Malware in presets?

[wangeroge]

Is it possible that malware is hidden in free presets? For example there was a KVR user with the username Kriminal who uploaded Dune presets and put them on a filesharing site. The user is banned now, but the link is still on the KVR forum. Can I download the file and use it if there are only .fxp preset files in the zip archive? Can we trust the synth companies to do proper input checking? Or can someone exploit a buffer overflow or a similar security hole?

Has something like this ever happened?

[AnX]

the link is still on the KVR forum

where?

[AnX]

Can we trust the synth companies to do proper input checking?

synth companies do not go around checking free presets for malware.... its not their job...

[Teksonik]

Is it possible that malware is hidden in free presets? For example there was a KVR user with the username Kriminal who uploaded Dune presets and put them on a filesharing site. The user is banned now, but the link is still on the KVR forum. Can I download the file and use it if there are only .fxp preset files in the zip archive? Can we trust the synth companies to do proper input checking? Or can someone exploit a buffer overflow or a similar security hole?

Yea that Kriminal was a real shady character.....

Anyway upload the files to Virus Total:

https://www.virustotal.com/gui/home/upload

It's possible somewhere along the line somebody got a hold of the file and injected something nasty. I'm sure it wasn't done to the original files.

Is it possible for an .fxp file to contain malware ? I suppose it's possible since they're really only text files. I'm not aware of any preset files containing malware in the past.

[wangeroge]

Can we trust the synth companies to do proper input checking?

synth companies do not go around checking free presets for malware.... its not their job...

No, they should check every input. That doesn't mean they have to download every file. It just means they need to check their code for security vulnerabilities.

I spoke with the Spire developer. He said that Spire does proper input checks. But I'm not sure every company does it properly. But there are so many free presets for nearly every synth...

[wangeroge]

the link is still on the KVR forum

where?

It was only an example: viewtopic.php?t=431552
There are lots and lots of free presets on KVR and the internet. The problem is the same for all of them even when the username is not "Kriminal".

[wangeroge]

If the preset filesize is only 4-6kB like most presets can I be sure there is no malware inside? How big is malware?

[Erisian]

Try downloading anti malware software. If you don't like the risks, don't use the presets. I've a feeling this is going to turn into a game of "Why don't you" - "Yes but" and the best thing would be if we all refuse to play.

[AnX]

the link is still on the KVR forum

where?

It was only an example: viewtopic.php?t=431552
There are lots and lots of free presets on KVR and the internet. The problem is the same for all of them even when the username is not "Kriminal".

ah, Dune 2

they are fine, they also work in D3 (but not v1) not sure if links are dead tho....

[AnX]

Can we trust the synth companies to do proper input checking?

synth companies do not go around checking free presets for malware.... its not their job...

No, they should check every input. That doesn't mean they have to download every file. It just means they need to check their code for security vulnerabilities.

so you expect every company to check every free preset on the net?

not gonna happen

try this

https://www.malwarebytes.com/mwb-download/

[chk071]

Lol @ the Kriminal thing.

Well, considering preset files usually don't come in a file format which is executable, or in other ways suitable for malware, I wouldn't worry too much.

Other than that, all has been said. If you're unsure, just upload the file(s) on VirusTotal.

[wangeroge]

Your DAW is executable and has rights to write on the whole harddrive. The plugins get the same rights. One buffer overflow of an unchecked parameter of the preset is enough to execute code.

[AnX]

Your DAW is executable and has rights to write on the whole harddrive. The plugins get the same rights. One buffer overflow of an unchecked parameter of the preset is enough to execute code.

if you are that knowledgeable, you should be able to sort this dilemma yourself....

[chk071]

Your DAW is executable and has rights to write on the whole harddrive. The plugins get the same rights.

The plugins don't get general rights to write into system folders...

Apart from that, the plugins also only do the things they're supposed to do (like saving their settings, or presets to the hard disk). I never heard of a plugin which works as a malware through the DAW. If anything, the malware is in the plugin installer's executable.

[Greenstorm33]

Your DAW is executable and has rights to write on the whole harddrive. The plugins get the same rights. One buffer overflow of an unchecked parameter of the preset is enough to execute code.

Sounds like you already know the answer to the "is it possible" question. I'd think a few kb would be plenty for malicious code that downloads a bigger payload. To my knowledge it's never happened though. Possibly security through obscurity where krim- err criminals either don't know about or have better things to do than probing vst plugins for vulnerabilities.