Eset servers being blocked PeerGuardian 2's P2P

Discussion in 'ESET NOD32 Antivirus' started by Escalader, Feb 20, 2008.

Thread Status:
Not open for further replies.
  1. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    FYI:

    In PG 2, they have a number of "lists" of ip's identified as Spyware , etc. These block incoming and outgoing packets on the users PC.

    They also have a large P2P list of ip's.

    Recently, PG 2 has added Eset.spol.sro network with the following ranges being blocked:

    89.202.149.32 to 89.202.149.63
    89.202.157.88 to 89.202.157.95
    89.202.157.128 to 89.202.157.159

    So I will have to find an update server outside that range for Nod32 to continue to be updated.

    No, I don't know why Bluetack has added these servers to their P2P block list, but as I understand it, they research carefully before doing it.

    So for now I'm assuming that there is a good reason. Companies do this to try to track pirating of their digital products.

    If their is anyone with additional information please comment.
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    I think the real problem here is Bluetack blocking what could be half of the effective update servers for a commercial anti-virus product, not finding a static list of servers they don't block. Like most AV products, NOD32 uses a pool of servers so that some might always be available if others are overloaded or under maintenance. Anyone blocking a whole range of such servers is always going to be at a disadvantage in getting timely updates.

    It makes no sense for them to block many of the IP address ranges of an anti-virus company. Frankly, I would not assume they are blocking for good reason and then call upon ESET to provide more servers.
     
  3. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    The servers in the P2P list are all based in the UK.
    U23 to u39.

    The servers that are not in the P2P list are all in the Czech Republic and are

    U40 to U49.

    So in my case I continue with PG 2 to block, but have switched my update servers to the second range.
     
  4. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hi LowWaterMark:

    Well there is not doubt that the UK servers are in PG2's P2P list.

    Just to clarify I don't recall asking for eset to provide more servers. o_O

    In my last post, the problem I have is solved by switching to the non blocked servers.

    Eset is not blocking the UK servers, it is PG 2 and their vendor Bluetack.

    Users who don't have PG 2 blocking are not effected.

    But make no mistake, P2P monitoring does occur and I for one prefer to avoid those servers on privacy principles.
     
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    In effect, you are, or at least you will be if you ever fail to get an update because half the update servers are improperly blocked by some third-party.

    ESET always recommends setting updating to "choose automatically". If a whole range of their servers are being blocked, you stand a good chance of not being able to get an update one day.

    I don't understand. Are you saying ESET is a P2P monitoring agent? Or that they are doing something wrong because of this company blocking them?

    As a PG 2 user, you probably ought to be asking them why they are blocking you from using so many of the ESET update servers, which you are paying ESET to provide you with in the first place.

    I don't understand why you implicitly trust PG2 and Bluetack, while assuming ESET is somehow wrong in this, and that people should adjust their NOD32 update list because of PG2.
     
  6. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Maybe Bluetack is blocking some IPs owned by ESET because of Threatsense.NET? o_O
     
  7. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hello again:

    ESET offers it's users a choice to limit the servers, but I have left mine on automatic.

    So far my updates are coming the same as always using the 10 servers in the Czech Republic. I'm at 2892 on 20080221 at this time.

    LowWaterMark, I respectfully take issue with the term "improper". PG 2 offers the power to block ip's (millions of them). Users can either accept their P2P list as is, or if they want they can override those entries. If it turns out that the UK Eset servers are entered on that P2P list in error I will remove them from that list. But I don't think we know that yet. Stating PG 2 has errored is insufficient in itself. I hope you are correct that it is an error.

    I am on automatic and so far my updates are coming the same as always using the 10 servers in the Czech Republic. Nod32 simply cycles through the whole server list til it gets a connect. PG 2 blocks the servers in question then connects with one of the 10 un blocked servers.

    No, that is not what is being said. I'm simply taking the safer course until more facts are available. Other users should do what they feel is correct for their own privacy/security policy. My own policy is as in my signature.

    Yes, I have asked them about the reason for these server entries. If I ever get an answer I will post the link to it here for this thread.

    This is not correct. Nod32 users can do what they like, I described what I am doing only. This is different than a recommendation.

     
  8. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    Can you provide me with details to contact the persons responsible for the list?

    I think there is time to discuss some issues officially.

    I would be also ask you to provide links to samples of software which effectivelly blocks access to our update servers using the list mentioned in this thread.
     
    Last edited: Feb 21, 2008
  9. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Peer Guardian
     
  10. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    It is with deep regret that we must confirm that these people refuse to remove our IP ranges off their list. They are simply not listening to the argument they are preventing people from getting updates to their software.

    I rest my case.
     
    Last edited: Feb 21, 2008
  11. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    for what reason?
     
  12. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    The organization that maintains the P2P lists for PG 2 is at

    http://www.bluetack.co.uk

    So with respect I would suggest contacting them and make a different argument since PG 2 users are not prevented from updating.

    My own thread posts shows that. I am simply prevented from updating from the UK based servers. I am happily updating from the 10 un blocked servers.

    Now I find I'm at update 2893 so to say I'm unable to update is just not correct.

    Your argument would have to revolve around the reasons they used to put these servers on their list in the first place. If those reasons are invalid you would have a strong case to make. Otherwise....:doubt:

    To assist I have posted this at bluetack:

    http://www.bluetack.co.uk/forums/index.php?act=ST&f=72&t=18392&st=0#entry85918
     
    Last edited: Feb 21, 2008
  13. swami

    swami Registered Member

    Joined:
    Mar 24, 2006
    Posts:
    167
    I wouldn't put my faith in PeerGuardian, even in defending my privacy.
     
  14. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    Screenshot says it all (from the conversation with member of bluetack staff)

    Take a look also here: http://www.bluetack.co.uk/forums/index.php?s=&showtopic=18392&view=findpost&p=85919

    Quit a unique approach.
     

    Attached Files:

    Last edited: Feb 21, 2008
  15. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hi swami:

    An interesting view of PG 2. :cool:

    Please provide any supporting data or facts for your opiniono_O?
     
  16. swami

    swami Registered Member

    Joined:
    Mar 24, 2006
    Posts:
    167
    Well, managing a blacklist that large, you're bound to have many mistakes. And if it's that easy to block anybody, think about the matter the other way around. I'm sure the "greedics" know the way to fool around it.
     
  17. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Update 2894:
    Wow :eek:
    What do these signatures do to PG?
     
  18. bluesprite

    bluesprite Registered Member

    Joined:
    Apr 11, 2007
    Posts:
    71
    PG is now detected as a potentially unwanted application and quarantined.
     
  19. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Talk about drastic measures :D ;)
     
  20. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Yes, I can confirm that PG 2 with update 2894, is detecting pg2.exe as a threat.

    IMO it is not a threat as in a parasite, but an overreaction in an inter-company dispute with the users in the middle.

    1. Does this response make it look like P2P monitoring was or is being done?
    2. Will other AV's follow suite and lable pg2 as a threat?

    More later as I'm sure as it "ain't over yet".
     
  21. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    By blocking update and threatsense servers detection of PeerGuardian as potentially unwanted application is fully justified as it could disrupt normal operation of NOD32 and or ESS.
     
  22. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    How?

    I'm running both applications successfully:D
     
  23. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    You just don't seem to understand the issue. They are blocking a large number of update servers. The fact that you have yet to see a bottle neck or failure to connect doesn't mean you won't. If you read through the forum, historically you'll see that there have been times when, under heavy load, updates can't be pulled down by everyone. Servers go down or get saturated. Network routes go down from time to time...

    If the people using PG2 now have less ESET update servers available, it causes two problems. 1. They all only pull updates from the smaller list of remaining servers. That means the load on those servers will be higher than necessary since the whole set of them aren't being attempted anymore. That also wrecks the load balancing effect of having a long list of available servers that are geographically distributed. 2. If you only have access to the .CZ servers now, what happens if a network route between you (your ISP or country) and the .CZ region goes down? Temporary outages in network routes happen all the time. If the .CZ servers are now your only available update servers and you can't reach them, you won't get updates.

    Any list that blocks a large number of an AV companies update servers is causing a much bigger disruption then you are thinking about. This isn't a small issue. What if they decide to take out half of Microsoft Windows Update servers, or Norton, McAfee, Kaspersky, or heck, all of the Online Armor servers (they have a very small range of IP addresses - a single block could take them off the air entirely)? Should we all just assume that they are doing it for good reason and suffer potential reduced performance because of it?
     
  24. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland

    Way to go Eset.:D

    http://www.bluetack.co.uk/forums/index.php?showtopic=17329

    "ISP ranges that may be dodgy for some reason."

    And file sharing isn't 'dodgy'? The definition of ironic methinks.

    ---------------

    Whatever it is that the UK servers are doing that alerts the people at 'Bluetack,' why not roll it out to every ESET update server, therefore if anyone uses the IP blacklist they cannot get any update's for NOD32.
     
  25. bluesprite

    bluesprite Registered Member

    Joined:
    Apr 11, 2007
    Posts:
    71
    I agree that bluetack guys are being arrogant but consider this: people who use Peer Guardian aren't the type of users who wouldn't notice it's been detected and quarantined, and PG will end up in the exclusion list of their ESET product, as long as it doesn't prevent them from updating. And if it does, they'll just exclude the ESET servers from the PG blocklist.
     
Thread Status:
Not open for further replies.