I wonder how many customers who bought a QNAP in the last couple of years would be willing to buy another - given they've now seen what owning and running a QNAP actually involves?
[SECURITY ADVISORY] Command Injection Vulnerability in Malware Remover
- OneCD
- Guru
- Posts: 12144
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: [SECURITY ADVISORY] Command Injection Vulnerability in Malware Remover
- dolbyman
- Guru
- Posts: 35251
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [SECURITY ADVISORY] Command Injection Vulnerability in Malware Remover
They could release QlTS (Qnap lite Turbo Station)
Just baseline file sharing services, no bells no whistles (but done right) .. they could even sell the 'lite' version with a license
Just baseline file sharing services, no bells no whistles (but done right) .. they could even sell the 'lite' version with a license
- OneCD
- Guru
- Posts: 12144
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: [SECURITY ADVISORY] Command Injection Vulnerability in Malware Remover
That’s a great idea @dm. Makes a lot of sense. So, there’s no-chance it will be adopted by QNAP.
-
- Know my way around
- Posts: 136
- Joined: Mon Aug 13, 2018 4:58 pm
Re: [SECURITY ADVISORY] Command Injection Vulnerability in Malware Remover
BTW do you have malware remover installed or not?
-
- Experience counts
- Posts: 1118
- Joined: Wed Jan 30, 2008 6:15 am
- Location: Denton, Texas
Re: [SECURITY ADVISORY] Command Injection Vulnerability in Malware Remover
Being a QNAP user since the TS-209 days, I have seen the changes that done by QNAP through the years... some of them good and some of them bad. QNAP has always been in my opinion good with their hardware but always "behind" when it comes to software functionality. and the recent security issues are becoming more and more evident that the software continues to lag behind, compared to synology for example.
i do agree with the idea of qnap providing a lighter os installation with just basic functions and everything else is provided either by QPKGs or if the user is so inclined containers. But they need to actually revamp their security from the ground up and make sure that they are on top of that game.... right now other manufactures honestly do ot need to do marketing... QNAP is doing it for them with all this issues being talked about on the internet.
having said that, i am not changing my qnap setup. i know what i am running on my devices they only run the services / applications that i need and their exposure to the internet is limited to only plex in a docker container, and i monitor my network connections. however, i am on the minority and the average joe doe snot have the knowledge or the time to deal with all this security crap so it is the responsibility of qnap to step up their game on that front.
i do agree with the idea of qnap providing a lighter os installation with just basic functions and everything else is provided either by QPKGs or if the user is so inclined containers. But they need to actually revamp their security from the ground up and make sure that they are on top of that game.... right now other manufactures honestly do ot need to do marketing... QNAP is doing it for them with all this issues being talked about on the internet.
having said that, i am not changing my qnap setup. i know what i am running on my devices they only run the services / applications that i need and their exposure to the internet is limited to only plex in a docker container, and i monitor my network connections. however, i am on the minority and the average joe doe snot have the knowledge or the time to deal with all this security crap so it is the responsibility of qnap to step up their game on that front.
QNAP TVS-951xQTS 5.0.0.1986 build 20220324 OS Storage Pool: Samsung 860 EVO 250GB SSD x 4 (RAID 5), Data Storage Pool: WD WD30EFRX (Red) 3TB x 4 (RAID 5), 16GB RAM WD Easystore 10TB External USB 3.0 Services: SMB, Appletalk, QPKG: Container Station, HBS 3
QNAP TS-453AQTS 5.0.0.1986 build 20220324 Services: SMB, HBS 3
Network: UDM, UDM Beacon, Unifi 8 Port Switch x 3, Flex Mini Switch, In Wall AP
-
- Getting the hang of things
- Posts: 68
- Joined: Sat Dec 19, 2015 12:05 pm
Re: [SECURITY ADVISORY] Command Injection Vulnerability in Malware Remover
I agree, I don't expose my 2 QNAPs to the internet so I feel relatively secure (I also have 3-2-1 backups), but I wouldn't recommend QNAP to anyone.
Even besides the security concerns, their frequently faulty firmware updates and inability to remove Multimedia Console and other bloatware I don't need are reasons that going forward, my next NAS will probably not be a QNAP.
Even besides the security concerns, their frequently faulty firmware updates and inability to remove Multimedia Console and other bloatware I don't need are reasons that going forward, my next NAS will probably not be a QNAP.
-
- Know my way around
- Posts: 136
- Joined: Mon Aug 13, 2018 4:58 pm
Re: [SECURITY ADVISORY] Command Injection Vulnerability in Malware Remover
I guess they will do the opposite and add more bloatware which is not easy do disable, and comes back after the next reboot if you tried to delete it ...
- spile
- Been there, done that
- Posts: 641
- Joined: Tue May 24, 2016 12:13 am
Re: [SECURITY ADVISORY] Command Injection Vulnerability in Malware Remover
Given the user base...
1. Plug and pray consumers 2. Prosumers 3. Those with developer level skills
I see challenges as well as dilemmas ...
- Products are considered difficult to use for 1.
- The main competitor is considered easier to use by type 1.
- New customers to make the company viable are typically type 1.
- Without type 1. customers a company of this size is unviable.
- Bells and whistles appeal to 1. but are an anathema to 3.
The idea of a bloat free by default UI does appeal as it fulfils the needs of all with the possible exception of “do it all for me” type 1. users.
1. Plug and pray consumers 2. Prosumers 3. Those with developer level skills
I see challenges as well as dilemmas ...
- Products are considered difficult to use for 1.
- The main competitor is considered easier to use by type 1.
- New customers to make the company viable are typically type 1.
- Without type 1. customers a company of this size is unviable.
- Bells and whistles appeal to 1. but are an anathema to 3.
The idea of a bloat free by default UI does appeal as it fulfils the needs of all with the possible exception of “do it all for me” type 1. users.
- jaysona
- Been there, done that
- Posts: 854
- Joined: Tue Dec 02, 2008 11:26 am
- Location: Somewhere in the Great White North
Re: [SECURITY ADVISORY] Command Injection Vulnerability in Malware Remover
Never! I flirted briefly with SoC based NASes, but I'll never use an AMD based system, I require Quicksync for all my capping and encoding.
RAID is not a Back-up!
H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
- jaysona
- Been there, done that
- Posts: 854
- Joined: Tue Dec 02, 2008 11:26 am
- Location: Somewhere in the Great White North
Re: [SECURITY ADVISORY] Command Injection Vulnerability in Malware Remover
The difference with a football team that never wins, is at least they make legitimate efforts, the same can't be said of QNAP.OneCD wrote: ↑Fri May 14, 2021 4:53 am Must admit, it gets harder each year to find the motivation to continue supporting QNAP. Their products are only getting worse.
It feels a lot like supporting a football team that never wins. Eventually, you're asking yourself "why am I supporting these guys? ¯\_(ツ)_/¯".
Agreed, QNAP back in the day (2007-2009) was just solid. I'd gladly go back to the early days prior to when ajax based version 3 was released. The initial OS was much simpler to use and maintain.I'd be a lot happier if QNAP got back-to-basics and made solid and reliable NAS like those their name was originally built-on.
RAID is not a Back-up!
H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
H/W: QNAP TVS-871 (i7-4790. 16GB) (Plex server) / TVS-EC1080 (32Gig ECC) - VM host & seedbox
H/W: Asustor AS6604T (8GB) / Asustor AS7010T (16GB) (media storage)
H/W: TS-219 Pro / TS-509 Pro
O/S: Slackware 14.2 / MS Windows 7-64 (x5)
Router1: Asus RT-AC86U - Asuswrt-Merlin - 386.7_2
Router2: Asus RT-AC68U - Asuswrt-Merlin - 386.7_2
Router3: Linksys WRT1900AC - DD-WRT v3.0-r46816 std
Router4: Asus RT-AC66U - FreshTomato v2021.10.15
Misc: Popcorn Hour A-110/WN-100, Pinnacle Show Center 250HD, Roku SoundBridge Radio (all retired)
Ditched QNAP units: TS-269 Pro / TS-253 Pro (8GB) / TS-509 Pro / TS-569 Pro / TS-853 Pro (8GB)
TS-670 Pro x2 (i7-3770s 16GB) / TS-870 Pro (i7-3770 16GB) / TVS-871 (i7-4790s 16GB)
-
- New here
- Posts: 2
- Joined: Sun May 23, 2021 1:45 pm
Re: [SECURITY ADVISORY] Command Injection Vulnerability in Malware Remover
I need help ClamAv refuses to update on my ts-120 I have no idea what to do next the antivirous wont update.
I have ssh'ed in and tried freshclam but that didn't work ether and clamav doesn't have the CVD's avaliable on the page anymore I'm not sure what to do.
I have ssh'ed in and tried freshclam but that didn't work ether and clamav doesn't have the CVD's avaliable on the page anymore I'm not sure what to do.
-
- New here
- Posts: 2
- Joined: Sun May 23, 2021 1:45 pm
Re: [SECURITY ADVISORY] Command Injection Vulnerability in Malware Remover
when you click on security all you get is malware remover is this the replacement?
the virous scanner was disabled after the update
my cpu is pegged at 100% and nothing is running I am so frustrated I've been at this for hours
the virous scanner was disabled after the update
my cpu is pegged at 100% and nothing is running I am so frustrated I've been at this for hours
- dolbyman
- Guru
- Posts: 35251
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [SECURITY ADVISORY] Command Injection Vulnerability in Malware Remover
if you have a malware infection, clamav does nothing ..it scans userfiles and not the nas itself
fond out what is hogging the cpu ...
fond out what is hogging the cpu ...