|
Threads
View context
Everything I produce is digitally signed by Microsoft Authenticode and will not run if a single bit changes. No other Opensim system takes security this seriously.
Just to clear up some misconceptions here: A fork is not someone adding anything to someone else's code. It's someone copying it. Adding would be a "push". Only Ubit Umarov (our #1 core dev) and I have permissions to push to DreamGrid.
There are no changes to this code since it was originally added last January. Anyone who understands git can see this. Or just look at https://github.com/Outworldz/DreamWorld/tree/V4/MSFT_Runti... The code inside is easily examined and scanneable by just extracting the EXE using any zip tool.
The version we run is from Jan 13, 2021. It has not been changed since then. Nothing else about anyone else's code is relevant.
The only time it was installed on any machine was shortly after that, when you first updated. It runs once, and never runs again, so you can delete it.
like(3)
Just to clear up some misconceptions here: A fork is not someone adding anything to someone else's code. It's someone copying it. Adding would be a "push". Only Ubit Umarov (our #1 core dev) and I have permissions to push to DreamGrid.
There are no changes to this code since it was originally added last January. Anyone who understands git can see this. Or just look at https://github.com/Outworldz/DreamWorld/tree/V4/MSFT_Runti... The code inside is easily examined and scanneable by just extracting the EXE using any zip tool.
The version we run is from Jan 13, 2021. It has not been changed since then. Nothing else about anyone else's code is relevant.
The only time it was installed on any machine was shortly after that, when you first updated. It runs once, and never runs again, so you can delete it.
Thank you Fred, I deleted it, and everything is fine now. Peculiar behavior, but it's the truth. Also it is true that clamwin av did mark it as being infected with a trojan. Very easy to fix, please do not panic people.
like(0)
View context
Edited: No one uses XP as Opensim does not run on Windows XP, and has not for about 3 years. Its not secure and was deprecated as part of a security push I initiated. And most of the grids I log into (which is a lot), run on very modern hardware. In 5 years I have seen a single A1 processor ( at 1 GHZ) with 4 GB of RAM. Dreamgrid and a region ran fine on it. The viewer, well, it booted, lets put it that way.
like(2)
View context
I'll report it to ClamAV. The hash of my version is 123468e5b29d797a0f7e09fe6736d26df8c9c13007aa3f579913726228bb2990. This is digitally signed by Authenticode so has a different signature than the original. Poorly written virus scanners may flag this as potentially malicious.
In the recent past, scanners from Microsoft, Norton and one have reported various bits of DreamGrid and Opensim as malicious based on behaviour rules. After all, Opensim downloads all kinds of unknown data stuff from hundreds of suspicious locations. DreamGrid does too.
All my code is protected from malicious people changing it by encrypted digital signature using the Outworldz Authenticode certificate.
On another note, anyone running an AV on Opensim\bin in real time needs to add an exclusion to the files in certain folders, or Opensim\bin. If you do not, you may end up with corrupted assets due to record locking. Opensim needs exclusing access to its assets and caches.
A bigger problem is older versions of Opensim, which directly allow anyone to read the hard disk and network shares. 0.8.2.1 grids and early 0.9.0 grids should be avoided.
https://www.virustotal.com/gui/file/123468e5b29d797a0f7e09...
like(3)
In the recent past, scanners from Microsoft, Norton and one have reported various bits of DreamGrid and Opensim as malicious based on behaviour rules. After all, Opensim downloads all kinds of unknown data stuff from hundreds of suspicious locations. DreamGrid does too.
All my code is protected from malicious people changing it by encrypted digital signature using the Outworldz Authenticode certificate.
On another note, anyone running an AV on Opensim\bin in real time needs to add an exclusion to the files in certain folders, or Opensim\bin. If you do not, you may end up with corrupted assets due to record locking. Opensim needs exclusing access to its assets and caches.
A bigger problem is older versions of Opensim, which directly allow anyone to read the hard disk and network shares. 0.8.2.1 grids and early 0.9.0 grids should be avoided.
https://www.virustotal.com/gui/file/123468e5b29d797a0f7e09...
So essentially it's a false alert on the side of malware scanners ranging from MSE to subscription-based commercial scanners to ClamAV, and there's no need for DreamGrid admins to have sleepless nights.
Also, I'd like to put an emphasis on the last paragraph. Those of you who are running very old installations of DreamGrid and have never updated, please do so. I know that the typical Windows user doesn't like to update things and prefers to leave everything as-is after installation, but this is a security issue.
liked(1)
Also, I'd like to put an emphasis on the last paragraph. Those of you who are running very old installations of DreamGrid and have never updated, please do so. I know that the typical Windows user doesn't like to update things and prefers to leave everything as-is after installation, but this is a security issue.
View context
Make a copy of your region folder, and mysql data. Done. With that you can restore any grid. OARs and IARS are not enough. You can recreate a grid with them, sort of, but will be missing friends, landmarks will not work, and your Firestorm outfits will be gone. Or learn to use use mysqldump.
like(0)
View context
Good way to fill an asset server with never again to be used textures unless its scripted to only make a new texture when someone is near to actually see it.
like(0)
View context
A Free Cross-Grid Database For LSL
A simple to use, dedicated, shareable database for all to use to save and persist data across scripts, regions, and grids. The URL is at http://outworldz.appspot.com/ where you will find the basic instructions. You use LSL to fetch a web page with a 'store' field, and it will save a name and a value. Here is an example to save the key AnimalName = bunny.
http://outworldz.appspot.com/store?service=2b307c02-2133-4...
To get back the AnimalName, you change the directive to 'load' and ask for AnimalName: http://outworldz.appspot.com/load?service=2b307c02-2133-4d...
The 'service' is any UUID. These can be used for security, or to identify a grid, region, person, prim, a project or whatever. If this UUID is set to the llGetOwner(), the then data would be stored where prims owned by that avatar can easily get it back.
Lots more help from Maria at Hypergrid Business is at https://www.hypergridbusiness.com/2012/12/free-database-fo...
like(1)
A simple to use, dedicated, shareable database for all to use to save and persist data across scripts, regions, and grids. The URL is at http://outworldz.appspot.com/ where you will find the basic instructions. You use LSL to fetch a web page with a 'store' field, and it will save a name and a value. Here is an example to save the key AnimalName = bunny.
http://outworldz.appspot.com/store?service=2b307c02-2133-4...
To get back the AnimalName, you change the directive to 'load' and ask for AnimalName: http://outworldz.appspot.com/load?service=2b307c02-2133-4d...
The 'service' is any UUID. These can be used for security, or to identify a grid, region, person, prim, a project or whatever. If this UUID is set to the llGetOwner(), the then data would be stored where prims owned by that avatar can easily get it back.
Lots more help from Maria at Hypergrid Business is at https://www.hypergridbusiness.com/2012/12/free-database-fo...