Iinitially I planned to write this article more than a year ago but always postponed it. Other things became always more important. After yesterday's events with FlightSimLabs I couldn't resist and wrote very short version of it.
Few months ago I started a research and analyzed the situation on the market and some data going around.
My knowledge about security is probably a little bit higher than yours but still it is a very small piece of what you can call IT Security/Privacy cake. I'm not a specialist in any form. That's why I contacted some guys form ITSec industry. One of them was Adam from www.z3s.pl, a guy responsible for penetration tests and training courses in some of the Polish companies. The second person was a friend of mine, Robert from the company working on international scale. The company didn't want to reveal its name due to the fact they are working for some worldwide known corporations where they provide network and software penetration tests. Individual customers are not their target and they just want to avoid receiving (like in past) thousands emails they will not answer to.
Click "Read more" in the right corner to read full article.
Few months ago I started a research and analyzed the situation on the market and some data going around.
My knowledge about security is probably a little bit higher than yours but still it is a very small piece of what you can call IT Security/Privacy cake. I'm not a specialist in any form. That's why I contacted some guys form ITSec industry. One of them was Adam from www.z3s.pl, a guy responsible for penetration tests and training courses in some of the Polish companies. The second person was a friend of mine, Robert from the company working on international scale. The company didn't want to reveal its name due to the fact they are working for some worldwide known corporations where they provide network and software penetration tests. Individual customers are not their target and they just want to avoid receiving (like in past) thousands emails they will not answer to.
Click "Read more" in the right corner to read full article.
The reason why I did it in first place was the fact that I banned large number of email addresses where people were asking me if I can help them with installation of illegally obtained copies of some addons for our simulators.
First thing - don't do it! Don't send me such of emails because all you will get is a doubtful pleasure of landing on my blacklist. Don't expect any reply message from me.
So what I have done?
First of all, I monitored forums of more than a dozen of developers making various addons for our simulators and found out that some of them are asking to run the installer file (or already installed .exe file) with Administrator rights. The true is, none of them should be executed with such of rights.
Why not? With this function, software obtains highest, unrestricted level of Windows security privileges. Well, this is a very complicated technical issue because Windows as the system doesn't make it easy for 3rd party software developers. But this is first issue 3rd party developers should fight with, not go around.
Then I read something what became simply shocking and alarming to me. What was it? Asking you to add the installer file or even entire folder where the addon was installed to the exclusion list in your AntiVirus software..
I would not be surprise if I saw this idea from a customer or even beta tester of the software who probably has no knowledge about security at all. Shocking for me was the fact that it was written by developers!
Such of statement is very irresponsible and shows that the developer prefer to go around and violate security rules and principles in development process. It doesn't actually matter what kind of software it is. It might be your beloved aircraft for the sim, music player, web browser... it really doesn't matter. That kind of move is unacceptable.
This is developer's responsibility and duty to make sure that all files are clean and free of any suspected code and then make sure that it will be tested and it goes through virus scanners without alarming red exclamation mark with big THREAT text next to it.
Illegal software copies
The other part of the research I have done was checking more than 70 illegal copies of flight sim addons found on torrents. The copies people were asking me about in emails. Adam checked few files, while Robert penetrated all of them plus he checked what kind of data is sent and received to and from developer servers.
The results were very interesting and surprising for me but if you think I will share any details what shit you can get with such of file or you expect I will give you a list with clean/dirty files...FORGET IT! I will never share that kind of info. If you want to risk, good luck! If you want to find out if the addon is worth of buying, video and streaming platforms like Twitch and YouTube, social platforms like Facebook, Twitter or product forums are the places where you should look for the the answers which will help you to make decision. There is no need to download illegal copies. If you are going to use it, BUY IT!
DRM vs privacy and sensitive data protection
In regards to yesterday's news about suspicious file found when installing FSLabs A320 addon - This product wasn't included in this research but after reading the the concerns from people as well as official statement from FlightSimLabs, I will comment on it here.
First essential info:
1. One of the Reddit users started a thread where he said that installer file of FSLabs A320 contains "text.exe" which looks like a "Chrome password extraction tool"
2. Within next two hours more and more people were saying that test.exe was found on their installation.
One of the results taken on VirusTotal website
3. Lefteris Kalamaras (CEO of FligghtSimLabs Ltd.) makes a statement on their forum.
4. FSLabs removed test.exe file from the installer and re-uploaded clean version
Before Lefteris Kalamaras made his statement, I took into account few scenarios and I stayed away from judging anyone:
1. Malicious "Test.exe" file was attached by person who cracked legit copy and which have spread it in Internet
2. FSLabs server's security system was compromised and original installer was replaced with the one containing malware.
3. Some frustrated employee inside the developer team sabotaged the work.
4. Somehow test.exe was on the company's network and was added unintentionally landed in installer
5. FSLabs for some reason intentionally placed test.exe in the installer
Were they all really possible? Yes and here is why.
First, it's very common to find any harmful software injected in illegal copies.
There are many sort of thy kind of software - adaware, spyware, Trojan horses, worms, rootkits, backdoors and many many more. Each of them have different purpose. Some of them are made to obtain (read stealing) sensitive personal or financial data, other to disturb some events or collect information and profile the victim.
Notice that malware might be built in very different ways with different level of complexity. It is a very common to inject one file that will not harm your system directly by removing or accessing other files. They might be installed as the first step from many, where the person standing behind it open one door just to inject another one which will be followed by another one to the point where objective is achieved.
Server' security breach might be also done for various reasons, i.e to get customer database, to obtain business secrets like details about developed products/services or just to reveal some information to the public just to discredit the company's name. It's just a short sample of potential reasons.
Another scenario I thought about was inside job where one of the employees or former employees sabotaged company's product and name just because he don't like his boss, he was dismissed from work but company forgot to remove his security credentials in company's network. Very possible scenario nowadays, triggered mostly by ex-administrators. Believe me, it happen all the time around the globe, in both small and huge companies.
Let's go further. Is it possible that this malicious software landed in their internal network and it was not detected by security software and any developer? Very unlikely but still possible. However, it means that internal control of the network failed, on both software and human side. It also happen quite often in various companies or public institutions.
The last possible scenario is that company added this malware on purpose.
This happen as well but it raise my concerns and kills my trust, yours should too, no matter what reasons company had.
Generally adding any extra piece to the installers happen by some freeware software for you don't pay for but to keep some incomes, developers add 3rd party products/services to it so they get paid.
Now, even now when I write this article I get messages via both channels - Discord and email - about the FSLabs case.
First one thing must be clear and I will say it loud here. Each developer has a right to protect his product or service from spreading it as illegal copies. That's why technology like DRM exists.
Developer or team of them not only spends thousands of hours to deliver a product you will enjoy. This is their work and equally like you, they deserve to get paid for what they do. Moreover, they learned to do something what you can't do. They invest their money in employees, technology, resources, etc. to collect everything altogether and again, make a product you are waiting for.
They use DRM (Digital Rights Management) to protect they content and this isn't something new. There are various of ways used for content protection since many years, starting with simple Activation Key delivered with the products. We all know that, right? The other form of DRM is Watermark or some code injected to the file that will not let you use it on the device or software other than the one which the file was sold for.
Do you want an example? Apple used their DRM system for audio files available on iTunes platform back in 2003 and removed it partially in 2007. I said partially because there is still digital watermark labeling info about the person which bought a file.
The other popular nowadays form of DRM protection is online validation where you need a connection to DRM servers to be able to use the products.
DRM technology expands and develops to meet the new problems and ways their products are cracked.
Like I said, every content creator has a right to protect what he makes.
DRM technology is generally something what we could concentrate here for hours or days so... I will end it here.
However, none of the content creator has any right to install or simply deliver any malicious software next to the legit installer to our computers. NONE! It doesn't matter if it is explained as a part of "DRM protection" or not, some form of fighting with piracy or whatever.
First of all, like in case of mentioned "test.exe" file, it looks like it is a "Chrome password extraction tool" able to get sensitive data from your computer. No matter if you have legit or not copy of their product, delivering such of software is braking any ethic rules and conduct for programing. Morever, it brings on company a lot of shit storm from customers and generally entire community.
Besides, law apply here and if this kind of move was made, it might be breaking a laws in most of the countries and to be honest I am curious how this situation will develop.
What makes me very concern and I can't agree at this moment with is official statement of the company saying that this file don't harm any legit copy and a customer who purchased it. First of, if the "Test.exe" works like it was described at Reddit, it should never be delivered with any copy, legal or not in any form. It doesn't make any difference in what form it was,installed or extracted.
It also makes no difference if this .exe was in your computer for a month or just for 5 seconds during the installation and validation process.
In the field of law, it might bring lawsuits against the company. Private companies are not the Police, FBI or any other government institution which can obtain any sensitive data from your computer by installing any extra software. Even if FlightSimLabs bring to the courts people who used or distributed the illegal copies, they might be charged back for such of moves.
For me it's still unclear what exact data was obtained by FlightSimLabs when targeted person with illegal copies. I do not have access to this file, neither I was able to analyze the data sent to the company's server so I can't say what kind of data was transferred.
The reason why I did it in first place was the fact that I banned large number of email addresses where people were asking me if I can help them with installation of illegally obtained copies of some addons for our simulators.
First thing - don't do it! Don't send me such of emails because all you will get is a doubtful pleasure of landing on my blacklist. Don't expect any reply message from me.
So what I have done?
First of all, I monitored forums of more than a dozen of developers making various addons for our simulators and found out that some of them are asking to run the installer file (or already installed .exe file) with Administrator rights. The true is, none of them should be executed with such of rights.
Why not? With this function, software obtains highest, unrestricted level of Windows security privileges. Well, this is a very complicated technical issue because Windows as the system doesn't make it easy for 3rd party software developers. But this is first issue 3rd party developers should fight with, not go around.
Then I read something what became simply shocking and alarming to me. What was it? Asking you to add the installer file or even entire folder where the addon was installed to the exclusion list in your AntiVirus software..
I would not be surprise if I saw this idea from a customer or even beta tester of the software who probably has no knowledge about security at all. Shocking for me was the fact that it was written by developers!
Such of statement is very irresponsible and shows that the developer prefer to go around and violate security rules and principles in development process. It doesn't actually matter what kind of software it is. It might be your beloved aircraft for the sim, music player, web browser... it really doesn't matter. That kind of move is unacceptable.
This is developer's responsibility and duty to make sure that all files are clean and free of any suspected code and then make sure that it will be tested and it goes through virus scanners without alarming red exclamation mark with big THREAT text next to it.
Illegal software copies
The other part of the research I have done was checking more than 70 illegal copies of flight sim addons found on torrents. The copies people were asking me about in emails. Adam checked few files, while Robert penetrated all of them plus he checked what kind of data is sent and received to and from developer servers.
The results were very interesting and surprising for me but if you think I will share any details what shit you can get with such of file or you expect I will give you a list with clean/dirty files...FORGET IT! I will never share that kind of info. If you want to risk, good luck! If you want to find out if the addon is worth of buying, video and streaming platforms like Twitch and YouTube, social platforms like Facebook, Twitter or product forums are the places where you should look for the the answers which will help you to make decision. There is no need to download illegal copies. If you are going to use it, BUY IT!
DRM vs privacy and sensitive data protection
In regards to yesterday's news about suspicious file found when installing FSLabs A320 addon - This product wasn't included in this research but after reading the the concerns from people as well as official statement from FlightSimLabs, I will comment on it here.
First essential info:
1. One of the Reddit users started a thread where he said that installer file of FSLabs A320 contains "text.exe" which looks like a "Chrome password extraction tool"
2. Within next two hours more and more people were saying that test.exe was found on their installation.
One of the results taken on VirusTotal website
3. Lefteris Kalamaras (CEO of FligghtSimLabs Ltd.) makes a statement on their forum.
4. FSLabs removed test.exe file from the installer and re-uploaded clean version
Before Lefteris Kalamaras made his statement, I took into account few scenarios and I stayed away from judging anyone:
1. Malicious "Test.exe" file was attached by person who cracked legit copy and which have spread it in Internet
2. FSLabs server's security system was compromised and original installer was replaced with the one containing malware.
3. Some frustrated employee inside the developer team sabotaged the work.
4. Somehow test.exe was on the company's network and was added unintentionally landed in installer
5. FSLabs for some reason intentionally placed test.exe in the installer
Were they all really possible? Yes and here is why.
First, it's very common to find any harmful software injected in illegal copies.
There are many sort of thy kind of software - adaware, spyware, Trojan horses, worms, rootkits, backdoors and many many more. Each of them have different purpose. Some of them are made to obtain (read stealing) sensitive personal or financial data, other to disturb some events or collect information and profile the victim.
Notice that malware might be built in very different ways with different level of complexity. It is a very common to inject one file that will not harm your system directly by removing or accessing other files. They might be installed as the first step from many, where the person standing behind it open one door just to inject another one which will be followed by another one to the point where objective is achieved.
Server' security breach might be also done for various reasons, i.e to get customer database, to obtain business secrets like details about developed products/services or just to reveal some information to the public just to discredit the company's name. It's just a short sample of potential reasons.
Another scenario I thought about was inside job where one of the employees or former employees sabotaged company's product and name just because he don't like his boss, he was dismissed from work but company forgot to remove his security credentials in company's network. Very possible scenario nowadays, triggered mostly by ex-administrators. Believe me, it happen all the time around the globe, in both small and huge companies.
Let's go further. Is it possible that this malicious software landed in their internal network and it was not detected by security software and any developer? Very unlikely but still possible. However, it means that internal control of the network failed, on both software and human side. It also happen quite often in various companies or public institutions.
The last possible scenario is that company added this malware on purpose.
This happen as well but it raise my concerns and kills my trust, yours should too, no matter what reasons company had.
Generally adding any extra piece to the installers happen by some freeware software for you don't pay for but to keep some incomes, developers add 3rd party products/services to it so they get paid.
Now, even now when I write this article I get messages via both channels - Discord and email - about the FSLabs case.
First one thing must be clear and I will say it loud here. Each developer has a right to protect his product or service from spreading it as illegal copies. That's why technology like DRM exists.
Developer or team of them not only spends thousands of hours to deliver a product you will enjoy. This is their work and equally like you, they deserve to get paid for what they do. Moreover, they learned to do something what you can't do. They invest their money in employees, technology, resources, etc. to collect everything altogether and again, make a product you are waiting for.
They use DRM (Digital Rights Management) to protect they content and this isn't something new. There are various of ways used for content protection since many years, starting with simple Activation Key delivered with the products. We all know that, right? The other form of DRM is Watermark or some code injected to the file that will not let you use it on the device or software other than the one which the file was sold for.
Do you want an example? Apple used their DRM system for audio files available on iTunes platform back in 2003 and removed it partially in 2007. I said partially because there is still digital watermark labeling info about the person which bought a file.
The other popular nowadays form of DRM protection is online validation where you need a connection to DRM servers to be able to use the products.
DRM technology expands and develops to meet the new problems and ways their products are cracked.
Like I said, every content creator has a right to protect what he makes.
DRM technology is generally something what we could concentrate here for hours or days so... I will end it here.
However, none of the content creator has any right to install or simply deliver any malicious software next to the legit installer to our computers. NONE! It doesn't matter if it is explained as a part of "DRM protection" or not, some form of fighting with piracy or whatever.
First of all, like in case of mentioned "test.exe" file, it looks like it is a "Chrome password extraction tool" able to get sensitive data from your computer. No matter if you have legit or not copy of their product, delivering such of software is braking any ethic rules and conduct for programing. Morever, it brings on company a lot of shit storm from customers and generally entire community.
Besides, law apply here and if this kind of move was made, it might be breaking a laws in most of the countries and to be honest I am curious how this situation will develop.
What makes me very concern and I can't agree at this moment with is official statement of the company saying that this file don't harm any legit copy and a customer who purchased it. First of, if the "Test.exe" works like it was described at Reddit, it should never be delivered with any copy, legal or not in any form. It doesn't make any difference in what form it was,installed or extracted.
It also makes no difference if this .exe was in your computer for a month or just for 5 seconds during the installation and validation process.
In the field of law, it might bring lawsuits against the company. Private companies are not the Police, FBI or any other government institution which can obtain any sensitive data from your computer by installing any extra software. Even if FlightSimLabs bring to the courts people who used or distributed the illegal copies, they might be charged back for such of moves.
For me it's still unclear what exact data was obtained by FlightSimLabs when targeted person with illegal copies. I do not have access to this file, neither I was able to analyze the data sent to the company's server so I can't say what kind of data was transferred.
TIPS ABOUT THE SAFETY
The last part of this article is about general security of your computer and data.
Idea of giving few simple tips came after reading or taking an active part in some conversation on Discord servers. It looks like many people have no idea where they should start to take care of that or what is even worst, they ignore it putting usefulness instead of security on higher position.
NOTICE: There is no software you can call 100% working. However, increasing amount of steps to care about your security might help to protect your data and keep away from jeopardy you are exposed using network.
1. First and most important is...your brain! Does it sound rude? Maybe, you might agree or not but human is the part of security system which fails most often so don't feel insulted.
2. Have a good AntiVirus and Firewall software and learn as much as you can about how to configure them.
3. Never ignore alerts given by the software mentioned above. Never trust to "it's false positive" comments from other regular users. In 99% they have no idea about ITSec.
4. NEVER trust developer who tells you to add his files to anti virus exclusion list and run his programs with Admin credentials. I will repeat - It's developers duty and responsibility to make sure the files are clean and they are not flagged as "threat" in any protection software.
5. Never store sensitive data like logins and passwords, credit card numbers or pins in any browser. Use freeware "KeePass" for that. It's a very small but useful software.
6. If you have any sensitive data like documents, photos, etc - encrypt your drive where you keep them. You can use Windows' BitLocker or encryption built-in in the hard drive. You can also use TrueCrypt software to create one encrypted volume. This software isn't developed anymore but there is no reason to stop trust it.
7. Make sure you have sett to "OFF" default usage of all Java scripts and Flash plugins in your browser.
8. Never use any password for more than one website.
9. Use very long and strong passwords (with random characters) for most important websites like for online banking, etc. You can generate them in KeePass.
10. Use encryption of the drive in your phone, laptop which you take to public places or at least the sensitive data carry encrypted in TrueCrypt file.
11. If you want another extra protection, you can use YubiKey hardware.
OK, that would be all.
If you would like to share your thoughts, you have any questions, let me know in comment section below or join us on Discord server.
If this article was somehow helpful to understand something, helpful in anyway, feel free to shore the link to it with other community members.
Well "TIP" section goes beyond our community and the steps should be applied by any computer user.
Cheers
The last part of this article is about general security of your computer and data.
Idea of giving few simple tips came after reading or taking an active part in some conversation on Discord servers. It looks like many people have no idea where they should start to take care of that or what is even worst, they ignore it putting usefulness instead of security on higher position.
NOTICE: There is no software you can call 100% working. However, increasing amount of steps to care about your security might help to protect your data and keep away from jeopardy you are exposed using network.
1. First and most important is...your brain! Does it sound rude? Maybe, you might agree or not but human is the part of security system which fails most often so don't feel insulted.
2. Have a good AntiVirus and Firewall software and learn as much as you can about how to configure them.
3. Never ignore alerts given by the software mentioned above. Never trust to "it's false positive" comments from other regular users. In 99% they have no idea about ITSec.
4. NEVER trust developer who tells you to add his files to anti virus exclusion list and run his programs with Admin credentials. I will repeat - It's developers duty and responsibility to make sure the files are clean and they are not flagged as "threat" in any protection software.
5. Never store sensitive data like logins and passwords, credit card numbers or pins in any browser. Use freeware "KeePass" for that. It's a very small but useful software.
6. If you have any sensitive data like documents, photos, etc - encrypt your drive where you keep them. You can use Windows' BitLocker or encryption built-in in the hard drive. You can also use TrueCrypt software to create one encrypted volume. This software isn't developed anymore but there is no reason to stop trust it.
7. Make sure you have sett to "OFF" default usage of all Java scripts and Flash plugins in your browser.
8. Never use any password for more than one website.
9. Use very long and strong passwords (with random characters) for most important websites like for online banking, etc. You can generate them in KeePass.
10. Use encryption of the drive in your phone, laptop which you take to public places or at least the sensitive data carry encrypted in TrueCrypt file.
11. If you want another extra protection, you can use YubiKey hardware.
OK, that would be all.
If you would like to share your thoughts, you have any questions, let me know in comment section below or join us on Discord server.
If this article was somehow helpful to understand something, helpful in anyway, feel free to shore the link to it with other community members.
Well "TIP" section goes beyond our community and the steps should be applied by any computer user.
Cheers
