Security vulnerability in BearShare 2.2.2

vbimport

#1

I just posted the article Security vulnerability in BearShare 2.2.2….

chopper used our newssubmit to tell us:

BearShare is a Windows file sharing program from Free Peers, Inc. that lets you, your friends, and everyone in the world share files. A serious security…

Read the full article here:  [http://www.cdfreaks.com/news/1707-Security-vulnerability-in-BearShare-2_2_2____.html](http://www.cdfreaks.com/news/1707-Security-vulnerability-in-BearShare-2_2_2____.html)

Feel free to add your comments below. 

Please note that the reactions from the complete site will be synched below.

#2

About bearshare being spyware this is kind of true. When installing for the first time you will notice that you are forced to install 2 programs in the select compoents list which are SaveNow and New.net Domain Names. These are both spyware but can be uninstalled afterwards, The New.Net Domain Names uninstall is in the add/remove programs list, but for save now you have to go to c:program filessave now where you will find the uninstallation file. So although bearshare itself is not spyware it forces you on first intall to install spyware but these can be removed.


#3

Just letting You know that BS IS indeed spyware, or rather the install package contains a stealth package(doesn’t list during install) called Onflow(so BS isn’t in itself Spyware but installs Spyware). The Onflow feature has been confirmed by the BS author himself but only after intense pressure from various users responding negatively to the feature after cathing the phoning home feature in various firewalls(c’mon guys who can oppose to a little spyware :wink: The BS author’s proclaimed justification for his use of Onflow was a lack of income from BS compaired to his time spent developing it and thus he implemented Onflow in exchange for $$$ from the company. The Onflow service appears to be a user-habbit-tracking service which logs info about Your various surfing habbits for use in user advertise targeting. Nasty stuff ehh. What really offends me though is the Author’s original reluctance to admit to his use of the service as well as the fact that he implemented the feature in stealth mode and for instance didn’t allow people the choice to deselect it during install. Now, how a person can have the ability to produce a highly usefull app. like BS and still use such shady techniques really escapes me, go figure. Anyway to remove search the registry for Onflow or alternatively use AdAware. Regards Dawg