Earthstation5 Responds to Malware Claims
"We at Earthstation5 are not perfect, but we acknowledge that Shaun Garriok might be and thank him for helping us root out bugs.
The problem with the Earthstation5 software that Shaun Garriok found truly exists; however, the sordid motives he attributes to Earthstation5 are incorrect. The following functions were put into Earthstation5 to allow automatic, remote upgrade of the Earthstation5 software.
These functions are:
- Reload Earthstation5
- Shutdown Earthstation5
- Delete a File
We have long been admirers of Shaun Garriok's ability to superbly investigate even a fully compiled program. We believe that he is capable of finding ANY sort of trojan, worm, or bug inside a compiled program. We are relieved that all he could find was these remote upgrade functions. He didn't find any bugs that send user data anywhere, no spyware, no adware, nothing, in fact, that gives away any personal information about the user using Earthstation5.
It is also a fortunate fact that since Earthstation5 protects you from the RIAA lawsuits and hackers by hiding your ip address, the exploit program he wrote can only be used against your own computer, which he states in his exploit. If you want to delete files from your own computer, we feel you have the right to do that.
We are glad he found this bug and pointed it out. We completely removed the automatic software upgrade code because as it turns out automatic upgrade is no longer popular as it once was because it gives people an uneasy feeling and rightly so.
Since Shaun Garriok seems to be concerned about everyone's security, and is not on a personal quest for revenge, we would be grateful if he would download the latest Earthstation5 (version 1.1.31), and verify that we have truly removed the remote-update function which his exploit program accessed. We think his dedication to the good of all concerned would motivate him to do this. Anyone else who is concerned can do the same; download the latest Earthstation5 and test the exploit code against it.
-- Filehoover, Lead Programmer of ES5."
This guy wants a patch to a closed application and would not listen to any one about exploits as the don't want to pay the $50,000 they would give to anyone finding an exploit. This guy posted Shaun's home address in the ES5 forums and threatened his family life.
This is thier network admin doing this, would you trust him with your IP and thier fancy anonymous security? If they want to keep any standing, at a minimum they need to fire that guy as his comments.. well I just don't trust him and in most places threats like he made are illegal.
...unless you can explain this.
Not that I'd trust that AC either, but be on your guard anyway.
“Wait for Hurd if you want something real” –Linus
Unfortunately, sir, you are a leech if you do that.
I am not trying to flame, but that's what the RIAA is trying to do: Make people afraid to share. If that happens, then the networks will die themselves. The RIAA doesn't give a flying fuck about downloaders, the same way cops don't really care about petty drug users. They both know that you must cut off supply.