Spy program in EDA tools?

[duffrose]

Hi:
Do you have ever heard EDA company like "C-a-d-e-n-c-e" or "S-y-n-o-p-s-y-s" or "M-e-n-t-o-r" put spy program in EDA tools, and spy program can send package back to their company including all informations when you use it? If it is true like "M-i-c-r-o-s-o-f-t" done in winxx series. It is so terrible.

 

[corgan]

Yes,I am not sure it's true or not, but I have ever heard a story about that.
A man were doing his design in home with the
illegle EDA tools, suddenly, he got a phone
call from synopsys, and told him that he's
using the illegle license. Some hours after,
police came,and put him in jail.

On 2002-05-02 12:19, duffrose wrote:
Hi:
Do you have ever heard EDA company like "C-a-d-e-n-c-e" or "S-y-n-o-p-s-y-s" or "M-e-n-t-o-r" put spy program in EDA tools, and spy program can send package back to their company including all informations when you use it? If it is true like "M-i-c-r-o-s-o-f-t" done in winxx series. It is so terrible.

 

[duffrose]

How to prevent this? No internet connecting with machines you use for EDA, but we still have no answer how does EDA company do it? Or how to stop spy program? That is diffcult but interesting for h@cker at least. I am not a h@cker, still want to know the answer. And I think that collect data from user in that way is illegal.

 

[dsp_]

Just use any of these personal firewall will do it..
try tiny personal firewall from https://www.tinysoftware.com
or
zonealarm from
https://www.zonealarm.com
i prefer tiny's fw. there are much more but these are the most popular.

it gives you the control about which program gain access to the (inter)net.

So if the programm wants to access to the net while you are working and you know there's no automatical-update function, then somethinge strage goes on.
I don't know how far the EDA programs need access to the net for authentication matters, but the access is also restricable per IP addresses.

HTH
dsp_

 

[erickki]

I downloaded once an eval.-version program. This program (I don't remember what it was) required lic. or serial. It was sent to me by email. There was info the program requided, but there was also same info when I use 'ipconfig /all'-command. I had NIS in my computer, but it didn't work in this case. Can we trust these soft.firewalls or firewalls at all? The best way is take the cable out off the wall.

 

[pardal]

There are many stories like that and it hard to make our mind in which to beleave. For the interested ones look at grc.com and search for spywares in w*w.searchlores.org.
Anyway install ZoneAlarm (windows users) and I'll promise that you will be surprized by the number of apps that try to connect somewhere without your knowledge. Even filemanger ocasionaly tryies to do it (why, where?).

 

[jetmarc]

Do you have ever heard EDA company like "C-a-d-e-n-c-e" or "S-y-n-o-p-s-y-s" or "M-e-n-t-o-r" put spy program in EDA tools, and spy program can send package back to their company including all informations when you use it? If it is true like "M-i-c-r-o-s-o-f-t" done in winxx series. It is so terrible.

CADS*FT was known to have something like this in their E*GLE PCB. They worked with a PCB house and sent p*lice to those people who gave board files made with i*legal E*GLE. However, this is not exactly okay with german laws, so I think they stopped doing so since a while.

jetmarc

 

[Cluricaun]

Hi

I use NIS and it works and gives a warning message everytime a program wants to access the internet or using any of the ports. One reason if it do not work can be that the "allow automatic configuration" is checked, if you by mistake allow the program to access the ports then NIS give access to all ports and communications to the internet for this program. If you are unsecure control each programs settings in "Personal Firewall - Internet Access control". Zonealarm and tinyfirewall are both very nice FW and at least zonealarm is much easier to configure, if you do not use any today you better start. Perhaps you can try Adaware I do not know if it detects EDA SW accessing the internet.

 

[TheMick]

I use zone alarm, programs that use flexlm licenses may need access to the TCP/IP stack for license (even illegal ones) checkout.
Zone Alarm allows you to enable this and still keep them away from "The Internet at large", and it is true MS programs access remote sites for some reason, though stopping them does not appear to cause problems. ALSO do not allow automatic email updates. Always check the out mail queue even just to delete receipt confirmations from wankers using Outlook.. I hate it..

 

[duffrose]

What I am afraid is when the flexlm access TCP/IP stack for license checkout, meanwhile, it sent packeage to somewhere of internet which we don`t know. Or you use PC to access workstation, there is a small program inside EDA tool will put some code into your PC and wait to send package to where they want to. To tell them you are using EDA tool. They can trace-back by packages if they want to. Is it possible?

 

[zhoury]

The best way to avoid is to seperate two sub network and unplug the netwrok cable.

 

[RegUser_2]

I have Zonealarm running, and it does intercept some stuff.

The problem here is, that some programs (like the Mentorg's FpgaAdv) need
server privileges to operate at all, and this means for the firewall to give them this access.

 

[rknem]

The problem here is, that some programs (like the Mentorg's FpgaAdv) need
server privileges to operate at all, and this means for the firewall to give them this access.

I think these programs only need local/LAN server rights. You can set these separely form internet server rights in ZoneAlarm Pro.

 

[Apple]

Let's kill the SPY!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 

[sigint]

I think you guys are probably being a little too paranoid,

IMHO, and I do talk to EDA vendors and read their magazines.

If you use the software only for personal education, or even if you use it for an occaisional side job or for work started at your workplace that needs to be completed at home. You have nothing to worry about, and even if the EDA company finds out you are using the software and they don't want you to - no policemen will show up at your door. That is not how it works.

EDA companies are in business to make money, and they will only go after the guys that they can sue for lots of money, having a large audience able to use their software and then recommend it's purchase at work is a definite advantage, if you think about it having illegal copies available is kind of like free advertisement.

You probably have a problem if:

1. You have a business that regularly profits from the use of the software.
2. You are distributing the software along with the illegal license.

I would bet that most if you checked most cop's computers, they have tons of unlicensed softs.

SiGiNT

 

[huahua]

If you do auto update, info about your computer is corrected. Most of time they use the info for marketing.

I have friends at big EDA cos using cracled software all time. They just dont use the software at work. They dnot seem to be worried.

 

[harkonnen]

I think the people here use the software for educational reasons.

The EDA companies should actually benefit from that. It spreads the word of good software.

Many check out software at home and then ask at work to buy it for real design work. Thus, the EDA companies actually make money.

 

[okguy]

Nassda use it ! They did not sue me, but came to sell me their software.

Advice : don't run nass.d if you don't need it.

 

[bastos4321]

How did they trace you okguy ?

Bastos

 

[flatulent]

two methods

There are two things they can do. The simple thing is to send a message to the company. Your IP address will be there and they can trace you from that.

The other way involves the information about you that you filled in when the system was installed. Do you notice that when new programs are loaded some show your name and other information already filled in?

There are several software firewall programs that will check for programs sending messages and stop them and ask you if you give permission for this.

Could someone with detailed knowledge of operating systems post the file name that contains this information so that privacy minded people can fill in what they want now they know what it can be used for?

[added thing: The information you fill in when you load the program can also be sent. I always fill in realistic but false information whenever the receiver has no real need for the right information.]