Replies: 2 comments 9 replies
-
I can see how this may look like GNS3 is riddled with malicious software. However, I think you may be applying some interpretation here without context. Are you a security engineer, or has a security engineer examined this report? I would like to point out that "suspicious" result does not mean that the given file IS actually malware or infected with malware. Also, I am by no means stating that you should implicitly trust ANY software, to include an OS (you are using MS Windows, and there is plenty of data that show that the entire Windows platform could be classified as malware). There are alternatives to adopting the use of GNS3 without being exposed to all of this reported "malicious" software.
The GNS3 development team is VERY small. They repackage and bundle tools and utilities from other projects to provide certain enhancements and capabilities to GNS3, but most of them are not required. They do not have the resources to perform deep security analysis of everything they bundle. Should they? I do not know, and only they can answer that. However you do have options to use GNS3 that might not present as much "risk" |
Beta Was this translation helpful? Give feedback.
-
Regarding HAXM, NPCAP and Virt-Viewer. There are all optional and I will update them to their latest version in our next release. Now PuTTY requires more attention from us. We actually dealing with 3 different versions of PuTTY... Solar-PuTTY comes with its own PuTTY which can be found in The version of PuTTY that is detected as malicious is the one bundled by GNS3 itself (putty.exe in the install dir), I know you assumed it comes from Solar-PuTTY because it shows "File distributed by SolarWinds Worldwide, LLC" in the Virtus Total scan, the reason is shows this is because we use a Solarwinds certificate to code sign our installer. This bundled PuTTY version has been modified to support some custom options and shows as "Putty (custom deprecated version)" in the GNS3 GUI preferences. It is not the default terminal application when GNS3 installed, the default is Solar-PuTTY when present or a standalone version of PuTTY which is also bundled by GNS3 as standalone-putty.exe in the install directory) The putty.exe binary is 10 years old(!) and for info here are the custom options it supports: I don't think anyone use this deprecated version anymore and I should probably remove it. The standalone version, 0.71, is from 2019 I believe and it needs to be updated to the latest v0.78: Please, let me know if I need to change anything else. I will post a nightly release here soon to review. Thanks for pointing out these problems. |
Beta Was this translation helpful? Give feedback.
-
As part of my org's security policies, we install all new applications onto a secured VM with our security service, ThreatLocker, who dissects the application into its components, runs malware scans, and references numerous security vendor services -- based on the hash of the file -- to determine if the application is safe.
The report for GNS3 came back with a surprising number of malicious threats. I originally posted this in the GNS3 forums and was advised by the moderator to post here. Yes, I downloaded the latest GNS3 from the GNS3 download page.
Here are the VirusTotal scan results for all packages in the application. GNS3 Scan Results.xlsx
Looking at just the results for the Putty module, we can see that 1 vendor reports it as malicious.
As you dig deeper into the report, you find this Putty file has been reported numerous times in the past
Click on putty.exe on the highlighted line and it shows all the security vendors who've tagged this file as malicious.
Similar information can be found for all the components listed in the Scan Results. We really want to adopt it for network design and were perplexed by these results as GNS3 is known as legitimate software. Why is GNS3 showing as malicious to so many malware scanners? Thank you for your time!
Beta Was this translation helpful? Give feedback.
All reactions