Spyware?

[peppeddu]

Paint.net v2.5 worked without a problem for quite some time.

The other day I've upgraded to Paint.net v2.6, during the installation I've opted out not to go online for anything (just like v2.5)

Paint.net v2.5 never tried to connect to the 'net,

however I just found out that when I start Paint.net v2.6 it tries 5 times (first PaintDotNet.exe, then WIAPROXY32.EXE) to connect to 202.232.140.20

Why?

[Rick Brewster]

No, Paint.NET is not spyware.

We digitally sign our executables and DLL's, and some systems for some reason are configured to do extra verification of these signatures. This verification is done in-process and thus makes it appear as though Paint.NET is contacting other Internet sites. We did not sign our exe's and dll's in v2.5.

202.232.140.20 resolves to akamaitechnologies.com .

Or, you have other spyware on your system that is causing this by way of injecting threads into Paint.NET or WiaProxy32's process. The only network code in Paint.NET is related to our updates system, and it will only ever contact http://www.eecs.wsu.edu .

See my posts in this thread here, http://paintdotnet.12.forumer.com/viewtopic.php?t=1021 .

[peppeddu]

If that's the case, I don't understand why other digitally signed software doesn't have this behaviour.

The EULA should also include the fact that Paint.NET may indeed try connect to the Internet.

[Rick Brewster]

The update checker is something you can easily opt-out of during setup, or while the program is running.

And like I said, those other connections you are seeing are not Paint.NET. We sign the actual EXE's and DLL's that get installed to Program Files. Most applications just sign their setup packages that you download from their website.

[peppeddu]

The update checker has always been disabled (it was never enabled).

I understand you explanation "those other connections are not Paint.NET" , but from my point of view the situation is:

- Paint.NET EULA doesn't say it connects to the 'NET without my approval.

- I install Paint.NET

- Paint.NET tries to connect to the 'Net without my approval.

The EULA needs to be updated to explain this behaviour, or remove the unauthorized 'Net connection functionality from the signed DLL.

Otherwise you may get a lot of complains from users like me who actually reads the EULA before installing anything.

[Rick Brewster]

Let me reiterate: Paint.NET does not connect to the Internet if you disable the update checking. The signature verification is being done by other software or configuration settings on your system and is not something we enable. Please read the post that I linked to above for more details. This verification is done in-process and is thus attributed to Paint.NET by your firewall software.

I don't know how I can make this any clearer.

[BuzzKill]

I just happened to stumble upon this earlier. Hopefully this will put to rest all the spyware claims.

For all you that insist on NOT taking Rick's good word on the matter...

Now stop worrying about Paint.NET and start having fun with it!

[Rick Brewster]

Well, Softpedia is correct in this case, but please let's not use them as a (anti-)spyware authority or reference.

[BuzzKill]

let's not use them as a (anti-)spyware authority or reference.

You're right and I wasn't making them about to be... or at least didn't mean to. Perhaps I should have included in my above post that Softpedia is only claiming and promising that the Paint.NET application available for download off of their site will be clean.

Sorry.

[Rick Brewster]

Oh, I wasn't trying to reprimand you, don't get that impression. I'm just trying to make sure that we not set a precedent by leaning on Softpedia's claim in order to verify that Paint.NET is indeed spyware free. (although, in this case they are correct: Paint.NET is not spyware, nor does it come bundled with any)

[BuzzKill]

Reprimanding...ME? LOL No, I didn't think you were.

BTW, your last post was posted 5 times.

[Rick Brewster]

Sheesh! So it was! fixed! :oops:

[BuzzKill]

[RejZoR]

I'm working with such stuff nearly every day (malware/spyware) and i can assure everyone that Paint.NET doesn't contain any kind of malicious software or such being attached to it. So stop buzzing and enjoy this excellent pieace of software