Skip to main content

⚠️ Please note that this topic or post has been archived. The information contained here may no longer be accurate or up-to-date. ⚠️

Malware in Capture One Pro 10.2?

Comments

26 comments

  • Filthy Lucre
    The IP leads to Telerik Analytics - data reception which appears to be legit. However, many legit entities have suffered malware attacks / injections and this could be the case here — or it may be only a false positive. I plan to let MB keep blocking until someone comes forward to explain. Among the things I want explained: why is Phase One capturing data from us?
    0
  • Harlow Pinson
    Agreed.

    Does Phase One even read this forum?
    0
  • Filthy Lucre
    [quote="hpinson" wrote:
    Agreed.

    Does Phase One even read this forum?

    Some of the guys drop in now and then but this is mostly a user forum. Don't expect a response unless the number of people questioning this increases substantially.

    If I were so inclined I'd drop MB a line to see if this is an error on their part, but so far the inclination hasn't struck.
    0
  • Christian Gruner
    This is anonymous usage data being collected.

    This is also mentioned in the Software License Agreement, part 4:
    "Phase One may collect information concerning your use patterns for the purpose of obtaining general analytical statistical data of usage to be used in connection with further development etc. of the Software. The collection of such data will be completely anonymous."
    0
  • Filthy Lucre
    [quote="Christian Gruner" wrote:
    This is anonymous usage data being collected.


    Thanks for the clarification and citation. It still remains to be seen whether the company Phase One pays to collect this data has been subjected to a malware intrusion. I guess someone will have to contact MB to sort this out.
    0
  • NNN635563989771853020
    For the information of other users that don't want this behavior, you can set 127.0.0.1 to the domain that Capture One is calling-out to in the hosts file; this way Capture One will be contacting just your own computer rather the actual site that it intends to contact. You can see how to do this with a search. Unix, Linux and Windows all utilize similar hosts files.
    0
  • don maclean
    Note that Malwarebytes has always had issues with false positives, report them here:

    https://forums.malwarebytes.com/forum/4 ... etections/
    0
  • NNN635563989771853020
    [quote="AiDon" wrote:
    Note that Malwarebytes has always had issues with false positives, report them here:

    https://forums.malwarebytes.com/forum/4 ... etections/


    In this case Malwarebytes is correctly informing the user that a program is sending information to a remote site. I don't think anyone suspected or knew that this was happening before the MWB warning.
    0
  • don maclean
    [quote="NNN635563989771853020" wrote:
    [quote="AiDon" wrote:
    Note that Malwarebytes has always had issues with false positives, report them here:

    https://forums.malwarebytes.com/forum/4 ... etections/


    In this case Malwarebytes is correctly informing the user that a program is sending information to a remote site. I don't think anyone suspected or knew that this was happening before the MWB warning.


    I believe, in the first post, Malwarebytes claims that eqatec is a malicious website ... this site is used by many applications to track applications, see it here:

    http://www.telerik.com/blogs/eqatec-ana ... in-asp.net
    0
  • SFA
    [quote="NNN635563989771853020" wrote:
    [quote="AiDon" wrote:
    Note that Malwarebytes has always had issues with false positives, report them here:

    https://forums.malwarebytes.com/forum/4 ... etections/


    In this case Malwarebytes is correctly informing the user that a program is sending information to a remote site. I don't think anyone suspected or knew that this was happening before the MWB warning.



    As I recall this has been raised and discussed several times before.

    Moreover many virus protection programs seem to go through phases where they identify false positives. Indeed I suspect that they sometimes do this just so you know how hard they are working for you in case you forget you have them installed.

    Most likely you have a greater risk from software supplied by Microsoft, Google or other large well know vendors than you do form companies like Phase. At the other extreme there are, of course, many sites sharing "free" software that would probably be good to avoid.


    Grant
    0
  • Ray!
    I just started getting this today and Malwarebyte is going nuts with the warnings.

    I've never had this happen before and it's just started today after running the latest version since it came out. The same EQATEC.Analytics.Monitor.dll files are in versions 8, 9 and 10 folders, so it makes me want to be cautious about letting it have access.
    0
  • Samoreen
    Adding C1 to the Malwarebytes exclusion list doesn't stop the warnings. Sigh !
    0
  • Samoreen
    [quote="Samoreen" wrote:
    Adding C1 to the Malwarebytes exclusion list doesn't stop the warnings. Sigh !


    No, I'm wrong. I added the IP address and the messages are gone.

    Anyway, sending data to this site should be an option, not mandatory.
    0
  • SFA
    [quote="Samoreen" wrote:
    [quote="Samoreen" wrote:
    Adding C1 to the Malwarebytes exclusion list doesn't stop the warnings. Sigh !


    No, I'm wrong. I added the IP address and the messages are gone.

    Anyway, sending data to this site should be an option, not mandatory.


    Possibly, but quite a few applications I use for many different (non image) purposes use the same or similar services.

    If you wish to stop all of those then you probably need to stop using anything connected with Google or Microsoft and, I suspect, Apple as a start. They all collect apparently anonymous data.

    Based on messages I get from Google I should probably stop using a phone too.

    Or driving in order to avoid the registration plate recognition cameras.

    Or, in the UK certainly, walking in the street without a disguise so that the face recognition in the CCTV cameras will not know who I am.

    These last three points are clearly NOT anonymous ... which, in my opinion, makes concerns about anonymous collection of software usage and performance rather unimportant. Sadly.


    Other opinions may of course be very different.


    Grant
    0
  • Samoreen
    [quote="SFA" wrote:
    Possibly, but quite a few applications I use for many different (non image) purposes use the same or similar services. If you wish to stop all of those then you probably need to stop using anything connected with Google or Microsoft and, I suspect, Apple as a start. They all collect apparently anonymous data...


    😕 Your arguments are rather questionable. A lot of people, governments and software companies in this world are doing wrong things. The UK is not especially a good example. This is not an excuse for others to do the same. Other photo software are also implementing a system collecting information about user actions. But they ask you whether you agree with this. If not, they don't collect anything.

    It seems that with C1, you have to agree or not use the software. OK, some users may decide not to use it. That's not correct behavior. We don't even have any information about which data are sent to this remote site. And what means anonymous ?

    It has also been stated that C1 allegedly needs this connection in order to facilitate updates. If this is true, there's also something wrong with this. It's another activity that should be separated from collecting user actions.
    0
  • SFA
    [quote="Samoreen" wrote:
    [quote="SFA" wrote:
    Possibly, but quite a few applications I use for many different (non image) purposes use the same or similar services. If you wish to stop all of those then you probably need to stop using anything connected with Google or Microsoft and, I suspect, Apple as a start. They all collect apparently anonymous data...


    😕 Your arguments are rather questionable. A lot of people, governments and software companies in this world are doing wrong things. The UK is not especially a good example. This is not an excuse for others to do the same. Other photo software are also implementing a system collecting information about user actions. But they ask you whether you agree with this. If not, they don't collect anything.

    It seems that with C1, you have to agree or not use the software. OK, some users may decide not to use it. That's not correct behavior. We don't even have any information about which data are sent to this remote site. And what means anonymous ?

    It has also been stated that C1 allegedly needs this connection in order to facilitate updates. If this is true, there's also something wrong with this. It's another activity that should be separated from collecting user actions.



    When everyone (or almost everyone) is doing the same thing it becomes the new "normal".

    I gave UK examples simply because I am more aware of what happens in the UK. Things may be a little different in other countries - but not much different I would guess.

    As for choices - again in the UK experience, 20 years ago a newly elected political party caught the imagination by offering "choices" for everything. Even things like health about which the average person most likely knows very little.

    The effect was to convince people they had "control" over their lives when in fact they were steadily being stripped of the choices they once had but rarely used.

    You mention that other applications offer the choice of allowing information to be shared. What sort of information?

    Personal data? Or anonymized data about how the software is being used and how well it is performing on different hardware, operating systems and so on?

    Do you have a choice on both?

    Apart from using your bandwidth to send small amounts of data, if the information is truly anonymized how might that be damaging to you?

    Do you have a mobile phone? How do you deal with personal privacy when you have that switched on?

    I'm am drifting off topic for this forum so I will leave people to think about their own concerns and position on the matter.


    Grant
    0
  • Ray!
    Capture One is the only software that causes this warning to appear.
    0
  • Filthy Lucre
    FWIW, the warnings seem to have ceased on my system.
    0
  • Samoreen
    [quote="Filthy Lucre" wrote:
    FWIW, the warnings seem to have ceased on my system.


    This is not the case for me. If I remove the exclusion for Telerik/equatec, I get the warnings back.
    0
  • Samoreen
    [quote="Samoreen" wrote:
    This is not the case for me. If I remove the exclusion for Telerik/equatec, I get the warnings back.


    MB3 just updated and it is no longer blocking C1.
    0
  • Permanently deleted user
    [quote="SFA" wrote:
    As for choices - again in the UK experience, 20 years ago a newly elected political party caught the imagination by offering "choices" for everything. Even things like health about which the average person most likely knows very little.

    The effect was to convince people they had "control" over their lives when in fact they were steadily being stripped of the choices they once had but rarely used.


    Fully agree mate.

    I'd go as far as say that anything good a labour government does, is a distraction for something else to be taken away.
    0
  • SFA
    [quote="gusferlizi" wrote:
    [quote="SFA" wrote:
    As for choices - again in the UK experience, 20 years ago a newly elected political party caught the imagination by offering "choices" for everything. Even things like health about which the average person most likely knows very little.

    The effect was to convince people they had "control" over their lives when in fact they were steadily being stripped of the choices they once had but rarely used.


    Fully agree mate.

    I'd go as far as say that anything good a labour government does, is a distraction for something else to be taken away.


    Sadly it seems to be a concept that has been widely adopted by political parties of all leanings and in many areas of the globe.

    There are, of course, other areas that make little or no attempt so sucker their populations into acquiescence as other methods are employed to attempt opinion management.

    The puzzle is that the concept is too psychologically smart to have have been internally conceived by a political party - leaving me wondering about the origin of the idea.

    In the context of the concerns of the original post, the worldwide web is a remarkable thing and I can recall the time in its early days when some of my more technically oriented colleagues discovered the fun to be had "talking in tech" across the world if you had the knowledge and enough interest to want to be involved. That was 30 years ago.

    Nowadays it is more like "Hotel California" - you can choose to check out but you can never leave.

    So one has to decide whether the best option is to try to fight to be invisible or accept and embrace the automatic inclusion that perhaps gives some access to information about and maybe some form of control over one's own "data".
    0
  • mli20
    [quote="SFA" wrote:


    ...
    You mention that other applications offer the choice of allowing information to be shared. What sort of information?

    ...

    Grant

    An example, from the DxoOptics Pro web-site:

    DxO OpticsPro Edition/Version
    Status of activation
    DxO OpticsPro Language
    DxO OpticsPro Number of Startups
    Operating System
    System language
    Processor type and number of cores
    Processor Clock Speed
    Ram installed
    GPU type and OpenCL ability
    GPU RAM
    Monitors Size and Resolution


    And yes, you can opt in or out as you please.

    Cheers,
    Mogens
    0
  • SFA
    [quote="mli20" wrote:
    [quote="SFA" wrote:


    ...
    You mention that other applications offer the choice of allowing information to be shared. What sort of information?

    ...

    Grant

    An example, from the DxoOptics Pro web-site:

    DxO OpticsPro Edition/Version
    Status of activation
    DxO OpticsPro Language
    DxO OpticsPro Number of Startups
    Operating System
    System language
    Processor type and number of cores
    Processor Clock Speed
    Ram installed
    GPU type and OpenCL ability
    GPU RAM
    Monitors Size and Resolution


    And yes, you can opt in or out as you please.

    Cheers,
    Mogens


    So technical rather than personal information.

    Assuming anonymised data, which aspects of those pieces of information might one regard as unacceptable to share?

    It's a serious question. It looks quite innocuous to me but there may be some aspects of the content that reveals more information useful to some types of people than I am aware of.

    Grant
    0
  • Samoreen
    [quote="SFA" wrote:

    Assuming anonymized data, which aspects of those pieces of information might one regard as unacceptable to share?

    It's a serious question. It looks quite innocuous to me but there may be some aspects of the content that reveals more information useful to some types of people than I am aware of.


    It's not the right question. Which kind of information may or may not be shared is a personal or organizational matter and cannot be enforced as a general rule that applies to everyone regardless of their needs, environment, own security rules, etc. This decision belongs to the user. Period.

    I have the feeling that you're trying to justify something that is fundamentally not acceptable.
    0
  • SFA
    [quote="Samoreen" wrote:
    [quote="SFA" wrote:

    Assuming anonymized data, which aspects of those pieces of information might one regard as unacceptable to share?

    It's a serious question. It looks quite innocuous to me but there may be some aspects of the content that reveals more information useful to some types of people than I am aware of.


    It's not the right question. Which kind of information may or may not be shared is a personal or organizational matter and cannot be enforced as a general rule that applies to everyone regardless of their needs, environment, own security rules, etc. This decision belongs to the user. Period.

    I have the feeling that you're trying to justify something that is fundamentally not acceptable.


    Hmm.

    My Bank, a bank I have used for some decades, regularly sends me reminders that I must help them with their "security" by providing 3 or 4 pieces of information - email address and that sort of thing - plus advise them how much I earn every year.

    I can think of no good security reason why I should have to provide that income information to them.

    However if they asked me for the technical information above regarding the configuration of the computing device(s) I most often use to connect to on-line banking I could not really see a problem with it, though of course in a sense that would not really be anonymized data.

    The authorities realise that the majority of people have neither the skills nor the intention of spending their entire lives, device by device, app by app managing what information they pump out to the world.

    Sharing your concerns one might choose to operate mainly off-line - but that makes people in authority suspicious about motives and in any case it is becoming increasingly difficult to operate off-line. Bank, for example, have no interest in keeping local banking operations running. They tell us that more and more people only "bank" via the internet - sharing thier data as they go. That is not optional these days.

    Thus whilst I sympathise with your opinion for really personal information my observation is that the horse that used to live in that stable escaped some time ago and taking time to try to shut the door now is pointless. When the subject matter is of a technical nature rather than personal, as in the list above, closing the door seems to have little point whilst sharing the data at least offers some potential for understanding any technical matters that regularly occur, performance bottlenecks and other matters that, when reported and analysed at scale, may help to improve a product with hours of time and costs expended on Support Cases. Reporting in Tech terms is potentially so much more effective than reporting in local language for common technical matters.

    Or at least that it the theory.

    I still don't see that I need to be asked about sharing this sort of information.

    DxO OpticsPro Edition/Version
    Status of activation
    DxO OpticsPro Language
    DxO OpticsPro Number of Startups
    Operating System
    System language
    Processor type and number of cores
    Processor Clock Speed
    Ram installed
    GPU type and OpenCL ability
    GPU RAM
    Monitors Size and Resolution

    Or whatever equivalents are requested by individual application developers.

    So, to summarize, I can agree with you in principle even though I think the point may already be lost for the future but I see nothing contentious to be concerned about in the contents of the data that is likely being shared. There is far more that could be gleaned from a log file, for example.

    If I was concerned I would abandon use of mobile phones and never touch any products from Apple or Google and, most likely, Microsoft as well. It would also seem wise to go back to shooting film.

    I would much prefer it if my observations were wrong but I don't think they are - at least not substantially wrong. And as far as I can see the data collection industry is far more likely to grow rapidly than it is to shrink.


    Just my opinion.


    Grant
    0

Post is closed for comments.