Do we have a Boinc virus?
Message boards :
Number crunching :
Do we have a Boinc virus?
Message board moderation
Previous · 1 . . . 8 · 9 · 10 · 11 · 12 · 13 · 14 . . . 27 · Next
| Author | Message |
|---|---|
 Webmaster Yoda  Send message Joined: 3 Apr 99 Posts: 52 Credit: 500,125 RAC: 0 
|
Do you still want to stick to a single machine with a RAC of 760? Easily done with a fast machine running optimised apps. My Athlon 64 3700+ has an RAC over 770 and my 3.4GHz Pentium 4 has an RAC over 1000. Dual core and dual processor machines can get RAC's over 2,000. See http://setiweb.ssl.berkeley.edu/top_hosts.php EDIT: There's something like 500 hosts with an RAC over 1,000 *** Join the #1 Aussie Alliance on SETI *** ID: 242074 ·  |
Fuzzy Hollynoodles  Send message Joined: 3 Apr 99 Posts: 9659 Credit: 251,998 RAC: 0 |
I've just checked my whole harddisk for that exe file, and luckily I don't have it. Yes, a feature that checks for the correct files in the correct directories would be nice, specially for those who don't keep an eye on their system. "I'm trying to maintain a shred of dignity in this world." - Me 
ID: 242085 · |
Pepo  Send message Joined: 5 Aug 99 Posts: 308 Credit: 418,019 RAC: 0 
|
Yes, a feature that checks for the correct files in the correct directories would be nice, specially for those who don't keep an eye on their system. Only to check whether the known installation is complete would possibly not uncover some hidden installation somewhere deep in e.g. my grandma's My pictures folder tree (user name is not important, I only chose some random user and unexpected folder), but could notice some differend user's project attached to the host. The Average CPU efficiency is also a very good indication whether some host's CPU is running some other payload except the known Boinc installation. In such case, the CPU efficiency would never exceed 0.4999 and Boinc could make a note if it for the owner, whether (s)he is sure the host is otherwise so busy. Peter ID: 242174 · |
UBT - Halifax--lad  Send message Joined: 13 Dec 00 Posts: 433 Credit: 13,900 RAC: 0 
|
Surely the easiest way users can check is to simply look at what processes are running on there computer through CTRL-ALT-DEL or is there a way a program can be hidden prom the process menu on Task Manager Join us in Chat (see the forum) Click the Sig  Join UBT ID: 242247 · |
bartsob5  Send message Joined: 16 Jun 04 Posts: 10 Credit: 6,715 RAC: 0 
|
but wouldn't it be much more safer and easier (for users) to add to BOINC special codes that would make it anuseful, when installed with different name than boinc.exe or in different location than drive:\\program files\\BOINC, or even more simply, and allowing everyone more free play (but not too much), drive:\\...\\...\\BOINC\\ ???? 
ID: 242253 · |
|
Fuzzy Hollynoodles Send message Joined: 3 Apr 99 Posts: 9659 Credit: 251,998 RAC: 0 |
Yes, a feature that checks for the correct files in the correct directories would be nice, specially for those who don't keep an eye on their system. I was thinking of a program, that's able to check specific for e.g. the client_state.xml, if it's place in more than one directory, and where. The wupdmgr1.exe can change name as soon as it's discovered with it's new name, and the directory can be changed also. A scan in the whole Windows directory would be appropriate. As I said earlier, I scanned my whole harddisk for both the wupdmgr1.exe and the client_state.xml and found only one instance of the client_state.xml in the right directory. But a total scan would be necessary. Yes, you can get a good pointer in the CPU efficiency, and by exiting BOINC you should be able to tell if your computer becomes idle by watching the graphs, but again, how many of the average users, who ain't familiar with these functions, are aware of their computers being idle? I'll know it on my laptop, as the fan stops almost imidiately, but on a desktop computer, where you're used to the sound, how much will you notice? My old desktop computer weren't that noisy, and if it became idle, there was always a sound of the fan. This situation is really sad. :-( "I'm trying to maintain a shred of dignity in this world." - Me
ID: 242260 · |
skab  Send message Joined: 13 Mar 03 Posts: 18 Credit: 2,874,929 RAC: 0 
|
Bad news here, I had a mirror'd OS hard drive problem and had to switch to my F drive. Since then I've run accross the fact that the only file that needs to be changed is the BOINC manager file and the start-up shortcut. You don't have to do anything to the BOINC manager in the original installation, it'll still be there and look like everything is going fine, unless your checking your rac against a dialy stats sheet or your account you'll never know that the wu's are going someplace else. And the process's under the task manager will show exactly what it's supposed to also. I think that maybe checking for duplicate files would be the thing to do although this still just helps those of us that know what we're looking for. Is it possible to make it so the that all the programs have to be in one main folder to run?  SETI, ONLY SETI, ALWAYS SETI!! ID: 242269 · |
|
bartsob5 Send message Joined: 16 Jun 04 Posts: 10 Credit: 6,715 RAC: 0
|
yeah, right! some unexperienced users, on many forums are asking: "hey, guys! i've opened task manager, and i have one question... what is idle process (proces bezczynnoœci)? IT'S GETTING 100% OF MY CPU!" so why are we talking about searching for some specific files like client_state.xml?
ID: 242287 · |
Michael     Send message Joined: 21 Aug 99 Posts: 4609 Credit: 7,427,891 RAC: 18
 |
Surely the easiest way users can check is to simply look at what processes are running on there computer through CTRL-ALT-DEL or is there a way a program can be hidden prom the process menu on Task Manager Yes you can hide processes from the Task Manager. ID: 242294 · |
trux  Send message Joined: 6 Feb 01 Posts: 344 Credit: 1,127,051 RAC: 0 
|
@ Fred_G: Fred, could you possibly send me the file sched_request.xml from the system32 dir of the infected machine? I am building in some protection into my core client, and need to verify some info in the file. Thanks! If you are willing to do it, use please boinc -AT- truxoft -DOT- com trux BOINC software Freediving Team Czech Republic ID: 242298 · |
|
Alinator Send message Joined: 19 Apr 05 Posts: 4178 Credit: 4,647,982 RAC: 0
|
Surely the easiest way users can check is to simply look at what processes are running on there computer through CTRL-ALT-DEL or is there a way a program can be hidden prom the process menu on Task Manager Yes, it is possible to hide processes from task manager, even for the administrative account. That was one of the issues behind the recent SONY/BMG rootkit debacle. Also, whereas it would be a good idea to have more robust internal security for BOINC and the related project apps, they aren't even digitally signed. I realize this would require buying a certificate which incurs an extra cost, but surely having the hashes for the executables posted prominently somewhere on the DL page (perhaps the version details?) would help. In addition, I not sure it's a good idea for BOINC to start trying to "police" what's going on with host systems. The simple reality is all computers are tools, regardless of whether it's a home PC or supercomputer, and not toasters. It is the *responsibility* of the owner and/or users to have at *least* a fundamental understanding of its function AND the risks and hazards of its use. Alinator ID: 242300 · |
Matt Lebofsky  Send message Joined: 1 Mar 99 Posts: 1444 Credit: 957,058 RAC: 0
|
Just so people don't get the wrong idea, I just deleted Carsten's account and team with his explicit permission. They should disappear off the charts shortly (as web pages fall out of cache). None of the virus/worm clients have been able to upload/download work for days. I don't have any evidence that he was the creator of this worm, and frankly it is not my responsibility to care, since any hacker activity involved is completely divorced from BOINC. For example, if somebody broke into your house and played a Steely Dan CD on your stereo, is Steely Dan guilty? Nevertheless, as stated numerous times, it isn't great public relations to have our software running on hacked machines. Well, we did the best we could do and render it useless. - Matt -- BOINC/SETI@home network/web/science/development person -- "Any idiot can have a good idea. What is hard is to do it." - Jeanne-Claude ID: 242323 · |
|
Michael Send message Joined: 21 Aug 99 Posts: 4609 Credit: 7,427,891 RAC: 18
|
Just so people don't get the wrong idea, I just deleted Carsten's account and team with his explicit permission. They should disappear off the charts shortly (as web pages fall out of cache). He took the easy way out, I am sure he knew what was going on. ID: 242329 · |
|
Fuzzy Hollynoodles Send message Joined: 3 Apr 99 Posts: 9659 Credit: 251,998 RAC: 0 |
Just so people don't get the wrong idea, I just deleted Carsten's account and team with his explicit permission. They should disappear off the charts shortly (as web pages fall out of cache). Thanks Matt for the update. I think this solution is satisfactory for most here. "I'm trying to maintain a shred of dignity in this world." - Me
ID: 242330 · |
|
Alinator Send message Joined: 19 Apr 05 Posts: 4178 Credit: 4,647,982 RAC: 0
|
Just so people don't get the wrong idea, I just deleted Carsten's account and team with his explicit permission. They should disappear off the charts shortly (as web pages fall out of cache). FWIW, I think you folks handled the affair as quickly and thoroughly as possible given the circumstances. As I mentioned before, I'm more concerned about the possibility this was an experiment to test the waters of the SAH community, with the goal being to compromise existing *valid* installations with a "rooted" BOINC/SETI package. You have to admit several hundred thousand hosts make a tempting target. ;-) Alinator ID: 242344 · |
|
trux Send message Joined: 6 Feb 01 Posts: 344 Credit: 1,127,051 RAC: 0
|
Just so people don't get the wrong idea, I just deleted Carsten's account and team with his explicit permission. They should disappear off the charts shortly (as web pages fall out of cache).That's nice, but I am afraid it does not quite solve the problem. There is no guarantee he (or the one who did it if it was not him; or anyone else) does not launch the virus (if it was a virus) with a new account ID, or even worse - with a randomly used account id's. I believe there is some work to be done, and some mechanism to be implemented to limit such possibilities. Some ideas were already proposed, and there are surely other means available. So for example a handshake with the server during the host registration, requiring human confirmation is one possibility. For those admins who install hosts in bulk, it may be still done too, without limiting them too much, but keeping the human input anyway. Checking for multiple BOINC installations in RAM or on the disk, is another function that would help. A popup window once upon a longe time (i.e. randomly each few weeks) alerting the user that his computer runs BOINC, listing attached projects, user and team id's, would be another possibility, but I already see all the screeming users who install BOINC secretely on machines of friends, colleagues, or customers - that may be difficult to accept for many. There are certainly many other possibilities, and I think BOINC should definitely keep the security in mind. Btw, another question - will be the 5-6 milions of credit that Giese made for SETI.Germany until recently, also deduced? trux BOINC software Freediving Team Czech Republic ID: 242365 · |
|
Michael Send message Joined: 21 Aug 99 Posts: 4609 Credit: 7,427,891 RAC: 18
|
I hope, because it borders on cheating. ID: 242377 · |
|
trux Send message Joined: 6 Feb 01 Posts: 344 Credit: 1,127,051 RAC: 0
|
When Nez started rocketing up the charts there was some concern expressed on the boards. He was checked out and even posted several times to clear up the problem. Turns out there was no problem. He has properly earned his number 1 ranking.Well, Giese is done, so why not reharshing this case :) I searched the forum archive, but found only a single post of NEZ - in Cafe, regarding the Babe of the Day. No comment to the incredible RAC he has. Theoretically, it could be done by couple of hunderds of high performance machines (or maybe couple of supercomouters) running 24/7, but practically several thousands machines seem to be more probable. That's surely possible for a huge company or a well organized group of individuals, but I'd be interested how Nez explained it. Can you point us to the post he made, and that turned it into "no problem" as you wrote? I'd be definitely interested in reading it, but did not find anything. trux BOINC software Freediving Team Czech Republic ID: 242378 · |
|
trux Send message Joined: 6 Feb 01 Posts: 344 Credit: 1,127,051 RAC: 0
|
Another easy way of cheating was discussed long time ago on our team forum, when some new projects appeared, with description in foreign languages that nobody understood. We were speculating that there is nothing easier than creating a bogus project, just forwarding S@H WU's and then resending the completeed results to the S@H server under own user or team ID. There are people who are stupid enough and joining every single new BOINC project in the very moment it appears, without verifying what it actually does, or without making research of the organization or individuals behind the project. Personally I will never run any project that does not come with the source code, or at least, that is not managed by some organization with reliable reputation. I bet that we were not the first ones who came to that idea, and consider it quite possible that some of the many new projects we have in BOINC, may already use this method to cummulate huge credit amounts. EDIT: for the very same reason, be also careful with istalling 3rd party BOINC clients and project applications, unless they come with the source code where you can recompile it yourself to verify there is no surprise hidden in it. trux BOINC software Freediving Team Czech Republic ID: 242388 · |
|
Fuzzy Hollynoodles Send message Joined: 3 Apr 99 Posts: 9659 Credit: 251,998 RAC: 0 |
When Nez started rocketing up the charts there was some concern expressed on the boards. He was checked out and even posted several times to clear up the problem. Turns out there was no problem. He has properly earned his number 1 ranking.Well, Giese is done, so why not reharshing this case :) I searched the forum archive, but found only a single post of NEZ - in Cafe, regarding the Babe of the Day. No comment to the incredible RAC he has. ... No, he never answered Misfits question in the BOTD thread. "I'm trying to maintain a shred of dignity in this world." - Me
ID: 242390 · |
©2025 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.