From: Shadow on
On Tue, 01 Sep 2009 09:39:32 -0400, Zo <homenet(a)newsbill.net> wrote:

>
>http://www.pandasecurity.com/usa/homeusers/downloads/usbvaccine/
>
>Panda USB Vaccine - free solution to block malware spreading through
>USB drives.
>
>This is a very useful tool as there is no simple way of disabling the
>AutoRun feature in Windows. This provides users with a simple way of
>disabling this feature, offering a high degree of protection against
>infections from removable drives and devices.
>
>Small download: 719kb
I have tried the 1.0.0.51 version. However, I did not download
it from the Panda site, and it DOES phone home. Since my version opens
an encrypted link to panda, and they have such an awful past, I'm
wondering if you could detect if your version is trying to connect to
the internet?
Just adjust your firewall to hoot at attempts to make a
connection.

PS I could not download from the web page above, they demand
an email address and personal identification, which considering the
phoning home bit would be worse than the actual spyware.
I got mine from
http://www.softpedia.com
[]'s
From: Nosferator on
On Thu, 03 Sep 2009 16:52:13 -0300, Shadow <Sh(a)dow> wrote:

>On Tue, 01 Sep 2009 09:39:32 -0400, Zo <homenet(a)newsbill.net> wrote:
>
>>
>>http://www.pandasecurity.com/usa/homeusers/downloads/usbvaccine/
>>
>>Panda USB Vaccine - free solution to block malware spreading through
>>USB drives.
>>
>>This is a very useful tool as there is no simple way of disabling the
>>AutoRun feature in Windows. This provides users with a simple way of
>>disabling this feature, offering a high degree of protection against
>>infections from removable drives and devices.
>>
>>Small download: 719kb
> I have tried the 1.0.0.51 version. However, I did not download
>it from the Panda site, and it DOES phone home. Since my version opens
>an encrypted link to panda, and they have such an awful past, I'm
>wondering if you could detect if your version is trying to connect to
>the internet?
> Just adjust your firewall to hoot at attempts to make a
>connection.
>
> PS I could not download from the web page above, they demand
>an email address and personal identification, which considering the
>phoning home bit would be worse than the actual spyware.
> I got mine from
> http://www.softpedia.com
> []'s
Oh, just for those cases they demand an email to download something i
use yopmail.
www.yopmail.com
From: Zo on

Shadow formulated the question :
> On Tue, 01 Sep 2009 09:39:32 -0400, Zo <homenet(a)newsbill.net> wrote:
>
>>
>> http://www.pandasecurity.com/usa/homeusers/downloads/usbvaccine/
>>
>> Panda USB Vaccine - free solution to block malware spreading through
>> USB drives.
>>
>> This is a very useful tool as there is no simple way of disabling the
>> AutoRun feature in Windows. This provides users with a simple way of
>> disabling this feature, offering a high degree of protection against
>> infections from removable drives and devices.
>>
>> Small download: 719kb
> I have tried the 1.0.0.51 version. However, I did not download
> it from the Panda site, and it DOES phone home. Since my version opens
> an encrypted link to panda, and they have such an awful past, I'm
> wondering if you could detect if your version is trying to connect to
> the internet?
> Just adjust your firewall to hoot at attempts to make a
> connection.
>
> PS I could not download from the web page above, they demand
> an email address and personal identification, which considering the
> phoning home bit would be worse than the actual spyware.
> I got mine from
> http://www.softpedia.com
> []'s

The version number on that page is an incorrect version number. The one
I downloaded was the same as the version you have. I filled in all of
the info using a junk email address. I didn't install it though,
instead, I extracted the exe file using Universal Extractor. I've
executed the exe file and it hasn't attempted to make any connections.
The only time it makes any type of connection is when I click the link
to check for updates. I really don't why yours is doing it????

Incidentally if you click on the update link, it takes you to a page
that shows version 1.0.0.50.

http://research.pandasecurity.com/archive/Panda-USB-and-AutoRun-Vaccine.aspx

UPDATE June 19, 2009: New version 1.0.0.50 released with NTFS support.

The above link also contains users comments and suggested improvements.

--
Zo
Click..Click..Click..darn, out of taglines!


From: Shadow on
On Fri, 04 Sep 2009 09:49:43 -0400, Zo <homenet(a)newsbill.net> wrote:

>
>Shadow formulated the question :
>> On Tue, 01 Sep 2009 09:39:32 -0400, Zo <homenet(a)newsbill.net> wrote:
>>
>>>
>>> http://www.pandasecurity.com/usa/homeusers/downloads/usbvaccine/
>
>The version number on that page is an incorrect version number. The one
>I downloaded was the same as the version you have. I filled in all of
>the info using a junk email address. I didn't install it though,
>instead, I extracted the exe file using Universal Extractor. I've
>executed the exe file and it hasn't attempted to make any connections.
>The only time it makes any type of connection is when I click the link
>to check for updates. I really don't why yours is doing it????
We think alike, my friend, I ripped the executable from the
installer, using UE, sent it to PEid to check for packers, unpacked
using upx -d, and after verifying that it does not need any of the
other executables shipped with it, put it (the executable that works)
on the pendrive I use at work.
If you hex edit the unpacked executable, you will find the
following urls:

http://ocsp.verisign.com
http://crl.verisign.com/tss-ca.crl0
http://crl.verisign.com/ThawteTimestampingCA.crl0
https://www.verisign.com/rpa
https://www.verisign.com/rpa01
http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer
http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D

The https url was the connection it attempted to make,
unsolicited. But version 1.0.0.49, my bad. I'm sure it is just an
innocent check to make sure you downloaded a valid version :P
Kind of wondering why. Is it REALLY necessary to connect to
the internet to validate a program that checks if autorun.inf reads
CACACACACA ???
[]'s

>
>Incidentally if you click on the update link, it takes you to a page
>that shows version 1.0.0.50.
>
>http://research.pandasecurity.com/archive/Panda-USB-and-AutoRun-Vaccine.aspx
>
>UPDATE June 19, 2009: New version 1.0.0.50 released with NTFS support.
>
>The above link also contains users comments and suggested improvements.
I would suggest that it NEVER connected without prior
permission.
[]'s
From: Zo on

Shadow laid this down on his screen :
> On Fri, 04 Sep 2009 09:49:43 -0400, Zo <homenet(a)newsbill.net> wrote:
>
>>
>> Shadow formulated the question :
>>> On Tue, 01 Sep 2009 09:39:32 -0400, Zo <homenet(a)newsbill.net> wrote:
>>>
>>>>
>>>> http://www.pandasecurity.com/usa/homeusers/downloads/usbvaccine/
>>
>> The version number on that page is an incorrect version number. The one
>> I downloaded was the same as the version you have. I filled in all of
>> the info using a junk email address. I didn't install it though,
>> instead, I extracted the exe file using Universal Extractor. I've
>> executed the exe file and it hasn't attempted to make any connections.
>> The only time it makes any type of connection is when I click the link
>> to check for updates. I really don't why yours is doing it????
> We think alike, my friend, I ripped the executable from the
> installer, using UE, sent it to PEid to check for packers, unpacked
> using upx -d, and after verifying that it does not need any of the
> other executables shipped with it, put it (the executable that works)
> on the pendrive I use at work.
> If you hex edit the unpacked executable, you will find the
> following urls:
>
> http://ocsp.verisign.com
> http://crl.verisign.com/tss-ca.crl0
> http://crl.verisign.com/ThawteTimestampingCA.crl0
> https://www.verisign.com/rpa
> https://www.verisign.com/rpa01
> http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer
> http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D
>
> The https url was the connection it attempted to make,
> unsolicited. But version 1.0.0.49, my bad. I'm sure it is just an
> innocent check to make sure you downloaded a valid version :P
> Kind of wondering why. Is it REALLY necessary to connect to
> the internet to validate a program that checks if autorun.inf reads
> CACACACACA ???
> []'s
>
>>
>> Incidentally if you click on the update link, it takes you to a page
>> that shows version 1.0.0.50.
>>
>> http://research.pandasecurity.com/archive/Panda-USB-and-AutoRun-Vaccine.aspx
>>
>> UPDATE June 19, 2009: New version 1.0.0.50 released with NTFS support.
>>
>> The above link also contains users comments and suggested improvements.
> I would suggest that it NEVER connected without prior
> permission.
> []'s

Did you go to the above link and express your concerns? After reviewing
the comments and improvement suggestions, I did not come across anyone
complaining about the situation you experienced??????

--
Zo
Shhhhhhh; the secrets of the Internet are at .....^*& %*$^^^^^^^^^ NO
CARRIER.