Morpheus Privacy

Discussion in 'privacy problems' started by Rxdoxx, Feb 11, 2002.

Thread Status:
Not open for further replies.
  1. Rxdoxx

    Rxdoxx Registered Member

    Joined:
    Feb 11, 2002
    Posts:
    9
    Thanks Z-X, give you all a try

    I opened the data base files with Morpheus and found some information that "should not" be there.
    Specifically I found Rxdoxx (which I do not use with them) and urls to DSLReports and ezboard.
    Not sure exactly where they are collecting this information from. Cookies? or last web site visited.

    I can delete the files and let Morpheus re-create them, but until I understand how/where the information is being drawn from, seems like spinning wheels.

    Figure I have to delete them, clean the computer (I use windowwasher from webroot) and regenerate.
    Will changing the .dbb file to read only once it is re-created stop the gathering info? The possibility of doing it also may interfere with Morpheus itself?

    If push comes to shove, looks like a clean recreate and a wash every time prior to Morpheus, but if it is cookies, then the few I keep present another hurdle.

    I have to let them record the files I'm sharing, and I yield them the info on what I download, but want to keep as much of my privacy intact as possible.
    Any ideas? TIA!
     
  2. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    I dont worry about the .dbb files, as I believe I have blocked any possible communication of them.

    Through some investigation (and yes, I love doing that) I have found that Morpheus loves to connect to lots of strange ports when it starts up.

    Specifically:
    -TCP port 80 (understandable for the "start page" and the ads
    -Some random-numbered rather high UDP port (have not yet sniffed traffic on this) (ex. UDP 4203...this changes every start of Morpheus)
    -Sometimes TCP 8080.
    -Other ports sometimes...but those three are the only ones that I find frequently (the first two are every time).


    Morpheus is meant for file sharing, so I simply only enable two things:
    -ICMP protocol (including ping)
    -TCP and UDP ports 1214 (the file sharing port by default)


    To only enable those two, it would require some software such as ZoneAlarm Pro or Tiny Personal Firewall.

    Not only does that disable the annoying start page, cookies, AND the ads. But it should disable any possibility of those .dbb files getting out (other than through file sharing...which would be unusual...but always possible). It also disables that weird high-range UDP port that always tries to open up/connect somewhere.

    That's what I do for my Morpheus...


    Enjoy!  :D
     
  3. Rxdoxx

    Rxdoxx Registered Member

    Joined:
    Feb 11, 2002
    Posts:
    9
    Thank you!!

    If I read it correctly, you haven't bothered about the .dbb files themselves but have configured a firewall to protect.

    Appreciate your insights, and adding upgrading to ZAPro to my short list.

    Still leaves me puzzled though. The data files seem to be used to know what files and MP3 I am sharing, so I'm assuming that Morpheus/musiccity has access to the files, otherwise how would they know what I can give?

    With that access, they have also put some information in there that is not Morpheus related. That is the current thing I am struggling with. If they are accessing the .dbb to know what I have to share, then they also are getting the other stuff that they have managed to slip in there. Why would they have the url for DSLReports and ezboard in that file to start with??
    The only thing I can assume is that information is being gathered about me. No big deal, nothing to hide, but I like to understand the whats and whys.

    I'm not sure port blocking will stop this kind of information gathering.  Not saying that your post isn't good, there are some great ideas there that I will have to spend some time configuring. But it seems to me that information still will leak. Have you looked in those files on your system? What started me on this track was seeing Rxdoxx in that file. It is not the handle I use for Morpheus, but at DSLReports and now here. How did that information end up in their file, and why do they want it?  My puzzle continues.....
     
  4. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    The companies behind Morpheus/Kazaa should not (based on the specification) receive the data on what files you have. The network is set up so that the fastest users logged on act as "list servers" that then list the IPs of the other users logged on to the service(s) (I believe).

    The queries for files do NOT go through MusicCity or the Kazaa company.

    The whole network is MADE so it can stay up by itself - all it requires is users - no intervention, or servers maintained by the companies is required (so it will not die like the Napster).


    Plus, by my experimentation on the .dbb files, I can assume that the Morpheus program uses them for its own list of files. Plus, if you delete the files, and then create a blank one and lock it, Morpheus complains. I believe, again, this is because it is used as a master list for the "Theater" part of the program. (Again, I have no conclusive proof to back this up...just some trial and speculation.)


    So I assume that I am fairly safe by doing what I explained in the earlier post.

    Hope, again, that this helps.  :D

    -javacool
     
  5. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    Part II:

    Yes, there is some *suspicious* information in those .dbb files.

    But there is more possibility in what the current version of Morpheus installs (v1.3.3).

    If you simply upgraded in the program, you will not have this problem, but if you downloaded the full v 1.3.3 version, you will get something else installed called "B3D projector".

    This has not been confirmed as something bad (to my knowledge) but read the following behavior:
    -It is some sort of browser plug-in to display special content.
    -It places something in Add-Remove programs to remove it. But as far as I could find, this does nothing but remove the uninstaller reference! The main program files STAY!

    Below is how to remove it:
    -There should be some files located in your Windows/System or Windows/System32 directory. Search for files containing "bde". The main culprits I found are:
       -bdedata2.o_O
       -bdedownloader.o_O
       -bdefdi.o_O
       -bdeinsta2.o_O
       -bdeinstall.o_O
       -(I marked them as x.o_O as I renamed the extensions to prevent execution, and can't remember the full extensions - some are probably .dll and one or two .exe.)

    Simply rename the extensions on those files, and delete them (or, if you are worried, rename the extensions, reboot, and then if everything is fine, delete them). I had no problems deleting those files.

    Do I need to say: "hope this helps"?  :D


    My question is: will there be a part III?

    -javacool
     
  6. Rxdoxx

    Rxdoxx Registered Member

    Joined:
    Feb 11, 2002
    Posts:
    9
    Part III? Probably if you don't mind  :)

    Again, Thank you. I am learning. Have used Morpheus a little over a month.
    Straight download, no upgrade. Looked at versions, Morpheus itself seemd to be 1.0.0.1
    Morpheus-b3d-v2.exe is there. Properties says version 1.0.0.31   but the SFX cab says to extract v1.3.
    So, now on to play with re-naming the bde

    I realize that I know little of Morpheus.
    Connecting?? What am I connecting to? Musiccity? And why can't I just go to the search and traffic pages. I have a lot still to learn, may not have really bothered if the suspicious stuff hadn't turned up.
    I'll probably be back posting in this thread. Trying to keep it in the privacy field, but the education you are giving me.... definitely helpful. Thank you.

    I have some things to rename, getting on it now.
     
  7. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    You cannot connect right away to the search and traffic pages as the Morpheus program must first search for the network...both functions require the list of online users.

    I'd love to write a Part III  :D

    I just have to find something first.  :)
     
  8. Rxdoxx

    Rxdoxx Registered Member

    Joined:
    Feb 11, 2002
    Posts:
    9
    Just an update. Haven't gotten anything definite yet.

    Removed the bde. Had two flavors. one folder labeled BDE and one bde, so I got something from somewhere else also.
    One blue screen and MSIE didn't work. Used the repair option and fixed things.

    Talking to others, have a report that it does not happen with Opera.
    Unless I'm badly off, Morpheus appears to be a customization of MSIE, and my guess is that there is a leak between the two somewhere.
    Whether the info is open to the internet, while important, is not my focus. The spillover leak is.

    Webroot's windowwasher has a Morpheus plug in cleaner. Am going to play with that to see if I can at least control things without deleting files.

    Started a thread at DSLR, has some screenshots posted but nothing definite there yet, lot more helpful info here from you :)
    http://www.dslreports.com/forum/remark,2483228~root=security,1~mode=flat
     
  9. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    I'm sorry I did not clarify - there are some files containing "bde" that are important to Windows.

    If you only deleted the ones in my post, you *should* have been ok. But if you deleted any others, that is probably why you got the blue screen. (Some important Windows .dlls contain "bde" in them.)
     
  10. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    Morpheus DOES use MSIE controls to display the ads and the starting web page.
     
  11. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Can I interject a little question in here?

    Why use Morpheous when there are spyware-free alternatives?

    WinMX - http://www.winmx.com/

    AudioGnome - http://www.audiognome.com/

    come to mind instantly - and isn't there another program based on Morpheous that doesn't exhibit the kind of behaviors you're seeing from Morpheus itself?

    Just curious - I don't  use any of those programs, myself, but I let my son use WMX because it's safe (to the best of my knowledge). Pete
     
  12. FarCry

    FarCry Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    82
    Location:
    Boston, MA
    Pete, you took the words right out my mouth.
    My son and daughter want something other than WinMX.
    Apparently WinMX isn't cool enough for them.
    The other kids use Kazaa and Morpheous.
    I only let them use WinMX but they don't like it.
     
  13. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Hi, Wade! lol! Yeah, I almost used this for my cute little saying: "My children - the only security vulnerability I've found more dangerous than MS itself!" Pete
     
  14. Rxdoxx

    Rxdoxx Registered Member

    Joined:
    Feb 11, 2002
    Posts:
    9
    Thanks. WinMx is on the project list to try.

    I got Morpheus because people whose opinions I respected said spyware free. And AdAware doesn't find anything.

    From what I can determine, not everybody is getting this data bleed into the data file. I'm still trying some things looking to narrow it down. (Slight pause until a new 80Gig HD comes in- I've pretty much filled the 20Gig.)  Then a couple of things to try to see if I can narrow down when it occurs. I'm not skilled enough to go on a program level and look. Javacool has given me some good ideas, and there is nothing definite saying that the information is getting out. I just don't like it getting in, in the first place.

    Right now just a puzzle that I 'd like to see solved. And I'm appreciative of any help/insight I can get.
     
  15. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    I have heard a lot about WinMX, but tried it and (for some unknown reason) it never installed correctly...the one time I DID get it to install, it simply would not work correctly.

    But that was a while ago - I guess its time to check it out again.  :)


    But since I believe I have limited almost any possible way any data "collected" by Morpheus could get out, and since the only other thing it installs is B3D (which I removed) - I dont really see a need right now...(especially since I rarely use P2P programs). But I will definitely take a look at WinMX at some point in the future.
     
  16. Woody

    Woody Guest

  17. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    I have not tried eDonkey, and don't plan to.

    From what I've heard, it contains a bunch of spyware.

    I'll try to find some confirmed reports of it for you...


    Enjoy!  :D
     
  18. Rxdoxx

    Rxdoxx Registered Member

    Joined:
    Feb 11, 2002
    Posts:
    9
    http://www.dslreports.com/r0/download/86514;170f10c34a575178c22d0396cfbd2c5f/Morph18edit.gif

    May have been a moot point with the Morpheus problems recently. But I finally have a 80Gig HD and room to download again.
    Thread at DSLR http://www.dslreports.com/r0/download/86514;170f10c34a575178c22d0396cfbd2c5f/Morph18edit.gif for  the registry edit.
    Looks like I will be back to investigation, Morpheus may not be dead yet.
    BTW-the new version Morpheus is Gnucleus/Gnutella (sp?) based so they left the fasttrack software, making my concerns (while useful to me) of much lesser importance- (however if I can still reach the Kazaa/Grokster network........)
    Thanks again for all the great info here  :D
     
  19. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    The new Morpheus is supposedly built on the Gnutella network. From what I've heard, many users have had problems with the latest "preview edition" - however, I have been told that version 2.0 (supposedly due out in a couple weeks) will bring back the (quote) "Morpheus Experience".
     
  20. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    i use to love the program but now it sucks the new vrstion is missed up.

    when i seach for stuff i getunrelated stuff as well as i have to chase it dowen i cant stop seach and pick the file i want cause it keeps updateing the dowenloads meanig the list grows to fast.

    hmmmmmmm relly sucks now
     
  21. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    From what I understand of the Gnutella network structure, the "unreleated results" to searches is a problem that ALL gnutella clients exhibit - and one that is a problem of the network. Supposedly, the makers of this P2P technology are working on some updates that should help fix this problem.
     
  22. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    Morpheus is malware u know, it also silently installs another spyware component on ur computer called :Wurldmedia.
     
Loading...
Thread Status:
Not open for further replies.