discerning enough to take things written on a message board with a grain of salt, no matter what the 'tag' of the author implies. If you want people to trust what you say you have to earn that privilege over quite a period by properly researching and constructing answers and points that you put forward. People are pretty adept in general at spotting rubbish.
Did you actually read my initial post in this thread? Here is a copy of the relevant part:-
I'd be very interested to know how this is anything other than fully advocating that anti-virus companies should be providing updated definition files and that people should obtain them. I was suggesting to two people an interim measure they could consider using so as to avoid losing data files and crunching time whilst waiting for the updated definitions.
Cheers,
Gary.