Whole Tomato Software Forums
Whole Tomato Software Forums
Main Site | Profile | Register | Active Topics | Members | Search | FAQ
User name:
Password:
Save Password
Forgot your password?

 All Forums
 Visual Assist
 Technical Support
 Suspicious spyware type activity
 New Topic  Topic Locked
 Printer Friendly
Author Previous Topic Topic Next Topic  

rehan
Junior Member

11 Posts

Posted - Jul 23 2004 :  07:44:30 AM  Show Profile
Does VAX try to connect to internet wihtout authorization?

I am observing some suspicious spyware type acivity with VAX. it seems to be trying to connect to the internet whenever Visual Studio starts up. My firewall goes red asking if I would like to allow "Visual Studio" to connect to the internet... which I dont as it doesnt need to...

I have tested it with Visual Studio 6 and VS.NET. If I disable the VAX plugin by unregistring it, no firewall warning appears.

If this is Whole Tomato's secreat way to monitor unauthorized use of their software then I would say that I am deeply disappointed... It is very stupid of you to do so without first making it clear and asking permission since there is no difference between a spyware and this unauthorized action of VAX.

Rehan

WannabeeDeveloper
Tomato Guru

Germany
775 Posts

Posted - Jul 23 2004 :  10:27:59 AM  Show Profile
There is no such behaviour on my system here...

Go to Top of Page

rehan
Junior Member

11 Posts

Posted - Jul 23 2004 :  11:17:04 AM  Show Profile
More investigation...

It only happens with single user license. All my colleagues in my company have multiple user license but for some managment reason I got a single user license for VAX. If I use their license then firewall remains happy, however with single user license firewall reports internet access attempt by Visual Studio at startup.

I am using windows XP SP2 firewall and TDIMon from Sysinternals to monitor internet traffic. It consistently shows internet traffic coming from Visual Studio at its startup. if VAX is disabled/uninstalled it doesnt show any internet traffic at VS startup.

May I request an official confirmation or denial of this please.

In the meanwhile can other single user license holders (who should be interested in this !) please do this simple experiment:

1. Install and run a firewall which can block outgoing traffic. XP SP2 firewall can do it, but the standard XP (pre SP2)firewall does not have this feature. Use Tiny or ZoneAlram.
2. Configure firewall to block all outgoing traffic or make sure it blocks Visual Studio to connect to internet.
3. Run Visual Studio with VAX enabled.

Does the firewall report anything?

Now disable the VAX plugin by uninstalling it (or removing it from the VS plugin list in) and do the above procedure again... This time Visual Studio should not require firewall permission.
Go to Top of Page

jpizzi
Tomato Guru

USA
642 Posts

Posted - Jul 23 2004 :  11:46:02 AM  Show Profile
One time, I had VS running on one machine and locked the console. I then went to another machine (the one with connectivity to the embedded target I was developing for), and tried to start VS (both with the same license of VA). VA noticed the other instance was running, and refused to start. I would expect that there was some sort of network communication to enable this check.

Joe Pizzi
Go to Top of Page

WannabeeDeveloper
Tomato Guru

Germany
775 Posts

Posted - Jul 23 2004 :  12:49:47 PM  Show Profile
Indeed, you're right:
Sygate Personal Firewall reports this:
2004-07-23 18:19:31 Blocked UDP 255.255.255.255 8099 192.168.1.2 C:\\Programme\\Microsoft Visual Studio .NET 2003\\Common7\\IDE\\devenv.exe

VA_X is broadcasting (to IP 255.255.255.255) on port 8099...

I didn't notice it cause I'm using Microsofts Symbolserver while Debugging, and this demands Internet access, which I allowed for VS .NET (of course).
So VA_X broadcasted without my knowledge or awareness.

Go to Top of Page

Sasa
Tomato Guru

272 Posts

Posted - Jul 23 2004 :  12:56:40 PM  Show Profile
Ok, by the broadcasting request type, we can clearly see that VAX, used with a single license, is trying to query the whole subnet for the Armadillo license server. So indeed, this confirms that with the single user license, VAX is making sure that no other person on the LAN is using the same license. While with the multiple license type, there is no need really to check that for obvious reasons. You know, most of the time companies using third party protection softwares don't even know about it's full behavior, until somebody comes and complains about it. On the other hand, i can understand why they deciced to go with a 3rd party protection/licensing tool, it will free them to make better software instead of concentrating efforts on protection schemes.

C++
Visual Studio 2008 Pro
Windows 7 x64
Go to Top of Page

rehan
Junior Member

11 Posts

Posted - Jul 23 2004 :  5:35:19 PM  Show Profile
Sasa how can you defend a gross privacy breach like this. It might be understandable if it happened with some software that is developed by some non-software related company... But VA is developed for and used by software developers... if developers at WholeTomato cannot understand what spyware they are bundling in with their software then it would reflect on their non-professionalism... and they must apologise for this blunder. And on the other hand if they have done it knowingly then it amounts to a serious crime no less.

How can you be sure that it was just a license inquiry that their software made behind your back. Next time you open up your bank account screen or type in your password on the computer where VAX is running, try to convince yourself with these escuses you mentioned that nobody is looking at the figures infront of you and your poasswords are really safe...
Go to Top of Page

ether
Tomato Guru

USA
130 Posts

Posted - Jul 23 2004 :  5:53:18 PM  Show Profile
It is not spyware!!! It broadcasts on your local network to make sure you are not running more copies than you have registered. Plain and simple. Run Network Spy and you can see the freakin' packets that are sent.
Go to Top of Page

Sasa
Tomato Guru

272 Posts

Posted - Jul 23 2004 :  11:26:21 PM  Show Profile
rehan,

I am not defending anyone or anything here, i am merly trying to understand the behavior. I mean, it is not like they are forcing you to use their software anyways. Do a packet sniff and check what information is being broadcasted.

The only point i can hold against WholeTomato is that they do not mention this behavior anywhere and assume that everyone would be OK with it. Or maybe they do mention it and we just did not see it.

C++
Visual Studio 2008 Pro
Windows 7 x64
Go to Top of Page

WannabeeDeveloper
Tomato Guru

Germany
775 Posts

Posted - Jul 24 2004 :  03:35:03 AM  Show Profile
quote:
Originally posted by ether

It is not spyware!!! It broadcasts on your local network to make sure you are not running more copies than you have registered. Plain and simple. Run Network Spy and you can see the freakin' packets that are sent.



I second that!

I just used Ethereal to have a look into the mysterious VAX broadcast which is sent through my subnet...
No.     Time        Source                Destination           Protocol Info
      1 0.000000    192.168.1.2           255.255.255.255       UDP      Source port: 8099  Destination port: 8099

Frame 1 (81 bytes on wire, 81 bytes captured)
    Arrival Time: Jul 24, 2004 09:49:27.251871000
    Time delta from previous packet: 0.000000000 seconds
    Time since reference or first frame: 0.000000000 seconds
    Frame Number: 1
    Packet Length: 81 bytes
    Capture Length: 81 bytes
Ethernet II, Src: 00:50:da:de:03:ba, Dst: ff:ff:ff:ff:ff:ff
    Destination: ff:ff:ff:ff:ff:ff (Broadcast)
    Source: 00:50:da:de:03:ba (3com_de:03:ba)
    Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.1.2 (192.168.1.2), Dst Addr: 255.255.255.255 (255.255.255.255)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 67
    Identification: 0x2193 (8595)
    Flags: 0x00
        0... = Reserved bit: Not set
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: UDP (0x11)
    Header checksum: 0x576d (correct)
    Source: 192.168.1.2 (192.168.1.2)
    Destination: 255.255.255.255 (255.255.255.255)
User Datagram Protocol, Src Port: 8099 (8099), Dst Port: 8099 (8099)
    Source port: 8099 (8099)
    Destination port: 8099 (8099)
    Length: 47
    Checksum: 0x5bfe (correct)
Data (39 bytes)

0000  56 41 2a 2a 43 48 4b 5f 30 37 34 39 32 37 30 32   VA**CHK_07492702
0010  35 30 5f 31 5f 65 62 30 35 36 37 30 38 5f 33 33   50_1_eb056708_33
0020  39 31 32 62 33 31 00                              912b31.


There you have it... there is nothing to actually worry about.


Edited by - WannabeeDeveloper on Jul 24 2004 03:58:49 AM
Go to Top of Page

Uniwares
Tomato Guru

Portugal
2322 Posts

Posted - Jul 24 2004 :  09:18:37 AM  Show Profile
quote:
Originally posted by rehan

... and they must apologise for this blunder. And on the other hand if they have done it knowingly then it amounts to a serious crime no less.

How can you be sure that it was just a license inquiry that their software made behind your back.


What a bull...., if you are that concerned about your "privacy" then simply unplug your network cable and be done with it.
Just monitor what your computer is broadcasting to the internet for one day and then tell me again that "VAX is breaching your privacy".

You, as a developer, should be able to realize what VAX is doing, why it is doing it and how. If you are not, then stop talking.

God, I am so sick of those clueless privacy advocates...
Go to Top of Page

rehan
Junior Member

11 Posts

Posted - Jul 24 2004 :  5:20:49 PM  Show Profile
The point is not what it is sending but the fact that it is sending anything at all without making it clear or requesting permission.
Go to Top of Page

ether
Tomato Guru

USA
130 Posts

Posted - Jul 24 2004 :  5:33:45 PM  Show Profile
You don't get it do you? How dumb do you have to be to not even think that they would be using a broadcast to detect extra copies runing on a network? When you purchased your license, you told them the number of seats you wanted. They generate a key from that number and some of the info you give them. Why do you think they want the number of seats??? Their intentions are perfectly clear and they do not need to request your permission to do it. If they were collecting and sending personal information, then they would need to request your permission, but they are not! Give it a rest!
Go to Top of Page

WannabeeDeveloper
Tomato Guru

Germany
775 Posts

Posted - Jul 24 2004 :  7:17:33 PM  Show Profile
quote:
Originally posted by rehan

The point is not what it is sending but the fact that it is sending anything at all without making it clear or requesting permission.


Do you also ask the guy checking your ticket at the cinema if he has your permission to do so?

Heck, he's even ripping the ticket apart (at least over here).

Go to Top of Page

LarryLeonard
Tomato Guru

USA
1041 Posts

Posted - Jul 24 2004 :  10:18:48 PM  Show Profile
As the author of BHODemon, I spend a ridiculous amount of time every day fighting spyware. Here's my two cents.

First, rehan is correct in that VAX should not be transmitting anything without telling us. I fully support their right to check licenses over the network. But it should be explicitly spelled out in the EULA. (In fact, it may already *be* spelled out in the EULA - I never read those things.) Even BHODemon, which exists only to fight spyware, tells the user whenever it's about to use an internet connection.

However, to call VAX spyware, or say that WT is committing a crime, is so silly as not deserve a serious reply. And as far as this comment goes:

quote:
How can you be sure that it was just a license inquiry that their software made behind your back. Next time you open up your bank account screen or type in your password on the computer where VAX is running, try to convince yourself with these excuses you mentioned that nobody is looking at the figures in front of you and your passwords are really safe...
I am reminded of what Fichte said about solipsism: it requires not a refutation, but a cure.
Go to Top of Page

rehan
Junior Member

11 Posts

Posted - Jul 25 2004 :  12:29:13 AM  Show Profile
OK I admit I might have tried to be dramatic there and over sold the argument by using a bit of exageration ...

But my point was to highlight the violation of the principle i.e. "unauthorized access to internet" by VAX. I did not mean to say that VAX is actually a spyware or snooping for passwords...

Imposing license terms can be done openly and with agreement of the licensee. If internet access is required to achieve that it can be provided, even firewalls can be configured to allow such justfied access. But trying to secretly do so without informing the user seems less than polite to me...

Wannabee, in your example if the ticket checker had not asked for the ticket but instead had tried to secretly slip a hand in your pocket without telling you, wont you be offended even if his intention was just to check the ticket ?

And Ether: I must be really dumb... as I have not come across any other decent software that makes such an attempt without my knowledge... My firewall is there to detect such rogue attempts. Mostly it would catch spywares and other such pests. To see a highly reputable software like VAX getting caught in the net, disappointed me which I expressed in this thread.

I am a bit disappointed to read you saying that their intention is "perfectly clear" although they have not even told us whether they are making any such intention... Is it also pretty clear to you that they would only do it for single license holders and not for multiple ones ...

I have checked the EULA that comes with my version (1230), and it does not seem to mention anything about broadcasting to the network or accessing internet for license enforcement (I say "seem to" since the language of all EULAs is mostly unreadable).

In any case I dont want to drag it any further. Bringing it to public knowledge was my right which I have exercised. If you feel offended to be told about this little secret of your beloved program... then what can i say.. Tough.
Go to Top of Page

ether
Tomato Guru

USA
130 Posts

Posted - Jul 25 2004 :  6:34:50 PM  Show Profile
quote:
Originally posted by rehan

And Ether: I must be really dumb... as I have not come across any other decent software that makes such an attempt without my knowledge... My firewall is there to detect such rogue attempts. Mostly it would catch spywares and other such pests. To see a highly reputable software like VAX getting caught in the net, disappointed me which I expressed in this thread.


Have you ever heard of RoboHELP? It does it. We also use a schematic capture program that does it as well (it might be ProTell or OrCAD, I don't remember which). You must be new to coding or you don't use very many high end tools.

quote:
Originally posted by rehan
I am a bit disappointed to read you saying that their intention is "perfectly clear" although they have not even told us whether they are making any such intention... Is it also pretty clear to you that they would only do it for single license holders and not for multiple ones ...


Ummm...it does it regardless of how many liceneses you bought, single or multiple. We have a 3 seat multiple and if we fire up a forth it tells us.

You must be using a software firewall, of which none are any good. Any network activity, to them, is considered trying to access the "internet". There is no internet access from VAX! A broadcast to 255.255.255.255 cannot go out on the internet. Any broadcast to that address stays only with in your LAN, unless you have a router that is set to allow broadcasting through it. Have you ever worked with internet hardware???
Go to Top of Page

feline
Whole Tomato Software

United Kingdom
19014 Posts

Posted - Jul 26 2004 :  08:15:34 AM  Show Profile
can people please calm down?

when i purchased VAX i expected it to check if i was using the same key more than once. this is fairly normal behaviour these days. i am happy that my software firewall blocks all access by default without even asking me, and VAX + VS .NET still work fine on my home machine.

because it silently blocks i have never noticed or looked for this, and given i can block it on my home pc i am not really bothered.

ether, interesting info :)
i can add XMLSpy to your list of programs that check over the local network. we have a 10 installs, only one instance running at any one time licence key for this program at work. i know it checks, since if anyone else is running it when i feel some abnormal urge to run it (i don't get on with it very well *shrug*) then it will complain and refuse to load.

Install Shield 10 also does some form of network checking, at least we are seeing that internally as well.

even our internal telnet client checks over the network, but being a telnet client you have to give it some net access.

thinking that any program trying to send packets out of your machine is suspicious is one thing. however there is a difference between this and saying the program is spy-ware, at least by my definition of spy-ware.

zen is the art of being at one with the two'ness
Go to Top of Page

rehan
Junior Member

11 Posts

Posted - Jul 26 2004 :  08:44:44 AM  Show Profile
I do not get the firewall warning when using the 5 user license, only with single user license it comes complaining. Note in both cases: using single or multiple user license, I am using a valid license within the number of concurrent instances allowed.

quote:
How dumb do you have to be to not even think that...

quote:
You must be new to coding or you don't use very many high end tools...

quote:
Have you ever worked with internet hardware???


How does my lack of coding experience (only 20 years) or knowledge about internet hardware (zero), help in this argument? Using personal insults to strengthen a technical discussion only exposes the weakness of the argument itself.

Furthermore, how much effective is this secret broadcast stuff anyway if it can be bypassed as easily as activating a software firewall. With a firewall blocking all unauthorised traffic to the network (a perfectly valid and justified thing to do), one can run as many instances of VAX as one likes. No prompts would appear... It is still piracy but not something WholeTomato can justifiably complain about. The end user is in no legal binding to allow such licensing strategy to work since no such agreement has been made between the parties.

I still think that WholeTomato need to make their license enforcement strategy open and respectful.
Go to Top of Page

ether
Tomato Guru

USA
130 Posts

Posted - Jul 26 2004 :  09:33:35 AM  Show Profile
As I said, either new or don't use many high end tools. Apparently it is the latter that you have a lack of experience in.

After rereading my "How dumb" comment I realized that I made a type-o. It was supposed to have the contraction "wouldn't" not "would".

Perhaps it is a lack in understanding how TCP/IP works that is confusing you and making you think that it is trying to connect to the internet. As I have explained above, anything sent to 255.255.255.255 stays local to your LAN. It does not go out into the real world, therefore, there is no internet access and there is no securtiy issue. Unless they have taken out the multi license tests, you should see traffic when you fire up a multi license instane. Download Network Spy and see for yourself.
Go to Top of Page

chowchow
New Member

5 Posts

Posted - Jul 26 2004 :  10:09:39 AM  Show Profile
I agree that WholeTomato should enforce their licensing. This is not a very stringent test compared to software that requires a dongle or authorization over the internet.

However, I have to agree with Rehan that this should be documented somewhere. Something at least like "we check the LAN for duplicate copies of the license." This should esspecially be explicit in the EULA. They don't have to explicitly say how they do it (port numbers..etc).

For me, this isn't about privacy. I trust WholeTomato enough to know they're only protecting against piracy. However this is software that's being run on our turf and it is the responsibility of the company to let us know what 'expected behavior' is for their software.

In the case of XMLSpy, this is well documented:
From their manual: http://www.xmlspy.com/manual/licensemetering.htm
From their FAQ: http://www.xmlspy.com/support_faq_ide_license.html#q5_lic

This is all I ask of WholeTomato. Can we see some conclusive response from them?

Edited by - chowchow on Jul 26 2004 10:27:34 AM
Go to Top of Page

support
Whole Tomato Software

5566 Posts

Posted - Jul 27 2004 :  5:24:11 PM  Show Profile
We updated our FAQ.

http://www.wholetomato.com/support/faq.html#check
Go to Top of Page

chowchow
New Member

5 Posts

Posted - Jul 27 2004 :  8:10:58 PM  Show Profile
Thank You for listening and responding
Go to Top of Page

xMRi
Tomato Guru

Germany
315 Posts

Posted - Jul 28 2004 :  05:01:00 AM  Show Profile
I ran into the problems once, because my company has 2 single user licenses, and after we rebuild a machine for a developer, I used the incorrect key.

But due to the fact it is a broadcast in the LAN, and there is in fact no activity to contact anybody outside. There is no problem in my eyes.

And I make a bet: The data transmitted is just the internal serial number to be tested. And is this secret? No!

To call this activity spyware like, it is an over reaction in my eyes!

I rated this topic "trivial"

Just my 2 cents.

Martin Richter [rMVP] WWJD http://blog.m-ri.de
"A well-written program is its own heaven; a poorly written
program is its own hell!" The Tao of Programming
Go to Top of Page

feline
Whole Tomato Software

United Kingdom
19014 Posts

Posted - Jul 28 2004 :  06:19:27 AM  Show Profile
quote:
Originally posted by MartinRichter

And I make a bet: The data transmitted is just the internal serial number to be tested.


on the first page of this thread WannabeeDeveloper posted the details of one of these packets. nothing to terrible in it

zen is the art of being at one with the two'ness
Go to Top of Page

rehan
Junior Member

11 Posts

Posted - Aug 01 2004 :  1:12:02 PM  Show Profile
I would like to express my satisfaction with the wording included in your faq. It would be even better if a similar statement is included in the EULA and readme etc explaining the process.

Actually I have begun to like this idea of "license compliance assistance" via network broadcast and may include it in my own software as well ;-)
Go to Top of Page

Ondrej Spanel
Senior Member

40 Posts

Posted - Aug 11 2004 :  09:22:15 AM  Show Profile
I installed WinXP SP 2 today and the built-in firewall warned me .NET is trying to act as a server on the network. I expect it may be related to this - but if I would not by chance read it a few days ago, I would be quite confused. I expect you will receive more questions about this now SP 2 is out (or maybe not, because maybe users will not be aware it is actually related not to .NET IDE, but rather to Visual Assist).
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Topic Locked
 Printer Friendly
Jump To:
© 2023 Whole Tomato Software, LLC Go To Top Of Page
Snitz Forums 2000