![]() 2:23:42 AM,High,An intrusion attempt by was blocked.,Blocked,No Action Required,System Infected: Miner.Bitcoinminer Activity 6,No Action Required,No Action Required," (.xxx, 6881)","103.219.154.220, 60016", (.xxx),"TCP, Port 6881" Yet, this morning, I'm still getting this alert:ĭate & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Destination Address,Source Address,Traffic Description because I did that last week when I got these alerts the first time. but, it's not as simple as "simply disable the automatic updates and/or community acceleration". Is this a false positive of some sort? Probably. But, I do get antsy when Norton starts alerting me that I have bitcoin mining occurring from the MuseHub. I don't have problems with closed source software and or even community bittorrenting. ![]() It's utterly irrational, immature, hurtful, and yes, downright malicious. Honestly, if I didn't see it with my own eyes, I couldn't believe that you've written those things about me, you don't even know me. And why? So that it can give me a soundfont! Of course, you can't have nice sounds in a notation software if you don't completely disregard all established security practices! A stranger on the Internet tells me it's perfectly safe and that I should trust it with full, unrestricted access to my computer, and if I don't, I'm a terrible person, a "blatant racist spewing vile garbage". Produced by some shady company in Kaliningrad with a PO Box for address in Cyprus.ġ. Spikes CPU use on Windows when the screen is turned offĨ. Resists being terminated, it goes out of its way to be difficult to uninstall or disableħ. Constantly sends and receives data from the network, connects to multiple IP addressesĦ. It doesn't need that, there are ways around it, but it explicitly refuses to run if not given root accessĥ. No Linux distro packs it in its repo, one needs to manually download it with a browser to install it (something that should never be done on Linux)Ĥ. Closed source and contrary to the spirit of MuseScoreģ. Malware scanners on Windows report it as malwareĢ. Reasons why I suspect MuseHub might be malware:ġ. I'm sorry, there are just too many red flags to ignore. If you want to be really safe, reinstall your operation system. And hope and pray it has left no backdoors. I advise everybody who has MuseHub running to uninstall it immediately, and then to verify that it is indeed gone. And money would not be a problem with this kind of payoff. A determined attacker with enough resources can get in almost everywhere. A would-be attacker could hack the MuseHub server. Note that it is not necessary to suspect the MuseHub company. MuseHub is a dream opportunity for whoever is in that business. How many users would grudgingly pay to have their files restored? One in ten? One in hundred? Think of the numbers involved. Millions of computers would be infected overnight. Thanks to bittorrent, distribution of that version would be lightning fast. ![]() Thanks to unchecked installation that malware would be silently installed on all computers receiving a copy. Let's say it's a ransomware, that encrypts all files on your computer and asks you to donate, say, $300 to get the decryption key. Assume someone manages to replace the mother copy of MuseHub on the MuseHub server with a version that does contain malware. Let me just sketch one scenario, entirely possible. And the risk of its bittorrent function being hacked, a real risk that others have already pointed out, is not even the greatest danger. MuseHub is just as dangerous as if it were malware. They may very well act in good faith.īut that is not the point. Nor do we know the intentions of the team. There is no need to assume at this moment that MuseHub is malware - there is no indication that it is, nor that it isn't. Whoever claims that MuseHub is not dangerous must be incredibly naive. I am very worried about this and the future of MuseScore.Ībsolutely. In what alternate reality does that make any sense? If this is not Defective-By-Design, what is? ![]() And you're incentivised into using this software (which would in any other circumstance rightly be described as malware) by getting a shiny present like MuseSounds: "oh no, you can't download this soundfont unless you give full control of your system to our proprietary updater". Having such "update" software closed source and running with root privileges is a huge red flag. But this means less control for the software proprietors. We have package managers that do that for us. The whole concept of software checking for updates is absurd to any Linux user. It may be overly cynical of me to point this out, but it really looks like a way to circumvent GNU GPL. MuseScore is slowly becoming proprietary software, through the introduction of third-party proprietary tools that "solve" problems introduced by regressions in MuseScore.
0 Comments
Leave a Reply. |