abusive internet usage

[xml]

hi,

i would like to know why paint.net (including the installer) tries to connect about 10+ times to the internet (usertrust.com). is this really necessary i have to keep blocking it because its severall diferent exes trying to connect.

[chew]

maybe you have spyware :shock:

[BuzzKill]

Look under "Updates" and see if you have "Automatically check periodically" checked. If so, uncheck it and see if you still have the same problem.

I'm not sure why the installer tries to connect. It only tried to connect a single time when I first installed 2.6 Cr2. Other than that, it hasn't tried to connect to the internet anymore.

Also, you can check the program controls in your firewall to see if you are or are not allowing Paint.NET access to the internet.

Good luck with that!

[Rick Brewster]

Paint.NET will only try to connect to http://www.eecs.wsu.edu/paint.net , for the purpose of checking for updates every 5 days (unless you tell it not to of course). The installer has no network access code in it at all.

If any other activity happens, you have spyware/malware that is injecting threads into the PaintDotNet.exe process and doing other stuff.

[Rick Brewster]

Looks like usertrust.com is some site dealing with digital signatures.

Every EXE and DLL in Paint.NET is digitally signed with our code signing certificate. It is possible that you have configured some setting somewhere to do some kind of online double-checking/verification of signatures attached to EXE or DLL files. I don't know where or what this setting would be, but it's the only thing I can think of.

[xml]

i disabled the check for updates when installing and i use kapersky firewall. here's some screenshots

this is the first time a program tried to connect to that url on my pc and i run windows on a limited user account (im no begginer on pc usage).

[Rick Brewster]

Like I said, our code is not doing this. There is some other software on your PC that is causing this.

[chew]

you can fix this couple diffrent ways, two ways i recommend is scanning your pc and running it over with your car

[xml]

i suggest another one for you: drop dead

[SearedIce]

i suggest another one for you: drop dead

Now, Chew, there's no reason to start arguments. Paint.net is nothing to fight over.

You've all heard this before, but try following it:

If you don't have anything nice to say, don't say anything at all.

[Rick Brewster]

Well, in xml's defense, chew could've exercised some restraint as well

[hobbypainter3]

I just downloaded and installed Paint.NET 2.6 and it shows the same behavior. Furthermore, when I hover the mouse over the menubar File - Acquire ->, the program WIAPROXY32.EXE, obivously part of Paint.Net, wants to have access to the IP's 216.126.201.89 and 66.249.93.104, which seem to be usertrust.com and google.com. This is reproducible. I'm an experienced user and I am sure I don't have any malware on my PC.

[Rick Brewster]

We do not have any code that accesses the Internet except that which pings our website for update checking. All it does it download a text file.

To reiterate from a previous post,

Every EXE and DLL in Paint.NET is digitally signed with our code signing certificate. It is possible that you have configured some setting somewhere to do some kind of online double-checking/verification of signatures attached to EXE or DLL files. I don't know where or what this setting would be, but it's the only thing I can think of.

If you built Paint.NET yourself from our source code ZIP, and enabled code signing (set environment variables SIGNPDN=1 and PDNPFX=[path to PFX file]), you would see the exact same behavior. Most Windows components (Notepad, for instance) will not exhibit this activity because their signatures are stored in catalog files and are not retrieved as part of the normal loading process. However, you'll see above that the .NET Runtime Optimization Service is also being "flagged."

This Internet access you're seeing is not necessarily malicious, there just seems to be something that is performing an extra verification of the digital signature. What other security-related software have you installed?

[hobbypainter3]

Only ZoneAlarm, nothing else. It's an XP machine with current updates and .NET 2.0 Runtime Environment.

[Rick Brewster]

To quote from http://www.webservertalk.com/archive53- ... 93670.html,

Carlos,

The most common reasons for the connection to usertrust.com is:

1. You have an SSL certificate from either Freessl.com or from USERTRUST.

2. Your website is configured to accept client authentication certificates.

The reason your server connects to usertrust.com is to download CRL information pertaining to either SSL or Client certificates. This is not a virus. If you would like further information please feel free to email me.

Nathan Luke

USERTRUST Inc.

nlmessageboard@usertrust.com