MS4 and Malware Bytes intercepts
Firstly, I love the new features in MS4 and sincerely hope that the frequent response lapses will be fixed soon. I am growing concerned about some of the background activity that is attached to Muse.Service.Exe.
I am running Windows 10 Pro, on a gaming class laptop with lots of cores, RAM, & disk space.
Recently I have been seeing multiple Malware Bytes' intercepts for inbound connection requests on Port 6881 from a variety of TCP/IP addresses. The port listener seems to be Muse.Service.Exe in a (formerly) hidden folder on the boot drive.
Before you give the pat answer, my Community Acceleration switch is off (in Muse Hub).
After reviewing some of the posts regarding Muse Hub, Malware Bytes, super privileges, etc. I have some serious concerns. Why is my IP address out there to be used as a connection target on a TCP/IP port commonly used by MS4. Which application should I trust? Malware Bytes or MS4? Without an answer to what is happening I am not willing to put an exception into Malware Bytes' "Allow List". Does Muse Hub have max or near max privileges? Why do I need to provide access to the filename of an app that access to everything on my computer and possibly any WiFi connected devices? On the surface this sounds like a huge security hole through any security on my system.
Can someone who actually knows the answer let me know what functionality will be unavailable if I uninstall Muse Hub? (My use of MS4 is primarily used to produce printable copies of modified scores for my own playing and my own keyboard device. The Muse Hub sound enhancements, while nice to have, are not a requirement for my use of MS4.)
I would really appreciate and informed answer to this query. Barring that I will be taking steps to remove Muse Hub from my system and may attempt to use the install module that has no Muse Hub in it. I will also be taking steps to actively block/trap any activity on port 6881, block any activity to/from addresses that Malware Bytes has already trapped, etc.
I have no wish to be part of a 'silent' neural net like structure, nor to harbour an application that could easily use my system for unknown purposes.
Thank-you,
Cliff
Comments
You'd loose (updates for) Muse Sound
In reply to You'd loose (updates for)… by Jojo-Schmitz
The have been lenghty discussions about security issues with muse-hub.
(service running with super power privileges and the use of the torrent protocol - not only on Linux but also on Mac and Windows)
e.g.
https://musescore.org/en/node/341517
https://musescore.org/en/node/337673
and so on.
But we have been asked to shut up about it. (on the risk of being expelled)
Questions about muse-hub should be asked on
https://musehub.zendesk.com/hc/en-gb
e.g.: https://musehub.zendesk.com/hc/en-gb/community/posts/8450771193629
Even with 'community acceleration' off, the service is still running with superpower and exposed to the internet.
Basically there are two 'camps': those who tell us there is no security problem, and those who think this is dangerous as hell.
Choose your camp.
In reply to The have been lenghty… by graffesmusic
If you uninstall muse-hub service, you can still use Muse Sounds. But there will be no more updates (as Jojo said)
In reply to If you uninstall muse-hub ,… by graffesmusic
"But we have been asked to shut up about it. (on the risk of being expelled)"
??
On Windows I have other software, Focusrite for example, that have root access. I quit the Hub after use and have spent a lot of time monitoring the service. Nothing.
In reply to "But we have been asked to… by bobjp
Ok. Good for you. You can sleep on both ears then.
In reply to Ok. Good for you. You can… by graffesmusic
They really said you would be expelled?