RE: Haskell Platform 8.2.2 - virus? - ghc-devs - Haskell.org

newer
validate failure on Mac OSX for...

RE: Haskell Platform 8.2.2 - virus?

older
Haskell Platform 8.2.2 - virus?

Gershom B

28 Dec 2017 28 Dec '17

5:23 p.m.

Note that HitmanPro has caused plenty of problems with GHC in the past, and should be avoided by Haskell devs: https://www.reddit.com/r/haskell/comments/77from/gettting_segmentation_fault... https://github.com/commercialhaskell/intero/issues/436

Reply

Sign in to reply online Use email software

Show replies by date

lonetiger＠gmail.com

28 Dec 28 Dec

6:09 p.m.

New subject: Haskell Platform 8.2.2 - virus?

We have fixed this though, GHC 8.4 shouldn’t have this problem specifically. The issue is that hitman pro is injecting itself into every process by throwing a signal, Prior to 8.4 we were pretty aggressive in how we treated first chance exceptions. We’ve now relaxed this. That said I find the behavior of HitmanPro to be quite intrusive and I wouldn’t trust anything injecting code Into my address space. Fyi, this is what it caused: ExceptionAddress: 00007ffcc2b368ce (ntdll!RtlVirtualUnwind+0x000000000000001e) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: 00000000046710f6 Attempt to read from address 00000000046710f6 0:000> lmvm hmpalert Browse full module list start end module name 00007ffc`ba4b0000 00007ffc`ba595000 hmpalert (export symbols) hmpalert.dll Loaded symbol image file: hmpalert.dll Image path: C:\Windows\System32\hmpalert.dll Image name: hmpalert.dll Browse all global symbols functions data Timestamp: Mon Jul 17 15:53:17 2017 (596CCF5D) CheckSum: 000F490C ImageSize: 000E5000 File version: 3.6.8.604 Product version: 3.6.8.604 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0400.04b0 CompanyName: SurfRight B.V. ProductName: HitmanPro.Alert InternalName: hmpalert.dll OriginalFilename: hmpalert_x64.dll ProductVersion: 3.6.8.604 FileVersion: 3.6.8.604 FileDescription: HitmanPro.Alert 64-bit Support Library LegalCopyright: © 2013-2017 SurfRight, a Sophos company Comments: Incorporates Threatstar Exploit Mitigation Platform (EMP) From: Gershom B Sent: Thursday, December 28, 2017 22:24 To: ghc-devs@haskell.org Devs Subject: RE: Haskell Platform 8.2.2 - virus? Note that HitmanPro has caused plenty of problems with GHC in the past, and should be avoided by Haskell devs: https://www.reddit.com/r/haskell/comments/77from/gettting_segmentation_fault... https://github.com/commercialhaskell/intero/issues/436 _______________________________________________ ghc-devs mailing list ghc-devs@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs

Reply

Sign in to reply online Use email software

Brandon Allbery

6:40 p.m.

New subject: Haskell Platform 8.2.2 - virus?

"Hitman" sounds rather self-descriptive. Not sure I'd allow such a thing onto any system under my control; it sounds pretty much like malware in its own right. On Thu, Dec 28, 2017 at 6:09 PM, wrote:

We have fixed this though, GHC 8.4 shouldn’t have this problem specifically.

The issue is that hitman pro is injecting itself into every process by throwing a signal,

Prior to 8.4 we were pretty aggressive in how we treated first chance exceptions. We’ve now relaxed this.

That said I find the behavior of HitmanPro to be quite intrusive and I wouldn’t trust anything injecting code

Into my address space.

Fyi, this is what it caused:

ExceptionAddress: 00007ffcc2b368ce (ntdll!RtlVirtualUnwind+ 0x000000000000001e) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: 00000000046710f6 Attempt to read from address 00000000046710f6 0:000> lmvm hmpalert Browse full module list start end module name 00007ffc`ba4b0000 00007ffc`ba595000 hmpalert (export symbols) hmpalert.dll Loaded symbol image file: hmpalert.dll Image path: C:\Windows\System32\hmpalert.dll Image name: hmpalert.dll Browse all global symbols functions data Timestamp: Mon Jul 17 15:53:17 2017 (596CCF5D) CheckSum: 000F490C ImageSize: 000E5000 File version: 3.6.8.604 Product version: 3.6.8.604 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0400.04b0 CompanyName: SurfRight B.V. ProductName: HitmanPro.Alert InternalName: hmpalert.dll OriginalFilename: hmpalert_x64.dll ProductVersion: 3.6.8.604 FileVersion: 3.6.8.604 FileDescription: HitmanPro.Alert 64-bit Support Library LegalCopyright: © 2013-2017 SurfRight, a Sophos company Comments: Incorporates Threatstar Exploit Mitigation Platform (EMP)

*From: *Gershom B *Sent: *Thursday, December 28, 2017 22:24 *To: *ghc-devs@haskell.org Devs *Subject: *RE: Haskell Platform 8.2.2 - virus?

Note that HitmanPro has caused plenty of problems with GHC in the

past, and should be avoided by Haskell devs:

https://www.reddit.com/r/haskell/comments/77from/ gettting_segmentation_fault_on_stackcabal_any/

https://github.com/commercialhaskell/intero/issues/436

_______________________________________________

ghc-devs mailing list

ghc-devs@haskell.org

http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs

_______________________________________________ ghc-devs mailing list ghc-devs@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs

-- brandon s allbery kf8nh sine nomine associates allbery.b@gmail.com ballbery@sinenomine.net unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net

Reply

Sign in to reply online Use email software

2700

Age (days ago)

2700

Last active (days ago)

Download

2 comments

3 participants

tags

participants (3)

Brandon Allbery
Gershom B
lonetiger＠gmail.com