PC Now Has a Global Auction House

Betheny

Darlgon wrote: »

Betheny wrote: »

S1ipperyJim wrote: »

Beware: My virus scan is detecting a virus in this addon: Gen:Variant.Zusy.245090]

Windows Defender and Malwarebytes Anti Malware detect no threats...what antivirus did you use? Probably a false positive.

Saying Windows Defender didnt detect it is like saying a day one med student didnt not diagnose brain cancer. That program has been trash since MS bought it at Walmart.

If you dont have the pay version of Malwarebytes, it only protects you when you use it to scan. Do you have the pay version, that includes the active protection? If not, it also is useless as a reference.

You can click those links yourself and see only a handful of the more rubbishy apps picked up things, and that could easily be a false positive given the need to connect to a server.

I scanned the files with Malwarebytes btw.

Betheny

This better be legit, would be great to see the trade guilds lose their control over us.

RobDaCool

Wish consoles had this.

I'm surprised people prefer traders over a worldwide auction house. I guess those people are either guild leaders who make a fortune off of it or someone who enjoys spending 2 hours running all over Nirn looking for something from a trader.

InvitationNotFound

Betheny wrote: »

InvitationNotFound wrote: »

Anyway, someone at esuoi posted the following links:
https://www.virustotal.com/de/file/f0a0c211f9daccffde4a441a606f7ed02d4ce7b0953b5fe0514eb0335a39e8d6/analysis/

https://www.virustotal.com/de/file/5af028a97377609e58e88a1115dd8d76e3ac873c24ac66b558bd3a26cd28f485/analysis/1500628331/

So some virus scanners consider these files malicious. It might be a false positive. Anyway, at the current moment I personally wouldn't touch this addon.

I wouldn't touch it either right now (not that you can anyway) - not till the addon author comes back and clears it all up. My guess is it's a false positive, the only antivirus apps showing anything are the fringey crappy ones anyway.

Though if this isn't legit I'm going to be angry, it's such a good idea.

Well, i hope I'm not going to destroy some of your illusions regarding viruses and false positives.

It actually doesn't matter at all, if a virus scanner brings up some alerts or not (of course an alert actually might be an issue^^). It is a stupid idea to run those binaries anyway, as they can't be considered trusted and you have no idea what they do.

And now I'll tell you how easy it is to bypass certain virus scanners, which are considered "good" and you'll have to pay for:
- Change the *** file name. Done. (At least a few years ago for certain products)

How do I come up with such a story? Real life experience. I've been involved in such things (and had to ensure the virus scanner doesn't detect the file): https://en.wikipedia.org/wiki/Social_engineering_(security)#Baiting

Just because a virus scanner says everything is fine, doesn't mean everything is fine. Don't run untrusted binaries.

Edit: fixed broken link. at least i hope so

Betheny

InvitationNotFound wrote: »

Don't run untrusted binaries.

Well someone asked the author to expose the source code, so either he will and we'll all get an awesome trade addon, or it'll turn out to be fake and me and many others will all go cry for a bit and dream on what could have been.

Cpt_Teemo

phaneub17_ESO wrote: »

To be able to sell my crap without having to join a guild? A dream that would be.

But to connect to a server using a mod seems very very phishy i don't trust it

Betheny

Kyle1983b14_ESO wrote: »

phaneub17_ESO wrote: »

To be able to sell my crap without having to join a guild? A dream that would be.

But to connect to a server using a mod seems very very phishy i don't trust it

There's a few addons that do this already (when they collect info). So long as the addon is legit in this case I would be okay with this, as it's kind of essential for the trade system they're proposing here to run.

InvitationNotFound

Betheny wrote: »

InvitationNotFound wrote: »

Don't run untrusted binaries.

Well someone asked the author to expose the source code, so either he will and we'll all get an awesome trade addon, or it'll turn out to be fake and me and many others will all go cry for a bit and dream on what could have been.

Not really. Even with source code I wouldn't trust the binary file. You would have the exact same build environment to create the same binary. And that's the only practical way (imho) to compare if the delivered binary has been generated from the source code provided. Normal users won't be able to compile it and there's no trusted party providing the binary.

What I want to say is that there will be a risk that the binary has some additional "features"...
Normally with an addon, it runs in the context of the game in a "restricted" environment (well, I won't say here it is impossible to "break out" of that environment). This isn't the case with an executable binary. It is capable of doing whatever it wants with the system (of course, otherwise the addon would work at all, as there's no such API to share data with a third party server).

Anyway, my point is: I consider addons, which contain binaries as not trustworthy and wouldn't recommend running them as it might be very risky.

Betheny

InvitationNotFound wrote: »

Betheny wrote: »

InvitationNotFound wrote: »

Don't run untrusted binaries.

Well someone asked the author to expose the source code, so either he will and we'll all get an awesome trade addon, or it'll turn out to be fake and me and many others will all go cry for a bit and dream on what could have been.

Not really. Even with source code I wouldn't trust the binary file. You would have the exact same build environment to create the same binary. And that's the only practical way (imho) to compare if the delivered binary has been generated from the source code provided. Normal users won't be able to compile it and there's no trusted party providing the binary.

What I want to say is that there will be a risk that the binary has some additional "features"...
Normally with an addon, it runs in the context of the game in a "restricted" environment (well, I won't say here it is impossible to "break out" of that environment). This isn't the case with an executable binary. It is capable of doing whatever it wants with the system (of course, otherwise the addon would work at all, as there's no such API to share data with a third party server).

Anyway, my point is: I consider addons, which contain binaries as not trustworthy and wouldn't recommend running them as it might be very risky.

The addon author is going to have to build up some trust with the community to get people to use it then.

SantieClaws

The red light of warning here also is that the author seems to have no previous history of writing addons for ESO.

Generally something this big would be a gradual development from a smaller sort of trading addon yes - a gradual progression - or perhaps a collaboration between other well known addon makers.

Everyone starts somewhere with making this sort of thing and if there is no obvious history of development then such a very ambitious project seems an unusual place to begin.

Khajiit would like to be wrong about this - most certainly - but this one she just cannot shake that suspicious tingling in the ends of the whiskers.

Yours with paws
Santie Claws

sirinsidiator

Betheny wrote: »

This better be legit, would be great to see the trade guilds lose their control over us.

You are quite mistaken. If we ever got a global auction house built into the game, you can be sure that trading guilds will have absolute control over the prices unlike how it works right now.

Kyle1983b14_ESO wrote: »

phaneub17_ESO wrote: »

To be able to sell my crap without having to join a guild? A dream that would be.

But to connect to a server using a mod seems very very phishy i don't trust it

My main concern is not the server connection, but the Updater.exe bundled with the addon. If it does what I think it does, the author could push whatever binary he wants without anyone having a way to check or stop it. Imagine the addon getting installed by a few thousand people and in a month he decides it is time for him to turn evil and he pushes a key logger. Suddenly he has access to thousands of eso accounts, maybe even some credit cards etc.

Betheny

SantieClaws wrote: »

Khajiit would like to be wrong about this - most certainly - but this one she just cannot shake that suspicious tingling in the ends of the whiskers.

We all have that tingling by now, but I'm personally hoping this turns out to be okay and not a trap, because a global auction house that bypasses the big trade guilds is exactly what we need.

Vipstaakki

I think it is a little bit too early to talk about the fall of the guild traders. Here is why.
1. Not everyone uses Add-ons.
2. Slight majority prefers guild traders over the auction house
3. Scammers will abuse the living crap out of the COD method. This is not a problem with guild traders.

InvitationNotFound

Betheny wrote: »

InvitationNotFound wrote: »

Betheny wrote: »

InvitationNotFound wrote: »

Don't run untrusted binaries.

Well someone asked the author to expose the source code, so either he will and we'll all get an awesome trade addon, or it'll turn out to be fake and me and many others will all go cry for a bit and dream on what could have been.

Not really. Even with source code I wouldn't trust the binary file. You would have the exact same build environment to create the same binary. And that's the only practical way (imho) to compare if the delivered binary has been generated from the source code provided. Normal users won't be able to compile it and there's no trusted party providing the binary.

What I want to say is that there will be a risk that the binary has some additional "features"...
Normally with an addon, it runs in the context of the game in a "restricted" environment (well, I won't say here it is impossible to "break out" of that environment). This isn't the case with an executable binary. It is capable of doing whatever it wants with the system (of course, otherwise the addon would work at all, as there's no such API to share data with a third party server).

Anyway, my point is: I consider addons, which contain binaries as not trustworthy and wouldn't recommend running them as it might be very risky.

The addon author is going to have to build up some trust with the community to get people to use it then.

Trust...

There's no company behind it. No real person you can easily identify. It's not that difficult to hide all your traces if you want to.
Besides, even if you trust that guy, you would have to trust his "security" skills to get his workplace secure. In case he gets hacked, malware could be spread that way.

Imho providing an addon which contains any sort of binary is an absolute no-go. are you willing to take the risk of having malware on your pc just because some eso ingame enhancement? (I mean do you risk getting your account hacked, other accounts fb, bank, etc. hacked (depending on what you do on the pc) just because it makes something in eso easier? My personal answer to this is: nope)

DRXHarbinger

SantieClaws wrote: »

The red light of warning here also is that the author seems to have no previous history of writing addons for ESO.

Generally something this big would be a gradual development from a smaller sort of trading addon yes - a gradual progression - or perhaps a collaboration between other well known addon makers.

Everyone starts somewhere with making this sort of thing and if there is no obvious history of development then such a very ambitious project seems an unusual place to begin.

Khajiit would like to be wrong about this - most certainly - but this one she just cannot shake that suspicious tingling in the ends of the whiskers.

Yours with paws
Santie Claws

Yep, Spider sense is tingling away at this, it set off my Anti Virus straight away. I Guess the big question is, has anyone actually used it? Or does anyone want to give it a go with me? Finger firmly on the plug.

Betheny

InvitationNotFound wrote: »

Imho providing an addon which contains any sort of binary is an absolute no-go.

Would there be any other way of doing what he's trying to do?

InvitationNotFound

DRXHarbinger wrote: »

SantieClaws wrote: »

The red light of warning here also is that the author seems to have no previous history of writing addons for ESO.

Generally something this big would be a gradual development from a smaller sort of trading addon yes - a gradual progression - or perhaps a collaboration between other well known addon makers.

Everyone starts somewhere with making this sort of thing and if there is no obvious history of development then such a very ambitious project seems an unusual place to begin.

Khajiit would like to be wrong about this - most certainly - but this one she just cannot shake that suspicious tingling in the ends of the whiskers.

Yours with paws
Santie Claws

Yep, Spider sense is tingling away at this, it set off my Anti Virus straight away. I Guess the big question is, has anyone actually used it? Or does anyone want to give it a go with me? Finger firmly on the plug.

So you want to rebuild your pc after running it in case you realize at some point some weird behavior?

Bad news here: If it is actually malware, shutting down the PC won't help. If you realize something is wrong, your files may already be (partially) encrypted or "stolen" (e.g. passwords).
You would have to rebuild your system from scratch, hopping that the malware didn't go for any firmware components as it would be pretty persistent in such a case (I doubt that this would happen as that would be quite a bit sophisticated). So you would have to throw the hardware away in the worst case...
The malware might be persistent, so plugging your system off / shutting it down, won't help that much, depending on what the malware does.
In addition, the malware might be controlled and expose it's malicious functionality at a later point of time.

So the point here is, if it is malware, you're pretty much ***. But anyway, please share your experience with us if you test it

Betheny

DRXHarbinger wrote: »

Yep, Spider sense is tingling away at this, it set off my Anti Virus straight away. I Guess the big question is, has anyone actually used it? Or does anyone want to give it a go with me? Finger firmly on the plug.

Yeah don't be testing this yet...wait for the addon author to show up again and watch and see how this all goes down.

InvitationNotFound

Betheny wrote: »

InvitationNotFound wrote: »

Imho providing an addon which contains any sort of binary is an absolute no-go.

Would there be any other way of doing what he's trying to do?

I don't think there is a way. You would have to be pretty creative to figure out a way in game, if it is even possible.

And i doubt this addon will be accepted by ZOS and esoui.com (they say that they verify that no .exe files are being shipped, which means it is a violation. but i might understood something wrong here).

@ZOS_GinaBruno @ZOS_JessicaFolsom : can you comment on any sort of ToS violation here? In case that this isn't malware, are such addons conform or do they violate the ToS?

Paulington

Whilst this addon sounds good, it is wise to practice caution as it may well be unsafe.

The addon has been pulled from ESOUI for now and I personally wouldn't use it until a lot of questions are answered about it.

Betheny

InvitationNotFound wrote: »

In case that this isn't malware, are such addons conform or do they violate the ToS?

If this can't work it will be an opportunity lost.

Runschei

Interesting.

DRXHarbinger

InvitationNotFound wrote: »

DRXHarbinger wrote: »

SantieClaws wrote: »

The red light of warning here also is that the author seems to have no previous history of writing addons for ESO.

Generally something this big would be a gradual development from a smaller sort of trading addon yes - a gradual progression - or perhaps a collaboration between other well known addon makers.

Everyone starts somewhere with making this sort of thing and if there is no obvious history of development then such a very ambitious project seems an unusual place to begin.

Khajiit would like to be wrong about this - most certainly - but this one she just cannot shake that suspicious tingling in the ends of the whiskers.

Yours with paws
Santie Claws

Yep, Spider sense is tingling away at this, it set off my Anti Virus straight away. I Guess the big question is, has anyone actually used it? Or does anyone want to give it a go with me? Finger firmly on the plug.

So you want to rebuild your pc after running it in case you realize at some point some weird behavior?

Bad news here: If it is actually malware, shutting down the PC won't help. If you realize something is wrong, your files may already be (partially) encrypted or "stolen" (e.g. passwords).
You would have to rebuild your system from scratch, hopping that the malware didn't go for any firmware components as it would be pretty persistent in such a case (I doubt that this would happen as that would be quite a bit sophisticated). So you would have to throw the hardware away in the worst case...
The malware might be persistent, so plugging your system off / shutting it down, won't help that much, depending on what the malware does.
In addition, the malware might be controlled and expose it's malicious functionality at a later point of time.

So the point here is, if it is malware, you're pretty much ***. But anyway, please share your experience with us if you test it

Luckily for me I happen to work for https://www.forbes.com/companies/atos/

I have asked some techs on my site to scan this over and let me know what they think of it, they work on security where if something is compromised it can go...Nuclear..is all I can say.

Will update.

Betheny

DRXHarbinger wrote: »

Luckily for me I happen to work for https://www.forbes.com/companies/atos/

I have asked some techs on my site to scan this over and let me know what they think of it, they work on security where if something is compromised it can go...Nuclear..is all I can say.

Will update.

Awesome, keep us posted...really hoping the whole thing turns out good for us...or I will cry.

DRXHarbinger

Betheny wrote: »

DRXHarbinger wrote: »

Luckily for me I happen to work for https://www.forbes.com/companies/atos/

I have asked some techs on my site to scan this over and let me know what they think of it, they work on security where if something is compromised it can go...Nuclear..is all I can say.

Will update.

Awesome, keep us posted...really hoping the whole thing turns out good for us...or I will cry.

31 mins of runtime left. Hold tight. I actually hope it is legit.

xRIVALENx

Files aren't flagged by Kaspersky, you are more than likely getting a false positive. Log the network activity of the programs when running them and maybe do a packet capture along side that just to see what they are transferring. Another good idea would be to check the exe files against the SHA256 hashes.

Updater.exe : 5af028a97377609e58e88a1115dd8d76e3ac873c24ac66b558bd3a26cd28f485
NirnAuctionHouse.exe : f0a0c211f9daccffde4a441a606f7ed02d4ce7b0953b5fe0514eb0335a39e8d6

MornaBaine

I will be following this with interest. It's a great idea and I hope it can be pulled off.

InvitationNotFound

DRXHarbinger wrote: »

InvitationNotFound wrote: »

DRXHarbinger wrote: »

SantieClaws wrote: »

The red light of warning here also is that the author seems to have no previous history of writing addons for ESO.

Generally something this big would be a gradual development from a smaller sort of trading addon yes - a gradual progression - or perhaps a collaboration between other well known addon makers.

Everyone starts somewhere with making this sort of thing and if there is no obvious history of development then such a very ambitious project seems an unusual place to begin.

Khajiit would like to be wrong about this - most certainly - but this one she just cannot shake that suspicious tingling in the ends of the whiskers.

Yours with paws
Santie Claws

Yep, Spider sense is tingling away at this, it set off my Anti Virus straight away. I Guess the big question is, has anyone actually used it? Or does anyone want to give it a go with me? Finger firmly on the plug.

So you want to rebuild your pc after running it in case you realize at some point some weird behavior?

Bad news here: If it is actually malware, shutting down the PC won't help. If you realize something is wrong, your files may already be (partially) encrypted or "stolen" (e.g. passwords).
You would have to rebuild your system from scratch, hopping that the malware didn't go for any firmware components as it would be pretty persistent in such a case (I doubt that this would happen as that would be quite a bit sophisticated). So you would have to throw the hardware away in the worst case...
The malware might be persistent, so plugging your system off / shutting it down, won't help that much, depending on what the malware does.
In addition, the malware might be controlled and expose it's malicious functionality at a later point of time.

So the point here is, if it is malware, you're pretty much ***. But anyway, please share your experience with us if you test it

Luckily for me I happen to work for https://www.forbes.com/companies/atos/

I have asked some techs on my site to scan this over and let me know what they think of it, they work on security where if something is compromised it can go...Nuclear..is all I can say.

Will update.

how do they scan this over and with which tools. as I've mentioned earlier... AV software in general is crap if it is a new thread, a mutation etc. And I doubt your IT guys will disassemble / reverse engineer this binary as it might take a lot of time.

So feel free to provide as much details as possible.

SantieClaws

The caution should remain presently though even if the scans they detect nothing suspicious at this time. It isn't what the files presently contain that is the only issue.

It is what they may potentially contain at some point in the future via this updater.

Yours with paws
Santie Claws

InvitationNotFound

xRIVALENx wrote: »

Files aren't flagged by Kaspersky, you are more than likely getting a false positive. Log the network activity of the programs when running them and maybe do a packet capture along side that just to see what they are transferring. Another good idea would be to check the exe files against the SHA256 hashes.

Updater.exe : 5af028a97377609e58e88a1115dd8d76e3ac873c24ac66b558bd3a26cd28f485
NirnAuctionHouse.exe : f0a0c211f9daccffde4a441a606f7ed02d4ce7b0953b5fe0514eb0335a39e8d6

Read my previous comment about AV software. AV software isn't a silver bullet in anyway.
A simple file rename caused a popular and well known AV software to fail detecting well known malware.
It is absolutely normal that new malware won't be detected by AV software. If it is malware and the author wrote it himself, chances are pretty high, that a AV scanner won't classify it as malware.