Malware in presets?
- KVRian
- Topic Starter
- 568 posts since 19 Aug, 2020 from the top of the charts
Is it possible that malware is hidden in free presets? For example there was a KVR user with the username Kriminal who uploaded Dune presets and put them on a filesharing site. The user is banned now, but the link is still on the KVR forum. Can I download the file and use it if there are only .fxp preset files in the zip archive? Can we trust the synth companies to do proper input checking? Or can someone exploit a buffer overflow or a similar security hole?
Has something like this ever happened?
Has something like this ever happened?
If you plan on purchasing your first Universal Audio hardware, you can get a free additional plugin. Just send a PM.
- Banned
- 10732 posts since 17 Nov, 2015
- KVRAF
- 18561 posts since 16 Sep, 2001 from Las Vegas,USA
Yea that Kriminal was a real shady character.....wangeroge wrote: ↑Wed Apr 28, 2021 3:57 pm Is it possible that malware is hidden in free presets? For example there was a KVR user with the username Kriminal who uploaded Dune presets and put them on a filesharing site. The user is banned now, but the link is still on the KVR forum. Can I download the file and use it if there are only .fxp preset files in the zip archive? Can we trust the synth companies to do proper input checking? Or can someone exploit a buffer overflow or a similar security hole?
Anyway upload the files to Virus Total:
https://www.virustotal.com/gui/home/upload
It's possible somewhere along the line somebody got a hold of the file and injected something nasty. I'm sure it wasn't done to the original files.
Is it possible for an .fxp file to contain malware ? I suppose it's possible since they're really only text files. I'm not aware of any preset files containing malware in the past.
None are so hopelessly enslaved as those who falsely believe they are free. Johann Wolfgang von Goethe
- KVRian
- Topic Starter
- 568 posts since 19 Aug, 2020 from the top of the charts
No, they should check every input. That doesn't mean they have to download every file. It just means they need to check their code for security vulnerabilities.
I spoke with the Spire developer. He said that Spire does proper input checks. But I'm not sure every company does it properly. But there are so many free presets for nearly every synth...
If you plan on purchasing your first Universal Audio hardware, you can get a free additional plugin. Just send a PM.
- KVRian
- Topic Starter
- 568 posts since 19 Aug, 2020 from the top of the charts
It was only an example: viewtopic.php?t=431552
There are lots and lots of free presets on KVR and the internet. The problem is the same for all of them even when the username is not "Kriminal".
If you plan on purchasing your first Universal Audio hardware, you can get a free additional plugin. Just send a PM.
- KVRian
- Topic Starter
- 568 posts since 19 Aug, 2020 from the top of the charts
If the preset filesize is only 4-6kB like most presets can I be sure there is no malware inside? How big is malware?
If you plan on purchasing your first Universal Audio hardware, you can get a free additional plugin. Just send a PM.
-
- Banned
- 4558 posts since 21 Mar, 2020
Try downloading anti malware software. If you don't like the risks, don't use the presets. I've a feeling this is going to turn into a game of "Why don't you" - "Yes but" and the best thing would be if we all refuse to play.
- Banned
- 10732 posts since 17 Nov, 2015
wangeroge wrote: ↑Wed Apr 28, 2021 4:35 pmIt was only an example: viewtopic.php?t=431552
There are lots and lots of free presets on KVR and the internet. The problem is the same for all of them even when the username is not "Kriminal".
ah, Dune 2
they are fine, they also work in D3 (but not v1) not sure if links are dead tho....
- Banned
- 10732 posts since 17 Nov, 2015
so you expect every company to check every free preset on the net?
not gonna happen
try this
https://www.malwarebytes.com/mwb-download/
-
- KVRAF
- 35436 posts since 11 Apr, 2010 from Germany
Lol @ the Kriminal thing.
Well, considering preset files usually don't come in a file format which is executable, or in other ways suitable for malware, I wouldn't worry too much.
Other than that, all has been said. If you're unsure, just upload the file(s) on VirusTotal.
Well, considering preset files usually don't come in a file format which is executable, or in other ways suitable for malware, I wouldn't worry too much.
Other than that, all has been said. If you're unsure, just upload the file(s) on VirusTotal.
- KVRian
- Topic Starter
- 568 posts since 19 Aug, 2020 from the top of the charts
Your DAW is executable and has rights to write on the whole harddrive. The plugins get the same rights. One buffer overflow of an unchecked parameter of the preset is enough to execute code.
If you plan on purchasing your first Universal Audio hardware, you can get a free additional plugin. Just send a PM.
- Banned
- 10732 posts since 17 Nov, 2015
if you are that knowledgeable, you should be able to sort this dilemma yourself....
-
- KVRAF
- 35436 posts since 11 Apr, 2010 from Germany
The plugins don't get general rights to write into system folders...
Apart from that, the plugins also only do the things they're supposed to do (like saving their settings, or presets to the hard disk). I never heard of a plugin which works as a malware through the DAW. If anything, the malware is in the plugin installer's executable.
-
- KVRian
- 1434 posts since 27 Apr, 2012
Sounds like you already know the answer to the "is it possible" question. I'd think a few kb would be plenty for malicious code that downloads a bigger payload. To my knowledge it's never happened though. Possibly security through obscurity where krim- err criminals either don't know about or have better things to do than probing vst plugins for vulnerabilities.
Softsynth addict and electronic music enthusiast.
"Destruction is the work of an afternoon. Creation is the work of a lifetime."
"Destruction is the work of an afternoon. Creation is the work of a lifetime."