I saw in the main page that versions 2.90 and 2.91 aren't very safe to use (see attached image).
My question: Is it worth upgrading my torrent client from µTorrent to Transmission, in terms of safety?
[Question] Is Transmission for Windows safe?
[Question] Is Transmission for Windows safe?
- Attachments
-
- Transmission warning.png (27.14 KiB) Viewed 9478 times
Re: [Question] Is Transmission for Windows safe?
No builds except for OS X one (and only v2.90, and not even right away) were affected by OSX.KeRanger.A, if that's what you're asking. Windows builds are also signed (both .msi installers and all the binaries inside) with my personal certificate with thumbprint of "9b 98 3f a6 f9 7d d7 45 27 18 08 b4 ca 81 e1 12 39 f5 04 2a", which is easy enough to check in file properties dialog.
Re: [Question] Is Transmission for Windows safe?
The fact that it eventually occurred, means that there's a chance for it to occur in the future.
I think I won't take the risk.
Thanks for the info anyway.
I think I won't take the risk.
Thanks for the info anyway.
Re: [Question] Is Transmission for Windows safe?
It happened because people didn't check what they downloaded (and I don't blame them) and operating system didn't warn them either. This could happen to virtually any software you download. Check the checksums (or in this case thumbprints) and certificate info and you're safe. Unless someone steals private keys from us. Oh well, maybe it's easier to not use computers at all...
Re: [Question] Is Transmission for Windows safe?
I had a similar question so I might as well ask it here. Are the sha hashes hosted anywhere independently or is the thumbprint good enough to show that the file hasn't been tampered with? Would a tampered file be unsigned or just use a different thumbprint?
In the case of hosting the hashes elsewhere, how about the old twitter account or github somewhere? Thank you.
In the case of hosting the hashes elsewhere, how about the old twitter account or github somewhere? Thank you.
Re: [Question] Is Transmission for Windows safe?
I never used the method of checking thumbprints on a file with a cert. I didn't even know what I was looking for and counted 7 steps to find it...including the app freezing for 15 seconds when you click "details" on the cert while windows takes its time opening up its cert manager.mike.dld wrote:No builds except for OS X one (and only v2.90, and not even right away) were affected by OSX.KeRanger.A, if that's what you're asking. Windows builds are also signed (both .msi installers and all the binaries inside) with my personal certificate with thumbprint of "9b 98 3f a6 f9 7d d7 45 27 18 08 b4 ca 81 e1 12 39 f5 04 2a", which is easy enough to check in file properties dialog.
I usually check every executable very lazily, once the download is done, goto virustotal, then drag file (right from the download dialog box in firefox) right into the file selection field. You get the sha256 immediately and usually a false positive in the report.
There's just too much ransomware out there now and it's getting worse, I'm trying to abandon MS's recent antics and learning a 'buntu or another debian flavor.
Re: [Question] Is Transmission for Windows safe?
Um...links are still on the same domain?John Clay wrote:the hashes are now links