warning to users of x64 windows 7 7058

C

carnag3

Limp Gawd
Joined
Aug 31, 2007
Messages
405
my firewall is reporting outbound traffic (blocked of course) too what looks like a swedish ip, and an adress of "ip"-cust.breband2.com/

I am not trying to spread panic, but i could not find any answers as to what it is apart from that it looks to be located in sweden,

anyone want to enlighten me?

Yes my download matches all of your 'presumed' safe md5's...

anyone?
 
Been running 7057 for several days now, no weird outbound IP traffic noted so far to speak of.

Typos... gotta love 'em, eh? :)
 
what firewall do you run? I have eset smart security, i know you're a fan... :p but still? that is very strange...
 
The Windows firewall and this POS Netgear I have. I don't don the "tin hat" with respect to outgoing stuff. Still running NOD32 v2.7 here, will continue to do so till Eset simply doesn't put out updates for that version anymore...
 
Pfff, at least it doesn't phone home to Bill Gates, the DoD, and Haliburton like Vista does. I read it on Slashdot, it must be true. :p

On a serious note, as far as I'm concerned if its not directly from Microsoft its untrustworthy to begin with.
 
interesting stance, I do kind of agree, but a lot of people are downlaoding these betas, you would think some technical people would of picked up if it was doing suspect things,
 
OP, might you have a tampered ISO? I've seen nothing as such with build 7057.
 
CRC32 22ef1237
MD5 3e262526f9a758c5b3624910a05c2699
SHA-1 b79d4552a7a871901e881ae308f9188e04a4f929
is this what everyone has?
 
Your title says you are running build 7058. Everyone else is running 7057.

Are you really running 7058?
 
Here's something a bit freaky. Using the same 7048 x64 build here as several other people. . . just looked back at my System Event Log. Mixed in with the standard stuff on the day I installed the system is a bunch of other junk in cyrillic/Russian script dated 2/19/2009. The system was installed on 3/7/2009.

I'm not saying this is evidence of wrongdoing. But it's definitely a bit disconcerting. I think I may be done with Windows 7 builds, despite reassurances, until the official RC lands.

russian.jpg
 
That is a bit odd, and checking mine just now (7057 x64) I see the following when I sort the columns by date:

eventlog.png


which is a bit odd considering (note the highlighted info):

systeminfol.png


so this does lend some credence that something weird is going on, somewhere... I'll continue running this build for the time being and see what happens, do more research, but that most certainly shouldn't be there, and the particular font chosen would lead me (and most anyone reading it) to believe something is definitely fishy here...

None of us is innocent anymore so... if it's h4x0r3d to shreds, whatever... ;)

31173 73x7 15 50 c001, 41n\'7 17? :)

If you can't read that, good for you, but it says: elite text is so cool, ain't it? :)
 
March 6th does make sense. The build was compiled on March 5th and MS uses an image based installer on the DVD. No shenanigans there.
 
I've still got a boxen running build 7000, installed on 1/10/09 and I just checked the logs and see the same type of thing.

Every odd entry I see is dated 12/12/08.... strangeness is abounding!

Oh... and for whatever it's worth, this install has been really solid and speedy for me... just thought I should mention that.
 
digital_exhaust said:
I've still got a boxen running build 7000, installed on 1/10/09 and I just checked the logs and see the same type of thing.
Click to expand...
Does that include the odd Cyrillic/Russian font/text in the off-date entries?

If so, that would be reassuring.

If not, I suppose the odd font/text might just be an indication that the original leak came from Eastern Europe so the image-based installation used might be using a non-US font at the beginning. So it still might not be the end of the world. But I'm still a bit nervous. :(
 
Hurin said:
Does that include the odd Cyrillic/Russian font/text in the off-date entries?

If so, that would be reassuring.

If not, I suppose the odd font/text might just be an indication that the original leak came from Eastern Europe so the image-based installation used might be using a non-US font at the beginning. So it still might not be the end of the world. But I'm still a bit nervous. :(
Click to expand...

More to the point, why would you be nervous. This is a beta OS why would you have any important info on it in the 1st place?
I have Windows 7 just put 7057 on it last night, but I do not do any banking or financials on it for the very reason that it is a Beta and being a beta the security of it can not be believed to be good. It's already going to be calling home to M$ to report errors and usage stats.
 
Lebowski said:
More to the point, why would you be nervous. This is a beta OS why would you have any important info on it in the 1st place?
I have Windows 7 just put 7057 on it last night, but I do not do any banking or financials on it for the very reason that it is a Beta and being a beta the security of it can not be believed to be good. It's already going to be calling home to M$ to report errors and usage stats.
Click to expand...
You're kidding, right?

I'm not going to argue with you. But I think many (if not most) people here are using their Windows 7 builds on their main rigs for their everyday usage. Which, yes, includes typing in a few passwords, etc.

Is it the 100% safest thing to do? No. But the web is replete with many mentions even from respected technical writers that they have been using Windows 7 as their main operating system on their main computers.

And, to my knowledge, it does not call home to "M$" (could the dollar sign thing be any more played?) to report anything without my initiating it. Nor is it any less secure than Vista. It is, after all, a Beta test, not an alpha build. It is feature-complete and near-RC.

So, if you want to get pedantic and pick a fight, please choose another person with which to do so. Because I don't see enough merit in your point of view to address it any further.
 
There is no such thing as "security" in today's connected world. Anyone that believes otherwise needs to go build some houses with the Quakers... or find an island someplace. If you're "connected" you are by that implication alone vulnerable and you always will be.

Tin hat time!!!

NEXT!!!
 
digital_exhaust said:
I've still got a boxen running build 7000, installed on 1/10/09 and I just checked the logs and see the same type of thing.

Every odd entry I see is dated 12/12/08.... strangeness is abounding!

Oh... and for whatever it's worth, this install has been really solid and speedy for me... just thought I should mention that.
Click to expand...

12/12 is when the beta was compiled. It was released to the public in January.
 
DeathFromBelow said:
Sure, but there are steps you can take to minimize your exposure/risk. Downloading an unreleased beta OS off BitTorrent isn't one of them. :)
Click to expand...
Lebowski's point wasn't that it was an unoffical leak. He was making the ridiculous contention that simply because it was a Beta release, we shouldn't be using it for anything "important."

Apparently, we shouldn't be "nervous" that it might be a hacked version doing something nefarious because, "hey, it's just beta" and we shouldn't have ever used it for anything that we wouldn't want to have stolen. Oddly, it almost sounds like we shouldn't care at all if our version were actually hacked.

The idea that these beta releases are there so that we can install them on virtual machines and poke at them in a lab is ludicrous. We are expected to install them on our computers and use them as normal lest the feedback MS receives be useless. How am I supposed to test an online game without putting in my password? How am I supposed to test iTunes without putting in my iTunes credentials?

He seems to have a skewed view of the term "Beta" as well as the intended role beta testers are intended to play in the Windows 7 Beta program. Beta does of course mean that we should expect problems. . . but it doesn't mean (as he seems to think) that we should expect and even blithely accept that our data is going to be packed up and shipped off to Russia.

In a nutshell: Beta testers should try to (and MS hopes that they will) use Windows 7 as much like we would use a "production OS" as possible. They/we should (of course) keep backups in case of unforeseen issues. But that's not to say that, by nature of being beta, we should expect the OS to be unsecure or transmitting our paypal passwords to Uzbekistan.

In any event, it appears this (edit: The screenshots of the strange dates and non-English text) was a false alarm. But coming in to state that there should never have been any need to be concerned or "nervous" at all because this is a beta. . . that's just asinine.

:rolleyes:
 
He was making the ridiculous contention that simply because it was a Beta release, we shouldn't be using it for anything "important."

He still has a point though. Would you set up your company's SQL server on a Windows 7 beta machine? :p There's no real reason to take the point to the extremes of saying "don't do anything that involves a password", but even if there is a leak involving your financial information, there's no one to blame as it's a beta and bugs are expected :)
 
He still has a point though. Would you set up your company's SQL server on a Windows 7 beta machine? :p
Click to expand...
Apples and oranges. As you caution below, let's not take things to extremes. Expecting to run your home computer on Windows 7 after backing up all your data isn't quite the same as running your company's live SQL server on beta software, now is it?

There's no real reason to take the point to the extremes of saying "don't do anything that involves a password", but even if there is a leak involving your financial information, there's no one to blame as it's a beta and bugs are expected :)
Click to expand...
I think you guys are missing the point. We were trying to determine if a leaked build was actually non-genuine and pre-hacked by someone and then distributed for nefarious purposes. This guy came in merely to say that it really shouldn't matter and we shouldn't even have cause to be worried if it is hacked because we shouldn't have been doing anything of consequence on these machines anyways. That is a silly statement.

The breach we are concerned about here wouldn't be due to the software being Beta but due to someone hacking the build and distributing it. So we're not even talking about the same thing.

How do you figure its a false alarm?
Click to expand...
The OP may indeed be having an issue. But regarding those strangely dated event log entries and odd font (which I specified when I said it's probably a false alarm), those appear to be legit and someone has reported that these appear even on the 7000 build released directly and officially from MS. Though I intend to confirm tonight.
 
Okay, I just installed build 7000 64-bit on a machine I had to-hand here at work. I can confirm as well that oddly dated entries (coinciding with the build --rather than installation-- date) as well as the oddly eastern european font are present in the event viewer even in this official MS build.

So, again, while I can't explain the outbound IP traffic the OP is noticing, I'm now no longer worried about the screenshot I posted showing the odd dates and font.
 
What? This case isn't closed yet! :p

The problem stems from the age we're living in. Viruses, spyware, trojans, they're everywhere and they're constantly growing in complexity and stealth, and they have the potential to cause great harm, and it's not to be ruled out that people could have stuck their own nastiess in downloads for the Win7 beta. It's becoming an age of paranoid computing, and rightfully so.
 
hmm, thanks for all the research and discussion guys, considerign reformattign see if that does anything... I am going to go over my logs again (eset ss) and check exactly what it was, do some more googling, and see if they come up when i format, my gut tells me they couldnt do anything anyway seeing as i had blocked them, still...
 
My 7057 build stated that it was leaked from Russia on the site I procured it from. Same odd fonts, and identical MD5's as already shown.
 
Might be a 64-bit thing (the font). Build 7068 x64 has correct dates on my machine, but strange fonts.

Build 7000 x86 has normal fonts
 
You must log in or register to reply here.
Back
Top