Guys and Gals.... sorry for the dramatic heading but....

I have a user on my site that has run some spyware software....Here is what she has written to me

Quote:

Could someone inform me of 2 things:

1. Go visit my site and tell me if you find any threats

2. Tell me that XOOPS isnt bundled with spyware ? (I am sure it isnt)

As you can tell.... I am not a coder or programmer but purely a user and i love playing around with XOOPS and changing a little bit of stuff.... So i have no idea on how to check for spyware stuff and dont really understand it anyway !!!!

Please could someone put my mind at rest or perhaps tell me that i have a virus on the software i installed ??? ( I have anti virus software which is kept up to date on a daily basis)

Please help and thanks for reading....

You can test it yourself, can't U? Just run everey spyware prog U have an d vist your site and run every spyware again. You'll find out!

There is absolutly no spyware associated with xoops.

It does however have a high level of security and usually depends on cookies, which can flag some security software.

cookies are not harmfull, but since they are considered a possible way to track info, they are flagged by default in some software like AdAware.

Most sites use cookies that have logins, so this is a user side issue where the user need to know to allow cookies from the sites they want to use.

Also, spyware is usually contained in free windows Desktop software. This does not apply to XOOPS since it is server software.


Hope that helps clear it up.


Cheers,

Agreed! There is absolutely NOTHING in XOOPS that will obtain any data from your visitors computer that isn't already being broadcast to the entire world every time they log on to the internet.

Like hyperpod said, XOOPS does use cookies, this is frequently flagged as spyware by spyware removal software. Even MSN, Yahoo, Google, AOL, ad infinitum... use cookies. Cookies make it possible to provide rich content based on browsing behavior. They are also used for authentication. Cookies can be misused, but XOOPS does not misuse them.

Another confusing point for some users is that certain firewall apps (Norton / ZoneAlarm) block the information that your browser broadcasts to the world. While this is a good practice in theory, many websites (including XOOPS) may not let you log in or send forms. This is because the backend systems of such sites use this browser information to verify that the visitor is not a spam bot or something like that.

As a certified computer repair technician and a XOOPS user, I can assure you with 100% certainty that there is nothing in the XOOPS core that poses a threat to your visitors.

I do have a question though.... Are you hosting your site from your personal computer?? The way you spoke suggested you might be. If so, may I suggest you download Ad-Aware and run it and get good firewall like ZoneAlarm, and good Anti-virus like NOD32. The problem may be your computer is a worm zombie or something.

Hope I haven't confused you. Just know that XOOPS is safe.

Best Regards,

JMorris

THANK YOU FOR AN EXCELLENT REPLY.

This is exactly what i suspected but wanted it from the horses mouth.

I will pass this onto the user that was concerned.

I dont run XOOPS on a personal Computer.... it is run on a server.

If you could tell me how to run a local copy of XOOPS then that would be great but somehow i suspect this is difficult.

Thanks for taking the time to reply and with an extensive one at that.

Brill.... well done the XOOPS lads

Quote:

Very easy ! use XSAS here http://xsas.sourceforge.net/ its a complet install of apache, mysql, php and XOOPS all running together.

Quote:
I am confident that is true. Unfortunately, the same assurance can't be automatically applied to third party modules, as some Mambo users recently discovered. Unless the QA team already vett modules for spyware before they are approved for inclusion in the downloads section?.

Without getting into the "phone home" practices that are possible I really don't think there is any spyware in the code and by design it is rather difficult. If the server and site is maintained properly that is. Executables should be very hard to hide in the normal code.

That being said, I think the site in question has some theme problems or worse. Possibly hacked. If the site is compromised then spyware is a possibility. That isn't likely an XOOPS problem.

However I didn't analyze the site or run some spyware app. Something is not right with the site on first look.

Quote:

lol i would really like to know what spyware those adaware packages were supposed to have detected.

Quote:

I couldn't agree with you more, hence the reason I stated that there is nothing in the XOOPS core that could harm a user. I felt it best not to bring up third-party modules, but perhaps it is good that it has been brought up.

Given the open source nature of XOOPS and all of the modules currently available for XOOPS, I find it highly improbable that someone could get away with sneaking in malicious scripts into a module undetected. Since the source code is freely available (obviously), there are just too many skilled eyes looking at the code to risk created a bad reputation for one's self. I'm not saying it's not possible, because it is. I'm just saying a person would have to be a darn fool to try it. It would probably only take a few days for someone to descover the code and post it on this forum.

Hence the reason I love open source sooo much!