Freeciv
Advertisement

If you are a Microsoft Windows user who installed Freeciv and your virus checker just gave you an alarming message, please read this.

The Norton, AVG and Symantec virus checkers, and possibly more, claim that Freeciv contains a so-called "Trojan horse". Symantec, for instance, falsely reports the presence of Trojan.Zlob. (This is a recurring issue on the forums, see e.g. DavidR post, Hessel's inquiry, another thread, and Per's permanent sticky note).

A Trojan horse is a program that, when installed on your computer, allows arbitrary Internet users to access your computer and take full control of it. Most Trojans actually have a specific purpose: they turn your computer into a file sharing server (to be used for illegally distributed movies, commercial PC games, etc etc).


So it would indeed be cause for great alarm if the Freeciv distribution contained a Trojan.

But it does not!

Why, then, are you getting these alarms?

The answer is that these virus checkers mistake Freeciv itself for a Trojan horse!


Freeciv actually consists of two programs: when you start Freeciv, what you see and work with is the Freeciv client program, while games of Freeciv are actually managed and executed by the Freeciv server program. This setup allows multiple players, anywhere on the Internet, to play against each other: they each start a Freeciv client, then connect to the same Freeciv server. When starting Freeciv, you can either select an already running server to connect to, or start your own server and connect to that (this is what happens when you "start a local Freeciv game").

When the Freeciv server program is started, virus checkers are smart enough to see that it is, indeed, a server. In their experience, this is extremely suspicious: almost none of the software you can download and install from the Internet includes a server program, while most Trojan horses have no other purpose than to install a file sharing server. Now the Freeciv server cannot be used to share files; it can only be used by Freeciv clients to meet players and play Freeciv, and it was carefully designed not to allow any other use or abuse. But the virus checkers in question do not know anything about Freeciv. They do know about Trojan horses. They check whether the port number of the server (a required parameter for servers) is equal to the port number used by the file sharing server installed by one of the Trojan horses in their database, and when it matches, they report that the Trojan horse in question has been found. (That is to say, we assume the virus checkers work this way, otherwise it's impossible to explain why they would flag Freeciv as containing a Trojan.)

So this is how Freeciv is mistakenly reported to contain a "Trojan horse". Freeciv is not exactly one of the most popular Windows applications ever, so virus checking software makers can be excused for not knowing about it. And they are right to put up big signs when they think a Trojan has been installed onto your computer. But their checking is a little sloppy, and the alarms are bogus.

Thank you for your attention.

Freeciv 2.1[]

To alleviate this problem, port number 5556 has been officially registered with IANA, and future versions are migrated to use 5556 by default.

Advertisement