Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Stop using uTorrent

    Posted on February 22nd, 2018 at 07:28 woody Comment on the AskWoody Lounge

    Tavis Ormandy, the gifted gunslinger from Google Project Zero, has a new warning: Stop using uTorrent, both as a program running on your computer, and on the web.

    Günter Born has a good explainer. His take:

    Any files (which are write enabled) could be removed from the victim’s computer. All it takes is to lure the user to a prepared website.

    An interesting side-note, from kuchikir on the Project Zero site says that earlier versions of uTorrent are just fine. Versions from 3.0 onward (according to his/her tests) are vulnerable:

    The torrenting community largely eschews 3.0+ because the only apparent work post-2.2.1 has been to add advertisements, bloating 2.2.1’s 391KB of torrenting perfection into a 1MB+ monstrosity. The last meaningful exploit that wasn’t introduced by these 3.x additions was fixed in version 1.6.1, which was released in 2007. 1.6.1, 1.8.5, 2.0.4, and 2.2.1 are all recommended clients for this nearly unparalleled level of security to go with their stability and performance.

    Ah, progress.

    UPDATE: Vess Bontchev just tweeted

    If that helped, take a second to support AskWoody on Patreon

    Home Forums Stop using uTorrent

    This topic contains 20 replies, has 10 voices, and was last updated by  glnz 9 months, 3 weeks ago.

    • Author
      Posts
    • #169470 Reply

      woody
      Da Boss

      Tavis Ormandy, the gifted gunslinger from Google Project Zero, has a new warning: Stop using uTorrent, both as a program running on your computer, and
      [See the full post at: Stop using uTorrent]

      1 user thanked author for this post.
    • #169476 Reply

      abbodi86
      AskWoody MVP

      qBittorrentPortable guy 🙂

      1 user thanked author for this post.
    • #169478 Reply

      anonymous

      I use BitTorrent. Assume that’s safe? If not, qBittorrent is on Ninite so it must be safe, surely.

      • #169481 Reply

        anonymous

        Nevermind that, after some light reading on other sites I decided to install qBittorrent onto my system. My goodness, how I love ad-free programs! I do have some torrents that from time to time I help seed using BitTorrent. Is it possible to transfer those torrents over to qBittorrent so I can continue seeding them using that program, or do I have to download the torrented files all over again?

    • #169511 Reply

      anonymous

      Useful article here on this issue and some recommends in the comments.

      https://torrentfreak.com/bittorrent-client-utorrent-suffers-security-vulnerability-180220/

    • #169531 Reply

      AJNorth
      AskWoody Lounger

      Techradar:

      • This reply was modified 9 months, 3 weeks ago by  AJNorth.
    • #169532 Reply

      Noel Carboni
      AskWoody MVP

      <soapbox>

      The subject of this thread is good, except I might expand it to: Stop using file sharing software!

      Who would begin to imagine that running such software could EVER be a remotely safe or reasonable thing to do in today’s computing security environment? Not to mention the questionable legality and morality of downloading and sharing other people’s property.

      I can’t think of anything that represents as big a loss of control and risk than having some promiscuous application blithely copying data to and from your computer with random other users’ computers out there on the wild Internet. And of course the software itself could be mining your personal data (don’t begin to think all the security holes that could be taken advantage of by executable software are now patched). Are you HOPING for an infection, identity theft, or to have your bank account drained? Do you think that doing immoral and wrong things is helping you or anyone?

      If you need/want a program, do the research, vet software using its trial capabilities, and buy the best one out there for your task from its author. Treat others with the respect and honesty you’d prefer they treat you with.

      </soapbox>

      -Noel

      9 users thanked author for this post.
      • #169538 Reply

        AJNorth
        AskWoody Lounger

        Good Day Noel,

        Points well taken!

        Speaking strictly for myself, the only media files that I might download that would have (or be presumed to have) copyright protection are those that I personally own hard copies of, with the possible exception of some long out-of-print music (and an occasional OOP film). Needless to say, all files are downloaded to a sand-boxed folder, then thoroughly checked for malware before any attempts to play. (I have also up-loaded a very small number of long-OOP recordings).

        Cheers,

        AJN

        1 user thanked author for this post.
      • #169570 Reply

        lurks about
        AskWoody Lounger

        Good points, Noel. Users should vet the source of any software they install. It is much easier to vet a website or use a curated app store/repository as the source. Torrenting has always struck me as dodgy for most and for Linux distro much slower than a direct download.

      • #169569 Reply

        anonymous

        You aren’t wrong. However, it’s not a moral violation to download & help redistribute a GNU/Linux system if is offered as torrent by the creators of said distribution. Even though the torrent specification has file chunk hash verification, the final ISO file still needs to be checked before for use.

        A person still has to verify legally purchased software!

      • #169579 Reply

        anonymous

        “Stop using file sharing software! Who would begin to imagine that running such software could EVER be a remotely safe or reasonable thing to do in today’s computing security environment? Not to mention the questionable legality and morality of downloading and sharing other people’s property.”

        Yeah, such as Debian (https://www.debian.org/CD/torrent-cd/) or Ubuntu (https://www.ubuntu.com/download/alternative-downloads).

        Did you know that W10 uses P2P for updates by default? https://docs.microsoft.com/en-us/windows/deployment/update/waas-optimize-windows-10-updates

        Edit for content
        Please follow the –Lounge Rules– no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

         

      • #169598 Reply

        Rick Corbett
        AskWoody MVP

        Noel, by “Stop using file sharing software!” do you mean ‘Stop using Windows 10’ as well? I can understand (and support) your point about sharing illegal downloads but that’s the ‘use’ which is wrong, not the ‘mechanism’ itself (similar to the gun control argument that it’s not the weapon but the person pulling the trigger that’s wrong).

        Microsoft uses peer-to-peer file sharing in Win 10 by default for (IMO) sound financial and ease-of-use reasons, for example: by reducing its bandwidth costs of using various Content Delivery Networks. Whilst I think it’s a shame MS doesn’t make this particularly clear, at least it’s easy to switch off (for people who know that it’s there and how to).

        As others have mentioned various Linux distros also make use of file sharing… primarily because it’s cheaper than alternatives.

        mint-torrent

        I don’t have a problem with file sharing per se (hence my use of online ‘Public’ folders to distribute info, scripts, etc.). It’s a useful mechanism which, as you’ve noted, can be misused… like so many other things in life.

        • This reply was modified 9 months, 3 weeks ago by  Rick Corbett.
        • This reply was modified 9 months, 3 weeks ago by  Rick Corbett. Reason: Corrected typo
        • This reply was modified 9 months, 3 weeks ago by  Rick Corbett. Reason: Corrected another typo
        Attachments:
        You must be logged in to view attached files.
        • #169609 Reply

          Noel Carboni
          AskWoody MVP

          To be quite honest I lost a ton of respect for Microsoft when I saw that they implemented peer to peer sharing of Windows Updates. It’s just a ridiculous idea, IMO, and I would suggest disabling it in a heartbeat!

          Don’t forget that this the same company that drills into you that you HAVE to update your system every month to cover up their never-ending security holes. Do you think their peer to peer Windows Update process is magically exempt from being taken over? Didn’t we just have a thread about how much of the data delivery isn’t even encrypted?

          And besides vulnerabilities we see how reliable Windows Update has become lately… It’s not exactly perfect software.

          I’m not a stick-in-the-mud; I have been a lifelong early adopter – of tech worth adopting! But some things are just obviously Bad Ideas. That’s my general opinion of file sharing and it’s not going to change any time soon.

          I imagine a lot of folks feel as though their use of file sharing software is legitimate and warranted, and much of it may well be. Of course I’m sensitive to stepping on toes here, but some things just need to be said. I won’t apologize for my negative opinion of torrents, which is based on more than a fleeting fancy – I feed my family from sales of my software online.

          Not meant for anyone here in particular, but food for thought:

          It’s a personal choice whether you want your computer participating in sketchy network activities. Feel free to interpret the word “sketchy” as you like; just don’t lie to yourself about what you’re really doing.

          -Noel

          5 users thanked author for this post.
          • #169654 Reply

            anonymous

            Sketchy network activities such the topic of this blog post is why I stopped using any client torrent software.

      • #169660 Reply

        JohnW
        AskWoody Lounger

        Noel, interesting points!

        I have had an uneasiness for a long time with using torrent software.  Just prefer to avoid in general, but I have used it under Linux to download new distros, etc.

        But I have never used it with a Windows box.  I might consider using it on a dedicated gaming machine, or something without any personal or business info stored locally.

        It’s not the torrented files themselves I worry about, but rather the potential for the torrent software itself to be hijacked.  The multiple network connections to random computers just gives me the creeps.  The potential for mayhem if compromised would keep me from sleeping at night.

        2 users thanked author for this post.
      • #169677 Reply

        anonymous

        It’s not all as you think Noel … https://torrentfreak.com/2017s-piracy-is-dangerous-rhetoric-was-digital-reefer-madness-171230/

        Generally, people who torrent know something about what they are doing and securing their machines. The same can’t be said for most other computer users.

        Seems to me the Win 10 P2P delivery of upgrade/updates is potentially more problematic given it uses the computers of people who, chances are, don’t know what’s going on in their machines.

        Or maybe MS know a thing or two about P2P? Hmmm … who knows.

        Googles ad delivery would be a good way of delivering malware, etc …

      • #169676 Reply

        anonymous

        Noel, … on the topic of piracy

        I’ll just leave you with a very good quote from a great man, by the name of Richard Falkvinge:

        Ironically, the exact same discussion about sharing knowledge and culture was held when public libraries were introduced into law in the 1850s, when publishers had argued that people should be banned from lending books from one another. The more things change, the more they stay the same.

        EDIT html to text – contents may not appear as intended

    • #169675 Reply

      anonymous

      Wait, people still use Utorrent? Why would they do that when there’s qbittorrent and Tixati? lol I thought Utorrent was dead, considering their utterly pathetic attempts to destroy a perfectly good torrent client with advertisements and useless updates.

    • #170000 Reply

      glnz
      AskWoody Lounger

      Where can I download the earlier 2.2.* version of utorrent that is pre-ad and pre- this problem?  Thanks.

    • #170015 Reply

      bosun1
      AskWoody Lounger

      I did the same (g)

      source:

       

      http://www.oldversion.com/windows/utorrent-2-2-1-2

       

       

    • #170058 Reply

      glnz
      AskWoody Lounger

      bosun1 and others –

      1)  Should I first UNinstall uTorrent 3.4.2.32239 before installing uTorrent 2.2.1, or should I just install 2.2.1?

      I would prefer to keep prior settings and unfinished torrents, but could also live without them.

      2)  If I install qbitTorrent (without uninstalling uTorrent), will qbitTorrent pick up my prior settings and unfinished torrents?

      Thanks.

      • This reply was modified 9 months, 3 weeks ago by  glnz.
      • This reply was modified 9 months, 3 weeks ago by  glnz.
      • This reply was modified 9 months, 3 weeks ago by  glnz.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Stop using uTorrent

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information: