Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Is iMesh dangerous?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
TiMow Is iMesh dangerous?
Dedicated Contributor 15th Sep, 2010 18:26
Ranking: 737
Posts: 728
User Since: 26th Jun, 2009
System Score: N/A
Location: CH
Hello to all,

Whilst everyone is busy tweaking PSI 2.0 beta for full release, I am entering a world of uncertainty. Not a PSI issue, but definitely security related. I am interested in tapping into the collective knowledge bank and hearing from those who undoubtedly know more than me regarding the following.

Having been content listening to her CD library loaded onto her iPod, my daughter now wants some more contemporary music - although I have set up an iTunes a/c, I thought I'd see what was available for free (is there such a thing?).

Ran a search, and with no prior knowledge of what was good, bad or ugly; having looked at a few (purely for ease of use), chose one that seemed to be "OK"; - WuZAM - run from my browser, and is/(was?) a search engine for mp3 files (and not p2p), no registration required. Downloaded a few to try - a bit fiddly - 2/3 stages to get to iTunes to upload to iPod, but usable and "apparently" legal and relatively safe.

However, when I went to their site yesterday, they've appeared to have temporarily/permanently slipped off the grid. Having run another search I noted that McAfee site advisor was not only giving "iMesh" a green tick, but the additional McAfee Secure shield (and claims to check it daily), so I tried this.

It's a downloadable program that comes with a bit of additional baggage - A Mediabar (toolbar) and the promise of a new default search browser. Chose custom install and declined these kind offers, and then found I had to register, which I try to avoid where possible. On this mornings' start up I now had this new Mediabar (with all the social network links, plus more), so I right clicked toolbars and deselected it's display, and it disappeared - until I rebooted after M$ updates, and back it was. Not a great problem as I can disable and/or uninstall it from Ff. add-ons. At the moment, the social stuff is removed, but it has an OK selection of on-line radio channels which I'm using.

As an app., the program itself is not unpleasant to use, and has access to a great no. of tunes, plus can synch directly to iPod, without going to iTunes; however, when I needed to check on something from the FAQ's, the Help menu opened up in IE - which I seldom use, and wasn't/isn't (I checked), set as default.

It appears that the two instances described above, seem to demonstrate that the program has an overriding desire to configure it's own settings. Also being aware of the security minefield that is p2p, I thought I'd run a specific search on iMesh, which uncovered a multitude of information and opinions; from the imesh virus, a worm in imesh.exe., to a load of dodgy processes that should be killed from task mgr. (I couldn't see any) - also some users gave it a good review.

I have an OK (paid) security suite, with real-time virus scanning and have this afternoon run a quick scan (full-scan takes half a day), to check the most susceptible file locations, which turned up nothing - as did Spybot S&D.

How concerned (paranoid) should I be? Is this a genuine threat of possible contamination and should I rush off to remove it?

OR, is it like a lot of downloaded open source software - not without risk of use (particularly with p2p), but with correct/adequate security in place should be usable. After a day and 4 trial downloads, I quite like it, but am not desperate to compromise my system if it is as "dangerous" as some reports imply.

If you've made it this far - thanks for reading - I couldn't have been any briefer; I welcome any thoughts.

Regards

TiMow

--
Computing is not yet a perfect science - it still requires humans.

mogs RE: Is iMesh dangerous?
Expert Contributor 15th Sep, 2010 18:57
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
I must admit to not doing a lot with regards music, Ti Mow....but I think I've got the gist/jist of your post.
It just happened that I'd been reading the following article :
Beware search results that could lead to malware infections
'Free' searches attract hackers, warns McAfee
Security company report highlights dangers of searching for 'free' music and movies
Written by Dinah Greek, Computeractive
15 Sep 2010
http://www.computeractive.co.uk/computeractive/new...
It might make you more wary ?

--
Was this reply relevant?
+0
-0
Anthony Wells RE: Is iMesh dangerous?
Expert Contributor 15th Sep, 2010 20:14
Score: 2445
Posts: 3,336
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 15th Sep, 2010 21:30
Hello TiMow ,

This is what you get from CNET :-

Publisher's description
From iMesh:

iMesh is a peer-to-peer file-sharing program that lets you find, download, share, and publish audio and video files. An ever-growing community of millions of registered users ensures quick location and download of virtually any type of file available on the P2P network. With the power of the iMesh network you can listen to and download songs that are 100% legal. Our service is endorsed by the key players in the Music Industry.

This is the first review I found ***:-

http://www.ciao.co.uk/iMesh_com__Review_5110874

If you ignore the extremely aggressive "adware/spyware" (personally I would not) , the software is probably clean itself , but any links it would provide , well .....

Again , personally , I would run anything and everything offered in "sandboxie" at least and learn how to check your downloads and move them out of the sandbox , if you persist in P2P of this type .

If you want contemporary music for your daughter , check out what is in YouTube for her chosen artistes and what is the download source suggested .

Take care

Anthony

***very dated , but still relevant in 2008 it appears .

PS : have a look here :-

http://www.techsupportalert.com/content/best-free-...


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
TiMow RE: Is iMesh dangerous?
Dedicated Contributor 16th Sep, 2010 14:33
Score: 737
Posts: 728
User Since: 26th Jun 2009
System Score: N/A
Location: CH
Thanks for your contribution as ever - would also have been interesting to hear from anyone with hands-on knowledge.

mogs - good link; logical insight, especially regarding some of the many smaller operators - which is why I believed iMesh as one of the biggest and longest running, would be safer than most.

Anthony - had already looked at Cnet and many others (eHow, also informative). Had also checked out some reviews - some more recent, but not current.
Unfortunately, the GR link appeared to deal more with organising and playing of tunes, than with their downloading.
Not sure how feasible it is to use YouTube as download source for iPod - will investigate. Will take onboard advice for using Sandboxie for iMesh.

Ultimately my need, at present for this download material, is still relatively limited, so for now internet access has been blocked to iMesh (will unblock for specific instances as required), and Mediabar including iMesh search and browser link has been disabled - I think this is where a lot of the spyware/adware problems originated.

But until I find a suitable, safe and legal alternative, or Wuzam comes back on line (not file sharing), I think I will have to trust in my security safeguards, and just hope that McAfee Secure is checking daily, effectively, as it claims. (Although I am still unsure, if this claim relates to the initial program download; or the content within the program once in use - I think with file-sharing this would be difficult, if not impossible - but this is all new territory for me, so I can only attempt to second guess).

Regards

TiMow

--
Computing is not yet a perfect science - it still requires humans.
Was this reply relevant?
+0
-0
Anthony Wells RE: Is iMesh dangerous?
Expert Contributor 16th Sep, 2010 15:42
Score: 2445
Posts: 3,336
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

TiMow

The GR link contains a few/lots of links for added info . YouTube have numerous videos on how to find "download" sites and how to download from YouTube .

Hands on I have used/tried in the past iTunes , VirginMega Premium , LastFM and find Spotify does everything I need .

Like I said , it's probably not the software you need to worry about it's where you tread . I certainly would not rely on the technology to protect you .

Take care extra care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer