Do we have a Boinc virus?

Message boards : Number crunching : Do we have a Boinc virus?

Previous · 1 . . . 8 · 9 · 10 · 11 · 12 · 13 · 14 . . . 27 · Next

Author	Message
Webmaster Yoda Volunteer tester Send message Joined: 3 Apr 99 Posts: 52 Credit: 500,125 RAC: 0	Message 242074 - Posted: 4 Feb 2006, 5:55:48 UTC - in response to Message 242056. Last modified: 4 Feb 2006, 6:02:33 UTC
	Do you still want to stick to a single machine with a RAC of 760? Easily done with a fast machine running optimised apps. My Athlon 64 3700+ has an RAC over 770 and my 3.4GHz Pentium 4 has an RAC over 1000. Dual core and dual processor machines can get RAC's over 2,000. See http://setiweb.ssl.berkeley.edu/top_hosts.php EDIT: There's something like 500 hosts with an RAC over 1,000 ____________ * Join the #1 Aussie Alliance on SETI *
	ID: 242074 ·

Fuzzy Hollynoodles Volunteer tester Send message Joined: 3 Apr 99 Posts: 9659 Credit: 251,998 RAC: 0	Message 242085 - Posted: 4 Feb 2006, 6:04:51 UTC - in response to Message 242000.
	... I think it is time to put a warning on the main page of all projects asking Windows users to check their system32 dir for the presence of BOINC xml files and project subdirectories. [EDIT] Actually searching all drives for some typical boinc files (like client_state.xml) would be much better - we have no guarantee that it is always in the same location.[/EDIT] Or maybe even much simpler - adding a checker into the S@H application that would warn in case of multiple running BOINC instances, would be much better. I will personally put such checker into my BOINC client, but that will cover just couple of users. It is much more important that if it is forced to all users with the standard official S@H applications - those who do not watch this forum, and do not use any optimized clients or applications. I've just checked my whole harddisk for that exe file, and luckily I don't have it. Yes, a feature that checks for the correct files in the correct directories would be nice, specially for those who don't keep an eye on their system. ____________ "I'm trying to maintain a shred of dignity in this world." - Me
	ID: 242085 ·

Pepo Volunteer tester Send message Joined: 5 Aug 99 Posts: 308 Credit: 413,740 RAC: 0	Message 242174 - Posted: 4 Feb 2006, 11:53:47 UTC - in response to Message 242085.
	Yes, a feature that checks for the correct files in the correct directories would be nice, specially for those who don't keep an eye on their system. Only to check whether the known installation is complete would possibly not uncover some hidden installation somewhere deep in e.g. my grandma's My pictures folder tree (user name is not important, I only chose some random user and unexpected folder), but could notice some differend user's project attached to the host. The Average CPU efficiency is also a very good indication whether some host's CPU is running some other payload except the known Boinc installation. In such case, the CPU efficiency would never exceed 0.4999 and Boinc could make a note if it for the owner, whether (s)he is sure the host is otherwise so busy. Peter
	ID: 242174 ·

UBT - Halifax--lad Volunteer tester Send message Joined: 13 Dec 00 Posts: 433 Credit: 13,900 RAC: 0	Message 242247 - Posted: 4 Feb 2006, 15:01:25 UTC
	Surely the easiest way users can check is to simply look at what processes are running on there computer through CTRL-ALT-DEL or is there a way a program can be hidden prom the process menu on Task Manager ____________ Join us in Chat (see the forum) Click the Sig Join UBT
	ID: 242247 ·

bartsob5 Volunteer tester Send message Joined: 16 Jun 04 Posts: 10 Credit: 5,904 RAC: 0	Message 242253 - Posted: 4 Feb 2006, 15:10:41 UTC
	but wouldn't it be much more safer and easier (for users) to add to BOINC special codes that would make it anuseful, when installed with different name than boinc.exe or in different location than drive:\\program files\\BOINC, or even more simply, and allowing everyone more free play (but not too much), drive:\\...\\...\\BOINC\\ ???? ____________
	ID: 242253 ·

Fuzzy Hollynoodles Volunteer tester Send message Joined: 3 Apr 99 Posts: 9659 Credit: 251,998 RAC: 0	Message 242260 - Posted: 4 Feb 2006, 15:13:22 UTC - in response to Message 242174.
	Yes, a feature that checks for the correct files in the correct directories would be nice, specially for those who don't keep an eye on their system. Only to check whether the known installation is complete would possibly not uncover some hidden installation somewhere deep in e.g. my grandma's My pictures folder tree (user name is not important, I only chose some random user and unexpected folder), but could notice some differend user's project attached to the host. The Average CPU efficiency is also a very good indication whether some host's CPU is running some other payload except the known Boinc installation. In such case, the CPU efficiency would never exceed 0.4999 and Boinc could make a note if it for the owner, whether (s)he is sure the host is otherwise so busy. Peter I was thinking of a program, that's able to check specific for e.g. the client_state.xml, if it's place in more than one directory, and where. The wupdmgr1.exe can change name as soon as it's discovered with it's new name, and the directory can be changed also. A scan in the whole Windows directory would be appropriate. As I said earlier, I scanned my whole harddisk for both the wupdmgr1.exe and the client_state.xml and found only one instance of the client_state.xml in the right directory. But a total scan would be necessary. Yes, you can get a good pointer in the CPU efficiency, and by exiting BOINC you should be able to tell if your computer becomes idle by watching the graphs, but again, how many of the average users, who ain't familiar with these functions, are aware of their computers being idle? I'll know it on my laptop, as the fan stops almost imidiately, but on a desktop computer, where you're used to the sound, how much will you notice? My old desktop computer weren't that noisy, and if it became idle, there was always a sound of the fan. This situation is really sad. :-( ____________ "I'm trying to maintain a shred of dignity in this world." - Me
	ID: 242260 ·

skab Send message Joined: 13 Mar 03 Posts: 18 Credit: 2,874,929 RAC: 0	Message 242269 - Posted: 4 Feb 2006, 15:22:14 UTC
	Bad news here, I had a mirror'd OS hard drive problem and had to switch to my F drive. Since then I've run accross the fact that the only file that needs to be changed is the BOINC manager file and the start-up shortcut. You don't have to do anything to the BOINC manager in the original installation, it'll still be there and look like everything is going fine, unless your checking your rac against a dialy stats sheet or your account you'll never know that the wu's are going someplace else. And the process's under the task manager will show exactly what it's supposed to also. I think that maybe checking for duplicate files would be the thing to do although this still just helps those of us that know what we're looking for. Is it possible to make it so the that all the programs have to be in one main folder to run? ____________ SETI, ONLY SETI, ALWAYS SETI!!
	ID: 242269 ·

bartsob5 Volunteer tester Send message Joined: 16 Jun 04 Posts: 10 Credit: 5,904 RAC: 0	Message 242287 - Posted: 4 Feb 2006, 15:56:25 UTC - in response to Message 242269.
	yeah, right! some unexperienced users, on many forums are asking: "hey, guys! i've opened task manager, and i have one question... what is idle process (proces bezczynnoœci)? IT'S GETTING 100% OF MY CPU!" so why are we talking about searching for some specific files like client_state.xml? ____________
	ID: 242287 ·

Michael Buckingham Volunteer tester Send message Joined: 21 Aug 99 Posts: 4413 Credit: 2,663,817 RAC: 0	Message 242294 - Posted: 4 Feb 2006, 16:08:34 UTC - in response to Message 242247.
	Surely the easiest way users can check is to simply look at what processes are running on there computer through CTRL-ALT-DEL or is there a way a program can be hidden prom the process menu on Task Manager Yes you can hide processes from the Task Manager. ____________ http://www.mikesbawx.org/photo/
	ID: 242294 ·

trux Volunteer tester Send message Joined: 6 Feb 01 Posts: 344 Credit: 1,127,051 RAC: 0	Message 242298 - Posted: 4 Feb 2006, 16:12:32 UTC Last modified: 4 Feb 2006, 16:14:25 UTC
	@ Fred_G: Fred, could you possibly send me the file sched_request.xml from the system32 dir of the infected machine? I am building in some protection into my core client, and need to verify some info in the file. Thanks! If you are willing to do it, use please boinc -AT- truxoft -DOT- com ____________ trux BOINC software Freediving Team Czech Republic
	ID: 242298 ·

Alinator Volunteer tester Send message Joined: 19 Apr 05 Posts: 4118 Credit: 3,020,851 RAC: 8,409	Message 242300 - Posted: 4 Feb 2006, 16:13:05 UTC - in response to Message 242247. Last modified: 4 Feb 2006, 16:16:04 UTC
	Surely the easiest way users can check is to simply look at what processes are running on there computer through CTRL-ALT-DEL or is there a way a program can be hidden prom the process menu on Task Manager Yes, it is possible to hide processes from task manager, even for the administrative account. That was one of the issues behind the recent SONY/BMG rootkit debacle. Also, whereas it would be a good idea to have more robust internal security for BOINC and the related project apps, they aren't even digitally signed. I realize this would require buying a certificate which incurs an extra cost, but surely having the hashes for the executables posted prominently somewhere on the DL page (perhaps the version details?) would help. In addition, I not sure it's a good idea for BOINC to start trying to "police" what's going on with host systems. The simple reality is all computers are tools, regardless of whether it's a home PC or supercomputer, and not toasters. It is the responsibility of the owner and/or users to have at least a fundamental understanding of its function AND the risks and hazards of its use. Alinator
	ID: 242300 ·

Matt Lebofsky Volunteer moderator Project administrator Project developer Project scientist Send message Joined: 1 Mar 99 Posts: 1375 Credit: 74,079 RAC: 0	Message 242323 - Posted: 4 Feb 2006, 17:15:55 UTC
	Just so people don't get the wrong idea, I just deleted Carsten's account and team with his explicit permission. They should disappear off the charts shortly (as web pages fall out of cache). None of the virus/worm clients have been able to upload/download work for days. I don't have any evidence that he was the creator of this worm, and frankly it is not my responsibility to care, since any hacker activity involved is completely divorced from BOINC. For example, if somebody broke into your house and played a Steely Dan CD on your stereo, is Steely Dan guilty? Nevertheless, as stated numerous times, it isn't great public relations to have our software running on hacked machines. Well, we did the best we could do and render it useless. - Matt ____________ -- BOINC/SETI@home network/web/science/development person -- "Any idiot can have a good idea. What is hard is to do it." - Jeanne-Claude
	ID: 242323 ·

Michael Buckingham Volunteer tester Send message Joined: 21 Aug 99 Posts: 4413 Credit: 2,663,817 RAC: 0	Message 242329 - Posted: 4 Feb 2006, 17:21:21 UTC - in response to Message 242323.
	Just so people don't get the wrong idea, I just deleted Carsten's account and team with his explicit permission. They should disappear off the charts shortly (as web pages fall out of cache). None of the virus/worm clients have been able to upload/download work for days. I don't have any evidence that he was the creator of this worm, and frankly it is not my responsibility to care, since any hacker activity involved is completely divorced from BOINC. For example, if somebody broke into your house and played a Steely Dan CD on your stereo, is Steely Dan guilty? Nevertheless, as stated numerous times, it isn't great public relations to have our software running on hacked machines. Well, we did the best we could do and render it useless. - Matt He took the easy way out, I am sure he knew what was going on. ____________ http://www.mikesbawx.org/photo/
	ID: 242329 ·

Fuzzy Hollynoodles Volunteer tester Send message Joined: 3 Apr 99 Posts: 9659 Credit: 251,998 RAC: 0	Message 242330 - Posted: 4 Feb 2006, 17:22:08 UTC - in response to Message 242323.
	Just so people don't get the wrong idea, I just deleted Carsten's account and team with his explicit permission. They should disappear off the charts shortly (as web pages fall out of cache). None of the virus/worm clients have been able to upload/download work for days. I don't have any evidence that he was the creator of this worm, and frankly it is not my responsibility to care, since any hacker activity involved is completely divorced from BOINC. ... - Matt Thanks Matt for the update. I think this solution is satisfactory for most here. ____________ "I'm trying to maintain a shred of dignity in this world." - Me
	ID: 242330 ·

Alinator Volunteer tester Send message Joined: 19 Apr 05 Posts: 4118 Credit: 3,020,851 RAC: 8,409	Message 242344 - Posted: 4 Feb 2006, 17:29:01 UTC - in response to Message 242323. Last modified: 4 Feb 2006, 17:29:59 UTC
	Just so people don't get the wrong idea, I just deleted Carsten's account and team with his explicit permission. They should disappear off the charts shortly (as web pages fall out of cache). None of the virus/worm clients have been able to upload/download work for days. I don't have any evidence that he was the creator of this worm, and frankly it is not my responsibility to care, since any hacker activity involved is completely divorced from BOINC. For example, if somebody broke into your house and played a Steely Dan CD on your stereo, is Steely Dan guilty? Nevertheless, as stated numerous times, it isn't great public relations to have our software running on hacked machines. Well, we did the best we could do and render it useless. - Matt FWIW, I think you folks handled the affair as quickly and thoroughly as possible given the circumstances. As I mentioned before, I'm more concerned about the possibility this was an experiment to test the waters of the SAH community, with the goal being to compromise existing valid installations with a "rooted" BOINC/SETI package. You have to admit several hundred thousand hosts make a tempting target. ;-) Alinator
	ID: 242344 ·

trux Volunteer tester Send message Joined: 6 Feb 01 Posts: 344 Credit: 1,127,051 RAC: 0	Message 242365 - Posted: 4 Feb 2006, 17:59:27 UTC - in response to Message 242323. Last modified: 4 Feb 2006, 18:01:17 UTC
	Just so people don't get the wrong idea, I just deleted Carsten's account and team with his explicit permission. They should disappear off the charts shortly (as web pages fall out of cache). That's nice, but I am afraid it does not quite solve the problem. There is no guarantee he (or the one who did it if it was not him; or anyone else) does not launch the virus (if it was a virus) with a new account ID, or even worse - with a randomly used account id's. I believe there is some work to be done, and some mechanism to be implemented to limit such possibilities. Some ideas were already proposed, and there are surely other means available. So for example a handshake with the server during the host registration, requiring human confirmation is one possibility. For those admins who install hosts in bulk, it may be still done too, without limiting them too much, but keeping the human input anyway. Checking for multiple BOINC installations in RAM or on the disk, is another function that would help. A popup window once upon a longe time (i.e. randomly each few weeks) alerting the user that his computer runs BOINC, listing attached projects, user and team id's, would be another possibility, but I already see all the screeming users who install BOINC secretely on machines of friends, colleagues, or customers - that may be difficult to accept for many. There are certainly many other possibilities, and I think BOINC should definitely keep the security in mind. Btw, another question - will be the 5-6 milions of credit that Giese made for SETI.Germany until recently, also deduced? ____________ trux BOINC software Freediving Team Czech Republic
	ID: 242365 ·

Michael Buckingham Volunteer tester Send message Joined: 21 Aug 99 Posts: 4413 Credit: 2,663,817 RAC: 0	Message 242377 - Posted: 4 Feb 2006, 18:10:58 UTC - in response to Message 242365.
	Btw, another question - will be the 5-6 milions of credit that Giese made for SETI.Germany until recently, also deduced? I hope, because it borders on cheating. ____________ http://www.mikesbawx.org/photo/
	ID: 242377 ·

trux Volunteer tester Send message Joined: 6 Feb 01 Posts: 344 Credit: 1,127,051 RAC: 0	Message 242378 - Posted: 4 Feb 2006, 18:16:26 UTC - in response to Message 241838. Last modified: 4 Feb 2006, 18:22:23 UTC
	When Nez started rocketing up the charts there was some concern expressed on the boards. He was checked out and even posted several times to clear up the problem. Turns out there was no problem. He has properly earned his number 1 ranking. Well, Giese is done, so why not reharshing this case :) I searched the forum archive, but found only a single post of NEZ - in Cafe, regarding the Babe of the Day. No comment to the incredible RAC he has. Theoretically, it could be done by couple of hunderds of high performance machines (or maybe couple of supercomouters) running 24/7, but practically several thousands machines seem to be more probable. That's surely possible for a huge company or a well organized group of individuals, but I'd be interested how Nez explained it. Can you point us to the post he made, and that turned it into "no problem" as you wrote? I'd be definitely interested in reading it, but did not find anything. ____________ trux BOINC software Freediving Team Czech Republic
	ID: 242378 ·

trux Volunteer tester Send message Joined: 6 Feb 01 Posts: 344 Credit: 1,127,051 RAC: 0	Message 242388 - Posted: 4 Feb 2006, 18:30:45 UTC Last modified: 4 Feb 2006, 18:37:12 UTC
	Another easy way of cheating was discussed long time ago on our team forum, when some new projects appeared, with description in foreign languages that nobody understood. We were speculating that there is nothing easier than creating a bogus project, just forwarding S@H WU's and then resending the completeed results to the S@H server under own user or team ID. There are people who are stupid enough and joining every single new BOINC project in the very moment it appears, without verifying what it actually does, or without making research of the organization or individuals behind the project. Personally I will never run any project that does not come with the source code, or at least, that is not managed by some organization with reliable reputation. I bet that we were not the first ones who came to that idea, and consider it quite possible that some of the many new projects we have in BOINC, may already use this method to cummulate huge credit amounts. EDIT: for the very same reason, be also careful with istalling 3rd party BOINC clients and project applications, unless they come with the source code where you can recompile it yourself to verify there is no surprise hidden in it. ____________ trux BOINC software Freediving Team Czech Republic
	ID: 242388 ·

Fuzzy Hollynoodles Volunteer tester Send message Joined: 3 Apr 99 Posts: 9659 Credit: 251,998 RAC: 0	Message 242390 - Posted: 4 Feb 2006, 18:35:30 UTC - in response to Message 242378.
	When Nez started rocketing up the charts there was some concern expressed on the boards. He was checked out and even posted several times to clear up the problem. Turns out there was no problem. He has properly earned his number 1 ranking. Well, Giese is done, so why not reharshing this case :) I searched the forum archive, but found only a single post of NEZ - in Cafe, regarding the Babe of the Day. No comment to the incredible RAC he has. ... No, he never answered Misfits question in the BOTD thread. ____________ "I'm trying to maintain a shred of dignity in this world." - Me
	ID: 242390 ·

Previous · 1 . . . 8 · 9 · 10 · 11 · 12 · 13 · 14 . . . 27 · Next

Message boards : Number crunching : Do we have a Boinc virus?