Peter Blaise,

AudioWeb contains absolutely NO viruses. I cannot control false positives by the various and sundry virus detection engines.

Thanks,
MollieSoft

.
[ MollieSoft ],

So you acknowledge that your software generates [ VBA32 CIL.StupidCryptor.Heur ] at VirusTota, and you consider that to be a false positive.

Thanks.
.

Peter Blaise, Yes, exactly. They admit it is a false positive. I have contacted VBA32 and here is their response:


Hello,
File is clean. False positive will be removed in the next update.
Thank you for informing us.


On 27.05.2019 0:29, MollieSoft Support wrote:
>
> I am a software developer producing Windows software. This regards my MSI package available at:
>
> http://www.molliesoft.com/content/AudioWebSetup.msi
>
> When I run my msi through virustotal.org, your engine VBA32 shows my software infected by CIL.StupidCryptor.Heur. This is a false positive. Can you please correct this and remove the false positive report?
>
> Thanks,
>
> Marvin Hymowech
>
> MollieSoft
>
--
Best Regards, Alexey Gerasimenko,
mailto:feedback@anti-virus.by
VirusBlokAda Ltd., Minsk, Belarus

.
[ MollieSoft ],

Great -- now we have confidence that the distribution version we received has not been infected unbeknownst to you, and promises to eventually be cleared by an anti malware scanner of a false positive -- your efforts to remedy this are critical for building goodwill and trust.
___________

Now to get the software working on more than just the computer it's running on ... or do I misunderstand, do we need to install the software on every computer on a network or on any machine that wants to access the server, even over the web?

As it is now, no one can "see" my AudioWeb server but the server itself.

And why Microsoft server, why not open source WAMP on a stick?

Maybe you next version will figure out how to make itself function, and test itself and offer remedies, workarounds, and alternatives if and when it self-discovers that it's features fail to perform as expected?

As it is, the software has no self-inspection audit to confirm that it is working, that it is getting through the network and broadcasting over the webm and for me, it is not working.

I wouldn't even know how to troubleshoot it, no other computer can even find it on my network or over the web to get even an error message form the server ( the server computer itself is "findable" by every other method -- Windows net share, remote control via the network and over the web ).

Thanks for letting us try it, but I feel like an alpha tester, not even a beta tester.
.

Morgan Pierce,

"I am staying with W7 Ult 64 bit as long as I possibly can..."

Cool, if that's what you want. Windows 7 & 8 aren't going stop running because of an expiration date. Win7 may be more targeted by cybercriminals, as there will be no more patches as of 1/2020, & there will be no reason for manufacturers to issue drivers. But people continue to use XP, so no reason win7 should be any different. However, as with XP, the majority of people will move on, as will sites and companies from GOTD to Amazon -- it makes little sense not to cater to the vast majority of the market. And as with today's XP users, you might find that stuff that works with win7 starts to become increasingly rare. As long as you remember that it's your choice, no reason for anyone to get upset about it.

"two identical Dell T7500 machines; with dual X5690 chips, Samsung SDD and 128 GB ram in each they. are a pleasure to use. Nothing W10 has or will have comes close. "

Later versions of win10 support more, & older xeon CPUs, in case your decision is based on compatibility. Win10's core is very basically an improved version of what's in win7 -- they behave much the same, though win10 is faster -- with the biggest difference being the interface. If your main concern is performance, then like most gamers on Steam, you likely want win10. If you just can't get past the GUI, that's fine too -- it's your PCs, so your choice.

"I am spending a little time each month learning Linux Debian Mint and all the "MS like" applications that work on them.
I expect GAOTD to eventually be offering Linux apps. FWIW"

Nothing wrong with Linux either, but as you become more experienced in the Linux world, you'll find that the amount of non-server related apps cannot compare to the Windows environment. There's simply not enough Linux software for GOTD to feature an app a day, plus lots of [most?] Linux software is open source, so what would be the point?

Mike, thanks for your extended resonse. I am not a gamer. But, I think that Linux apps will become more and more pleantiful --- especially once folks start seeing the very heavy hand of Mister Softee coming down --- and it will come since there will be money to be made. There ain't no such thing as a free lunch. Speaking of free lunch, I stay totally away from all things Google right now, also. Google will eventually be bested. I would not purchase a chrome book if you gave it to me free along with $2,000. At $2,001, I would just pack it in a box in my attic as an antique for great, great chandkids.

Also, I think that folks will come up with anti viral solutions and updates like they have for XP. The W7 audience is still huge.

My hardware is good for at least 5 years and a lot can happend in those 5 years. I might be able to replace each machine with a wristwatch by then --- a linux one.Mike, thanks for your extended resonse. I am not a gamer. But, I think that Linux apps will become more and more pleantiful --- especially once folks start seeing the very heavy hand of Mister Softee coming down --- and it will come since there will be money to be made. There ain't no such thing as a free lunch. Speaking of free lunch, I stay totally away from all things Google right now, also. Google will eventually be bested. I would not purchase a chrome book if you gave it to me free along with $2,000. At $2,001, I would just pack it in a box in my attic as an antique for great, great chandkids.

Also, I think that folks will come up with anti viral solutions and updates like they have for XP. The W7 audience is still huge.

My hardware is good for at least 5 years and a lot can happend in those 5 years. I might be able to replace each machine with a wristwatch by then --- a linux one.

Morgan Pierce, It is not clear why you would even spend the time to come to GOTD, as you would lose anything you install when you go to Linux.
What do you use your computer for? If everything is done through a browser, on the internet, just get a Chromebook and don't worry about the intricacies of Linux. (I am a professional with extensive experience in both Windows and Linux/Unix.) If it is security which is your concern, you can easily get a "live CD" of Linux, boot to it, surf to your delight and take it out when done. Poof! No viruses, maybe no tracking. (Oh! do you have a VPN? Turned off JavaScript? No ads? No accounts?)
Or are you not even going on the internet, just using the machine with all that power and RAM for photo and video editing? (You could try free GIMP even on Windows.) Or program development? You definitely do not need all that RAM for Linux.
Jump in and try Linux, maybe Mint, from a live CD.
I don't know if you will be missed here, as you won't be giving any helpful feedback about these Windows-based programs.
I use Windows 10 and Linux and Windows Subsystem for Linux. There are a few things for which Linux is handy, very few. Some believe in the security. But if your account passwords are compromised, or your online accounts hacked, the hacker doesn't care at all whether you were using Windows, Mac or Linux. They got your info where the company stored it.

OldGuy, thanks much for your comments. I'd like to ask you more. Do you have a blog or FB?

Morgan Pierce, Find me via http://bcug.com . I'm president.

.
[ Morgan Pierce ],

I've got computers running WIndows 98 just fine, and many GOTD offering work on Windows 98, so I'm happy.

Though the market moves on, when we have something that works, why upgrade?
.

Peter Blaise, I am with you: Ain't broke, don't fix. Do you have a blog of FB page?

.
[ Morgan Pierce ],

We all have personal dot coms, don't we?

Yours is worth $1,900!
.

Peter Blaise, hello, but I do not understand. What personal dot com? Thanks.

Morgan Pierce dot com

Nathan,

AudioWeb does not allow access to any "personal" files, just read-only access to audio files (.mp3) under a specific directory on your computer. In addition, a valid login is required, and login credentials can only be created on your computer directly using the AudioWebAdmin program, not through the web interface.

- MollieSoft

MollieSoft, have there ever been remote code execution vulnerabilities with Microsoft components? Answer yes accross the board, how is that systemic weakness addressed by Microsoft? By patching only supported products after 3rd party security investigators report to Microsoft a discovered vulnerability and warned in advance that they have X number of days to issue a fix for the vulnerability before the discovered vulnerability is published publically. It can also happen that a vulnerability is exploited by criminals before Microsoft issues a patch and that is called a zero day exploit and in those circumstances MS must rush to build and publish the repaired files. Now the problem with your chosen dev platform is you have CHOSEN to use a DotNet Core package that is end of life already and will not be patched if any exploit is exposed or being actively exploited. Remote code execution as well as rights elevation is a persistent risk made worse by using end of life dev environments and requiring end users to put said dead end software on their machines to run your programs. And no I won't be putting any media servers to serve content from my windows 10 machines. Audio books do not *need* to be streamed, the files are relatively small and can be stored on the mobile devices themselves and played in a dedicated audiobook app if necesary. Also the server you create is an unsecured network connection as it is an http not https URL so despite the authentication which is sniffable and technically reversible the content shared is not shared in a secure manner. This leaves it vulnerable to the most basic script based attacks to probe for remote code execution vulnerabilities...
Nathan is correct and you are not a Software security or Computer security professional, that much is clear.

TK,

Thank you for your helpful comments.

- First, there is no need to expose AudioWeb through your router by opening a port. I find it extremely useful just to share audio within my router between my PC and various other iPhone, iPad, laptops, etc.

- Even if exposed through your router, what specific vulnerability are you complaining about? The above risks sound rather generic. Can you offer a specific scenario in which AudioWeb presents a serious vulnerability, even IF someone is able to steal logon credentials (which are certainly encrypted). What specific problems do you envision?

- I DO plan to upgrade to DotNet Core 2.1 in my next update, coming soon.

Thanks,
MollieSoft

MollieSoft, If you were aware of Microsofts long history of almost predictable mishandling of data buffers in memory you'd know that ANY Microsoft based server that is exposed to any network traffic is a potential point of entry. The more points of exposure you open on a Microsoft Windows machine the greater the probability that there will be an undocumented remote code execution vulnerability lying there in wait.

A significant vulnerabilty that allowed LAN wide infection of many computers on private LANs was wannacry ransomware worm that used an old NSA exploit in SMB subsystem. Only a fool would think any Microsoft server subsystems were hardened against all current attack vectors.

Even if there was no vulnerability placing an internet facing server on a domestic broadband connection is asking for too much attention and is too vulnerable to bandwidth saturation denial of service attacks.

And yes the risks are completly generic, potential never to be patched vulnerabilites as the DotNet Core is End of life never to be patched or investigated to see if it has any of the vulnerabilites that may be found and patched in the supported newer versions. Personally I prefer Serviio DLNA media server for use on my LAN and not be restricted to streaming just mp3 files but can stream video, photo and audio media. But I would not put that on a shared LAN with other users for the same reasons given about this product even though Serviio is still under active development and does not rely on obsolete Microsoft Core components.

You do not use SSL/TLS so any script kiddie can devise brute force, rainbow or dictionary attacks to obtain user login credentials. It also makes it alot easier to FUZZ the server to expose any parsing irregularities and database injection vulnerabilities.

IMHO the safer option is to create a PHP web application that a customer can license to install on their low cost commercial web server with a real domain name to host their media and let the hosting provider worry about security and bandwidth attacks.

Or just put your audio books onto your mobile devices and use a dedicated audiobook player app!

MollieSoft, Why is this giveaway for version 1.0 when the current release on your site http://www.molliesoft.com/AudioWeb

Is "Current Version: 1.2.1.0, released April 22, 2019."

Also on that page it states:

"Change Log:

1.2.1.0 - Initial release."

IF 1.2.1.0 is the inital release what the heck is version 1.0? a pre-release alphe or beta build?

MollieSoft, why not just use any of the small open-source web servers available? Port the rest to .NET 4 and/or Mono and you could support XP/7/Vista/Linux, etc.

temp,

Good idea, but my personal expertise is .NET 4 and for me, using DotNet Core ASP.NET was the fastest and easiest way to implement my design for AudioWeb. Hopefully most folks will eventually migrate to Windows 8.1 or 10 anyway and this will become less of an issue.

Thanks,
MollieSoft

TK, You ARE installing 1.2.1.0, regardless what it says on the giveawayoftheday page. There is no other version as of present.
- MollieSoft

MollieSoft, No I am not installing 1.2.1.0 or anything like this on my Windows 10 machines... I certainly do not need to increase the vulnerable surface area on any WIndows 10 machine especially with supporting end of life Microsoft components!

TGab, Yes and no, but on the other side your computer is already an open book to Microsoft, Google, Facebook et-al.
But you're right I never trust programs like this one. If necessary I would prefer to run a dedicated computer/network for the task.
On the other side, there are lots of alternatives (free and paid) for audio streaming.

Luis,

What alternatives are you aware of that are audio-book friendly, e.g. allowing bookmarks, etc.?

Thanks,
MollieSoft

MollieSoft, Find alternatives here: alternativeto dot net/