[Question] Is Transmission for Windows safe?

Ask for help and report issues with the Windows version of Transmission
Post Reply
avi12

[Question] Is Transmission for Windows safe?

Post by avi12 »

I saw in the main page that versions 2.90 and 2.91 aren't very safe to use (see attached image).
My question: Is it worth upgrading my torrent client from µTorrent to Transmission, in terms of safety?
Attachments
Transmission warning.png
Transmission warning.png (27.14 KiB) Viewed 9285 times
mike.dld
Transmission Developer
Posts: 306
Joined: Wed Dec 25, 2013 10:56 pm

Re: [Question] Is Transmission for Windows safe?

Post by mike.dld »

No builds except for OS X one (and only v2.90, and not even right away) were affected by OSX.KeRanger.A, if that's what you're asking. Windows builds are also signed (both .msi installers and all the binaries inside) with my personal certificate with thumbprint of "9b 98 3f a6 f9 7d d7 45 27 18 08 b4 ca 81 e1 12 39 f5 04 2a", which is easy enough to check in file properties dialog.
avi12

Re: [Question] Is Transmission for Windows safe?

Post by avi12 »

The fact that it eventually occurred, means that there's a chance for it to occur in the future.
I think I won't take the risk.
Thanks for the info anyway.
mike.dld
Transmission Developer
Posts: 306
Joined: Wed Dec 25, 2013 10:56 pm

Re: [Question] Is Transmission for Windows safe?

Post by mike.dld »

It happened because people didn't check what they downloaded (and I don't blame them) and operating system didn't warn them either. This could happen to virtually any software you download. Check the checksums (or in this case thumbprints) and certificate info and you're safe. Unless someone steals private keys from us. Oh well, maybe it's easier to not use computers at all...
not_Luke
Posts: 3
Joined: Thu Mar 31, 2016 11:40 pm

Re: [Question] Is Transmission for Windows safe?

Post by not_Luke »

I had a similar question so I might as well ask it here. Are the sha hashes hosted anywhere independently or is the thumbprint good enough to show that the file hasn't been tampered with? Would a tampered file be unsigned or just use a different thumbprint?

In the case of hosting the hashes elsewhere, how about the old twitter account or github somewhere? Thank you.
not_Luke
Posts: 3
Joined: Thu Mar 31, 2016 11:40 pm

Re: [Question] Is Transmission for Windows safe?

Post by not_Luke »

mike.dld wrote:No builds except for OS X one (and only v2.90, and not even right away) were affected by OSX.KeRanger.A, if that's what you're asking. Windows builds are also signed (both .msi installers and all the binaries inside) with my personal certificate with thumbprint of "9b 98 3f a6 f9 7d d7 45 27 18 08 b4 ca 81 e1 12 39 f5 04 2a", which is easy enough to check in file properties dialog.
I never used the method of checking thumbprints on a file with a cert. I didn't even know what I was looking for and counted 7 steps to find it...including the app freezing for 15 seconds when you click "details" on the cert while windows takes its time opening up its cert manager.

I usually check every executable very lazily, once the download is done, goto virustotal, then drag file (right from the download dialog box in firefox) right into the file selection field. You get the sha256 immediately and usually a false positive in the report.

There's just too much ransomware out there now and it's getting worse, I'm trying to abandon MS's recent antics and learning a 'buntu or another debian flavor.
not_Luke
Posts: 3
Joined: Thu Mar 31, 2016 11:40 pm

Re: [Question] Is Transmission for Windows safe?

Post by not_Luke »

John Clay wrote:the hashes are now links
Um...links are still on the same domain?
Post Reply