You are probably right. This code is very suspicious. Please remove it for testing purposes at least.
Reminding David of this proposal to get rid of the trojan.
Hi Mårten,
Just to be clear, there is no Trojan in Hornresp - only false positives caused by over-enthusiastic anti-virus software. I thought that it had been generally agreed to leave things as they are, because there seemed to be no hard evidence to suggest that the automatic checking for updates was the cause of the problem. https://www.diyaudio.com/forums/subwoofers/119854-hornresp-1094.html#post6277097
If a change is now to be made it could be either to include a "Check for Updates" option under the Help menu as suggested by Brian, or alternatively, to remove the update check feature from Hornresp altogether.
I would need more feedback from users though, before proceeding with the implementation of either of the above two options.
Kind regards,
David
In addition:
The check for updates that hornresp is doing is as simple as it gets. There is very little data transfered and only a small check if the version number of the current instance of hornresp is older than the version stored online. If so, the "please update, there is something newer available" message appears.
Comparing to what many other peaces of software "talk" to the internet/vendor/etc... - hornrepsp is amongst the most harmless and "quiet" applications around.
If the fact that opening a ftp/http connection to check for one small file would lead to a virus-scanner warning - almost every software would get a warning... Virsuscanners don´t see this function in the code as a thread per se - if they would, almost any of them would constantly complain about 70% of any app you download from the internet...
What happens in these cases of "false alarms" is: Traditional virus-scanners have something like a fingerprint database which contains typical peaces of code, previosly found in virus-containing software. They look for these code-snipplets - and if they identify this - give out a very specific warning that a very pecific virus / trojan is included... That´s the way it worked in the early years of internet-threats...
Soon people programming viruses (or other mean stuff) realized this method and started to programm code which can "morph" a little and was able to disguis itself within the app. So something called "heuristics scanning" was invented from the companies that give us anti-virus-protection stuff... This works a little different than the previous method. Here some "possible" code-behaviours are identified which "might" be able to do some harm. Depending on the cleverness of this judging, the findings are more ore less reliable. But in many cases, some peace of completely harmless code looks a little suspicious - and therefore, a warning message appears... Here we get much more "false positives"...
I could go on for a while - but the point is: sometimes, a virus scanner simply is toooo careful and flags something as harmful, although it isn`t.
Simply saying: "This app opens up a http connection to check for a file is harmful and gives alarms" propably is not what is happening here. Rather it`s: By chance this virus-scanner "thinks" there "could" be something wrong with the file, so lets better be cautious and block it/warn about it then to be sorry afterwards if there really was some virus included and we ignored the possibility....
There have been cases of installer software which was widely used by spyware apps - and if someone used this installer for his/her own app - this was constantly flagged by some scanners as "harmfull" - because the scanners didn´t look for actual harmfull code, but the database of confirmed harmfull cases all contained the same code-snipplets from the installer (which by itself isn`t harmful at all - as the app itself wasn´t either)... A few weeks later, scanners were tweaked to look closer and look for something different - but since it´s a constant race between the good and the bad guys, some adjuestements have to be done afterwards - yoe never know what "the bad guys come up with next"...
The common way nowadays to check what software is doing while going online lies at the firewall and realtime scanning stuff in the background which checks what actually is being transmitted... The code itself which opens up a internet connection would lead to too many false reports.. Rather, the firewall blocks per default most stuff and ports - and if an app is transmitting, the inforamtion transmitted is scanned (or the adress is checked - some spyware always reports to the same known "bad adresses")...
All in all - I second that it´s ok to leave things as they are.... Sometimes there are some false positives - we might want to make one seperate small thread with this topic and put the essential information of it in it - and then link to this one in the future, if the next false alarm comes up.. or link to this thread ant the specific posts of the last few days, IMO they contain all that´s necessary to know for future "events".
The check for updates that hornresp is doing is as simple as it gets. There is very little data transfered and only a small check if the version number of the current instance of hornresp is older than the version stored online. If so, the "please update, there is something newer available" message appears.
Comparing to what many other peaces of software "talk" to the internet/vendor/etc... - hornrepsp is amongst the most harmless and "quiet" applications around.
If the fact that opening a ftp/http connection to check for one small file would lead to a virus-scanner warning - almost every software would get a warning... Virsuscanners don´t see this function in the code as a thread per se - if they would, almost any of them would constantly complain about 70% of any app you download from the internet...
What happens in these cases of "false alarms" is: Traditional virus-scanners have something like a fingerprint database which contains typical peaces of code, previosly found in virus-containing software. They look for these code-snipplets - and if they identify this - give out a very specific warning that a very pecific virus / trojan is included... That´s the way it worked in the early years of internet-threats...
Soon people programming viruses (or other mean stuff) realized this method and started to programm code which can "morph" a little and was able to disguis itself within the app. So something called "heuristics scanning" was invented from the companies that give us anti-virus-protection stuff... This works a little different than the previous method. Here some "possible" code-behaviours are identified which "might" be able to do some harm. Depending on the cleverness of this judging, the findings are more ore less reliable. But in many cases, some peace of completely harmless code looks a little suspicious - and therefore, a warning message appears... Here we get much more "false positives"...
I could go on for a while - but the point is: sometimes, a virus scanner simply is toooo careful and flags something as harmful, although it isn`t.
Simply saying: "This app opens up a http connection to check for a file is harmful and gives alarms" propably is not what is happening here. Rather it`s: By chance this virus-scanner "thinks" there "could" be something wrong with the file, so lets better be cautious and block it/warn about it then to be sorry afterwards if there really was some virus included and we ignored the possibility....
There have been cases of installer software which was widely used by spyware apps - and if someone used this installer for his/her own app - this was constantly flagged by some scanners as "harmfull" - because the scanners didn´t look for actual harmfull code, but the database of confirmed harmfull cases all contained the same code-snipplets from the installer (which by itself isn`t harmful at all - as the app itself wasn´t either)... A few weeks later, scanners were tweaked to look closer and look for something different - but since it´s a constant race between the good and the bad guys, some adjuestements have to be done afterwards - yoe never know what "the bad guys come up with next"...
The common way nowadays to check what software is doing while going online lies at the firewall and realtime scanning stuff in the background which checks what actually is being transmitted... The code itself which opens up a internet connection would lead to too many false reports.. Rather, the firewall blocks per default most stuff and ports - and if an app is transmitting, the inforamtion transmitted is scanned (or the adress is checked - some spyware always reports to the same known "bad adresses")...
All in all - I second that it´s ok to leave things as they are.... Sometimes there are some false positives - we might want to make one seperate small thread with this topic and put the essential information of it in it - and then link to this one in the future, if the next false alarm comes up.. or link to this thread ant the specific posts of the last few days, IMO they contain all that´s necessary to know for future "events".
Can you have Dropbox on your machine? I have Hornresp in my Dropbox, this means all of my machines are up to date no matter which one I do the install on, and of course, the design database is replicated along with it.
Stay focused, people .
We are trying to decide whether to (1) retain the current automatic checking for updates when Hornresp starts, or (2) have a 'Check for Updates' option under the Help menu instead, or (3) remove the update checking feature from Hornresp entirely.
Would appreciate feedback on which way to go.
.We are trying to decide whether to (1) retain the current automatic checking for updates when Hornresp starts, or (2) have a 'Check for Updates' option under the Help menu instead, or (3) remove the update checking feature from Hornresp entirely.
Would appreciate feedback on which way to go.
I actually find the automatic messages on available updates annoying on any software. Maybe a good compromise would be to display the message only once a month - but that would not solve the problem with antivirus. Maybe copy-paste text only link without opening the link in the browser would work?