Earthstation5 Responds to Malware Claims

Zip In The Wire writes "Random Nut, AKA Shaun Garriok, the Author of Kazaalite, has been a vocal critic of Earthstation5 because of a continual online insult war between himself and some rowdy Earthstation5 fans. This has motivated him to be extremely critical of Earthstation5." (We reported yesterday Garriok's claims that Earthstation5 contains spyware.) "We at Earthstation5 desire and request criticism at any time in fact we demand it as we believe that is the only way to make software truly superior." Read on for the rest of Zip In The Wire (Filehoover, ES5's lead programmer)'s explanation, in which he also points to an updated version of the software, and challenges all takers to find spyware within it.

"We at Earthstation5 are not perfect, but we acknowledge that Shaun Garriok might be and thank him for helping us root out bugs.

The problem with the Earthstation5 software that Shaun Garriok found truly exists; however, the sordid motives he attributes to Earthstation5 are incorrect. The following functions were put into Earthstation5 to allow automatic, remote upgrade of the Earthstation5 software.

These functions are:

1. Reload Earthstation5
2. Shutdown Earthstation5
   
3. Delete a File

All of these functions are necessary to perform when upgrading software.

We have long been admirers of Shaun Garriok's ability to superbly investigate even a fully compiled program. We believe that he is capable of finding ANY sort of trojan, worm, or bug inside a compiled program. We are relieved that all he could find was these remote upgrade functions. He didn't find any bugs that send user data anywhere, no spyware, no adware, nothing, in fact, that gives away any personal information about the user using Earthstation5.

It is also a fortunate fact that since Earthstation5 protects you from the RIAA lawsuits and hackers by hiding your ip address, the exploit program he wrote can only be used against your own computer, which he states in his exploit. If you want to delete files from your own computer, we feel you have the right to do that.

We are glad he found this bug and pointed it out. We completely removed the automatic software upgrade code because as it turns out automatic upgrade is no longer popular as it once was because it gives people an uneasy feeling and rightly so.

Since Shaun Garriok seems to be concerned about everyone's security, and is not on a personal quest for revenge, we would be grateful if he would download the latest Earthstation5 (version 1.1.31), and verify that we have truly removed the remote-update function which his exploit program accessed. We think his dedication to the good of all concerned would motivate him to do this. Anyone else who is concerned can do the same; download the latest Earthstation5 and test the exploit code against it.

-- Filehoover, Lead Programmer of ES5."

Much Ado About Nothing?

[NeoMoose]

There are all kinds of fanboys who either love a program or hate a program so much that they will claim that it has/does not have Malware in it when the opposite is true. Take GameSpy Arcade, for instance. There are people coming in all the time with claims that GSA has spyware in it when it really isn't there.

Why this is a story worthy of Slashdot confuses me in some ways. People make false claims all the time, and when it is one as inconsequential as this then why are we giving it so much attention? This looks like the demon-seed of a flame war if you ask me.

That is all.

What we got sent

[mr_tommy]

We at neowin.net ran this story, and got a reply from him (Earth Station 5 developers) yesterday. Note : i can't seem to find this on the Zeropaid site, so if its a repeat they've mailed to all press inquiries- then my appologies.

(from the neowin article)
"Last night, we posted astory which showed evidence that Earthstation 5, a file sharing tool which challenged the RIAA and the MPAA, included malicious code which enabled people to delete files on your computer. This morning, the developers of ESV have replied. An admission of the code is made, but it turns into more of a jab at the devloper of Kazaalite, another p2p file trading tool.

"Random Nut, AKA Shaun Garriok, the Author of Kazaalite, has been a vocal critic of Earthstation5 because of a continual online insult war between himself and some roudy Earthstation5 fans. This has motivated him to be extremely critical of Earthstation5. We at Earthstation5 desire and request criticism at any time in fact we demand it as we believe that is the only way to make software truly superior.

We at Earthstation5 are not perfect, but we acknowledge that Shaun Garriok might be and thank him for helping us root out bugs.

The problem with the Earthstation5 software that Shaun Garriok found truly exists, however the sordid motives he attributes to Earthstation5 are incorrect. The following functions were put into Earthtation5 to allow automatic, remote upgrade of the Earthstation5 software. These functions are:

1) Reload Earthstation5
2) Shutdown Earthstation5
3) Delete a File

All of these functions are necessary to perform when upgrading software.
We have long been admirers of Shaun Garriok's ability to superbly investigate even a fully compiled program. We believe that he is capable of finding ANY sort of trojan, worm, or bug inside a compiled program. We are relieved that all he could find was these remote upgrade functions. He didn't find any bugs that send user data anywhere, no spyware, no adware, nothing in fact that gives away any personal information about the user using Earthstation5.

It is also a fortunate fact that since Earthstation5 protects you from the RIAA lawsuits and hackers by hiding your ip address, the exploit program he wrote can only be used against your own computer which he states in his exploit. If you want to delete files from your own computer, we feel you have the right to do that.

We are glad he found this bug and pointed it out. We completely removed the automatic software upgrade code because as it turns out automatic upgrade is no longer popular as it once was because it gives people an uneasy feeling and rightly so.

Since Shaun Garriok seems to be concerned about everyone's security, and is not on a personal quest for revenge, we would be grateful if he would download the latest Earthstation5, version 1.1.31 (http://download.es5.com/es5_v1.1.31.exe) and verify that we have truly removed the remote update function which his exploit program accessed. We think his dedication to the good of all concerned would motivate him to do this. Anyone else who is concerned can do the same, download the latest Earthstation5 and test the exploit code against it.

Ras

View article : here

Re:COINTELPRO

[SharePro]

Do you actually believe what you are writing or are you just bored? The RIAA cannot even protect their own website. I am streaming movies like Terminator 3, Die Hard, Matrix Reloaded, and hundreds more every day all day for FREE. So let me guess, I work for the MPAA yet I am hosting in Palestine? You may be a geek, but you definately have no brains or insight. The RIAA can easily scan Kazaa, yet our network and program is built on security. Sure there is always room for improvement. But Kazaa doesnt support multiple proxys, Kazaa doesnt support SSL, and when you share on Kazaa, the .dat file includes the source IP so I guess its fair to say that ES5 is a hell of a lot safer than Kazaa. Again, we are trying to help people. We are the only network in the world who offers DIRECT VERIFIED DOWNLOADS from our servers, we offer FREE streaming, we offer FREE FTP services, RADIO STATION and lots more. So again, first check us out and then talk. If you have suggestions or ideas, we are open to hearing them. But making shit up is not cool. Cheers, SharePro http://forums.es5.com