KVR Audio

Greenstorm33 · Post by **Greenstorm33** » Wed Apr 28, 2021 5:56 pm

chk071 wrote: ↑Wed Apr 28, 2021 5:45 pm
wangeroge wrote: ↑Wed Apr 28, 2021 5:37 pm Your DAW is executable and has rights to write on the whole harddrive. The plugins get the same rights.
The plugins don't get general rights to write into system folders...

Apart from that, the plugins also only do the things they're supposed to do (like saving their settings, or presets to the hard disk). I never heard of a plugin which works as a malware through the DAW. If anything, the malware is in the plugin installer's executable.

The way a buffer overflow vulnerability works is you're able to load arbitrary code into memory e.g. via a file like a preset that's read as part of a program's normal operation and then hijack the process to cause it to do what you want by having it execute that code. It doesn't matter what the process is supposed to do, if this type of vulnerability is present you can make it do something else.

wangeroge · Post by **wangeroge** » Wed Apr 28, 2021 7:43 pm

Never happened. Ok, that's what I wanted to hear. Yes, I probably know too much because I am a developer. I‘m probably overthinking things. But I am sure these security threats are the reason for Apple to try to change the whole system.

wangeroge · Post by **wangeroge** » Wed Apr 28, 2021 7:58 pm

The only reason it never happened is probably because there are so many plugins and they can only infect a few people with free presets.

Greenstorm33 · Post by **Greenstorm33** » Wed Apr 28, 2021 8:49 pm

wangeroge wrote: ↑Wed Apr 28, 2021 7:43 pm Never happened. Ok, that's what I wanted to hear. Yes, I probably know too much because I am a developer. I‘m probably overthinking things. But I am sure these security threats are the reason for Apple to try to change the whole system.

I am definitely not the definitive source on what has happened but I've followed audio software-related stuff since 2012 and never once heard of anything like this. It didn't even occur to me as a possibility until I saw this thread.

wangeroge · Post by **wangeroge** » Wed Apr 28, 2021 9:29 pm

Oh, oh. I hope, I haven't opened a can of worms…

AnX · Post by **AnX** » Thu Apr 29, 2021 8:28 am

the presets are safe, guaranteed.

evilantal · Post by **evilantal** » Mon May 03, 2021 7:56 pm

AnX wrote: ↑Wed Apr 28, 2021 5:23 pm so you expect every company to check every free preset on the net?

not gonna happen

try this

https://www.malwarebytes.com/mwb-download/

I think the line of thought is that the synth checks if the parameter settings it's receiving through the preset/fxp are valid values for it.
If not, the file could contain malicious code.
In that case the plugin wouldn't load the code but block it as invalid.

This kind of thing is common in business software applications.

AnX · Post by **AnX** » Mon May 03, 2021 8:33 pm

Down102 · Post by **Down102** » Thu May 06, 2021 12:04 am

AnX wrote: ↑Wed Apr 28, 2021 4:02 pm
wangeroge wrote: ↑Wed Apr 28, 2021 3:57 pm the link is still on the KVR forum
where?

Best not to touch the files. You don't exactly know what is in those files. You might try talking to professionals about those files before downloading them.

Teksonik · Post by **Teksonik** » Thu May 06, 2021 1:14 am

Just what kind of "professionals" would you talk to ? The person who made those files has posted in this thread. The files are safe but if you're still concerned run the zip file through VirusTotal:

https://www.virustotal.com/gui/home/upload

AnX · Post by **AnX** » Thu May 06, 2021 6:07 am

Down102 wrote: ↑Thu May 06, 2021 12:04 am
AnX wrote: ↑Wed Apr 28, 2021 4:02 pm
wangeroge wrote: ↑Wed Apr 28, 2021 3:57 pm the link is still on the KVR forum
where?
Best not to touch the files. You don't exactly know what is in those files. You might try talking to professionals about those files before downloading them.

sock puppetry

Teksonik · Post by **Teksonik** » Thu May 06, 2021 1:03 pm

What was the clue that gave him away ? I would have never guessed.

sin night · Post by **sin night** » Sun May 09, 2021 11:44 pm

Anyway, why would anybody use presets for a vst plugin for such purposes? I mean: it looks like a very narrow target (the user base of a specific plugin with a vulnerability would have to downlad a certain preset...) and probably not really worth the effort...
I think a cyber criminal would rather use an unsafe website/hosting service and take advantage of browser's vulnerabilities, or perhaps add some "unwelcome surprises" to "the forbidden word you know what I mean" software.

Cyber criminals either target a specific person/organization (for very specific reasons/goals - and then they will do whatever it takes to reach their goals) or they go fishing in the middle of the mass. In this second case, they'd better be "effective", so it's not that smart for them to target a small user base and to have as a requirement the execution of a very specific/unlikely behaviour (downloading a certain preset and opening it), maybe also in a reasonable amount of time (not just a user every few months)... reaching a selected/small group of people may be a smart way to fly under the radar, but I think a cyber criminal would probably look for something more effective. That's not to say that cyber criminals will never do something like this (they may want to just prove a point), but usually they are money-driven, so it's more likely they focus their effort on things that may reach a lot of people in a reasonable amount of time and bring them money.

As a rule of thumb, if you don't know/trust the source, you'd better avoid downloading/interacting in any way. Instead, if you know/trust the source, then you should apply all the usual safety measures (look if there's something looking suspicious, scan for "unwelcome surprises"...) without lowering your attention (using knowledge/trust is a common strategy to make you do things you wouldn't usually do).

Malware in presets?