Safety? (with regards to installing)
- KVRist
- 484 posts since 9 Jan, 2023
Interested in getting feedback from folks about the safety of installing some of these free plugins. I use VirusTotal anytime I download a free plugin. Even some of the more well-known plugins will sometimes show a malicious file from one or more sites (VirusTotal, if you're unfamiliar, uses a conglomerate of site scans -- usually about 30 or so). But overall, VirusTotal will give you a greenlight on the file if most of the sites do not detect anything.
Anyone experience any issues or have any concerns about these plugins?
Anyone experience any issues or have any concerns about these plugins?
-
midi_transmission midi_transmission https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=298730
- KVRian
- 1045 posts since 13 Feb, 2013
I have the same concerns. I see the danger from potential bad actors, but also from security vulnerabilities. Unfortunately many audio developers seems not to have security on their radar. This starts with more and more network communication in the background by the plugin (potential attack vector, every plugin is doing it on their own, hence higher chance of error) and not using code signing for their plugins or taking care of false positive detections.
I don't try as much plugins as in the past because the impact of malware in a connected world is getting higher.
I don't try as much plugins as in the past because the impact of malware in a connected world is getting higher.
- KVRist
- Topic Starter
- 484 posts since 9 Jan, 2023
That was my distinct impression, as man, the CPU usage is getting a bit crazy now when running Tracktion, even with just loading basic tracks -- no plugins added yet. I kinda figured a lot of these software companies are making the bulk of their money back adding trackers or something, since the products are free.midi_transmission wrote: Fri Jun 02, 2023 11:22 am ... This starts with more and more network communication in the background by the plugin ...
-
midi_transmission midi_transmission https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=298730
- KVRian
- 1045 posts since 13 Feb, 2013
No I don't think that's the case. I don't think that scam is a business model in the audio world so far.
My fear is rather an isolated black sheep.
But even more the general lack of interest in security that is creating an attack vector by things like active network connections. The risks that is introduces by this is very much underestimated and ignored unfortunate in general.
It's like using an outdated browser for the network part.
My fear is rather an isolated black sheep.
But even more the general lack of interest in security that is creating an attack vector by things like active network connections. The risks that is introduces by this is very much underestimated and ignored unfortunate in general.
It's like using an outdated browser for the network part.
- KVRist
- Topic Starter
- 484 posts since 9 Jan, 2023
Well, for instance, the Bertom plugins. I've used the Denoiser for a while now (my absolute, most valuable plugin). Went to their site to download the other freeware they offer. Check each one, and one site found malware inside. So, I'm referring specifically to plugins downloaded directly from the publishers, not a third-party site.
-
- KVRAF
- 5444 posts since 15 Feb, 2020
I’ve never considered, for even a nanosecond, that stuff I downloaded to my Mac, from devs (Soundtoys, TAL, Izotope, Waves, Lennar, Ableton etc) might be the remotest bit dodgy.
Should I?
Should I?
I lost my heart in Cap de Creus
-
tapiodmitriyevich tapiodmitriyevich https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=391928
- KVRist
- 411 posts since 15 Jan, 2017 from 127.0.0.1
The old question we gotta ask ourselves since maybe the 80s, is this: "Should I trust developer X and install his closed source". Or does the software unwanted things like A, B or C? Maybe even unintended because libraries?
The answer is: Yes. No. Maybe. (A*B)/C=0.
Ask your guts. You could observe suspicious software with sysinternals filemon/procmon/whateverMonitor.
People generally aren'tn interested in security. Business gave them Antivirus software and they're happy. Let them be happy.
The answer is: Yes. No. Maybe. (A*B)/C=0.
Ask your guts. You could observe suspicious software with sysinternals filemon/procmon/whateverMonitor.
People generally aren'tn interested in security. Business gave them Antivirus software and they're happy. Let them be happy.
- KVRAF
- 18470 posts since 26 Jun, 2006 from San Francisco Bay Area
No. It’s not outside the realm of possibility, but probably remote. However, some random developer offering software that you have never heard of… could be worth passing on.revvy wrote: Sun Jun 04, 2023 6:12 am I’ve never considered, for even a nanosecond, that stuff I downloaded to my Mac, from devs (Soundtoys, TAL, Izotope, Waves, Lennar, Ableton etc) might be the remotest bit dodgy.
Should I?
Zerocrossing Media
4th Law of Robotics: When turning evil, display a red indicator light. ~[ ●_● ]~
4th Law of Robotics: When turning evil, display a red indicator light. ~[ ●_● ]~
-
midi_transmission midi_transmission https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=298730
- KVRian
- 1045 posts since 13 Feb, 2013
I can't say anything about these plugins.irpacynot wrote: Sun Jun 04, 2023 5:47 am Well, for instance, the Bertom plugins. I've used the Denoiser for a while now (my absolute, most valuable plugin). Went to their site to download the other freeware they offer. Check each one, and one site found malware inside. So, I'm referring specifically to plugins downloaded directly from the publishers, not a third-party site.
But a hit at Virustotal does not mean it's malware automatically. it is a heuristic. It can be a virus but also a false positive.
It's a uncomfortable situation.
I prefere it when a developer takes care of false positives as much as possible.
I do not like to install software when I’m on the fence whether it's a false positive. But it's not wrong to ingnore a detection when you're very confident that it's a false positive. This is a decision that you must make yourself in case of doubt.
Last edited by midi_transmission on Mon Jun 05, 2023 5:48 pm, edited 3 times in total.
-
midi_transmission midi_transmission https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=298730
- KVRian
- 1045 posts since 13 Feb, 2013
This. You should be careful like with every software. But the chance is probably very low to get malware by trusted companies.tapiodmitriyevich wrote: Mon Jun 05, 2023 2:38 pm The old question we gotta ask ourselves since maybe the 80s, is this: "Should I trust developer X and install his closed source". Or does the software unwanted things like A, B or C? Maybe even unintended because libraries?
The answer is: Yes. No. Maybe. (A*B)/C=0.
Ask your guts. You could observe suspicious software with sysinternals filemon/procmon/whateverMonitor.
People generally aren'tn interested in security. Business gave them Antivirus software and they're happy. Let them be happy.
But be aware that malware can be passed unintended. There was just a case some month ago https://www.malwarebytes.com/blog/news/ ... ain-attack
-
- KVRist
- 109 posts since 16 Oct, 2020
I only give a second thought if I get more than 3 hits on virus total. I get false positives from engines such as Trapmine/CrowdStrike Falcon/Bkav Pro very consistently.
- addled muppet weed
- 111304 posts since 26 Jan, 2003 from through the looking glass
gotta be suspicious of everyone these days, it's the nice ones that turn out to actually be evil. in films anyway and they must be based on somethingrevvy wrote: Sun Jun 04, 2023 6:12 am I’ve never considered, for even a nanosecond, that stuff I downloaded to my Mac, from devs (Soundtoys, TAL, Izotope, Waves, Lennar, Ableton etc) might be the remotest bit dodgy.
Should I?
you shouldn't even trust me, i don't.
mainly because im useless though, not evil.
-
- KVRian
- 705 posts since 25 Nov, 2010
Best answer in the thread i think.zerocrossing wrote: Mon Jun 05, 2023 4:46 pmNo. It’s not outside the realm of possibility, but probably remote. However, some random developer offering software that you have never heard of… could be worth passing on.revvy wrote: Sun Jun 04, 2023 6:12 am I’ve never considered, for even a nanosecond, that stuff I downloaded to my Mac, from devs (Soundtoys, TAL, Izotope, Waves, Lennar, Ableton etc) might be the remotest bit dodgy.
Should I?
- KVRAF
- 14235 posts since 20 Nov, 2003 from Lost and Spaced
You should know there's a bug in some old Synthedit made stuff that will test false positive for a Trojan. Other than that, I've run across a problem. I have 3 virus scans I use and I test everything in the file and in use. The only weird thing I got was a plugin that had a copy protection for the software code that made Windows 11 freak out and refuse to run it. It was a Computer Music magazine plugin.
- KVRist
- Topic Starter
- 484 posts since 9 Jan, 2023
Thanks, folks, for all the great replies. For me, though viruses are an obvious issue, I don't fear that so much with the more well-known publishers. But I was mainly worried that these same publishers might be installing additional trackers, and since my computer is pretty old and slow, that can really cause issues inside of Tracktion. She gets easily locked up when there's too much CPU usage going on. When I open up Task Manager, it shows most of that usage coming from Tracktion, even if the tracks aren't using a ton of plugins. So, I was afraid perhaps the more of these types of plugins I download, the more activity might be going on with the plugins communicating usage data.
