@kylumi, and the other paticipating satarists, LOL!

Myself, I'll never divulge what I know... Oooooh, I bet that gives me some status, too. :)

Oops, I think I may've finally hinted at a non-objective reaction to all this. Drat.

.

Quote - i don't need to have any findings 'verified' by anyone else, i SAW exactly what the CMS was doing as it started up. don't farking care if you don't believe my post. thats your prerogative.

My presumption was that you were telling us this, out of regard for the forum's members. So I suggested that you might wish to prevail upon your friend to report it to the security experts who can give their findings to the public. (Such as us fellow consumers who you are posting to).

Quote - i did not 'assert' anything, i saw it happening onscreen. if you want it verified, get off your arse and get a debugger to run the code for you.

I gather that you took offence to an inoffensive word, "assertion", even after I assured you no offence was offered. I'm sorry to hear it, if that is what happened. I don't mean for formal language to invite offence.

You've told us you saw something.

I've expressed neither belief nor disbelief. Purely objective.

But since none of us witnessed you witnessing that, it's just something someone said once, to the readers at large. Might inspire fear in some, skepticism in others. (I've not expressed my reaction).

If this were to come from known security experts, there would be considerably more certainty, on the parts of more people.

But do as you wish. I merely made suggestions.

.

Quote - why do say 'assertion'?  are you calling me a liar?

No offence was meant. "Assertion" is not-equal to "liar", at least not in my book.

It's an assertion because you didn't provide any details, nor reason to believe it, in your previous post.

Now that there's more detail, it would still have to be verified (reproduced), by others, qualified people, to leave the "assertion" catagory.

To me, the subject of malware is a serious one. Such suspicions call for rigorous investigation. So please forgive me if I speak in a clinical fashion. (I'm not trying to sound like I know more than I actually know. But there are ways to go about things. Hard-core experts are out there. They should be consulted)..

Quote - i 'SAW' the CMS 'pinging' the outbound ports. i was concerned with the need to have it installed as a Windows service. considering it is basically a database, and properly coded would not need to be installed as a service.

so i took a copy of DS4 to a friend of mine who has been programming for over 30 years, he installed it to a 'work rig' and ran a special debugging app he developed on the base code of the CMS. it was there on the screen as the app was running that the CMS WAS pinging outbound ports before it started to look for the internal ports it needs to run.

Then perhaps you could ask him to report his findings, and testing methodology, to people who can try to reproduce his test. Like I said, there are many experts who should be happy to try to confirm such a thing, and evaluate it for level of concern.

Free download that anyone could test on. So there's no obstacle there.

Be interested to hear what they say, if you so choose.

If confirmed, I would suspect that it would be a feature of the database software used to make CMS. Something Daz could probably shut off it they are made aware. Heck, shutting that off might make CMS a little smaller and faster. But this paragraph is a "supposition" on my part.

I don't recall the name of the database software used to write CMS. But I think Richard knows, or could find out. That software, as I recall, is capable of lan or internet access, if that feature is desired by the customer (Daz, in this case).

.

Quote - as fo Stans complaint, it is a legitimate concern.

Again, then why not find out?

Heuristics are for guessing if it's a brand-new malware, which hasn't been reported to anyone yet. They are a yellow flag, not a red flag.

More effort is required from the safety-consious user.

Simplest thing he could do is set the files aside, for a while, and scan with the next upgrade/update (whenever Avast says they've fixed their issue).

More proactively, scan with multiple online scanners.

Multiple files? See what the A/V thinks they are. If each one is a different brand-new malware, then you know you've got an infinitesimal chance that Daz was the first one infected with each one.

Or report suspicions to a security site, and see what they advise.

.

Quote - I was not talking about rumors. I was talking about fact because I have personally experienced it. It has to do with using the old installers (as of August 2008). At the end of the install if you left the check mark for the readme the screen flashed so quickly that you couldn't see the information (like a DOS command) that redirected to a previously existing statistics server. In Win 7 the browser opened and showed the previously hidden information that was being transmitted. In XP, for example, this did not happen, so people didn't notice, but it revealed itself in Win 7. The three pages that opened are:

1. file://localhost/path of your install (readme)

Hosts:

1. http://www.data.your country code/poser

2. http://www.downloads.your country/readme's/product name

The DAZ product readme does not open in Win 7 because it's actually redirected over the other hosts. In theory, the installer sends out install time, product and install location to two servers. These send back the info to your localhost to open the readme on your machine. But, as the hosts do not exist anymore and data is not collected, the info does not get back to your machine and the readme will not open. The readme can only be opened manually from the installed folder.

It might be a fluke that this happened, but using other installers from other companies created in 2008, for example Illusions Designs product installers or any simple installers, don't show this phenomenon of opening three browser pages, two of which collect personal data. So does this mean that DAZ had corrupt installers for years without their knowledge? I don't think so.

Which installers were involved?

There are security sites all over the place. They can walk you through diagonosing what's actually happening. (Since you can't legally send them examples). Anybody there would be delighted to discover a new malware and spread the word, far and wide.

I agree with nDelphi, this sounds like a curiosity, a minor goofup with template files, or whatever. But why not find out?

With Zone Alarm, and all the variety of other protection suites & utilities that people run, it'd be astounding that nobody noticed spyware behaviour with widely distributed files, before (regardless of OS). Especially considering the tech-savvy of such a large percentage of the Poserverse customers.

.

Quote - fyi, as an aside, the CMS 'pings' ALL outbound ports BEFORE it looks at the internal ports it needs to run

What do you base this assertion on?

"I want the forums bad, but if the store has to come first."

Make that: "I want the forums bad, but the store has to come first."

Sigh, a guy like me really needs unlimited edit... that was like the 5th edit already

Thanks for the update, Richard. Keep us posted.

I hope the new software is making it a lot quicker process, than last time, when the web guys were desperately patching the old stuff (and they were only changing the store, not the forums too).

.

I wonder what effectiveness a boycott would have while the store is such rough shape that few people would buy from it?

I want the forums bad, but if the store has to come first. If it's limping for too long, we won't ever have them (or the old ones).

(Rendo's turned out pretty nice... but I digress).

I don't know how much has been fixed, but a couple of days ago, the Paypal option gave you an undowloadable file, you couldn't buy gift certificates, and seeing someone else's full name (and the number of things in their wishlist) tended to make people nervous about leaving their credit card info in there. People who had a problem couldn't get into support...

Also, how many shoppers ever come to the forums?

And, considering all the things that get one segment, or another, angry, how would Daz know what to change? :-D

.

Quote - This Google search will bring up pages on the topics from the DAZ Forums:

false positive site:forum.daz3d.com

Due to the updates at DAZ 3D you might have to view the Google cached versions of the pages if you require to read the contents.

Google is, currently, pretty iffy with that addy, and the forumarchive one.

For the moment, I get better results with the DNS number:

false positive site:http://66.180.192.247

.

Huh, weird...

I (you guessed it) refreshed my long-ignored account page, which brought me to the login, of course... hit the button and it logged me in.

So I decided to do the definitive test. Logged out -  " {Site Down} " (The one with the grapic of the green, buck-toothed 3DU toon character).

Edit: I must type really slow...

Edit: The archived forum is still accessable, FWIW.

.

I figure that the working suspicion is that emails are getting eaten by some servers.

But, just in case you need an anecdotal "Yes its one of those not-everyone issues. (The worst kind)".

I placed 2 orders in the new store, and got both email confirmations. At Yahoo, that notorious email delayer & spam-box-er.

I agree, you shouldn't install the Release Candidate, unless you're prepared for what can happen.

I've never had Daz 4 try to update itself. If DS4 tries to access the internet, Zone Alarm will ask me and I'll tell it no, so I'm not worried, myself. I don't install Release Candidates of anything, if I've got a functional Full Release installed. I'm not that curious. (And the real release will come out before I know it).

(I might've told Studio not to check for updates, on the first install, and it stuck. I don't remember).

All I ever get is Zone alarm mis-identifying CMS's loopback, on the net card, as "The Internet", but it's never tried to "phone home", either. (I check the logs).

Same item and message for me.

Fortunatally, I checked and found I'd already downloaded it from the old store.

I'd used 3DContentDownloader, at the old store. And I habitually clear the files after download... so the files shouldn't have shown up again, at the store (unless I'd forgotton to clear them).

And now it might get a little weird... I just now installed it (to test). I'm positive I didn't install it before...

14292_Ultralight_1.0_ds and 14292_UltralightMetaData_1.0_ds installed fine. But when it got to 14292_Ultralight_1.0_dpc it wanted to uninstall the "previous version".

And now I have two copies each, in Content Manager's search results, of the ultralight and its prop guard.

Is the dpc supposed to go to my poser content, and the 1st two to DS4 library, or something? (Pardon the remarkably stupid question, I don't always catch up to new things, nor pay much attention to what I install).

.

Quote - Is anyone else having trouble getting past the "Continue To: Requested Page on ShareCG.com" Page?

Took me a couple of clicks. Usually takes one. Not too bad for me.