| Index | Recent Threads | Unanswered Threads | Who's Active | Guidelines | Search |
 |
World Community Grid Forums
Category: Completed Research
Forum: Help Fight Childhood Cancer Project Forum
Thread: Malware found in hfcc_autodock |
| No member browsing this thread |
|
Thread Status: Active Total posts in this thread: 10
|
|
| Author |
|
|
polterding
Cruncher Joined: May 5, 2010 Post Count: 3 Status: Offline Project Badges: 
|
Hello.
Avira just informed me, that it found malware `TR/Crypt.XPACK.Gen` in wcg_hfcc_autodock_6.40_windows_intelx86 i just downloaded. Anybody else had this issue? Doesnt sound good..will remove BOINC from my machine for now and try to clean it up :( |
||
|
|
deltavee
Ace Cruncher Texas Hill Country Joined: Nov 17, 2004 Post Count: 4842 Status: Offline Project Badges: 
|
Anybody else had this issue? Nope. You are the first. This is a false positive that usually comes from Avira when one downloads certain game files of questionable legality. The latest version of Avira has a fix for this. Whatever the cause it is certainly not WCG.  |
||
|
|
polterding
Cruncher Joined: May 5, 2010 Post Count: 3 Status: Offline Project Badges:
|
Ok, thanks for the almost instant reply!
I'm a bit out of these issues, because I'm using linux since a couple of years exclusively. My brother also told me that Avira sometimes has issues with false positively detecting malware in regular files. Anyways, as long as this is happening, i guess i can't use this machine for crunching, as it's hard to explain its owner that everything is fine while these warnings emerge.. |
||
|
|
deltavee
Ace Cruncher Texas Hill Country Joined: Nov 17, 2004 Post Count: 4842 Status: Offline Project Badges:
|
polterding, You could try upgrading Avira to the latest version. The work that is done here at the World Community Grid is very beneficial. I'm sorry you have had this experience. Good luck.
---------------------------------------- |
||
|
|
polterding
Cruncher Joined: May 5, 2010 Post Count: 3 Status: Offline Project Badges:
|
Thanks deltavee. Updated Avira now. When the shock settled down I will evaluate bringing it back to the grid.
|
||
|
|
gb009761
Master Cruncher Scotland Joined: Apr 6, 2005 Post Count: 2977 Status: Offline Project Badges: 
|
polterding, one thing that is pretty certain, is that as WCG is run by IBM, I'd be extremely surprised if any malware (or any other virus') get transferred by the WCG software - in fact, I know that IBM have put stringent safety procedures in place to prevent this.
----------------------------------------One thing that IBM will seriously want to avoid, is any possible doubt about the safety of running WCG, and hence, the extreme measures that they'll go to so as to prevent this. I'm not saying that it could never happen, just extremely unlikely (and certainly, during all the time I've been crunching here, I've never heard of a case when any type of virus has been passed along through the WCG software/the WU's we're crunching). Thus, I'd put this down as a false positive.  |
||
|
|
rilian
Veteran Cruncher Ukraine - we rule! Joined: Jun 17, 2007 Post Count: 1452 Status: Offline Project Badges: 
|
polterding , not looking that WCG runs for 10 years already, of course you should blame BOINC project first! Antiviruses never fail and their "smart" heuristics are so smart.
---------------------------------------- |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Yes, safety first, particular as was noted, it's not polterding's machine, but a guest install. Don't wanna cause an unselling of the distributed computing concept. Good words win maybe one customer, bad words and you loose 10 (old retail business adage).
The score though is so far is 100% false positive v.v. WCG, probably BOINC world entirely. As of client 6, the apps run in a limited rights sandbox area at that, particular when BOINC is installed as service / protected application execution level (on Windows). Linux is pretty much impervious (Though I've got a ClamAV deamon running on my Ubuntus with cronjob for periodic scanning) But, suspecting polterding is from a Dutch or German language area, the polterding was most likely in the [Avira] machine. --//-- P.S. The WCG three-quarter decade anniversary is May 16 :D |
||
|
|
mikey
Veteran Cruncher Joined: May 10, 2009 Post Count: 821 Status: Offline Project Badges:
|
Thanks deltavee. Updated Avira now. When the shock settled down I will evaluate bringing it back to the grid. One thing to consider is how a Virus works...once it is run it tries to infect EVERY file on your Pc that can run ANYTHING. Knowing that can make this easier to stop the false positives in Boinc in the future, just exclude the Boinc directory from a/v scanning or monitoring. IF it IS a Virus it WILL then try and infect other files on your pc and you will see it and stop it, if it is a false positive it won't try and infect other files, meaning your a/v program won't care and won't bother you.   |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
That's an interesting thought train, but it seems to violate the ''sandboxed'' operation principle that BOINC runs in (particular when installed as the noted "protected application execution". Nothing is supposed to come out.
Of Interest, my Avista ** occasionally comes across an odd behaving app or a false positive sig if you will, then offers to run it in a sandbox environment. Then I add it to the exceptions or tell it to always run it snadboxed, when I'm sure or in dubio it's ''save''. Till one day the viruses aim and those ''save, excluded from scan" apps. But fortunately there's more checks doing the rounds that prevent that. Mind you, the general going advise is to exclude the BOINC data directory from scanning by security suites... nothing unknown is not supposed to be able to get out, or in. ** How favored the names are in the virus protection business to start their product with AV (AVG, Avira, Avista)... maybe there are more. --//-- |
||
|
|
|