Sunday, February 24, 2008

ESET - PG2 is malware

Original story - TorrentFreak
A Personal Perspective

Sometimes, there are stories where the twists and turns are mindboggling; where the statements and positions made by some groups make you wonder if they live in the same world. There are times when you not only want to report the news, but comment on it as well. I must admit, writing the above story, it was hard to keep objective, and I must thank my researcher for keeping me focused. However, a role reversal such as this, involving a group I have covered before (and kept an eye on since), is one I could not personally let go without some sort of comment.

Perhaps the greatest irony in this though, is the attitudes of the Bluetack people, when they're on the receiving end, In short, both NOD32 and PeerGuardian2 are programs that run on a computer, and use updatable lists to identify bad, or potentially bad items. Both also allow entries on the list to be circumvented, with 'exclusions' or 'allow' lists. However, if an entry is added to the Bluetack lists that deemed unwelcome by some, you will find the Bluetack people all over the net, saying “just add it to the allow” and “better to be safe than sorry”. However, someone does it back, they go demanding, inciting harassment, and making abusive assertions. It would appear that what is sauce for the goose, is not sauce for the gander.

Of course, in the end, it all depends who you trust more to be accurate and diligent in their lists. Either a large international company that makes it's business from the accuracy of lists and it's reputation, or a group of anonymous people on the net. Perhaps the most telling fact is that whilst a Bluetack admin was able to post addresses and phone numbers for multiple ESET offices, there are precisely zero phone numbers, addresses, or even real names listed for Bluetack. Were they to disappear tomorrow, with the $3,300 or so donated for future server costs, there is no way to know who has it. There is a lot of trust in some easily discarded internet identities. In short, this might explain their attitudes – when they finally can't bluff/lie/exaggerate their way out of yet another paranoid, and ill-justified addition to their list, they can simply drop the identities.

If Bluetack were serious about what they were doing, and wish to actually build some credibility, perhaps they could start by standing behind their decisions. Starting by revealing who they are, and acknowledging personal responsibility for their blocks. Of course, they will decline on grounds of privacy (which is why they have anonymizing services like Tor and Relakks blocked), and possibly claim that revealing their real names will lead to harassment or similar. Personally, if they REALLY believed these blocks are justified and legitimate, they have no reason to worry. Finally, it amazes me that whilst those that run PeerGuardian feel themselves to be net-savvy, and would never run a program sent to them out of the blue, by someone they don't know, they will not only run, but defend data and assertions made by people who deliberately go out of their way so as to be unidentifiable. Indeed, the only reason such a group would operate in this manner would be to make it near impossible to be held legally accountable for their actions or statements.


  1. this is a double post, but...

    what if organisations like the mpaa are behind the virusmakers servers... do the need to be blocked or not?

  2. what if organisations like the mpaa are behind the virusmakers servers... do the need to be blocked or not?

    As soon as we get into the "whatif" world, why not block everyone who sells software/movies/music (or any other product commonly pirated/shared on the 'net)? Oh, and anti-p2p activity can be done on consumers' connections, should we block them too?

    Like I posted at TF, this could be fixed by Bluetack splitting up their "driftnet" level1 blocklist into several categories by the level of paranoia needed to believe those IPs are "watching you". But that would require work on their part that is not about abusing their position and adding random entities to their blocklists so right now it's wishful thinking.

  3. Uuuum i think the title is supposed to be "PG2 is malware" right? :P

  4. It's a bit silly to argue that the people at Bluetak are untrustworthy because they're anonymous when they provide software which helps to promote anonymity in file sharing. Granted, that may not be how PG2 actually functions, but in the world of file sharing anonymity is key.

  5. You didn't read hard enough. Anonymity is just the icing on the cake of the reasons which make them untrustworthy. It's foremost their extremely paranoid and downright childish behaviour. They too proud of themselves by magnitudes. I wouldn't be so sure that they are just incompetent because they've been doing this for so long, they should have learned SOMETHING. After all they blocked themselves once. I suspect these guys (is it actually more than one person?) are somewhat mentally sick. They are likely sociopaths who get a warm and fuzzy feeling whenever someone thanks them for their GREAT work and they enjoy it even more if they can demonstrate their power by rejecting any kind of request for block removal.

    Try contributing to Wikipedia and you'll come across very similar personalities.

    Anyway, BlueTack provides no software whatsoever. PeerGuardian (PG2) is the software. BlueTack are they guys who provide the default block lists.

    You think PG2 provides anonymity?
    "they [BlueTack] have anonymizing services like Tor and Relakks blocked"

    PG2 gives you absolutely no anonymity whatsoever.

  6. You're right anon @10:08 - it should have been Pg2 not Nod32 in the topic. Both short, ending in 2, can lead to confusion when you're finishing thigns off at 3am

  7. I think the PG2 application gets a bad reputation unfairly at times as the application itself is, in my opinion, very good. It's also open-source which I consider commendable.

    I think you're pretty-mucg correct about the attitudes of at least some of the list maintainers. I know from experience they've been extremely stubborn when enquiring about the addition or removal of addresses to and from their lists. I think unfortuantely in ways they've become, as said, quite paranoid to the point of basically trusting no-one through fear of being caught out... or something.

    As for the effectiveness of the lists, well, I would say they're probably better than nothing as they do take care of blocking a lot of the more obvious anti-peer2peer operations out there, though little more than that. The again there's the collateral damage it causes through blocking legitimate ranges, too. I know from experience one of the hardest things about maintaining any dynamic blocklist is knowing when addresses cease to be a threat. Without careful management in this respect you end up with huge and innaccurate lists that become ever-more difficult to maintain (clean up).

    I'll shut up now. :)

  8. How much does the RIAA or MediaDefender pay you for these posts?

  9. Well it could be right if there was just a small suspicion they could be working with anti-p2p, they should be blocked. At least it lets the peeps know that there is a risk. But to add a personal users IP on the list for having a negative comment about the way Monk was handling the recent banning of honest hubs on the DC++ Community. Monk(aka fa)admitted his error, but instead of trying to fix it, and reduce the harm done by his own mistake, he simply would ban anyone that complained or left a negative comment like i did after seeing he banned the guy for asking who would pay for his transfer? So he banned him then me as example, that you should not complain if your IP gets on the list, even if they made a mistake. I was put on level 1 list but I am not from any anti-p2p agency, im a DC++ file sharer and hub owner. Do you think I should be on the list cause he doesnt like people to complain on his lame work lately? Banning honest hubs that has nothing to do with anti-p2p at all, more the opposite under false presumptions is already bad, not allowing these hubs to be taken off the list is worst. And what is worst and worrying is that he can block any one he wishes to and leave comments in the reason : hub owner is a jerk! Now we should worry more about bluetack than utorrent as now anti-p2p can see I am a hub owner, and may soon be prosecuted. Way to go! And you claim you dont work for anti-p2p and accuse others to do so!
    The block on utorrent was done on behalf of anti-p2p agencies is not far from possible at this point, dont you think peeps?