Another case of app going rogue...


TheMystic

Well-known member
Power User
VIP
Local time
6:41 PM
Posts
752
OS
Windows 11
Check this out:


This is a risk that would never go away. Open source or not.

This is the reason why I block apps from connecting to the internet, unless an internet connection is required for core functionality. This isn't the first time something like this has happened. There has been quite a few instances in the past where similar instances have occurred. This is not just limited to apps, but also browser extensions.

Open source and/ or free apps come with their own set of potential concerns. I don't see the motivation of the developer in offering something for free.

Broadly speaking, the following scenarios are possible:

1. Developer becomes greedy/ rogue.
2. Developer sells the product/ service to another entity that has questionable motives.
3. Man in the middle attacks.
4. The project itself had malafide intentions right from the start. First make a product popular for maximum reach, and then exploit it's fanbase.

BOTTOMLINE: Don't blindly trust a product or its makers just because it is popular. A little bit of caution always helps.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Envy dv7
    CPU
    Intel Core i7 3630QM
    Motherboard
    HP
    Memory
    16 GB
    Graphics Card(s)
    Intel HD Graphics 4000 & Nvidia GeForce GT 635M
    Sound Card
    IDT High Definition
    Screen Resolution
    1080p
    Hard Drives
    1 TB Crucial MX500 on bay 1.
    1 TB Seagate HDD on bay 2.
    Antivirus
    Windows Defender
I find OneClickFirewall handy to do this for Windows firewall.
 

My Computers

System One System Two

  • OS
    Win 11 Home & 🐥.
    Computer type
    Laptop
    Manufacturer/Model
    ACER Nitro AN16-41
    CPU
    AMD Ryzen™ 7 7735HS Processor 3.2Ghz
    Motherboard
    RB Sierra_PEH (FP7)
    Memory
    32 GB DDR5 4800MHz
    Graphics Card(s)
    NVIDIA GeForce RTX 4060 8GB GDDR6
    Monitor(s) Displays
    16" QHD+ 165Hz 16:10 IPS Technology
    Screen Resolution
    1920 X 1200
    Hard Drives
    Samsung 990 PRO 2TB
    PSU
    330 Watts
    Mouse
    Lenovo Bluetooth.
    Internet Speed
    500 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER NITRO
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    32 GB DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    Samsung 970 Evo Plus 2TB NVMe M.2
    PSU
    180 Watt, 19.5 V
    Mouse
    Lenovo Bluetooth
    Internet Speed
    500 Mbps
    Browser
    Edge
    Antivirus
    Defender
I find OneClickFirewall handy to do this for Windows firewall.
I have tried TinyWall and it is quite good. Will give this a try on one of my (expendable) Windows installation.

The idea of using a 3rd party firewall app has the same issue as in the OP. One doesn't know what MORE the app does in the background.

On my main systems, I follow one of two methods:

1. FIREWALL WHITELISTING
Windows Firewall blocks everything by default. I manually create a rule to allow (whitelist) only the essential programs that require internet for core functionality. For example, Firefox browser is whitelisted, while the background Mozilla Service is not.

2. FIREWALL BLACKLISTING
Install only the essential programs. This primarily includes browsers, iTunes, and a few well known softwares like VLC and a handful of others. In this case, I install programs that should not need to access internet (like VLC) inside a custom folder. I then run a script I found that blocks every executable (exe, dll, etc.) inside that folder.

The problem with method 2 is the number of rules that the script adds to Windows Firewall. It often runs into hundreds of rules for some of the apps. For example, over 300 rules are created for VLC alone. This is a very inefficient configuration because every internet request now has to go through thousands of firewall rules before being allowed/ denied.

I prefer method 1 for reason mentioned above. The only problem with it is sometimes I have difficulty in finding what to whitelist to make a program work. Also, some programs require multiple files to be whitelisted before it works correctly, e.g. Chrome Remote Desktop.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Envy dv7
    CPU
    Intel Core i7 3630QM
    Motherboard
    HP
    Memory
    16 GB
    Graphics Card(s)
    Intel HD Graphics 4000 & Nvidia GeForce GT 635M
    Sound Card
    IDT High Definition
    Screen Resolution
    1080p
    Hard Drives
    1 TB Crucial MX500 on bay 1.
    1 TB Seagate HDD on bay 2.
    Antivirus
    Windows Defender
@TheMystic

Actually some people do things just because they have the time and enjoy doing it -- not everybody is 100% motivated by money.

Take for example that brilliant free product CALIBRE which works on Linux, MacOS and Windows, is regularly updated, enables things like kindles to be able to use epub type e-books so not relying on Amazon's own e-book offerings to be used on e-readers like kindles etc.

Its been 100 % free and ad free as well for years now. It's really the "Bible" of e-book management" -- brilliant program.


Cheers
jimbo
 

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
I tried several firewall apps, but I found them all very difficult to use. I do the following to limit my exposure.

a) Don't use the main work computer that contains personal data for doing fun stuff.

b) Use other computers with no personal data for doing fun stuff.

It is not possible to do a perfect a) vs b) separation but it lets me sleep at night :)
 

My Computer

System One

  • OS
    Windows 10 Pro
Actually some people do things just becuase they have the time and enjoy doing it -- not everybody is 100% motivated by money.
While I agree with that statement, such developers are indeed few and far between. Of course there is nothing wrong if a developer assigns a price for his product/ service. And all of the problems mentioned in OP would apply even then. But it is the free and/ or open source products that one should be more careful about, because the developer's motivation isn't clear.

Also, being open source isn't synonymous with being clean from a security or privacy perspective. Most forks from open source projects add their own things and the end product may not be completely open source. But due to false advertising, people assume that the end product is open source too. It is not.

Even if open source, is there a reliable entity that is actually auditing them, and auditing them continuously? There is a huge difference between being open for audit, and actually doing an audit.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Envy dv7
    CPU
    Intel Core i7 3630QM
    Motherboard
    HP
    Memory
    16 GB
    Graphics Card(s)
    Intel HD Graphics 4000 & Nvidia GeForce GT 635M
    Sound Card
    IDT High Definition
    Screen Resolution
    1080p
    Hard Drives
    1 TB Crucial MX500 on bay 1.
    1 TB Seagate HDD on bay 2.
    Antivirus
    Windows Defender
I tried several firewall apps, but I found them all very difficult to use. I do the following to limit my exposure.

a) Don't use the main work computer that contains personal data for doing fun stuff.

b) Use other computers with no personal data for doing fun stuff.

It is not possible to do a perfect a) vs b) separation but it lets me sleep at night :)
Yes. This is pretty much what I do too. :)
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Envy dv7
    CPU
    Intel Core i7 3630QM
    Motherboard
    HP
    Memory
    16 GB
    Graphics Card(s)
    Intel HD Graphics 4000 & Nvidia GeForce GT 635M
    Sound Card
    IDT High Definition
    Screen Resolution
    1080p
    Hard Drives
    1 TB Crucial MX500 on bay 1.
    1 TB Seagate HDD on bay 2.
    Antivirus
    Windows Defender
As you can guess I'm a little lazy so I use 'Everything' and 'OneClickFirewall' so I can block all that's needed in a program. :)

Works well enough for me.

2022-03-10 14_25_50-.png
 

My Computers

System One System Two

  • OS
    Win 11 Home & 🐥.
    Computer type
    Laptop
    Manufacturer/Model
    ACER Nitro AN16-41
    CPU
    AMD Ryzen™ 7 7735HS Processor 3.2Ghz
    Motherboard
    RB Sierra_PEH (FP7)
    Memory
    32 GB DDR5 4800MHz
    Graphics Card(s)
    NVIDIA GeForce RTX 4060 8GB GDDR6
    Monitor(s) Displays
    16" QHD+ 165Hz 16:10 IPS Technology
    Screen Resolution
    1920 X 1200
    Hard Drives
    Samsung 990 PRO 2TB
    PSU
    330 Watts
    Mouse
    Lenovo Bluetooth.
    Internet Speed
    500 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER NITRO
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    32 GB DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    Samsung 970 Evo Plus 2TB NVMe M.2
    PSU
    180 Watt, 19.5 V
    Mouse
    Lenovo Bluetooth
    Internet Speed
    500 Mbps
    Browser
    Edge
    Antivirus
    Defender
As you can guess I'm a little lazy so I use 'Everything' and 'OneClickFirewall' so I can block all that's needed in a program. :)

Works well enough for me.

View attachment 23910
I'm guessing that you are blocking just the exe file. That alone may not be sufficient. There are extensions like dll (and others) that need to be blocked too to completely block internet access.

So your method quite possibly is giving you a false sense of security.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Envy dv7
    CPU
    Intel Core i7 3630QM
    Motherboard
    HP
    Memory
    16 GB
    Graphics Card(s)
    Intel HD Graphics 4000 & Nvidia GeForce GT 635M
    Sound Card
    IDT High Definition
    Screen Resolution
    1080p
    Hard Drives
    1 TB Crucial MX500 on bay 1.
    1 TB Seagate HDD on bay 2.
    Antivirus
    Windows Defender
I'm guessing that you are blocking just the exe file. That alone may not be sufficient. There are extensions like dll (and others) that need to be blocked too to completely block internet access.

So your method quite possibly is giving you a false sense of security.
Noted (y)
 

My Computers

System One System Two

  • OS
    Win 11 Home & 🐥.
    Computer type
    Laptop
    Manufacturer/Model
    ACER Nitro AN16-41
    CPU
    AMD Ryzen™ 7 7735HS Processor 3.2Ghz
    Motherboard
    RB Sierra_PEH (FP7)
    Memory
    32 GB DDR5 4800MHz
    Graphics Card(s)
    NVIDIA GeForce RTX 4060 8GB GDDR6
    Monitor(s) Displays
    16" QHD+ 165Hz 16:10 IPS Technology
    Screen Resolution
    1920 X 1200
    Hard Drives
    Samsung 990 PRO 2TB
    PSU
    330 Watts
    Mouse
    Lenovo Bluetooth.
    Internet Speed
    500 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER NITRO
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    32 GB DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    Samsung 970 Evo Plus 2TB NVMe M.2
    PSU
    180 Watt, 19.5 V
    Mouse
    Lenovo Bluetooth
    Internet Speed
    500 Mbps
    Browser
    Edge
    Antivirus
    Defender
There is a fork of audacity called audacium. It apparently doesn't have the telemetry.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    CPU
    Ryzen 5 Pro 4650G
    Motherboard
    Gigabyte B550M DS3H
    Memory
    16 Gb DDR4 3200
    Monitor(s) Displays
    Dell U2312HM + Dell U2412M
    Screen Resolution
    1920 x 1200
    Hard Drives
    Sandisk SSD 240 Gb
    WD Blue 3.5 2Tb
    Cooling
    standard
    Keyboard
    Aukey KM-G6
    Mouse
    Micrsoft bluetooth
    Internet Speed
    3 Mbps down 0.8 Mbps up
    Browser
    Brave / Edge
    Antivirus
    Windows / Malwarebytes
If anyone wants a copy of Audacity before it crossed over to the dark side... I have version 2.3.3
Scans 100% clean at Virustotal...





Works on Windows 10 and Windows 11.
It's not as pretty as the newest version, but it doesn't try to "call home" either. :)

Image1.png
 

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦26100.1882 ♦♦♦♦♦♦♦24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 4702)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?
Might be an idea to actually read the privacy notice before assuming reports on dubious so called expert sites are truthful and not exaggerated to create paranoia and is just click bait.

Only change is automatic updates which you can turn off and bug / crash reports which you can decline to send, pretty much normal for many apps these days.

Fired up Audacity one of the affected versions, updates off and it is not contacting anywhere having checked with TCP View and Current Ports.
 

My Computers

System One System Two

  • OS
    Windows 11 22H2 OS Build 22623.1095
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self Build
    CPU
    AMD Ryzen 7 3800X
    Motherboard
    Asus PRIME B350-PLUS
    Memory
    16GB Corsair Vengeance LPX DDR4 @3000Mhz
    Graphics Card(s)
    ASUS - GeForce RTX 3070 Ti 8 GB TUF GAMING OC
    Sound Card
    On Board Realtec
    Monitor(s) Displays
    Acer KA241
    Screen Resolution
    1920 x 1080 @60Hz
    Hard Drives
    240GB PNY CS900 SSD - OS
    2 x 1TB Crucial MX500 SSD
    1 x 500GB Crucial MX300 SSD
    2TB Seagate ST2000DM001-1ER164
    2TB Seagate ST2000DM008-2FR102
    PSU
    750 Watt Corsair TX750 Plus
    Case
    Cooler Master 690 III
    Cooling
    Akasa AK98 5 Case Fans
    Keyboard
    Logitech K270 - wireless
    Mouse
    Logitech - M185 wireless
    Internet Speed
    BT Fibre 75 Mbps
    Browser
    Firefox
    Antivirus
    Windows Defender
    Other Info
    Use hardware KVM to switch monitors on three PCs and software (input director) to use mouse and keyboard on all 4 PCs.
  • Operating System
    Windows 11 Pro 22H2 build 22621.900
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Inspiron 3881 - modified with SFX PSU fitted internally
    CPU
    Intel i5 - 10400
    Motherboard
    Dell 032w55 version A00
    Memory
    16GB of HyperX Fury @ 2133 Mhz
    Graphics card(s)
    EVGA 6GB GTX 1060.
    Sound Card
    Builtin
    Monitor(s) Displays
    ACER KA241
    Screen Resolution
    1920x 1080 @60Hz
    Hard Drives
    256GB SK hynix NVMe
    1TB Western Digital WD10EZEX-75WN4A1
    PSU
    Modular 450 Watt Corsair SF450 Platinum ( Mod to replace the Dell 265 Watt PSU)
    Case
    Inspiron Small Desktop
    Cooling
    Dell stock cooler
    Mouse
    Dell
    Keyboard
    Dell
    Internet Speed
    BT Fibre 75 Mbps
    Browser
    Firefox
    Antivirus
    Windows Defender
    Other Info
    Use hardware KVM to switch monitors on three PCs and software (input director) to use mouse and keyboard on all 4 PCs.
Another awesome app, that doesn't try to call home... :)
Foobar2000



Image1.png
 

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦26100.1882 ♦♦♦♦♦♦♦24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 4702)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?
Back
Top Bottom