[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: TortoiseSVN possibly flagged by IT as security risk

From: Stefan Küng <tortoisesvn_at_gmail.com>
Date: Tue, 04 Mar 2014 19:39:07 +0100

On 04.03.2014 18:13, Andy Levy wrote:
> On Tue, Mar 4, 2014 at 11:23 AM, Trevor Middel <tmiddel_at_gmail.com> wrote:
>> Hi Folks,
>>
>> Yesterday I installed TortoiseSVN on a work desktop in order to download code from R-forge to compile the binary locally. The build on R-Forge had failed.
>>
>> This morning I received a call from our IT security requiring a scan to be run on my machine as it was suspected of running torrent software. My IP address also suggested a port had been opened on my machine.
>>
>> Uninstalling TortoiseSVN removed the port and allowed IT to connect remotely to my machine, scan is running now :)
>>
>> Does it make sense that TortoiseSVN would raise this flag for ITS? I had been considering using TortoiseSVN for some projects I'm working on but may have to reconsider given this issue, or go through the certification process here.
>
> I don't think anyone here can answer whether it makes sense or why it
> raised a flag, because no one here knows your company's security
> policies or understands the reasoning behind them.
>
> TortoiseSVN is not a BitTorrent client or server. It is not a server
> of any kind. It speaks HTTP, HTTPS, and the custom SVN protocol. It
> does not (to my knowledge) make outbound connections without the user
> explicitly taking action, except for an HTTP connection to check for
> new versions (and even that doesn't happen until you perform other
> tasks, IIRC).
>
> In short, your IT security team probably has an over-zealous rule
> configured that is misidentifying the software. If you need
> TortoiseSVN to do your job effectively, they need to work with you to
> handle it properly.

But just to make sure: please verify the digital signature on the TSVN
installer msi file and/or the TSVN exe and dll files:
http://tortoisesvn.net/msiverify.html

Stefan

-- 
        ___
   oo  // \\      "De Chelonian Mobile"
  (_,\/ \_/ \     TortoiseSVN
    \ \_/_\_/>    The coolest interface to (Sub)version control
    /_/   \_\     http://tortoisesvn.net
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3074017
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2014-03-04 19:39:12 CET

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.