去目錄頁

Tajpi and Ek Warning

RiotNrrd, 2015年9月26日

讯息: 29

语言: English

RiotNrrd (显示个人资料) 2015年9月26日下午5:42:24

Because I telecommute two days a week, my home PC has my corporate anti-virus on it, which is about as good an anti-virus program as is probably available.

This anti-virus program will not allow me to install either Tajpi or Ek. It claims that both .exe's are infected with known Trojans. I have no reason to doubt it.

Those of you who are running either program might want to run it through your own virus checker. I don't know if this is true for earlier versions or just the latest. Somewhat worrisome, however.

Vestitor (显示个人资料) 2015年9月26日下午5:49:09

If it tells you exactly what the virus is supposed to be (its name), you can look it up to see if your anti-virus is recognising a false positive. Even the best anti-virus programmes do this.

jdawdy (显示个人资料) 2015年9月26日下午7:24:34

They're not infected- the problem is because of the what they do- they capture keystrokes, just like a malicious keyboard logger. The only difference is that after they capture the keystroke, they replace the character on your screen with an Esperanto letter, instead of sending your passwords to hackers.

These are extremely popular and well-respected programs in the Esperanto commmunity, and as far as I know, no one has ever had any security issues relating to their use.

You can add an exception to your antivirus to allow the use of the programs, or else you can use one of the methods available online for remapping your keyboard so you don't have to use Tajpi or Ek.

RiotNrrd:Because I telecommute two days a week, my home PC has my corporate anti-virus on it, which is about as good an anti-virus program as is probably available.

This anti-virus program will not allow me to install either Tajpi or Ek. It claims that both .exe's are infected with known Trojans. I have no reason to doubt it.

Those of you who are running either program might want to run it through your own virus checker. I don't know if this is true for earlier versions or just the latest. Somewhat worrisome, however.

altindiefanboy (显示个人资料) 2015年9月26日下午9:23:17

Roch:If it could be of any help... to confirm something...
Perhaps you would like to have a look at the source code, seeing as Tajpi is open source.
Hint: I didn't see anything sketchy.

As jdawdy said, they do capture keystrokes, because that is the only way for these kinds of programs to function. The source code will tell you exactly what Tajpi is doing with the captured keys.

mateno (显示个人资料) 2015年9月27日上午11:25:02

Ek is open source as well. I remember when we contacted the author to ask the permission to include it on the promotional CD "Esperanto -- Lingua Incognita", which our organisation (SKEJ) was making up at the time, he, giving us the permission, even requested for the source code to be included on the CD as well (which of course we gladly did).

RiotNrrd (显示个人资料) 2015年9月27日下午1:37:57

You understand, of course, the difference between source code and compiled binaries?

Unless you compiled the code yourself, there is no guarantee that the source you are reading is the executable you are running.

That said, I'm happy to hear that there is likely no problem. But just some code posted somewhere is no proof. Trojans can even infect programs *while they are being compiled*, if the compilation environment is itself compromised.

But you are probably right that the fact that they are key loggers is the reason alarms go off, and that there is actually no issue.

nornen (显示个人资料) 2015年9月28日上午5:09:49

RiotNrrd:You understand, of course, the difference between source code and compiled binaries?

Unless you compiled the code yourself, there is no guarantee that the source you are reading is the executable you are running.

That said, I'm happy to hear that there is likely no problem. But just some code posted somewhere is no proof. Trojans can even infect programs *while they are being compiled*, if the compilation environment is itself compromised.

But you are probably right that the fact that they are key loggers is the reason alarms go off, and that there is actually no issue.
Thank you.

I think the aforementioned "I have the same programme and it is not infected, so yours won't be either." is the most naive and most dangerous advice concerning malware I have ever read on a forum.

A: "I think my cat might have toxoplasmosis. My vet said it is showing the symptoms."
B: "Nah, never mind. I have a cat, too, and it hasn't got toxoplasmosis, ergo yours doesn't have it either."

Alkanadi (显示个人资料) 2015年9月28日上午7:51:41

I recommend that you just install an Esperanto keyboard. But, if you prefer you can type online here:

http://esperanto.typeit.org/
Press Ctrl with the appropriate letter. For example, to type ĉ, press Ctrl + C; to type ŭ, press Ctrl + U.
Then you can copy and paste the text.

Vestitor (显示个人资料) 2015年9月28日下午12:25:49

On Linux you can just set up multiple keyboard languages (including Esperanto) and switch between them at the click of a key. Saves a lot of mucking about and worry about trojan this, keylogger that.

Alkanadi (显示个人资料) 2015年9月28日下午1:49:00

Vestitor:On Linux you can just set up multiple keyboard languages (including Esperanto) and switch between them at the click of a key. Saves a lot of mucking about and worry about trojan this, keylogger that.
Very true. See the attached.

回到上端