Be careful when installing your VPN service client .exe

Discussion in 'privacy technology' started by ComputerSaysNo, Oct 12, 2012.

Thread Status:
Not open for further replies.
  1. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,425
    Please check your VPN service client .exe's against VirusTotal.com. I've tested a few and some are Trojan droppers, some are false positives and others are OK.

    The last thing you want is to get backdoored with your VPN service.
     
  2. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    If your talking about BolehVPN its well known and BD is too lazy to fix.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Just use OpenVPN.
     
  4. Snowden

    Snowden Registered Member

    Joined:
    May 2, 2012
    Posts:
    68
    Say again?
     
  5. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    There have been problems for years with false positives on SSL VPN clients. Just when most have been fixed, along comes another. It's a problem with the the low-level nature of the TAP drivers.

    You said that you tested some that were, in fact, infected. Name names. What service did this? Or, was it a MITM attack?

    `
     
  6. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,425
    Yeah... Thing is they will change up if named. So let me re-check them first. 2 are very well known though.
     
  7. Rowmon

    Rowmon Registered Member

    Joined:
    Oct 11, 2012
    Posts:
    10
    Hey,

    I've purchased VPNs that had their own client and the UI was all pretty and full of features but I couldn't trust them. They also seemed to be based off outdated versions, so I felt they could be vulnerable. I've noticed however, if you ask support they can always organize a configuration to apply to the official OpenVPN client instead. I'd say that's the safer way.
     
  8. Snowden

    Snowden Registered Member

    Joined:
    May 2, 2012
    Posts:
    68
    Why was boleh mentioned? I've been using them for over six months and have never heard one issue
     
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    I think that CubonesCastle was saying that BolehVPN's installer triggers some anti malware software, and that it's a false positive. Yes?
     
  10. scriptolab

    scriptolab Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    16
    I assume it's a false positive, as panda deleted the exe automatically. (bolehvpn).
    Any confirmations?
     
  11. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Its a FP, a few engines detect it as such. Something to do with the low level crypto that their software uses.

    Trojen swizzor with bitdefender. Just use hitmanpro when you have boleh on your machine and G-data + emsisoft will flag it due to their shared BD engine.
     
  12. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    In other words, this is a non-issue. Unless, of course, he's come up with names for VPN clients that really were trojans.
     
  13. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825

    What's well known and who's BD?

    Let's be careful about how we speak about a business you make this look bad for others and I've put my name on the line many times for this VPN that I happen to know is very good and no I don't work for them either....
     
  14. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Dude.. I use BolehVPN and love it too. I was simply saying "BD -> BitDefender" has a heuristic detection false positive with Bolehvpn's GUI. I have mentioned it to BitDefender and Boleh. Boleh tried to get BitDefender to remove the detection but there is no auto-upload feature of false samples to BitDefender, and as such they had to ask on the english forum, but nothing was done because BitDefender team did not care to change it or test it.
     
  15. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,425
    No this is a real issue. You can be sure it's happening.
     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    What about OpenVPN itself?
     
  17. bolehvpn

    bolehvpn Registered Member

    Joined:
    Oct 10, 2011
    Posts:
    81
    Location:
    Malaysia
    We tried getting ourselves removed from BitDefender's list but our thread was ignored.

    We got ourselves removed from a couple of others though including Norton and stuff.

    But I can confirm that this is a FALSE POSITIVE. :D Appreciate if you guys get these detections to also help us out and submit these false reports to the Antivirus providers so that they themselves can manually check it and approve (which good AV providers do).
     
  18. pbust

    pbust AV Expert

    Joined:
    Apr 29, 2009
    Posts:
    1,173
    Location:
    Spain
    I haven't seen the detection details but if Panda is throwing an FP on your files please PM me directly.
     
Loading...
Thread Status:
Not open for further replies.