SaschArt releases PluginsMonitorFree, a freeware tool to check the security of your VST plugins.
I’m a former cybersecurity specialist by trade. It is a high-stress field of work, as I’m sure any current professional will attest. So, it certainly piqued my interest to see something security oriented for music production.
PluginsMonitorFree is a bit like WireShark, but for VSTs, if that makes sense.
It won’t help you make your next great hit, nor will it let you get the perfect compressed sound on a snare. However, it shows you what is happening in the background when you run things in your DAW.
PluginsMonitor effectively begins tracking the core functions of a plugin on load. While your plugin is running, PluginsMonitorFree is also running and analyzing every single call and action it performs.
I used u-he Diva as my test example when trying PluginsMonitorFree. U-he is a reputable developer, so it was certain that I won’t find any security issues with their flagship plugin.
Even so, I was interested to see what resources were loaded and any network communications that might have occurred.
Anyway, I’ve had Diva registered for years, and just as expected, I saw no unusual network traffic. TAL-U-NO-LX analysis was just as dull, with no juicy red flags thrown up while in use.
That said, PluginsMonitorFree could shed new light on some free plugins that might be too good to be true. At the very least, it’ll help you understand what is happening with your system.
PluginsFreeMonitor also supports logging, which I’m a massive fan of. You don’t always have time to read over every action a plugin might take. However, logs are an invaluable resource if you’re cut from the same cloth as others in the IT trade.
If there is a complaint to be leveled at PluginsMonitorFree, it is a simple fact that the software is Windows-only. I’m a recent Mac convert, and I would love to see a utility like this readily available for Silicon devices.
That said, you’ll need a Windows machine running either a 32-bit or 64-bit version of Windows to function. Supported plugin formats are VST2 and VST3.
PluginsMonitorFree isn’t your average utility, but it is useful if you’ve ever been curious about what your plugins are doing in the background.
We always recommend scanning all VST plugins with your favorite anti-malware tool before installation. PluginsMonitorFree can be the next step to ensuring your DAW is 100% clean and safe.
And if you like handy utility tools for music producers, check out the recently released Audio Plugin Uninstaller for macOS.
Download: PluginsMonitorFree (FREE)
More:
26 Comments
Fotis
onA brilliant idea! Thanks!!!
Rick
onIt’s gonna be fun to know what Waves plugins are doing…
Bruno de Souza Lino
onAll Waves plugins have HTML interfaces and a server process is run every time you load a plugin.
Thomas M
onThey also actually create log files so it is not so difficult to see what they are doing. I know this as I once opened a ticket with them and they pointed me to the location of the logs. And while the support could not find it out I then actually was able to fix the issue myself with the help of the logs.
Oppenheim
onDefinitely! Waves Audio is situated in the same country which is infamous for “cyber security” companies like (NSO Group / Pegasus). If anyone is still using Wares (please don’t) it would also be interesting to now what is going on!
Moon Doggy
onThey’re wasting precious space on your HD — space that could be used for much better plugins that don’t require WAP, Waves Central, or their annoying plugin wrapper.
Christian H
onThere will not be a Mac version: “Unfortunately, Apple OS’s security system doesn’t support cross-module scanning. This system has a drawback: plugins cannot be scanned and there is no security checking in compensation. So PluginsMonitor cannot work on this operating system.”
Pisces
onThis is a great idea!
Michal Ochedowski
onI would put this type of software in the distraction category, but on the other hand can’t really fault the general concept. It might be a great tool for more curious users.
Numanoid
onI am quite interested in what plugins are doing when installed.
I realized recently that IK Multimedia for instance store downloaded zip file of the installers in an obscure folder, instead of deleting it after installation has been completed.
Getting rid of that got me back some gigabytes precious harddrive space
Bruno de Souza Lino
onThat obscure folder on Windows is located at “C:\Users\\Documents\IK Multimedia\IK Product Manager.” Really obscure place.
Daniel
onWilliam, VirusTotal has 5 detections for the 32bit version and 3 for the 64bit vst and 64bit vst3 versions of this plugin. As a cybersecurity expert can you please confirm that this is normal and expected precisely because of the specific nature of this tool and what it has access to within the OS?
Nicola
onI see 2 detections on the 64bit, neither by reputable anti-virus companies, and 5 on the 32bit, but all AI machine learning ‘guesses’, which are nearly-almost false positives.
Hello
onCool! I’m getting this. Now how should I check that this SaschArt monitor is secure? (Maye I can learn WireShark?)
But yeah, I am glad there is something like this.
electric butterfly
onI checked it with Net-Peeker, it doesn’t even connect to the internet.
electric butterfly
onIt’s possible to block the internet access per plugin and let the DAW connect to the internet as well as other plugins.
This is excellent! With my firewall I can’t do that, just block everything.
Stan Phelps
onthanks for the idea, it’s a good one
Ged Rodger
onShame it isn’t Mac compatible – there go all your potential Logic users!!!
Stan Phelps
onI didn’t think it was possible.
Sydney Cantu
onThis program is great, will be my first security option because it’s dedicated to audio plugins. I can’t believe it’s free.
NexThit
onI’m curious why Vital sends so much data to their server. It’s obvious that not only my login email and password are sent.
Salim
onThey take our data for statistics. There is nothing dangerous, but not nice… they should have notified us.
creed3
onFor Mac users, check out https://objective-see.org/tools.html. These aren’t specific helpers to music apps only but ALL apps to monitor internet connections, disk access, etc.
Asa Carr
onAre useless, it does not work per plugins. Maybe it will be such a plugin on Mac too.
Salim
onI tested it myself, this plugin can do what other security systems can’t…
Antivirus programs are zero until a program is flagged as malware. Who scans the audio plugins on time? Anyway, it takes a long time.
WireShark is not able to says which plugin connects to the internet so it’s useless.
Can we block a plugin with a firewall?
This does not have these limitations.
Zaid Myers
onIt seems to me a welcome premiere, we are forced to take into account the security of our DAW.
Before that, it was not even known that the guys from Orbs send the data with the musicians’ work on their server.
Thanks for sharing.