From: Shadow on 3 Sep 2009 15:52 On Tue, 01 Sep 2009 09:39:32 -0400, Zo <homenet(a)newsbill.net> wrote: > >http://www.pandasecurity.com/usa/homeusers/downloads/usbvaccine/ > >Panda USB Vaccine - free solution to block malware spreading through >USB drives. > >This is a very useful tool as there is no simple way of disabling the >AutoRun feature in Windows. This provides users with a simple way of >disabling this feature, offering a high degree of protection against >infections from removable drives and devices. > >Small download: 719kb I have tried the 1.0.0.51 version. However, I did not download it from the Panda site, and it DOES phone home. Since my version opens an encrypted link to panda, and they have such an awful past, I'm wondering if you could detect if your version is trying to connect to the internet? Just adjust your firewall to hoot at attempts to make a connection. PS I could not download from the web page above, they demand an email address and personal identification, which considering the phoning home bit would be worse than the actual spyware. I got mine from http://www.softpedia.com []'s
From: Nosferator on 3 Sep 2009 20:26 On Thu, 03 Sep 2009 16:52:13 -0300, Shadow <Sh(a)dow> wrote: >On Tue, 01 Sep 2009 09:39:32 -0400, Zo <homenet(a)newsbill.net> wrote: > >> >>http://www.pandasecurity.com/usa/homeusers/downloads/usbvaccine/ >> >>Panda USB Vaccine - free solution to block malware spreading through >>USB drives. >> >>This is a very useful tool as there is no simple way of disabling the >>AutoRun feature in Windows. This provides users with a simple way of >>disabling this feature, offering a high degree of protection against >>infections from removable drives and devices. >> >>Small download: 719kb > I have tried the 1.0.0.51 version. However, I did not download >it from the Panda site, and it DOES phone home. Since my version opens >an encrypted link to panda, and they have such an awful past, I'm >wondering if you could detect if your version is trying to connect to >the internet? > Just adjust your firewall to hoot at attempts to make a >connection. > > PS I could not download from the web page above, they demand >an email address and personal identification, which considering the >phoning home bit would be worse than the actual spyware. > I got mine from > http://www.softpedia.com > []'s Oh, just for those cases they demand an email to download something i use yopmail. www.yopmail.com
From: Zo on 4 Sep 2009 09:49 Shadow formulated the question : > On Tue, 01 Sep 2009 09:39:32 -0400, Zo <homenet(a)newsbill.net> wrote: > >> >> http://www.pandasecurity.com/usa/homeusers/downloads/usbvaccine/ >> >> Panda USB Vaccine - free solution to block malware spreading through >> USB drives. >> >> This is a very useful tool as there is no simple way of disabling the >> AutoRun feature in Windows. This provides users with a simple way of >> disabling this feature, offering a high degree of protection against >> infections from removable drives and devices. >> >> Small download: 719kb > I have tried the 1.0.0.51 version. However, I did not download > it from the Panda site, and it DOES phone home. Since my version opens > an encrypted link to panda, and they have such an awful past, I'm > wondering if you could detect if your version is trying to connect to > the internet? > Just adjust your firewall to hoot at attempts to make a > connection. > > PS I could not download from the web page above, they demand > an email address and personal identification, which considering the > phoning home bit would be worse than the actual spyware. > I got mine from > http://www.softpedia.com > []'s The version number on that page is an incorrect version number. The one I downloaded was the same as the version you have. I filled in all of the info using a junk email address. I didn't install it though, instead, I extracted the exe file using Universal Extractor. I've executed the exe file and it hasn't attempted to make any connections. The only time it makes any type of connection is when I click the link to check for updates. I really don't why yours is doing it???? Incidentally if you click on the update link, it takes you to a page that shows version 1.0.0.50. http://research.pandasecurity.com/archive/Panda-USB-and-AutoRun-Vaccine.aspx UPDATE June 19, 2009: New version 1.0.0.50 released with NTFS support. The above link also contains users comments and suggested improvements. -- Zo Click..Click..Click..darn, out of taglines!
From: Shadow on 4 Sep 2009 17:25 On Fri, 04 Sep 2009 09:49:43 -0400, Zo <homenet(a)newsbill.net> wrote: > >Shadow formulated the question : >> On Tue, 01 Sep 2009 09:39:32 -0400, Zo <homenet(a)newsbill.net> wrote: >> >>> >>> http://www.pandasecurity.com/usa/homeusers/downloads/usbvaccine/ > >The version number on that page is an incorrect version number. The one >I downloaded was the same as the version you have. I filled in all of >the info using a junk email address. I didn't install it though, >instead, I extracted the exe file using Universal Extractor. I've >executed the exe file and it hasn't attempted to make any connections. >The only time it makes any type of connection is when I click the link >to check for updates. I really don't why yours is doing it???? We think alike, my friend, I ripped the executable from the installer, using UE, sent it to PEid to check for packers, unpacked using upx -d, and after verifying that it does not need any of the other executables shipped with it, put it (the executable that works) on the pendrive I use at work. If you hex edit the unpacked executable, you will find the following urls: http://ocsp.verisign.com http://crl.verisign.com/tss-ca.crl0 http://crl.verisign.com/ThawteTimestampingCA.crl0 https://www.verisign.com/rpa https://www.verisign.com/rpa01 http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D The https url was the connection it attempted to make, unsolicited. But version 1.0.0.49, my bad. I'm sure it is just an innocent check to make sure you downloaded a valid version :P Kind of wondering why. Is it REALLY necessary to connect to the internet to validate a program that checks if autorun.inf reads CACACACACA ??? []'s > >Incidentally if you click on the update link, it takes you to a page >that shows version 1.0.0.50. > >http://research.pandasecurity.com/archive/Panda-USB-and-AutoRun-Vaccine.aspx > >UPDATE June 19, 2009: New version 1.0.0.50 released with NTFS support. > >The above link also contains users comments and suggested improvements. I would suggest that it NEVER connected without prior permission. []'s
From: Zo on 5 Sep 2009 08:03 Shadow laid this down on his screen : > On Fri, 04 Sep 2009 09:49:43 -0400, Zo <homenet(a)newsbill.net> wrote: > >> >> Shadow formulated the question : >>> On Tue, 01 Sep 2009 09:39:32 -0400, Zo <homenet(a)newsbill.net> wrote: >>> >>>> >>>> http://www.pandasecurity.com/usa/homeusers/downloads/usbvaccine/ >> >> The version number on that page is an incorrect version number. The one >> I downloaded was the same as the version you have. I filled in all of >> the info using a junk email address. I didn't install it though, >> instead, I extracted the exe file using Universal Extractor. I've >> executed the exe file and it hasn't attempted to make any connections. >> The only time it makes any type of connection is when I click the link >> to check for updates. I really don't why yours is doing it???? > We think alike, my friend, I ripped the executable from the > installer, using UE, sent it to PEid to check for packers, unpacked > using upx -d, and after verifying that it does not need any of the > other executables shipped with it, put it (the executable that works) > on the pendrive I use at work. > If you hex edit the unpacked executable, you will find the > following urls: > > http://ocsp.verisign.com > http://crl.verisign.com/tss-ca.crl0 > http://crl.verisign.com/ThawteTimestampingCA.crl0 > https://www.verisign.com/rpa > https://www.verisign.com/rpa01 > http://CSC3-2004-aia.verisign.com/CSC3-2004-aia.cer > http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D > > The https url was the connection it attempted to make, > unsolicited. But version 1.0.0.49, my bad. I'm sure it is just an > innocent check to make sure you downloaded a valid version :P > Kind of wondering why. Is it REALLY necessary to connect to > the internet to validate a program that checks if autorun.inf reads > CACACACACA ??? > []'s > >> >> Incidentally if you click on the update link, it takes you to a page >> that shows version 1.0.0.50. >> >> http://research.pandasecurity.com/archive/Panda-USB-and-AutoRun-Vaccine.aspx >> >> UPDATE June 19, 2009: New version 1.0.0.50 released with NTFS support. >> >> The above link also contains users comments and suggested improvements. > I would suggest that it NEVER connected without prior > permission. > []'s Did you go to the above link and express your concerns? After reviewing the comments and improvement suggestions, I did not come across anyone complaining about the situation you experienced?????? -- Zo Shhhhhhh; the secrets of the Internet are at .....^*& %*$^^^^^^^^^ NO CARRIER.
|
Pages: 1 Prev: Kitty Litter The Anti Sniffer Next: 2009 Pricelessware List - Part 4 - General Discussion |