Notice on CEF Project Site - malware product using CEF

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.

Notice on CEF Project Site - malware product using CEF

Postby Czarek » Sat Mar 23, 2013 9:55 am

Hi Marshall,

Referring to notice that appeared on main page of chromiumembedded project [1]
today.

What is the reasoning of removing CEF 1 binaries from downloads? How is that going
to prevent malware products from using CEF? If they can create malware software I think
that they can compile CEF from sources on their own, how do you plan on stopping that?
Besides, some of the external CEF projects still provide these CEF 1 binaries. Why does
it affect only CEF 1 binaries and not CEF 3? Are there any implications of this malware
product for other users of CEF? Are anti-virus programs detecting programs using these
CEF 1 binaries as malware? Might be the reason for removing those specific binaries?

Cheers,
Czarek

[1] https://code.google.com/p/chromiumembedded/
Maintainer of the CEF Python, PHP Desktop and CEF C API projects. My LinkedIn.
User avatar
Czarek
Virtuoso
 
Posts: 1927
Joined: Sun Nov 06, 2011 2:12 am

Re: Notice on CEF Project Site - malware product using CEF

Postby magreenblatt » Sat Mar 23, 2013 12:43 pm

The malware product was downloading the binaries directly from the CEF project page. This was causing exponential growth in our download rate. See http://www.symantec.com/connect/blogs/n ... -framework for more information. I'm in the process of developing a new download system that requires verification (puzzle solving and sessions) and will hopefully defeat future attempts at automatic downloads.

Given the large number of companies currently using libcef for legitimate purposes I think it's unlikely that we'll end up on any anti-virus black lists. Companies are also encouraged to sign all of their binaries, including CEF binaries, before distribution.
magreenblatt
Site Admin
 
Posts: 12382
Joined: Fri May 29, 2009 6:57 pm

Re: Notice on CEF Project Site - malware product using CEF

Postby magreenblatt » Sat Mar 23, 2013 12:48 pm

I've also modified the message on the project page to hopefully make the problem clearer.
magreenblatt
Site Admin
 
Posts: 12382
Joined: Fri May 29, 2009 6:57 pm

Re: Notice on CEF Project Site - malware product using CEF

Postby magreenblatt » Sat Mar 23, 2013 9:42 pm

The new download site is now online at http://www.magpcss.net/cef_downloads/.
magreenblatt
Site Admin
 
Posts: 12382
Joined: Fri May 29, 2009 6:57 pm

Re: Notice on CEF Project Site - malware product using CEF

Postby Czarek » Sun Mar 24, 2013 10:41 am

Thank you for explaining Marshall. It didn't occur to me at first, but now it's clear.
Maintainer of the CEF Python, PHP Desktop and CEF C API projects. My LinkedIn.
User avatar
Czarek
Virtuoso
 
Posts: 1927
Joined: Sun Nov 06, 2011 2:12 am

Re: Notice on CEF Project Site - malware product using CEF

Postby TalkiToaster » Sun Mar 24, 2013 11:47 am

Is this likely to be a permanent change?

I like to automate the process of downloading/building the dependencies for my projects to make them as easy for people to get as possible (no one likes reading a page of build instructions), and was quite surprised this morning when I checked out my project on a new PC and found that the batch file to download and build CEF wasn't working.

Not that it matters too much mind, as I've just downloaded CEF by hand; but it's a bit frustrating as previously the only thing I couldn't automate the download of was Python.

If it is a permanent change, I'll just make a note of it in the README file for my project to make sure people put it in the correct place before running my build script.
TalkiToaster
Newbie
 
Posts: 6
Joined: Sun Mar 24, 2013 11:40 am

Re: Notice on CEF Project Site - malware product using CEF

Postby magreenblatt » Sun Mar 24, 2013 3:38 pm

TalkiToaster wrote:Is this likely to be a permanent change?

Probably. We provide downloads as a courtesy to our users and not as a service. People are welcome to upload the files to their own servers as needed. However, given the obvious interest in downloading some of these files as part of a distributed malware product (read: potential exponential bandwidth usage and liability) I would suggest caution in advertizing the URL.
magreenblatt
Site Admin
 
Posts: 12382
Joined: Fri May 29, 2009 6:57 pm


Return to Support Forum

Who is online

Users browsing this forum: No registered users and 40 guests