Lee

ApexDC++ 1.6.2 - NMDC exploit fix

11 posts in this topic

We are pleased to announce the immediate availability of 1.6.2. This update fixes an exploit that allowed users to send malicious search requests to a hub, causing a large flood of UDP traffic to a specified IP address.

OpenCandy, the recommendation engine behind sponsored programs in the installer, has now been removed. You should no longer be offered any additional software when running the setup file. They were terrible at responding and it wasn't worth the compromise.

WIndows XP binaries have been removed from the setup files and are included as a separate download. More information can be found in the forum post.

We're looking to include some minor improvements on the next version, so stay tuned for that.

Download: ApexDC++ 1.6.2

RoLex likes this

Share this post


Link to post
Share on other sites

With this version the way releases are packaged has also changed, we have started offering two separate installers for 32-bit and 64-bit operating systems respectively. The download page will offer one to you based on whether you are using a 32-bit or 64-bit browser. Additionally, XP compatible binaries have been removed from the installers.

In the event that you still need to run ApexDC on XP, or if you are using a very old processor these binaries are now offered, for a time, as a separate slim binary only package over on SourceForge. The future of XP compatible binaries going forward will be determined by metrics on this distribution, as well as eventually by the end of XP support from MSVC.

Share this post


Link to post
Share on other sites
11 hours ago, Crise said:

With this version the way releases are packaged has also changed, we have started offering two separate installers for 32-bit and 64-bit operating systems respectively. The download page will offer one to you based on whether you are using a 32-bit or 64-bit browser. Additionally, XP compatible binaries have been removed from the installers.

In the event that you still need to run ApexDC on XP, or if you are using a very old processor these binaries are now offered, for a time, as a separate slim binary only package over on SourceForge. The future of XP compatible binaries going forward will be determined by metrics on this distribution, as well as eventually by the end of XP support from MSVC.

Popped a note in the first post to highlight this.

11 hours ago, RoLex said:

Thank you :excl:

You're welcome. :)

Share this post


Link to post
Share on other sites

Do I correctly understand that for installation in XP first I need to unpack exe installer to add XP binaries? If so, i was not able to unpack exe file. I tried latest versions of 7-Zip, WinRar and Universal Extractor but neither worked. The last one gave such error notice:

Signature detected: Inno Setup Setup Data (5.5.7) This is not directly supported, but i'll try to unpack it as version 5309; Version detected: 5507 (Unicode) Critical error: The setup files are corrupted. Please obtain a new copy of the program. Unpacking failed. This version is not supported

Any advise on how to unpack exe?

Share this post


Link to post
Share on other sites
4 hours ago, Scorpio said:

Do I correctly understand that for installation in XP first I need to unpack exe installer to add XP binaries? If so, i was not able to unpack exe file. I tried latest versions of 7-Zip, WinRar and Universal Extractor but neither worked. The last one gave such error notice:

Signature detected: Inno Setup Setup Data (5.5.7) This is not directly supported, but i'll try to unpack it as version 5309; Version detected: 5507 (Unicode) Critical error: The setup files are corrupted. Please obtain a new copy of the program. Unpacking failed. This version is not supported

Any advise on how to unpack exe?

If you head over to SourceForge, you'll see an XP slim binary:

https://sourceforge.net/projects/apexdc/files/ApexDC%2B%2B/1.6.2/

Unpack this and overwrite the existing exe and pdb files in your installation directory. 

Share this post


Link to post
Share on other sites

Thanks for the update. I use ApexDC++ daily, it's always been my favorite client.

Lee likes this

Share this post


Link to post
Share on other sites
12 hours ago, zulithe said:

Thanks for the update. I use ApexDC++ daily, it's always been my favorite client.

Good to hear.

Let us know if you have any features you'd like to see that would improve the usability and we'll look at adding these. :)

Share this post


Link to post
Share on other sites

"This program does not support the version of Windows your computer is running."

The installer for 1.6.2 does not work on Windows XP !

Edit: OK, I downloaded the slim package for XP. How hard was to keep that in the main package ? I see there are plenty of downloads. And I'm sure most people don't know about that slim package to begin with.

Edited by Constantin

Share this post


Link to post
Share on other sites

It isn't really a question of how hard it is, XP support for any application these days is pretty much on life support, it has already required separate binaries to be compiled since forever and it is only a matter of time until that is no longer possible.

I'd give you an year tops, maybe two if you are lucky, but Microsoft isn't going to retain XP compatability in MSVC forever, it is just a matter of time until the XP toolchain is either removed or becomes so diverged from the primary compiler that XP support is no longer feasible.

The reason why we opted for this approach for now is mainly because the installer kept inflating in size with every release, so for 1.6.2 I did everything I could to cut it down. Ideally we would have a stub installer that would download the right components for your machine that wouldn't even need to be repackaged for different versions necessarily unfortunately, Inno Setup has no feasible support for such installers. Not that it can't be done, but it is basically a duct tape solution and lacking of the necessary security features.

Share this post


Link to post
Share on other sites