Topic: Podium attempts to access the Internet during a scan????

@Zynewave wrote:

Any idea why Podium is trying to access the internet during a scan?

Podium does NOT contain any code that accesses the internet. It must be a plugin that attempts the internet access, either deliberately or indirectly as a consequence of the crash. If you add the TAL-U-No-what to the quarantine list, does the OneCare pop up the warning on subsequent scans?

Perhaps I have misunderstood you here, I said before in my previous post “the scan was successful” and AFAICT Podium adds a plugin to the quarantine list automatically..how would I manually edit this file?

The firewall warning does not seem to appear once the plugin is on the quarantine list.

You said that “Podium does NOT contain any code that accesses the internet” but even if the plugin is the culprit to a user clearly Podium is trying to access the internet based on the information in that screengrab I posted.

So even if it was the plug that triggered the access attempt, Podium still attempted the access. Perhaps something can be done to stop plugs from using Podium to attempt accessing the Internet because the Firewall states Podium as the application attempting access (whatever the trigger for it).

@Zynewave wrote:

If you do a rescan, and the scanning skips plugins found on the quarantine list, the message box appearing at the end of the scan has an “Open Quarantine List” button. You can also open the PluginQuarantine.txt with a file explorer. The file is located in the same folder as the Podium.ini file.

I have seen the prompt in Podium before, but I did not know how to add an entry to it manually without knowing it’s location but now that I know it’s location yes even notepad should easily open the file for editing if need be. The quarantine function certainly works well.

The firewall warning does not seem to appear once the plugin is on the quarantine list.

Makes sense, since I’m guessing it was the quarantined plugin that was the cause for the internet access. I would guess that this plugin is using an OS service to send a crash report to the developer.

Clearly yes the plug appears to have triggered it. Seems strange that a plug can piggy back a host in that way but…

Podium.exe is calling functions in the plugin dll. The dll can do anything it wants, including accessing the internet, but to the OS it will appear as if the Podium “application” is the sinner. Likewise if the plugin crashes or mistakingly overwrites memory used by Podium, it will appear as if Podium is crashing. Podium cannot prevent this. There are alternative methods of isolating plugins in separate processes to improve security, but this will affect performance.

I certainly do not want perfomance to be affected unless it was a really tiny amount but in any case if Podium attempts to access the Internet as a result of a plugin triggering this behaviour I would imagine a user would block the access with their Firewall.

The downside of that (minimal but still) is that the “Podium User Community” command/link in Podium will not work if Podium has been blocked as an application from accessing the Internet.

A minor deal as one can access the Website directly in other ways but perhaps some sort of disclaimer can be added to the guide about plugs that might cause Podium to attempt to access the Internet without notifying the user first. ( A definite no no, in this day and age of Worms, keyoggers, bots e.t.c) Just a thought.

@Zynewave wrote:

The downside of that (minimal but still) is that the “Podium User Community” command/link in Podium will not work if Podium has been blocked as an application from accessing the Internet.

That command only attempts to open a website link using whatever internet browser is installed on the OS, so I doubt that you would get a warning on this.

I blocked internet access for Podium with Onecare (as a result of the TAL plug issue earlier ) but having just checked this now, your theory appears correct. I was able to reach the Zynewave site using the “Podium User Community” link /command in the view menu even though Podium was blocked earlier.

That’s good to know as there is a very high likelihood that a new user will click on that link even if they had to block an earlier attempt by Podium (triggered by another plug) to access the Internet. While Firewalls can differ in how they block an app, the community link should still be OK based on my experience.