|
Roger
I take it you are not keen on Opera ?
I do not have these problems with CW or QRSS they are sure
fire every time. From what i read on here it has no advantage over QRSS but
seems to consume a lot of time discussing its merits, needs a severe dose of
anti virus medicine and devours your CPU
GL de Mal/G3KEV
----- Original Message -----
Sent: Tuesday, January 24, 2012 8:55
PM
Subject: Re: LF: A bit off topic
Are we sure this isn't a way for the program to check for
upgrade notifications from its Spanish creator?
Here I have not
re-installed OPERA since I had PC load problems a few weeks ago when running
an earlier version. It still sounds not yet fully proven or spyware free. A
pity as it looks a useful program. I wish Joe K1JT had written it and then we
would have total openness and confidence.
73s
Roger
G3XBM
On 24 January 2012 20:09, Steinar Aanesland <[email protected]>
wrote:
Mike
By
the way , this "calling home" mechanism seems to be incorporated in the
latest ROS version too .
Same remote Address 88.14.57.81 , same
remote Port 8001 and same remote host antiarrl.dyndns.org
My advice is to install a
firewall that checks outgoing traffic, such as zonealarm http://www.zonealarm.com/
when playing with
this kind of software.
LA5VNA
S
-----Original Message-----
From: [email protected]
[mailto:[email protected]]
On Behalf Of Steinar Aanesland
Sent: 24. januar 2012 01:11
To: [email protected]
Subject:
RE: LF: A bit off topic
Hi Mike
Thanks for your reply. I
know the mechanism that allows Symantec to stop an unknown application, but
I don't think this is the
reason this time.
As you probably
know, Symantec 12.1 has a mechanism called sonar. Sonar analyzes
applications as they are running and takes action
once enough evidence
has been gathered to convict the application of being malware, based upon
its behavior.
I think sonar was trigged by some strange network
behavior. To test my theory, I turned off the sonar funktion, and made
a packet
sniffing on the network when Opera started.
Opera
made a connection to the following ip addresses:
Cluster
reporter:
-----------
TCP
Remote Address 176.31.252.203
Local
Port 3739
Remote Port 8000
Local Host
Remote Host
Service
Name
Nameservers ns.dxfuncluster.com
The Opera chat
channel:
----------
TCP
Remote Address 66.220.151.99
Local Port
1060
Remote Port 5222
Local Host
Remote Host
Service
Name
Reverse DNS jabber-03-01-tfbnw.net snc6.
http://www.plotip.com/ip/66.220.151.99
The
first two addresses may been explained by the cluster and chat function in
Opera, but I can't find any connection in the
software to the last
address :
----------
TCP
Remote Address 88.14.57.81
Local Port
3740
Remote Port 8001
Local Host
Remote Host antiarrl.dyndns.org
IP address country: Spain
IP
address state: Murcia
IP address city: San Javier
And why opera is
trying to transfer the following string "1 #### #### ####" to "ANTIARRL.DYNDNS.ORG
located some place in Spain is
a mystery.
My conclusion is to
leave this software alone.
73 de la5vna
Steinar
-----Original
Message-----
From: Mike Dennison [mailto:[email protected]]
Sent:
22. januar 2012 16:44
To: Steinar Aanesland
Subject: Re: LF: A bit off
topic
Steinar,
I have only now read your message. Are you
still having problems?
My version of Norton/Symantec deleted Opera
when I ran it. It decided that, because it did not know about the software,
it was
therefore suspicious. It is possible to configure Norton to ignore
some files or folders, and that was my fix. If you need details I
will
try to remember how I did it.
73 de Mike,
G3XDV
-----------------------------
> I know this is a bit off
topic, but is there anyone her using Symantec
> Endpoint Protection
ver 12.1 ?
>
> I am trying to use a new ham software but my
antivirus see this
> software as a risk.
>
> la5vna
Steinar
>
>
>
>
>
>
--
http://qss2.blogspot.com/
http://g3xbm-qrp.blogspot.com/
http://www.g3xbm.co.uk
https://sites.google.com/site/sub9khz/
|
