Keyboard Shortcuts
Likes
Search
Security?
ag6qo?wrote: ? ?"Are the components etc uploaded here trustworthy?
? ??Have there been any incidents of viruses etc embedded in files uploaded here?
? ? ?? Are there precautions taken to avoid it?"The simple answer is that SPICE component models are plain text, and you can't hide a virus or malware in text. ?No component model is ever "executed". ?They are all fed as input to the LTspice program, which interprets them as text and parses them to get the information it needs. ?Even then LTspice is always in control, doing the things it needs to do to simulate a circuit. ?The model is never "calling the shots," nor does LTspice have the capability to do much more than build waveform data and save it to its output files.
Could someone write a virus that exploits a heretofore unknown capability of LTspice to do something bad? ?I seriously doubt that it's possible, and just as unlikely that someone would know how to try.
Now, are ALL files here on this site guaranteed trustworthy? ?Here the simple answer gets more complicated. ?There are occasional Word DOC files and a few (VERY few) executable programs here, and a handful of HTML files.
This is a user-contributed forum, so yes, the possibility exists of something bad in an upload, under the guise of it being something useful.
I do not recall any incidents of malware here. ?On the other hand, Spam does rarely get through, either in messages or in the Links section, and they have all been dealt with promptly.
Regards,
Andy |
Good question, but alas, too late for you.? This Yahoo group is undoubtedly secretly, violently infected with untrustworthy viruses.? In fact, by reading this message you personally are probably fatally infected with the AIDS virus.? You are no doubt doomed, so please send all of your monetary assets to Yahoo groups immediately.
Okay, that was sarcasm, but it is messages like yours that lead me to avoid responding altogether on this group very much any more.? No doubt you cannot help being the way you are any more than I can help being the way I am. To give your original question a serious answer, it is mind-numbingly ignorant to think that SPICE code could possibly be infected with such viruses.? In the future, once you have gained some working experience with LTspice, you hopefully will come to appreciate why this is so. ---In LTspice@..., <ag6qo@...> wrote : Are the components etc uploaded here trustworthy? Have there been any incidents of viruses etc embedded in files uploaded here? Are there precautions taken to avoid it? |
Hello,
One has to distinguish between (LT)SPICE files and program files. Any LTspice related files (symbols, models, plot directives) can never have any virus. I don't know how Yahoo has checked the uploaded programs(.exe). The exe-programs have been mostly in the section Files>Util of this group. Best regards, Helmut |
Come on, folks!
toggle quoted message
Show quoted text
If a newbie comes along and asks about security of files on the website, that person deserves a straight answer. These days, with viruses and trojans and all that stuff seeming to be anywhere, it is a prudent question. Most newcomers to spice and many who have been around a while don't know that spice files are text files. As far as the casual observer might know, a .cir file could be just as able to carry bad stuff as a .jpg or .pdf or .xls or .docx any of the other complex file structures. In today's world, I would be a lot more cautious here than I am, if I were coming as a new user. There are several factors that make bad stuff pretty unlikely, here. Or, at other spice sites. 1. The target: anyone writing bad stuff wants big impact. spice has a very small user community, compared, say, to excel or word users. It is hard to imagine much general impact, beyond simple spite or maliciousness. 2. The kind of possible exploit is very limited. The language is pretty tight, and the parser can check for violations pretty easy. There should never be a "buffer over-run" exploit or anything like that. 3. spice files are not executables. They are interpreted by the the host application (a variant of Berkeley spice). There is a long history in spice, with all sorts of unwitting attempts at mucking it up. It is pretty bullet proof. You CAN have files that appear to be one thing while are really another (an exe masquerading as a txt file). The operating systems have put significant constraints on the ability of this exploit to operate. Not impossible, of course, but, generally, YOU Have to agree to run any downloaded executable.? So, the short answer is that, if you are concerned, YOU can open any spice file with a text editor and verify that it is what it says that it is. After a while, you will discover that its an extra effort that you really don't need to take. Jim Wagner Oregon Research Electronics On May 29, 2014, at 10:24 PM, analogspiceman@... [LTspice] wrote:
|
Well...in my humble opinion...its a fair question to ask, but not likely to get a solid answer. Fact is...no one really knows...:-) All you can do is be sure you've taken the proper precautions, however unlikely it may seem,?to prevent an attack if one is attempted. Make sure you got up to date anti-virus software in place, etc. So that a potential threat imbedded in a file, can be scanned and prevented when the file is downloaded.. Trust no file before scanning.....:-| My two cents... HT |
The effort to turn a spice library or symbol into a virus will take a lot of investigation on the perpetrators part. ?Given the source code is not available and the access ports are not documented....it will take to much time. If you look at what is the goal of virus...attack as many computers as possible, using LTSpice is simply not going to get one there. ? The number of people using LTspice are so small compared to the people who use something like word or a specific operating system like windows or the Mac OSX.... It simply is not worth the effort. ? It would not be news worthy! ?No real claim to fame. On Jun 1, 2014, at 6:59 PM, hitec92407@... [LTspice] wrote:
Best Regards, Mark Gurries Electrical Engineer DCC Website & NMRA DCC Clinics: |
There is the simple malicious motive. Or,maybe something like revenge. These don't require a large target community.?
toggle quoted message
Show quoted text
However, it is certainly prudent to be careful. That responsibility rests on the end-user. Jim Wagner Oregon Research Electronics. On Jun 1, 2014, at 8:42 PM, Mark Gurries gurriesm@... [LTspice] wrote:
|
Ok. ?but I have yet to hear of any CAD system being attacked as such and there are a lot of system far bigger than LTspice out there and they charge money to make a profit. ? Hard to get malicious over free software. On Jun 1, 2014, at 9:36 PM, Jim Wagner wagnejam99@... [LTspice] wrote:
Best Regards, Mark Gurries Electrical Engineer DCC Website & NMRA DCC Clinics: |
Attack via LTSpice?
Generally unlikely. However... The spice files are mostly in text format and are read by a parser inside LTSpice. But as we do not have LTSpice source, we cannot know explicitly what LTSpice does. It's unlikely to ha ve LTSpice as the tool for a buffer attack or something else. You can limit LTSpice's access right by limit it where it can write data on your system. Unless you have an old dodgy windows system. A more likely scenario is to have LTSpice executables and files contaminated bu any of the old fashion viruses out there. Remedies? Retain an updated anti virus software and run it to check all files in real time If you are paranoid about security and you run Windows ( an Oxymoron at best :), do what I do. I run an Ubuntu Desktop with "Oracle Virtualbox" running a virtual Windows OS. I keep the access rights tight. Have "Spitfire" and "Tripwire" like program running. Touch wood, I haven't had a virus problem ( that I know of ) since 1993 when I dumped Windows on my desktops. But seriously, if you do have security concerns, what are you working with! If it's defence stuff, you are already in trouble as you are asking this question. You should have a dedicated security officer/manager dealing with this. And he would never ever allow you folks to exchange data over the internet, not even be connected to it. Conclusion and advice: 1. Retain an updated Virus checker and USE it! 2. Don't use the desktop for watching internet porn. ( Use somebody else's computer :) Seriously, alternative 2 is the main source for security breaches so rather take your mates to the local strip joint instead of searching/looking for Internet P. It#s safer :) Yes, I'm an obnoxious bstard but I've been doing computers since 1977 :) Cheers Dan, M0DFI On Sun, 1 Jun 2014 23:57:11 -0700 "Mark Gurries gurriesm@... [LTspice]" <LTspice@...> wrote: Ok. but I have yet to hear of any CAD system being attacked as such and there are a lot of system far bigger than LTspice out there and they charge money to make a profit. Hard to get malicious over free software. |
Indeed. As I recall, the OP referred to "files" generally. There are various zip, jpg, xls, doc, exe files, etc. in the files section, any of which are capable of delivering a malware payload when downloaded.
It is also possible to rename a malware file to have an asc, asy, net, cir, plt or any othe extension. The malware could potentiall be triggered by double-clicking once downloaded. The advice to virus scan everything is good advice. Martin |
Although the standard text files associated with LTspice cannot contain viruses, it is possible that other files types might be infected.? Based on the following standard disclaimer from Yahoo Groups Help, it seems likely that Yahoo Groups does not scan uploads:
Virus risks when downloading files Anytime that you download files from the internet, including Yahoo Groups, you're running the risk of coming across malware or viruses. As stated in the Yahoo Terms, neither Yahoo nor its licensors are responsible for any damages caused by your decision to do so. We recommend that you never download anything from an unknown source. We also highly recommend that you choose to scan files and attachments whenever this option is available. If you believe you have a virus on your system, we recommend that you install an anti-virus program and contact your computer's user support group for assistance. Keep in mind: Attachments sent as a part of an email are not a threat to your system if you do not download them, but if you choose to either open or save an attachment to your computer, your system will become vulnerable to any viruses the file may contain. |