Steinberg Hijacked My Computer!

VST, AU, AAX, CLAP, etc. Plugin Virtual Instruments Discussion
Post Reply New Topic
RELATED
PRODUCTS

Post

Or so i thought. :dog:

Little story, just because its kinda amusing. Some days ago i was reading some thread where somebody had posted a link to Steinbergs FTP. (Legacy Plugins.) I didnt feel like downloading at the time, so i put a URL shortcut on one of my drive volumes so i can check it out at a later date. Time went on and i forgot about it.

Today i did some skinning work and something very peculiar happened. When i browsed with Knobman to a certain volume, it wanted to connect to the internet. It never did that before, (and had no reason to either), but i wasnt really alarmed or anything at that point, i just denied the access and continued to go about my business.

I then browsed to the same volume with another app which doesnt normally connect to the internet. To my surprise it wanted to connect to the exact same IP as Knobman wanted just a minute ago. Of course at that point i got suspicious, so i tried the same with a few other apps and sure enough every one of them wanted to connect to that address as soon as i navigated to that volume. So i Who-Is'd the IP address. To my surprise it came up as Steinbergs FTP. (194.6.194.210)

I really didnt know what to make of it because i was sure that i dont have anything of Steinbergs installed on this machine. And yet it almost seemed as if there was something running in the background (even though i couldnt find anything that would be able to do that) which kinda grabs all of my processes and tries to connect to Steinberg as soon as i access that volume. So i started thinking. Some odd glitch in the network? Cut net connection, reconnected, no good. Maybe a reboot will do the trick? Shut down machine, rebooted, nope, no good either. What in the world can this be? Malware? Unlikely, because beside the fact that its close to impossible for anything to penetrate this machine it didnt seem very plausible that malware would want to connect to Steinbergs FTP of all places.

So i fired up Procmon to see what the heck is going on. Let it scan the browsing process, up came lots of stuff related to network connections. A-Ha! Gotcha! Just have to find the culprit now. So i saved the whole shebang to file expecting to spend the next 2 hours sifting through all the stuff that might be responsible for this. I then went back to the already opened log to see where the interesting part begins. Lots and lots of file-access entries, registy-access entries, all not very interesting. I kept scrolling and scrolling and was just about to skip a bit further down when something caught my eye: 'FileOpen Steinberg FTP - Legacy Plugins'. Wait a minute, isnt that the name i gave that internet shortcut some days ago? Sure enough it was. And then it hit me: Could this internet shorcut kinda self-execute when an application browses the folder wherein it is contained? And sure enough, thats exactly what it was. Once removed, the inexplicable connection attempts stopped immediately. Apparently Windows Explorer treats such shortcuts as links to possible external data storage, so when you browse the folder that contains the shortcut, Explorer tries to make the external data accessible too. (Or something to that effect.) At any rate, i removed the shortcut, felt pretty stupid, and vowed never to put a FTP shortcut on a harddrive ever again...

Post

Interesting story well told :wink:
No internet access for my music pc at all...
The average bored guy

Post

deleted
Last edited by replicant X on Tue Mar 26, 2024 1:29 am, edited 1 time in total.
Each DAW has a different sound.

Post

So, even though you did not SELECT the shortcut, Windows Explorer still tried to open a connection to the target of it? Why would this even be a thing to DO? I would understand if you had navigated to the shortcut and executed it like opening a volume, but why would just LOOKING in a folder trigger it? That's... bonkers.
- dysamoria.com
my music @ SoundCloud

Post

<delete>
Last edited by egbert101 on Tue Feb 20, 2018 12:40 pm, edited 1 time in total.
<List your stupid gear here>

Post

Which version of Windows?

It's a sensible thing for them to do although it likely creates a lot of unneeded FTP traffic, this is hardly an issue for most servers today.

If you wanted to connect to the FTP and look at the contents there you'd need to wait for the connection to be made. This would introduce significant latency between the time you click and the time the folder is populated. Since you likely have several gigbytes of unused memory sitting around burning up the Watts and serving absolutely no purpose whatsoever, Microsoft has decided to pack it full of cached FTP LIST responses in the 1/billion chance you might try to view a directory on the server.

Microsoft (and many others today) take a similar approach to HTTP where the browser is supposed to wait for the server ACK (acknowledge) message before sending additional requests. In order to speed up IE back in the day Microsoft completely ignored the standard and any presence or lack of the ACK response and flooded servers with every request at once before the connection was successful. This had the effect of removing a second or more of latency between connecting and displaying content on the page.

Most modern browsers now not only load unviewed tabs and start running 100s of insane scripts that you aren't needing, they pull in links from multiple levels of pages you haven't even viewed/clicked yet and cache almost everything. This (prefetching) is why a modern browser manages to take up gigabytes of memory when it should only use a few kilobytes to view plain text on a page.

People have very little patience and it creates this sort of inefficiency in almost everything.
Free plug-ins for Windows, MacOS and Linux. Xhip Synthesizer v8.0 and Xhip Effects Bundle v6.7.
The coder's credo: We believe our work is neither clever nor difficult; it is done because we thought it would be easy.
Work less; get more done.

Post

Guessing FTP shortcuts are mapped in Windows Explorer the same way as drive shortcuts - as essentially it is a link to a drive, just not one on your machine (well unless you're running an FTP server on your machine!). It probably just connects to see if the FTP drive is still active when you visit that folder, in the same was if you had an external drive you'd hear it click in to action if you had a shortcut to that drive in a folder.

Post

Maybe Windows does so because it wants to offer a preview, or for indexing reasons.

Post

Jace-BeOS wrote:So, even though you did not SELECT the shortcut, Windows Explorer still tried to open a connection to the target of it?
Thats right.

And what was so off-throwing (otherwise id probably realized what was going on much sooner) was that Explorer itself wouldnt do it unless i accessed the volume via 'Computer/<DriveLetter>'. (Which is the standard way of accessing volumes in Windows.) But thats not how i normally access my volumes, (i have a toolbar for 'Computer' down at the very bottom of the taskbar so i have direct access to all volumes with a single click), hence it never occured until yesterday when i went via 'Computer' with Knobman while the net connection was on.

At any rate, the answer is a clear yes. It did that without me clicking anything. In fact i couldnt have clicked anything even if i had wanted to because processing the FTP link was the very first thing Explorer did. (In other words the dir wouldnt get populated (remain empty) until i denied the application net access because Explorer was waiting for the FTP to respond and the query was intercepted by the firewall.)

Why it would do that i really dont know, but speculating i would say its probably what i had conjectured in the OP. (Something in that direction.)


aciddose wrote:Which version of Windows?
Win7/32
aciddose wrote:If you wanted to connect to the FTP and look at the contents there you'd need to wait for the connection to be made. This would introduce significant latency between the time you click and the time the folder is populated.
Yep, as id indicated above thats exactly what happened.

Of course i denied access so it never got beyond this point, i.e. no idea what would have happened if i had granted it.

(BTW, there were some HTTP/HTTPS links in the dir too but they were ignored.)

Post

mcbpete wrote:Guessing FTP shortcuts are mapped in Windows Explorer the same way as drive shortcuts - as essentially it is a link to a drive, just not one on your machine (well unless you're running an FTP server on your machine!). It probably just connects to see if the FTP drive is still active when you visit that folder, in the same was if you had an external drive you'd hear it click in to action if you had a shortcut to that drive in a folder.
Yes, thats pretty much what i thought too.

Post

fluffy_little_something wrote:Maybe Windows does so because it wants to offer a preview, or for indexing reasons.
Could be another aspect of it.

Post

Jace-BeOS wrote:So, even though you did not SELECT the shortcut, Windows Explorer still tried to open a connection to the target of it? Why would this even be a thing to DO? I would understand if you had navigated to the shortcut and executed it like opening a volume, but why would just LOOKING in a folder trigger it? That's... bonkers.
That's a common and well known behavior. Shortcuts to the network resource like mapped network drives, ftp accounts and so on do try to update their connection when refreshing ie when you browse the folder they are located in.
No signature here!

Post

robotmonkey wrote:
Jace-BeOS wrote:So, even though you did not SELECT the shortcut, Windows Explorer still tried to open a connection to the target of it? Why would this even be a thing to DO? I would understand if you had navigated to the shortcut and executed it like opening a volume, but why would just LOOKING in a folder trigger it? That's... bonkers.
That's a common and well known behavior. Shortcuts to the network resource like mapped network drives, ftp accounts and so on do try to update their connection when refreshing ie when you browse the folder they are located in.
Really? When just looking in a folder with such shortcuts? That might explain why i hated Explorer's context menus. One of my major irritations with Windows where I've been forced to wait for Windows to resolve device/network connections just to let me PASS BY a menu item it wanted to populate (including pegging removable storage devices that have no media, like the old 3.5" diskette or removable hard drives). I've always hated this behavior because it interrupts the user in order to do something the user might not care about at that moment (something that could've been solved with multithreading; do that shit in the background, and don't block my action).
- dysamoria.com
my music @ SoundCloud

Post Reply

Return to “Instruments”