Beware of third party viewers

Firestorm Logo

Firestorm Logo

Yordie Sands wrote today about SSB: What Happens Now? which discusses how Linden Lab’s upcoming Server Side Baking project may break several third party viewers, including the immensely popular (and rightly so) Firestorm. I don’t want to see Firestorm broken, mostly because I believe the developers have been through enough with all the problems and bad publicity from the former Emerald viewer. In my opinion, Firestorm is the best viewer available for anyone who’s doing parcel or sim security or trying to oppose griefers, and maybe one of these days I will post about it. But Yordie’s post is timely, because it’s a good transition to another issue – malicious third party viewers.

Today I received an IM from a friend:

Found out who hacked my other account btw. It was the Patriotic Nigras, Simms who programmed illegal viewers is dropping password loggers in viewers and giving them out on the internet.

My friend lost her original avatar, including thousands of Lindens and her entire inventory that she collected over the years. She is a techno-wizard who dislikes copybotters immensely and goes after them when she can. To do that, she experiments with different third party viewers. One of the viewers she downloaded had code in it that captured her Second Life username and password. As soon as she logged off, someone else logged on and destroyed her inventory.

Last week was extremely chaotic, with good and bad things happening all over the grid. When I had a few seconds of free time, I sent an IM to another techno-friend and asked her what was the purpose of the notecard she had given me. She didn’t recall giving me a notecard, but when I described the URL from the notecard and the website where it took me, she was horrified. She said something to the effect of “Don’t EVER download someone’s SL viewer if you don’t know them. People are building viewers just to steal passwords.” I trust both of my friends, and would click on any URLs they recommended. My mistake in thinking that the notecard came from my second friend almost cost me my six year old account. The only thing that saved me was that when I got to the website and saw that it was all about downloading some new and fantastic viewer that was guaranteed to eliminate lag, I closed the window on it. I already have the best viewer on the grid, Firestorm. If I had been in an experimental mood, it could have been a very bad day for Hal Jordan.

We all know about not opening email attachments from unknown sources, or not responding to emails that take you to a website where you have to enter your bank account information to keep your account from being closed. This is exactly the same thing with Second Life software. Be very careful about accepting notecards and objects from unknown users. If you do accept, be careful about clicking Internet links inside notecards. If you do click, don’t download Joe’s Awesome Viewer if you don’t know Joe. As we say in my industry, we should all “cultivate a healthy sense of uneasiness” or a “questioning attitude,” and “stop when unsure.” Just remember the old warning: If it looks too good to be true, it probably is.


About Hal Jordan
Gallery | This entry was posted in Security, Technology. Bookmark the permalink.

2 Responses to Beware of third party viewers

  1. Yordie says:

    I think we’ve seen that given a chance, a group like Phoenix with Firestorm, can create a superior product to the once created by Linden Lab. The reason is that it’s possible for almost anyone to write their own viewer, but I thought the lab had some kinds of controls in place to prevent disreputable developers from even running code with their own password routines.

    It sounds my assumption isn’t true. If anyone can modify viewer code and log into SL, I shudder to think of the possiblities of what they can do. Will SL allow the viewer to actually logon or those viewers simply password theft devices? Of course, once they have your password, you are toast.

    If a viewer isn’t covered by Inara Pey’s weekly review, I’d never go near it. She does good work in keeping track of the legit 3P viewers.

  2. Hal Jordan says:

    Thank you, Yordie. I have a link to Inara Pey’s blog in the blogroll list. It’s good to know where to go to get reliable information.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s