Contributors: How to avoid aiding the development of malicious code

Montag, 14. September 2009 20:29

Hi Reed,

"Hear, hear!!"

as they shout in the HOUSE OF COMMONS, (and some court rooms?).

You have my full support to keep these forums clear of malicious code. :-) ;-)

Regards,

John

I'm currently looking for work in Vb.Net software development. :-)

Dienstag, 15. September 2009 00:26

Moderator

0

Hi John Anthony (we have a numberof John's as you well know! lol),

Thanks for your support. This thread welcomes the input of yourself and other top-standing forum members (anyone with a good idea is welcome to post - I'm just encouraging suggestions from our resident gurus =P). If you have any other warning signs to mention, or other related advice, please feel free to share it here. I'll copy new info into the original post to keep it at the top for easy viewing.

Reed Kimble - "When you do things right, people won't be sure you've done anything at all"

Dienstag, 15. September 2009 00:36

0

we have a numberof John's as you well know!

Hi Reed,

I hope you are not referring to your toilets!! LOL!!

Regards,

John

I'm currently looking for work in Vb.Net software development. :-)

Dienstag, 15. September 2009 01:21

Moderator

0

Hmm... well the forums do contain users who are like toilets - they come here FOS and stink up the place - but that's not what I meant...

hahahahaha!

Anyway, now WE'RE mucking things up so lets keep this sticky thread on topic :)

Reed Kimble - "When you do things right, people won't be sure you've done anything at all"

Dienstag, 15. September 2009 02:13

1

reed kimble ,

.
=================
off topic....
from the time of your appearance on this forum, i have noticed a great job on your side. very well appreciated from me. thanx ;o)
if you need an idol, which i hope is not offensive to mention, martin xie. don't follow him everywhere, just view his posts.
other mods, seem to just mark anything as an answer and doodle anything to propose their answers. no offense to "other" mods, wisen up. ( i know wisen is misspelled, thanx to microsoft . ) proposing self answers, well, microsoft has not wisened up about that yet..
here is one i should self propose, "i am god!, tremble!"..
=================
back to topic....
i have caused havoc on plenty threads, as such,
http://social.msdn.microsoft.com/Forums/en-US/vbgeneral/thread/5a4db104-d114-4eec-ae3e-0f6dd49a8938
and also, on threads that had something as a hackercentral.jpg, or so, for an image in their question.
talk about some nonsense on a microsoft forum.
-----
about your post, to much to read. ;o)

i read most of it, which, from what i picked out, was that, respect should be given where proper .. the TOU, i don't even vote, minus well view the political stuff. so, if it's not vb code, then you can guess that i read it very well. ;o)

i have had a few, well, a lot, of my replies, where i had to search the web for solutions..
if the code was shooting blanks, but i could fix the shots, i would correct it and supply the solution for the o.p. ( original post ), without a link.
blanks, roflmao.. i double/triple check code before posting. what a joke from some of those tutorial websites shooting blanks..

but , if the code was complete and supplied quite useful information, or just the information was something i thought would be of use, i would definitely supply the link to the website location. a few times, in case the code was a gem in a pile of dirt, i supplied the code as well as the link, for backup reasons, just in case the website was sentenced to being a malicious, thing...

about other sites, and their TOU, hah.. get me to read it. more nonsense of " i will sue you, if you sue me, but if you read the fine print, microsoft created vb, so i guess i will be sued."
i will keep using the internet for solutions, unless confronted by a popup, as "DaniWeb's" forum usually does, but not with a TOU..
if it did, stating that you can not copy and paste code, i would not. . plain and simple..
if they do not want viewers to link to their website, then, they should be added to the WOT ( world of trust ) as red flagged, even taken off search engines..

code is code.
one way or another, someone will code it .. they cannot hold copyrights as some nonsense paper signed by jesus himself, stating that it is god's code.
believe it or not, it is god's world, so all is, his code, or someone's, like the designer's of vb, or any other language.. hold copyrights for that! FOOLS! ..
-----------
do these websites ( lawyered up, without jesus ), providing code and information on how to code, explaining the code in details, want a fee?
i bet they all use vb.net express.
----------
i bet i could write a book on this.. roflmao.
nice post reed kimble, but for something like this, you will need a forum.

i live here and this is my reason ... trujade.

Bearbeitet •.trujade.• Freitag, 13. August 2010 23:37

Dienstag, 15. September 2009 02:47

Moderator

0

lol Trujade, lol

I think you've done just fine around here - and I think you're making the correct call on when to link to someone else's content as reference.

On the TOUs, obviously nobody reads them under normal circumstances - but ANYTIME you want to fiddle with someone else's web content, you really have to scan the TOU or AUP and see what they allow you to do with their content. I'm not saying I agree with any of it from a social standpoint (I gotta kick outta your "...hold copyrights for that..." comment!), but from the perspective of someone who's been granted moderator privledeges, it is right to discourage any activity which has any obvious potential for legal reprocussion should the wrong individuals become involved.

And you are right; code is code. If it can be written, someone can write it. There will always be those who do things without regard to the possible consequences of the doing. But that doesn't mean that we have to make it easy for them. ;)

I, too, really like Martin. He, Riquel Dong, and other MSFT Mods have made a SIGNIFICANT impact in reducing the number of unanswered threads and helping to generally keep things clean... not to mention being rather brilliant and posting some really good stuff for users. I actually know Riquel better than Martin, but they have both proven to be fine fellows in my opinion.

One correction to make: you said "from the time of your appearance on this forum"... lol you mean "from the time of this forum's appearance on me"! hahaha You see, these VB forums actually started on www.windowsforms.net which I believe was a side-project site for some MSFT developers, much like Channel9 today. Either way, when the MSDN forums were created, the windowsforms forums were actually used as the foundation for the VB portion of the MSDN forum site. There are actually still a number of us "old schoolers" (LOL) who started on the forums back in framework 1.0 or beta and were migrated with the content onto these forums. So I've actually been around LONGER than these forums... hahahaha!

Finally, thanks for the kind words. :) I don't think there are many people who don't enjoy an unassumed "well done" every now and again.

Reed Kimble - "When you do things right, people won't be sure you've done anything at all"

Dienstag, 15. September 2009 05:19

1

So I've actually been around LONGER than these forums... hahahaha!

Hi Reed,

Myself included. :-) ;-) Back then my forum I.D. was not my real name.

I can't remember the old forum area url where these Vb.Net forums were moved from even!!

<edit> I've just found it!! We were moved from.>>

http://social.microsoft.com/Forums/en-US/categories </edit>

I have stumbled upon this list though.>>

http://www.microsoft.com/communities/forums/default.mspx

which includes these popular ones.>>

Most Popular

•	MSDN Forums

•	TechNet Forums

•	Microsoft Answers Forums

Regards,

John

I'm currently looking for work in Vb.Net software development. :-)

Donnerstag, 17. September 2009 06:39

2

[JackAssMode=On]
Can any perhaps tell me how to attach my code to an existing non-managed exe?
My intensions are benevolent. I promise :-p
[JackAssMode=Off]

Agreed. A lot of malware comes from young developers that has not yet starting making money in a productive manner or are simply just bored.
There are tons of forums with tons of mallicious code out there. Because we are too eager to help. I know I have that problem. Impecible trust. I will always trust that actions and intensions are benevolent until prooven otherwise, and what follows is regret.
This thread should definatly be sticky and stay sticky.

Sonntag, 20. September 2009 00:35

0

Reed,

i know this is a hard subject to deal with. the honest people don't want to help maliscious code writers.

first, i know what prompted you to start this thread was the "spam email thread". i don't know enough about what all is sent with an email or why it would need to be hidden. is there anything sent with an email which could be considered private and might need to be protected that would be worth hiding? curious about that one. i really didn't pay close attention to what the poster was wanting to hide really.

what i have been thinking about for some time is code that can be used for maliscious purposes but can also be used to help stop maliscious users as well.

examples
keylogging - could be used to monitor others computers to steal information but can also be used to monitor users on your own computers. business employees for example.
hide processes or control the task manager - could be used to prevent users from stopping maliscious programs but can also be used to prevent users from stopping programs such as keyloggers on employee computers.

could probably name some more but you know what i mean. people here may be looking to write maliscious programs but some may be wanting to write programs for protection as well. or maybe they are learning for ethical hacking.

i have been interested in hacking and maliscious software for some time. not for maliscious purposes but for an understanding of how it works and learn how to protect myself from it better. we all have had the issues of trying to protect our computers, information and our software. i have even put some of my software on hold because of the ease of pirating. i have been slowly moving my software online which has been good so far as i can atleast hide my code. it's a start.

i guess the hard part is that code which can be used for maliscious purposes can also be used for good. i would not want to discourage the good "bad code" writers. they may end up looking for help from all the hacker sites, etc...

what do you think?

FREE DEVELOPER TOOLS, CODE & PROJECTS at www.srsoft.us Database Code Generator and Tutorial

Donnerstag, 24. September 2009 00:45

Moderator

0

Hi Jeff,

On the email question, the answer is basically "no". The default information in the email headers are simply sender, recipient, and message identifiers. There is a protocol to follow for SMTP transmissions and so certain information is expected to be both provided and accurate, otherwise the transmission may fail. Think about it this way: if you want to send someone a letter, you use the postal service. This service has a certain set of rules, or protocol, that it expects you to follow. First, they don't take letters; they expect you to place the letter in an envelope (e.g. wrap a message in headers). Not just any envelope will work - it needs to conform to certain specifications for a "letter". Next they expect you to place the recipient's name and address, as well as your name and address, on the outside of the envelope. Finally, they expect you to place postage on the envelope. If you've met all of the conditions of the protocol, then the postal service will deliver your letter as intended. If you fail to include any of the required items, the service will not deliver your letter. If you fake any of the required information, then your letter may or may not arrrive at the appropriate destination and you may or may not violate one or more federal laws (depending on what info you fake and how you fake it).

You can think of sending email in pretty much the same way. The SMTP server is a postal service. You are expected to follow it's protocol. If you don't, it has no responsibility to deliver your message as intended. If you lie in these transmissions, there could be legal reprocussions depending on what it was, what you did, and who you sent it to.

As for the malicious code/white-hat hacker... First, there are formal classes for white-hat training and I don't think these forums were intended for that purpose, despite how useful they may be. And apps like Keyloggers are hard to justify in any circumstance, and may be illegal to use depending on if they are announced or not, who owns the computer, state laws, the mood of a judge on a given occasion, etc., etc., etc. Immoral rarely stays a step ahead of illegal... It is just hard to imagine the circumstance in which a Keylogger is truly the best answer for a problem, given all the other security measures out there.

So I do understand your point, however, these forums are simply too loosely managed to support such sensative topics. With no true validation of posters and open access for anyone to view, this just isn't a good place to discuss such topics. Perhaps if someone reading this knows of a good white-hat website, they will share the link. Obviously I could search and find some, but I wouldn't really know anything about them.

Think about it this way: if we were Navy SEALs, would an open, public forum be a good place to discuss the best method by which 30 armed men could be silently dispatched by a group of four or five guys? Probably not.

At any rate, that is my take on the situation. :)

Reed Kimble - "When you do things right, people won't be sure you've done anything at all"

Dienstag, 29. September 2009 23:24

0

I have placed several web automation posts recently and I can assure you the intent is not malicious code.

We are faced with many fill in the blanks pages at a legacy government web site that can easily be automated from data stored in our database. We have cut our data entry times by 90%.

I also wrote routines that did 5+ automated drill downs that we needed to do to get all the information we needed. The user had to drill down, print, back up, drill down, print, etc. etc. which could take 5-10 minutes. They now get a report with one click in about 30 seconds.

We are truly greatful to those that replied to my posts - thanks!

Mittwoch, 2. Dezember 2009 20:38

0

A lot of cool ideas come from us to! Although I do see exactly what you mean by your comments, I would say the split between friendly programmers and evil programmers is about 50:50 among the young, I try to be honest and nice with my programming, I have been influenced greatly by my mentor at school Jeremy Harle, he is a fantastic person to talk to and is a genuinely nice guy.

On the other hand, some-one else at school who took an interest in programming sees it only to access network resources that are under lock and key for a reason, I mentioned one of the security exploits that was talked about in security now recently and instantly he was asking if we could start to use it (it was a fault with SSL) for our own devices, of course I declined but it still worries me that he would want to do this sort of thing.

The only thing I would add is that because the older programmers become more honest as they get older we have the better programmers on our side, the older ones with more experience, so I sleep easy at night. Thanks to this forum and the CodeProject, which we all know and love, I find programming is no longer something which is pointless unless you are breaking something, as non-programmer friends at school encourage me to do. So I suppose that it can be concluded that good programmers are moral when it comes to usage of computers, poor programmers who are not willing to learn (which this friend it also) - or non programmers who believe it to be cool to hack things, can not see that morality applies to computers too

Sorry if this isn't very clear but I sort felt angry at some of the people around me, please excuse the incoherent language.

http://twitter.com/graymalkinsblog http://practicalhardware.blogspot.com/

Bearbeitet graymalkin Mittwoch, 2. Dezember 2009 20:41 Formatting fail

Donnerstag, 3. Dezember 2009 14:51

1

I see an uncomfortable number of questions asking for info that could easily be put to malicious use.
You can probe the OP to discover their intent, and you get replies that come in one of two flavors.
Neither of which really tells you anything about the true intent of the individual.

1. My intent is benign. I mean no harm. .....
2. ANGER. Why can't you people me? .....

I have come to realize that trying to discover their intent is a waste time.
Not because of the reactions, but their intent is really irrelevant to the matter at hand. Security.

Posting code of any nature in a public forum that can be abused for malicious purposes is outright reckless.
I wish could provide the help they request, but I don't know most of those programming tricks anyway.
I would discourage anyone from publicly posting code that could be perverted no matter what the person asking for it claims.
Their claims take a back seat to common sense. Anyone can read the post, people.
Don't post anything that could become part of someone's malicious software in public.

Rudy =8^D

Mark the best replies as answers. "Fooling computers since 1971."

Donnerstag, 3. Dezember 2009 15:56

0

Hi Rudy,

I agree that we definetely do not want to post code to help maliscious intent but the truth is as you say, we don't know their intent. Now don't get me wrong, often times it is strange to see some requests, and they look very suspicious and should be taken with caution, and those posts I usually am very leary to do anything with.

There was a post in the VBA forum a while back asking about a way to retrieve a password from a protected Excel workbook. The response they received was basically, we don't support those types of issues in the forum. What i see there though, is that they want to break the passwords to get into workbooks they shouldn't or possibly they have invested a lot of time into a project and have managed to lose their password. So retrieving their password is not a bad thing at all. If they choose to use it for maliscious intent that is something that is unforunate but is a side affect of a good thing.

I think part of the issue is there are labels associcated wtih certain things like "to retrieve a password". It is labeled as maliscious but only because there are those who have used it for maliscious purpose. A password is labeled as a protections so trying to break it is labeled maliscious but it is only maliscious if not used with good purpose.

If we stop teaching things just because they might be used with bad intent then we might have to stop using a whole ton of methods. How about the IO namespace. Deleting files, copying files, moving files. All normal things but can be used for malisicous purposes. I am sure there are many others i can name but you get the point.

I am working on a new version of my budget program and i have always had password protection. So far noone has had any issues with it but once the password is set, you can not get in to change anything unless you know that password. The new version however will not be limited to one years time and can be used for many years, so it is possible the user could forget their password. I have even worried about it myself since i use the program. I know where to find the password so no big deal but it will be for my users. I will be placing in some kind of method for them to retrieve the password just in case. Is it possible people will be able to use this method to get into relatieves or friends financial records, yes, but what good does it do the user to not be able to get to their records at all if they genuinely need to.

It seems to me the biggest problem is that we are bitten by maliscious code at times, i mean who hasn't been, and so we are upset by it. We can't control what help we give to others just because it is possible for someone to use it for maliscious purposes. I think if we look at the bigger picture, we will see that anything can be used with maliscious intent if the user chooses to do so. We can't shut the world down.

Does it bother me to see maliscious use, yes, and i have been bitten many, many times, but i see a great deal of good in what can be considered to be used for malisious purposes. I think our purpose should be to educate and not police. We can't tell someone don't use the IO.File.Delete because they might delete someone elses files. We can tell them how to properly use it and let it go to do as it will.

Believe me, I am on the good side. We just need to open our minds to both sides here.

Peace All.

FREE DEVELOPER TOOLS, CODE & PROJECTS at www.srsoft.us Database Code Generator and Tutorial

Donnerstag, 3. Dezember 2009 16:26

0

The problem with a forum, is when you say something to somebody, you are saying it to everybody

I can go thru an Excel password in less than 60 seconde. Should I post here how to do it ?

I Think the answer is no, because every body will know.

I believe that some things should still be not made public

Sure all code can be use for bad reason, but The way I see this is "Dont help too much those that use it for bad reason.

An exemple of this, I see no problem in the fact of posting a keyboard hook, but I would not post a keylogger.

Donnerstag, 3. Dezember 2009 16:26

0

In the C# forum we recently had an individual who was wanting to write code so that his "little sister couldn't use his computer" when he was not around. He wanted to be notified when she logged on, observe what she did, log all keystrokes, log all web visited pages, and prevent his program from showing up in the Task Manager. Also, wanted it to be prevented from being stopped remotely. Said that his kid sister was 6 years old. Riiiiiight.

Another recent candidate wanted to be able to monitor his anti-virus scanning software. Claimed that he wanted to capture and analyze the viruses that it found before the software disposed of it. Said that he need to be able to stop the anti-virus scan from detecting his code as a virus. Riiiiiight.

That is the type of stuff that I had in mind.

Mark the best replies as answers. "Fooling computers since 1971."

Donnerstag, 3. Dezember 2009 16:43

0

Yeah, i understand. I have seen posts like the little brother or sister one before. those are very suspiscious because you see the same scenario many times and it just doesn't add up. there seems to be a pattern with some. and if they don't get the answer, i have seen them change the reason why they need it. I feel you on that one.

The virus one also sounds suspiscious.

We can assume but we just don't have any way to know for sure. I wish we did. Later on when we start implanting chips in our brains, we will know if there is maliscious intent or not. Instead of the Internet, we can have the InterBrainNet :-)

FREE DEVELOPER TOOLS, CODE & PROJECTS at www.srsoft.us Database Code Generator and Tutorial

Donnerstag, 3. Dezember 2009 16:47

0

Yeah, i understand. I have seen posts like the little brother or sister one before. those are very suspiscious because you see the same scenario many times and it just doesn't add up. there seems to be a pattern with some. and if they don't get the answer, i have seen them change the reason why they need it. I feel you on that one.

The virus one also sounds suspiscious.

We can assume but we just don't have any way to know for sure. I wish we did. Later on when we start implanting chips in our brains, we will know if there is maliscious intent or not. Instead of the Internet, we can have the InterBrainNet :-)
FREE DEVELOPER TOOLS, CODE & PROJECTS at www.srsoft.us Database Code Generator and Tutorial

But, Jeff, I think the person's intent is totally irrelevant.
Anyone can read the posts, not just the OP.
The point I was making is that the OP can be benign, but someone malevolent can read it and abuse it.
That is what we must guard against. As Crazypennie pointed out and Reed Kimble began, we need to think before we post some types of stuff.

Mark the best replies as answers. "Fooling computers since 1971."

Bearbeitet Rudedog2MVP Donnerstag, 3. Dezember 2009 17:07

Donnerstag, 3. Dezember 2009 16:54

0

If that is the case then we need to not post IO namespace code either.

We can't have file delete code for just anyone to see

We need to tell the OP that we can't help them because someone may use it for maliscious purpose

FREE DEVELOPER TOOLS, CODE & PROJECTS at www.srsoft.us Database Code Generator and Tutorial

Donnerstag, 3. Dezember 2009 17:14

0

Nothing wrong with posting code that shows you how to delete files, that is already in the MSDN library.

But, there are a few volatile .NET types and methods in the MSDN library that have little or no documentation much less sample code. I believe that many of these omissions are not accidental. (So why was the volatile stuff put into the FCL to begin with? They are extremely useful, however easily abused. ) One type comes to mind that I won't mention in this thread is far more powerful than the seemingly complete documentation leads you to believe. The docs describe just a fraction of what it can do.

Mark the best replies as answers. "Fooling computers since 1971."

Donnerstag, 3. Dezember 2009 18:06

0

The thing is that those that are already doing malicious code do not post here to ask how to do it, They can propably show us how to do it.

What we have are kids with small knoledge of the language that find funny to play hacker.

So unless we provide a copy/paste code that do what they want to do, they cannot do much bad.

The proof if this is with a search, you can find in this forum many code of keyboard hook and we keep having post asking for key logger.

This is true for most of these demand of suspicious code, if one knows a bit what he is doing, he will find all the info he needs in this forum.

What I Think, just not let put it together in a single post

Donnerstag, 3. Dezember 2009 18:12

0

Oh yes the do post here.

Current thread .

What do you think of that one? I'm ready to give 'em the boot.

Mark the best replies as answers. "Fooling computers since 1971."

Continued on a new thread

Montag, 19. April 2010 14:33

0

Nothing wrong with posting code that shows you how to delete files, that is already in the MSDN library.

But, there are a few volatile .NET types and methods in the MSDN library that have little or no documentation much less sample code. I believe that many of these omissions are not accidental. (So why was the volatile stuff put into the FCL to begin with? They are extremely useful, however easily abused. ) One type comes to mind that I won't mention in this thread is far more powerful than the seemingly complete documentation leads you to believe. The docs describe just a fraction of what it can do.

Mark the best replies as answers. "Fooling computers since 1971."

I gotta say, you've gotten me awfully curious with that comment :P.

About the antivirus comment above... I can definitely see their frustration and desire to prevent an antivirus program from deleting their code, I had a similar problem with Norton just last week, very frustrating. Nevertheless posting code to circumvent that is just blindingly irresponsible.

To continue chipping in my 2 cents worth (if it's even worth that). "Malicious code" is a very grey area. What might be an april fools prank (a simple looping reboot) between friends could seriously confuse and distrupt a business if someone was so inclined.

I personally feel that creating something is far more rewarding than breaking it, but I'm still interested in how it's broken. It's certainly more a case of known thine enemy than malicious intent though.

Dienstag, 20. April 2010 13:38

0

Continued on a new thread

Please, post additional comments on that thread. Or feel free to start your own if you like.

Mark the best replies as answers. "Fooling computers since 1971."

Montag, 28. Juni 2010 13:14

0

people here may be looking to write maliscious programs but some may be wanting to write programs for protection as well. or maybe they are learning for ethical hacking.

Jeff,

The hard fact is that most of us have no idea how to tell when people are lying about their motives. All we can do as contributing members of the community is lend our knowledge where we believe it will be used for the greater good and hope it doesn't fall into the wrong hands...

I've also been interested in hacking for a long time now (since '95 when Hackers came out... It's still such a cool movie in my opinion). I really wanted to be able to weild that kind of power over others. I still do to some degree.

I've looked at making eBombs and keyloggers and brute force software with no real intention behind it (except when it comes to ExpertsExchange ... but I believe that the kind of info they make you pay for should be free anyway). But then I thought "how would I feel if someone did that to me?"

Now I just try and find projects to keep busy with and learn from that. I leave my lust for power in world of warcraft where I can't actually hurt anyone...

I wanted to change the world, but no-one would give me the source code... Logan Young

Montag, 28. Juni 2010 13:44

0

Hi Rudy,

It's been a problem with the teacher/student relationship since the beginning of time.

Nobody who teaches or guides somebody can ever have any real idea about how their student will turn out or what that student will do with his/her teacher's passed on knowledge.

Look at Einstein and the other scientists who build the A bomb... Do you believe that their professors didn't think that their students could create the most devastating weapon known to man? I think it probably crossed their minds on more than 1 occasion, but they still taught their students.

It's a double-edged sword. On one hand, by refusing to pass our knowledge on, we could stem the creation of malicious software and help make the internet safer. On the other hand, we could be also be preventing the development of more sofisticated systems for tracking donor organs that could save millions of lives.

It's a tough one because it could be difference between being a listed as a co-conspirator to the most devastating computer virus outbreak in history or as a driving force behind the creation of systems that helped biologists discover a cure for cancer.

I wanted to change the world, but no-one would give me the source code... Logan Young

Montag, 28. Juni 2010 13:58

0

The little brother/sister scenario doesn't add up...

There's a good reason for that, and you're absolutely right not to trust it. The reason is that it's total BS.

It's a lie no matter how you slice it. Most people (particularly bad liars) will not have tought the lie through before telling it, so they make mistakes that present their case to be false because it doesn't add up...

If you're really that worried about your little brother/sister using your pc, set up a user account, put a few shortcuts to games on the guest account's desktop and let the munchkin go wild!

I've actually had that situation before, and I never trusted my little brother to just play games like he claimed he would. The magic of innocent minds is that if you put something that makes noise and looks cool in front of one, it'll generally keep them out of mischief. That's why mother dearest sat me in front of gummy bears for hours on end...

I wanted to change the world, but no-one would give me the source code... Logan Young

Montag, 28. Juni 2010 14:34

0

Here's an interesting scenario:

my wife's grandparents have a computer they let the grandkids play on. The kids range in age from a about 6 yrs to mid 20's.

the ones you have to watch for are the older ones because they like to go all over the net without any regard for the consequences. basically, they don't care because it's not their computer. the younger ones don't know any better, that's ok.

so the grandmother doesn't like the older kids using the computer and has it setup for them to only be a guest. ok, so now they are protected.

well, here is the problem, the grandfather gives the kids the password anyway so it defeats the purpose.

so, the deal is, how can anyone put a "typical" scenario together. every situation is different and there are many variables to it.

my thought is always for education, not imposed protection. i'm not saying to not offer protection, just don't force it on people and don't try to withhold information just because you think you are protecting someone.

for example, aliens, ufos, extra terrestrials, etc., if they do exist, why keep the knowledge from people. one might say it would cause panic and chaos. on the other hand we have monsters that "come for us" already that we clearly know about like sharks. yet, people still go in the water to swim and surf. there is not panic and chaos, just people with an education about the risk who make the choice for themselves.

we want to say that we are protecting people, but we use it as a way to make us feel better about the world and it gives us a power that many like too much.

the interesting scenario i posted first is real, but i bet if i were to post it to get help with some "maliscious" software, it would get suspiscious rejection.

in short, we are not preventing the world from being "hacked" by withholding what is already out there. it is an illussion.

education, education, education. truth is, there are many out there who don't want people to be educated; ignorant people are easy to control. that time is over though. people finally have some awareness outside of their illussions; people are starting to "unplug".

there are no easy buttons for everything, but give people knowledge and it will become easier. people will make mistakes, but they will also learn from them.

FREE
DEVELOPER TOOLS CODE PROJECTS
DATABASE CODE GENERATOR
DATABASE / GENERAL APPLICATION TUTORIAL
Upload Projects to share or get help on and post the generated links here in the forum
www.srsoft.us

Montag, 28. Juni 2010 14:36

0

Hi all.,

I am not in any way wanting to write anything or help anyone write code that would harm someone else but, I can go on the internet and get any information that I want from other sites. Including the use of hooks that seems to be tabot on this forum becuase of the possibility of them being used to help a malicious coder.

Now if it is clear that the OP wants to use the code for something that is malicus then don't help him but a lot of what I have seen is borderline at best and could have been a request that has nothing to do with malicus code.

All of this is interpretive and it is hurting the learning developers. I believe that it should be a lot more open than it is.

A malious coder is going to get the code he or she wants either way and will post the answers that he or she finds to other coders. So what is the use of keeping code secrets? Besides the insucurety we all have concerning someone taking our jobs because they know more than we do.

As far as helping a malicous coder how do we even know we are helping a malicious coder? We don't unless He says "I am going to use this for malicious code"( which he will not say).

I have heard the mention of code that is high volitile and no mention was made of that code by Microsoft. LOL If it is there then you can bet money that it can be found through a search of the internet so why try to keep it secret?

There is no such thing as a secret. If someone knows then it is no longer a secret. Because if one person knows then others know too.

All of this witholding information because we might be helping a milcious coder is just hurting ourselves by not helping a learning developer that just might possibly be the one that comes up with something that would really help us all. Such as a way to save our planet from all the abuse it has had.

Curtis

Always Lost in Code, Always mark answers as correct if they answer you question and solve your problem. This way others when searching for similar problems can find the answer faster.

Mittwoch, 30. Juni 2010 03:45

0

that's a good one. lol dog poop bags

Samstag, 17. Juli 2010 13:06

0

malious coder is going to get the code he or she wants either way and will post the answers that he or she finds to other coders. So what is the use of keeping code secrets?

By that logic governments should just release all sensitive information to all other foreign governments because, well, they all have spies that are getting small amounts of that information anyhow.

Or maybe banks should just publicly release their security protocols because, well, bank robbers occassionally succeed breaking through those protocols and telling other bank robbers.

Curtis, the reason Reed posted this thread and why so many others here agree with the intent is that we do not want to contribute to the spread of this malicious knowledge base... regardless of whether miscreants can find the information elsewhere. Your argument is not only ludicrous, its an affront to the well-meaning.

Samstag, 17. Juli 2010 13:26

0

you might also make a case that it is ludicris for any of us to give personal information to anyone. but we do it all day long, everyday. we give out account numbers and all personal information (which can be used to access our accounts without any hacking) through a machine to people we have never met, and we think it's safe.

in fact it is just plain irresponsible and stupid for any of us to give information like this to anyone.

well, this is a discussion that would never end. the sad truth is that our information is not safe no matter how much you might want to believe it is. no, don't give it to them easily but we need to educate people, not hide the world from them.

and curtis is right when it comes down to it. the information is out there if you look. and what you can't find, you can buy. you better believe the people who are in control of securing your information are just people and are willing to profit from our information that we give without a second thought.

FREE
DEVELOPER TOOLS CODE PROJECTS
DATABASE CODE GENERATOR
DATABASE / GENERAL APPLICATION TUTORIAL
Upload Projects to share or get help on and post the generated links here in the forum
www.srsoft.us

Samstag, 17. Juli 2010 14:11

0

malious coder is going to get the code he or she wants either way and will post the answers that he or she finds to other coders. So what is the use of keeping code secrets?

By that logic governments should just release all sensitive information to all other foreign governments because, well, they all have spies that are getting small amounts of that information anyhow.

Or maybe banks should just publicly release their security protocols because, well, bank robbers occassionally succeed breaking through those protocols and telling other bank robbers.

Curtis, the reason Reed posted this thread and why so many others here agree with the intent is that we do not want to contribute to the spread of this malicious knowledge base... regardless of whether miscreants can find the information elsewhere. Your argument is not only ludicrous, its an affront to the well-meaning.

Dig boy I see no logic in refusing to help someone because we are not clearvoiant and don't know for sure. If there is .01% malicus coders out there and we are going to refuse help to the 99.9% of good coders, Then why even have the forum it does nothing but slow down the learning because it just adds confusion and is misleading OP's. This is the same reason why we are not feeding the people of the world that are in need because people say well I am not going to give help to those lazy people that will not help themselves when in fact there is only a small percentage of that type people. The majority is willing to work to earn that help. But we refuse to help the good people because of one or two bad apples, on faulty logic.

I will give you a good example of this I asked a question about hooking and was purposely mis lead into believing that you cannot hook into the focused window that is up using VB(This was for an application that converts RTF to HTML. I wanted to put a (Convert To) in the context menu of any program running that had focus). This Program could be MS word, notepad or your own applications. I heard some of they same arguments about malicus code. I left this forum and went to another site and with in 30 minutes found the way to make this hook using VB. I was mislead own purpose. Is this helping people on this forum. ____ no it is not. If any body out there wants to know how to hook into a windows application I can tell you. This is no secret it is out there on about 100 websites how to do this. So is all the other secrets that all of you want to with hold.

What you are doing is hurting would be developers because of either being mislead by others into believing you are helping stop malicus code. When in fact malicus code is being written by people just like you that have got disgruntalled for one reason or another.

If you so called developers don't want to help then just leave the forum because it does not need people who will interfer from the fear they will accidently help a malicus coder.

I have give an example of what not giving the code out does. You know why I think you will not give this code out is it will allow people to make better applications and this will give you compition in your sales thats why and has nothing to do with malicus code.

Curtis

Always Lost in Code, Always mark answers as correct if they answer you question and solve your problem. This way others when searching for similar problems can find the answer faster.

Montag, 23. August 2010 19:53

0

Yes, well people's intentions can be hard to know, plus people can lie about why & then you never know what they are really up to, I used a code for keylogging to detect a user pressing the F9 key so they can tell my program to stop a piece of music/video or in a program that moves the mouse & trys to automate a process for you allowing you to stop it with the F9 key, mainly I have done this in vista to get to the screen which lets you put in wireless network stuff since windows for some reason keeps messing up not letting me put in the network key & instead brings up a dialog to type in username/password/domain even though it's a network key it needs. Also sometimes it asks me to press the easy setup button then click next which fails sometimes for an unknown reason & then still doesn't let me try a network key, so I have to go in there to set it up manually.

Also I did a memory editor/reader as well which was supposed to work to see if explorer windows or something had the right settings like on my video folders I like to show type of file, since I have videos i'm using to test IE9 & ones I just like to watch & then view big icons on video & music folders & then on the uninstall programs thing sometimes the top tabs dissappear, but I never found out how to edit explorer windows memory to tell location your browsing to tell what settings I want, or how to tell the icon mode it's using or even the tabs at the top showing like Name, Size, File Type, Date Modified, etc... that it lets you sort by & sometimes those tabs like to dissappear, which is why I want to make it do that. Right now Windows Media player shows a blank one at the top, Count, & then rating, for my recorded TV section under windows media player, and it won't let me add new ones, the blank one seems to be acting like Name, even though it doesn't say that on it, it's just blank. Although I wouldn't expect to be able to fix Windows Media Player with that unless I made a special one.

Anyways, if I knew other ways I would have went for them, such as I guess for the first one would be another way to do hotkeys that works when your program is not the active window, and for the second I guess possibly registry or where-ever that is stored at but if it happened to be one that needed administrator I would then need to switch back to memory thing or find a way to make the program start on startup with administrator priveleges so that way it can correct things as it sees them.

All programs I make though are used only for me or other people in my house & rarely get sent to others, other small things like registry editors was used to change small things like delete autocomplete history in windows media player, delete file location history of vista's background locations since I didn't want things to show up for background locations I don't want to use anymore or are empty now.

---All in all I would love to make it harder for malicious coders not to be able to make their stuff, but it can be hard to tell someones intentions & someone pointed out they could use other websites or search engines to try & find out what they are trying to do. Of course I will try & keep it off MSDN here & not help them, but likely they will figure it out still without out help here on MSDN.

Also, any other ways to do things I listed could maybe by PM'd to me or even this thing shortened or edited by an administrator if possible if one sees reasons, but even for myself things I wanted to do originally when I asked usually got abandoned & I did other things based off the code given since really most of the programs I make are simply for myself & I do try & stay on the legal side of things but without knowing every little thing that's illegal, I could have been trying to do some things that were illegal like trying to memory edit explorer & anything that could be illegal I expect someone to possibly tell me when I make a post saying my intended use for such a piece of code. Of course intended uses for something like keylogger or memory editor changes when I fail at something & then see another intended use for it.

Such as right now, memory editor/reader I don't use at all & I use the keylogger for detecting the F9 keypress & that's it, that's all I use that probably looked like they were for malicious uses but really weren't, I was just not good enough to see other ways to do things & decided to ask questions about keyloggers & memory editors.

When I get my mind set to a certain way being good I usually post about how to do it that way rather than asking a broad question like, how can I make it so once I go to my video folders that it will be large icon size & have type as a sort at the top of the window, or such as how do I make a hotkey that works outside my program so that they can stop/start video/music playback, although now I got a new keyboard which has a pause button that works for windows media player but not my program, so it would be how to get that key to work for playback, or probably still F9 key so if they have something paused in media player and intend on starting/stopping mine only it wouldn't also do windows media player's.

F9 was used since programs I use don't use that key for anything, such as IE, Windows Media Player & other programs I use most often.

Sonntag, 19. September 2010 11:44

0

Someone asked why kids want to write malicious code. A philosophical answer from an old hand....

When I was a kid there were no computers to hack. I managed to hack a phone system and make long distance calls for the price of local. Why? It was a puzzle to solve, a barrier to cross.

Years later I hacked into an IBM mainframe. It took hours and I got through to the operating system. Then I went to bed. Next day the hole was sealed up. Why did I do it? Another barrier to cross.

I think malicious code is a similar mindset - writing a virus is fun (yes I have done it but never released it). They could easily write a benign virus I suppose. They just don't see it as wrong. Even if there were serious consequences - losing their service or prison - that would not stop them. The answer lies in values and education.

Now I am getting fed up of removing stuff from my daughter's laptop, even doing a total recovery with great regularity.

Just my 1.9 cents

David

Sonntag, 3. Oktober 2010 14:31

0

Although I am totally against intrusions I'm afraid that I must come out favoring the free dissemination of information (obvious cases being an exception). The fact is that we are here to educate, NOT to decide who to educate. Of the people here I have been here the longest and if each person is the judge that works.

Renee

Montag, 4. Oktober 2010 17:11

Moderator

0

Hmm... this topic has gone on for a while and hence has gotten way off track...

The intent here was never to hide information or keep secrets. The intent was to remind people to think before they post.

CraziePenny had it nailed a while ago: you can give an example of a keyboard hook, but you should not give an example of a full keyboard logger.

It is silly to think that anyone is trying to keep secrets; as mentioned previously there's really no such thing. Of course you can find any information you are persistent in seeking...

Please go back to my original post and keep my original point in mind - this is just like homework questions; don't do their assignment for them, but do help them toward finding the answers on their own. All I'm asking is that we take the time to say "hmm.. this might be a homework question" or "hmmm... this might be a hacker posting", before we blindly start giving code examples.

I think most of the contributors to this thread understood that, but here's to the ones who apparently did not. =P

Reed Kimble - "When you do things right, people won't be sure you've done anything at all"

Montag, 4. Oktober 2010 18:43

0

The intent here was never to hide information or keep secrets. The intent was to remind people to think before they post.

CraziePenny had it nailed a while ago: you can give an example of a keyboard hook, but you should not give an example of a full keyboard logger.

Reed Kimble - "When you do things right, people won't be sure you've done anything at all"

I have to disagree.

The bottom line, for me, is an example I've used in exactly these threads where the user is asking JUST for the keyboard hook: Don't leave a loaded gun laying around on the floor of a kindergarten class.

The global forum is the classroom floor, the DotNET Framework with its simplistic-code to full-functionality is the gun, and the keyboardhook code is the bullet in the chamber.

For example: It takes about 5 lines of code to make a function that writes a string argument to a logfile (give or take a few lines for formatting and various other string functions). This is absolute beginner stuff. Add a keyboard hook and show the poster how to use the callback function, and you've got keylogging malware.

I'm not advocating the keeping of secrets. The fact is that before I came up with the skillset and understanding required to write a keyboard hook using the Windows API, I had to do a lot of work in and around that area that ultimately started with writing to log files and grew from there into an understanding of ASCII byte values versus System.Char versus System.String versus System.Byte - that was an awful lot of programming done every day and when I finally did write code to hook the keyboard I did in fact need help, but the help I needed was understanding how to build a Structure in VB.NET to pass and return parameters from API functions. These kinds of questions related to a keyboard hooking procedure are the kind I would answer off the cuff and without a second's hesitation.

The ones I absolutely won't even consider answering are the ones that come out of clear blue sky with an obvious lack of understanding of any underlying concepts or technologies. Where all the person asking the question knows is that they want to hook the keyboard, only God knows what they'll end up doing with it, which goes back to a kindergartner picking up a gun off the floor and pulling the trigger.

It never hurts to try. In a worst case scenario, you'll learn from it.

Montag, 4. Oktober 2010 22:52

0

Andrew,

To start with I learned how to use the keyboard logger from an example code. I studied for a while and could not grasp what was being said in the MS pages. I finally went to another site and got an example to study. This was because I asked a question here and got the malware responce so I said the hick with and went to another site i used that site for quite a while before I came back here and only came back because I have friends on this site. But I should not have had to go to another site to get the information I needed so I that could study the code. I look at the person's profile before answering about the code that is used in hooks etc. But if that person is not real new to these forums and if everyone else won't answer him then If I can I will,. And I will use code to answer. If Microsoft doesn't want me to answer those type questions then I guess they can ban or send me a email informing me not to post it. I don't think they will do either because nothing I have read from MS has given any indication they don't want that information posted.

I have no control over who sees those post and if they use it for malware then they would have got it from another site anyway so what is the point of not answering. Not answering would not be logical because the information is out there and easily found so all we are doing is running people away from this forum by not helping.

Are you really helping to prevent malware? No your not, see all I did was look and I found my answer with a search. So all you are accomplishing is to cause people not get the answers in a way that might guide them and really help them understand.

Curtis

Always Lost in Code, Always mark answers as correct if they answer you question and solve your problem. This way others when searching for similar problems can find the answer faster.

Montag, 4. Oktober 2010 22:58

0

Andrew,

Are you really helping to prevent malware? No your not, see all I did was look and I found my answer with a search. So all you are accomplishing is to cause people not get the answers in a way that might guide them and really help them understand.

I am, yes. Your choice to load the gun and drop it on the floor is not my responsibility.

It never hurts to try. In a worst case scenario, you'll learn from it.

Montag, 4. Oktober 2010 23:07

0

About a year ago, Rudy posted a similar thread.

For the longest time I was on the side of "No! You're wrong! I want the knowledge, so don't be that way!", then finally - after weeks - it dawned me just exactly what he was saying and what his point was:

What the person asking for (and/or why they're asking) isn't even relevant; it's what someone else might later read as this is an open forum. Then, armed with that knowlege, what that someone else may able to do with it.

There is not an easy answer to this quandary - it's not black and white at all, but it is something to consider.

Montag, 4. Oktober 2010 23:30

0

I have to disagree because this is not a loaded gun or even something that can harm some one. Harm there computer maybe if they are stupid enough to load software from some body without checking them out first. I have gotten malware and continue to get it occasionally from songs or some email. But that is my fault for not checking the site I downloaded from out.

As to the gun you so foundly use in your quote. I was taught about guns before I was hardly big enough to walk. So it is up to us to teach our children and if we teach them correctly they will not play with them. The same goes for malware if we teach the potential malware person about malware and what it can do then the majority of kids would not do it. So your logic does not hold true.

If your are going to help then help if not then don't. It is you that is losing by not helping. Yes you may accidently help some with malware. But that is a chance you take by answering any question.

We can not police the internet for people. This is would be just like our police force acting on the assumption that someone is going to commit a crime and arresting them before they commited the crime. We all would be in jail then. You will always have malware no matter how much you try to prevent it.

As to it being posted and some one else seeing it later then that is like the above acting on the assumption it will be used for malisus purposes. The only reason this forum exists is to help people understand how to code and help with thier problems. If we are not going to help them understand then why even bother helping at all because 90 % of the applications that are writtten will need to use some type of code that is in the forbidden zone. And if we will not help them then why should the forum exist?

Curtis

Always Lost in Code, Always mark answers as correct if they answer you question and solve your problem. This way others when searching for similar problems can find the answer faster.

Montag, 4. Oktober 2010 23:33

0

We can not police the internet for people. This is would be just like our police force acting on the assumption that someone is going to commit a crime and arresting them before they commited the crime. We all would be in jail then. You will always have malware no matter how much you try to prevent it.Curtis
Always Lost in Code, Always mark answers as correct if they answer you question and solve your problem. This way others when searching for similar problems can find the answer faster.

So by your logic, nobody should lock their doors and we should all leave our windows open 24/7 and our keys in the ignition - GOD FORBID WE MIGHT MISJUDGE SOMEONE WHO MIGHT WALK DOWN THE STREET WHILE WE'RE SLEEPING!!!!

If that's profiling, nominate me for the legislature in Arizona.

It never hurts to try. In a worst case scenario, you'll learn from it.

Dienstag, 5. Oktober 2010 00:18

0

That is not the logic of my statement. The logic is simple you can't protect people by not answering questions. By not answering your not protecting anything but your own bussiness by not helping someone who might write a program that competes with your's. This is the only logic I see in with holding information and this is what most you are doing either by design or otherwise.

As for protection you have to protect your own in anyway you see fit and this is up to the individual. For me my doors are never locked, come on in and if your hostile you will not walk out, plain and simple. Locked doors mean nothing to the criminal and the best you can do about this is just be obsvervent and take action when you have too.

Everyone thinks that we have police or the laws to protect us. What we actualy have is nothing that protects us but us and the actions we take. The police cannot act before a crime is commited. Where is the protection in that none. Oh your say yes there is because it is a derterrent. Deterrent to who the honest people? The criminal pays no attention to the laws. Why do you think we have such a high crime rate.

So any thing you do as a deterrent to malware only hurts the good people just as the laws that govern us hurt the good people because the good pepole are the only ones that follow them and this hurts the good people because in most cases it cost them more money to stay with in the law. That money might be needed for things like food. But does our government care? Sholud we care about the other forum users that are trying to learn so they can earn a living or follow the logic or I should say illogic of our goverment?

Anything can be misqouted and I could misquote your logic as you have tried to do to mine but I don't operate that way. I tell like I see it and that is that it is illogical to believe your are deterring maliuos coders by not posting code that falls into this catagory. Because they are like criminals and will find a way easily by just searching the internet.

Curtis

Always Lost in Code, Always mark answers as correct if they answer you question and solve your problem. This way others when searching for similar problems can find the answer faster.

Dienstag, 5. Oktober 2010 13:26

3

Hi Curtis. This is not an official Microsoft position - the fact that this is a sticky thread was the free choice of a moderator. You are of course welcome to answer any type of question you want, and if you've written something particularly dangerous it is a moderator's job to determine if it is appropriate or not based upon MS codes of conduct.

This thread's underlying intention was to help make people be aware of the potential to inadvertantly aid those who write malicious code. To portay this as a "why does the forum even exist" question I think is entirely blowing the issue out of proportion. We all know that the value of a robust forum is more than just the practice of self-policing.

If you feel strongly that this is a misdirected or naive approach then most people here who believe as myself and Andrew will respectfully agree to disagree. Others will whole-heartedly agree with you. The overwhelming majority probably have chosen not to read this far down the thread to even form an opinion. This thread is an editorial and not an edict.

Dienstag, 5. Oktober 2010 23:37

0

I'll write a bit of a confession in order to clarify things abit. I've been a computer professional since the seventies. Before such a thing as the internet existed, I used to ask "what if?", questions around potential security holes. DECs systems were very advanced. They were all on our private network of about 60,000 nodes. As part of the OS we supplied mail and Vax phones.

One night I wrote some software that took a snapshot of the network where it was and sent this picture back to me and propagated itself. I sent it out and the return was awesomely frightening in term of it's sheer power. Remember, that these were 1 MIP machines. (They did not seem slower than the machines we have today.) Just the power behind these systems really frightened me so much that it killed ALL curiosity in me. I thought I would share the results of that evening, here, for the first time. Because all I can say is that it was actually frightening. The power and experience was strong enough that I never tried again and I wanted to share that here, in case, someone is thinking about trying.

Renee

Samstag, 30. Oktober 2010 19:26

0

--There's an old saying, "Locks are there to keep honest people honest." I believe the same holds true for code.

In my younger years, my friends and I nearly proved the provereb, "Curiosity killed the cat." on many occasions, by fooling around with things, that, at the time would have gotten a scolding from adults or police about being "Stupid kids" that were going to "get ourselves killed". These days we'd find ourselves in prison as "suspected terrorists". We weren't intentionally trying to cause harm, we were just curious about things we'd heard about and wanted to see if they really worked. Nowadays, I'm a little more careful about just how far I let curiosity go.

I too have gone online in search of "potentially malicious" code and/or techniques. I lost two computers to teenagers who kept downloading Limewire, and other dubious things (and getting lots of viruses in the process of using them). Despite my best efforts to block the websites, there were just too many places for them to download these "free" programs from - so I went looking for a way to disable Internet Explorer completely on their account - I was unsuccessful (though I did find out there are a lot of ways to access the internet besides clicking the IE icon). Had I come here, I would have requested info on monitoring internet activity and disabling the Internet connection and would most likely have been seen as a "wolf in sheep's clothing". Now they have their own computers (that they purchased), and have discovered for themselves the "joys" of what happens when you don't "think before you click".

"If in doubt, don't do it." - Or like somebody else here has already implied regarding "homework problems" - speak in general terms, don't get real specific, be intentionally vague if necessary.

Samstag, 30. Oktober 2010 19:35

0

Is that like the logic of, "Teenagers are going get booze somewhere, so what's wrong with their parents giving it to them, or liquor stores selling it to them?" :^D

Samstag, 30. Oktober 2010 19:53

0

I know a conclusion (note that I did not say 'the conclusion') but you failed to put yours in your well wriiten story.

The conclusion I have is that it is for people to be honest and not try to gum up the network with viruses and worms. They are an abomination. It is not good of microsoft too put in more protection than we need, such as we have now.

Renee

Montag, 1. August 2011 22:52

0

in short, we are not preventing the world from being "hacked" by withholding what is already out there. it is an illussion.

Hi Jeff,

No we are not, but if you do not post code that could be used in a very malicious manner

that may already be out there somewhere on the internet

then you reduce the chance of full malicious software being created.

That is what decent coders hope for and like to see in these forums. :-) :-D ;-) :)

Regards,

John

Click this link to see how to insert a picture into a forum post.

Installing VB6 on Windows 7

XNA is coming to VB.Net

App Hub forums

Montag, 1. August 2011 23:33

0

in short, we are not preventing the world from being "hacked" by withholding what is already out there. it is an illussion.

Hi Jeff,

No we are not, but if you do not post code that could be used in a very malicious manner

that may already be out there somewhere on the internet

then you reduce the chance of full malicious software being created.

John That is an illusion also, that it can be reduced by not posting certain code.

I don't believe that this not posting any code that aid malware is solely purpose of reducing malware. What I beleive the true purpose of these restrictions is to advance the MS partners income by reducing the knowledge of the regular guys that are not partners and that this reduction of malware is really a blind just being used for this purpose. I also believe if MS could see more profit from making this type code available then it would be going full blast in that direction. Make no mistake MS is in this for the money as several people has indicated various times.

Because I stated this, this message will most likely be deleted.

But you know I have gotten to the point I really don't care. There is several people that should have gotten an MCC that did not get it and quite a few that got it that should not have and not because of thier feelings on malware either.

John I don't mean that you should not have gotten MCC because you should have. I am not speaking about me either because I have no use for it or MVP status. I have never answered any question to gain anything and don't care about the medals or ranking. I am not at a level that I believe is needed for these positions.

Then you see people marking their posts as answers(which May or May not Answer the question) but that is for the OP to decide if it answers his question, not the one answering.

When you take all of the things that is happening on these forums and then restrict what can be posted code wise. What have you got left? A bigginer forum.

Curtis

Always Lost in Code. Always mark answers as correct if they answer your question and solve your problem. This way others when searching for similar problems can find the answer faster.

Dienstag, 2. August 2011 00:03

0

Hmmm so far in this topic I've not seen anyone mention licencing. Should the code/solutions provided in these and other public forums be considered 'open source'/'public domain' or perhaps more akin to the restrictive EULA's of most commercial software (including, but not limited to, from MS)?

I ask because I'm wondering how much code published in these ad other public forums actually ends up in other software. For example, I recently download one of the source projects from these forums that very neatly solves the problem of generic scanning for files (MP3s in my case) - and I am looking at the source code of the project to see how I can adapt/adopt it for use in my own project. I'm quite willing and happy to credit the authors of said code for that which I use but that got me thinking about licencing issues. I may/intend to eventually release my own project as Open Source using one of the OSI approved/GPL open source licences. Such licences allow not only the free distribution of sw but also allow users to modify and patch and freely distribute the modified sw.

One advantage of 'Open Source' sw is that weaknesses and possible malware are often quickly found and pointed out [and somtimes addressed/fixed] by the 'Open Source' community. I suspect that one of the reasons for so few viruses/malware for, say, Linux and MacOS is because much/most of the sw is 'Open Source'.

Just a thought.

Allan

Big Al

Dienstag, 2. August 2011 00:40

0

John That is an illusion also, that it can be reduced by not posting certain code.

I don't believe that this not posting any code that aid malware is solely purpose of reducing malware. What I beleive the true purpose of these restrictions is to advance the MS partners income by reducing the knowledge of the regular guys that are not partners and that this reduction of malware is really a blind just being used for this purpose. I also believe if MS could see more profit from making this type code available then it would be going full blast in that direction. Make no mistake MS is in this for the money as several people has indicated various times.

Because I stated this, this message will most likely be deleted.

Do you realize you've gone from "The Fed Can't Touch Me" to "MS Is Out To Get Me" in a space of 2 posts. Are you actually serious?

When I started as a DotNET programmer, I did it with a free VB 2008 Express Edition. I used this forum extensively. I learned stuff. When I asked for help hooking the keyboard as part of a universal macro-creator/editor application, I was told everything that I've repeated here; I looked around the net and I found something I could adapt to my needs, and it was quite a bit later that I developed the attitude I have now toward posting risky code to the net. I didn't become an MS Partner until last year, and I sure as hell didn't get an MCC this year because I became an MS Partner.

Moreover, I don't get paid by MS and I don't exactly help MS make any money by being an MS Partner; all an MS Partnership means is that I do a lot of business with people who use a lot of MS products, and I've signed up for free educational materials regarding MS Licensing schemes. That's it. There's no conspiracy to deprive you of code, just people trying to make themselves more valuable to their clientele.

It never hurts to try. In a worst case scenario, you'll learn from it.

Dienstag, 2. August 2011 00:52

0

One advantage of 'Open Source' sw is that weaknesses and possible malware are often quickly found and pointed out [and somtimes addressed/fixed] by the 'Open Source' community. I suspect that one of the reasons for so few viruses/malware for, say, Linux and MacOS is because much/most of the sw is 'Open Source'.

Actually it's because 100% of Linux machines are run by 1 of 2 groups of people: Hardcore professionals who have locked everything down so tight a virus couldn't accomplish much even if it got in, and out-of-work geeks without any money. Then most of the people who design malware are the ultimate in cowardly thieves; they're also definitively lazy and inept. Designing malware to infiltrate a dedicated DNS server would require real, actual work... even dedication to the craft; but they don't want to work and they want money.

That makes Windows products prime territory, because it costs real money, it's run at home by individuals who don't have the faintest idea what all back-end internet-open services are running in the background, and it's run by businesses whose IT guys would be writing malware if they were willing to work that hard.

But maybe I'm just full of it: There was some Linux distro which was distributed over 10,000 times and in active use for years and years before they even discovered a rootkit was embedded right into the official distribution pack. Maybe the truth is that if there was an adequate antivirus for Linux systems, we'd know there are just as many malware products floating around those as there are in Windows machines.

It never hurts to try. In a worst case scenario, you'll learn from it.

Dienstag, 2. August 2011 04:28

0

Yes I am serious and no one is out to get anyone what i said is a very basic truth. MS is 100% for MS making money, that is true. In order for MS to make money they have to satisfy their partners, that is true. In order to satisfy thier partners the have to give them the edge over everyone else, that is true. Now read in between the lines of what is obivious. Then tell me it is not to the partners advantage if this type code is not posted.

You know I sat here and wrote a full explaination of the data I have gathered and the reasoning behind my statements. But on second thought I don't believe that it would do any good to post it because you and the rest that is for censorship of code have already made your minds up or have been taught this way and nothing anyone can say will change it. Or you have a vested interest of some sort in proceding to censor code.

Curtis

Always Lost in Code. Always mark answers as correct if they answer your question and solve your problem. This way others when searching for similar problems can find the answer faster.

Dienstag, 2. August 2011 04:44

0

Yes I am serious and no one is out to get anyone what i said is a very basic truth. MS is 100% for MS making money, that is true. In order for MS to make money they have to satisfy their partners, that is true. In order to satisfy thier partners the have to give them the edge over everyone else, that is true. Now read in between the lines of what is obivious. Then tell me it is not to the partners advantage if this type code is not posted.

You know I sat here and wrote a full explaination of the data I have gathered and the reasoning behind my statements. But on second thought I don't believe that it would do any good to post it because you and the rest that is for censorship of code have already made your minds up or have been taught this way and nothing anyone can say will change it. Or you have a vested interest of some sort in proceding to censor code.

Curtis

Always Lost in Code. Always mark answers as correct if they answer your question and solve your problem. This way others when searching for similar problems can find the answer faster.

Foremost, the MS Partner program is absolutely nothing but an educational courtesy they provide to me, you, and everyone the same way they provide MSDN and TechNET. Membership in the program is the end of the list of benefits to members of the program. Don't believe me? It takes an email address to join. No, really. AN EMAIL ADDRESS. Go sign up, look at what's available, and then come back here and feel free to spout this offensive nonsense of yours about the great Partner Conspiracy with something less than complete and abject ignorance.

I actually took the time to spell out more of my data and reasoning speaking as an actual MS Partner, but I'm sure MS Employees would simply find it derogatory and frankly even though it's 100% true, it's also 100% derogatory, so I came back after 20 minutes and edited it out; either way I'm sure you're right and my data disagrees with what you've gathered, CurtisUN, because you evidently get your info from a crack pipe.

It never hurts to try. In a worst case scenario, you'll learn from it.

Dienstag, 2. August 2011 11:13

1

Curtis, Andrew

I am reading your post and I think that the problem is not "Censure" or "No Censure"

It has to be a limit to what can be posted in a public place.

I know some code that will shut down Norton, McAfee.. I know some code that will put almost any web site down, .. I know code for some logger that are powerfull enough that you will not even be able to look at your computer without my knoledge, . With the information send to me real time on my screen. I know how to send you an email that realy appears to be coming from someone else

Should I post this info here? I dont think so, tomorrow you will have your bank account empty and 100 illegal immigrants will be living with your identity.

The question is not censure or not, it is where we start to censure.

You are often referencing the code for a logger,.. To me a logger can be the worst of all code. There is no possible way to protect yourself against that, it will bypass encryption, logging form, antivirus, or anything. and the result not to lose info in your computer or have your web site down, It steal all your life, you money, your credit, your identity.

Just ask someone that experienced the consequences of it to see if we should post a logger

Luc

Dienstag, 2. August 2011 11:28

0

Well Crazypennie- as usual your posts are provocative for thought.

Remember that I've been advocating thought on the part of each person on what they published otherwise all mayhem will break loose. What if unsuspicious looking code has malware in it and it get's by the microsoft people? Or the microsoft people are so tight that suddenly code here becomes very boring?

If we do not do some of our own self policing...I think WE stand to lose a whole lot.

Renee

Dienstag, 2. August 2011 14:16

1

Regarding asking someone the consequences of keyloggers. I once, not long back, have experienced one (source still unknown) which compromised one of my email accounts which was subsequently used to spam people - I tried changing passwords to no avail and told my friends to mark any email coming from that account as junk. I tried everything I could think of to stop the spamming (which was not by me I hasten to add). So I eventualy resorted to the old method of reformatting the PC - including removing all partitions and starting fom scratch. I had the foresight to boot up a Linux Live CD in order to do this. Now the said email account is no longer compromised (and I changed the passwords on any and all of my accounts - again while booted from the Linux Live CD). Since that incident I'm even more careful nowadays - e.g. I have just bought a brand new PC, I no longer use external HDs or USB memory sticks on any of my (now four) PCs that have ever been used on other PCs and I have also made some utility CDs (Hiren, gparted, etc.) for use whenever I have to sort out a computer for someone (which I get asked to do at times). The 'keylogger' had somehow gotten onto my PC despite my firewalls (both HW and SW) and av package and other security ware - e.g. malware bytes, CC cleaner, MS malicious sw remover MS Baseline Security Analyser, etc. etc. And I am/have always been careful to try and avoid 'dodgy' sites (e.g. porn sites, warez sites) and dodgy sw (e.g. so-called driver detectives and the like). I never install more than one av package on a PC at the same time - but I do occasionally swap AV packages and do full scans just to try and be sure. I have, since that incident, also constructed some bootable CDs with minimal live OS's and with av packages on them which can be booted from and will scan the booting CD for malware. Even close inspection of various logs didn't indicate where the keylogger came from (or even any of its activities). 'System restore' didn't eliminate it either. So, obviously I would NOT like to see source code for such keyloggers (and similar sw) publicly posted. When OSs weren't the behemoths that they are now I used to reformat my HDs and take my PC back to factory settings/state typically every month. I am considering going back to doing that with my new PC. Despite the time and effort and stress of starting from scratch each time and replacing everything.

Allan

Big Al

Dienstag, 2. August 2011 14:28

1

A keylogger sounds heinous and I like the idea of putting systems on USB keys.

However, if people did what I advocated and THOUGHT about what they are posting we would not see keylogging code or other malware on this forum.

I am doing something unheard of...I am asking people to be responsible. If we don't, Microsoft will. Institutional responsibility does not grant the freedoms that we grant to ourselves.

Renee

Dienstag, 2. August 2011 15:49

0

Between Renee and Crazypennie, thanks very much for putting it in perspective. Personal responsibility, accountability, and having enough sense to keep yourself out of trouble is the whole point.

Thanks also to bigal69 for recounting a personal malware-related experience; that right there is exactly what I mean about leaving loaded guns lay around.

How would you feel if you knew you had that experience because someone posted risky code at MSDN? Or how would you feel knowing that 10,000 people suffered the same nightmare because of something you posted at MSDN? That is what this thread is about.

It never hurts to try. In a worst case scenario, you'll learn from it.

Dienstag, 2. August 2011 16:05

0

Andrew,

I've been saying that since the begining of this thread.

Is my mind playing tricks on me or is there a post from jeff during 2010? Didn't we loose him before I went to the hospital in 2008?

Renee

Dienstag, 2. August 2011 16:09

0

Is my mind playing tricks on me or is there a post from jeff during 2010? Didn't we loose him before I went to the hospital in 2008?

SRSoft Jeff? Multiple posts from him in this thread, 2009-2010. I'm sure I've seen him post in the past 12 months in other threads too.

It never hurts to try. In a worst case scenario, you'll learn from it.

Dienstag, 2. August 2011 16:17

0

Straying slighly off-topic for a minute, I have for a long time wished that the IT industry would get around to producing a safe and secure PC. The fault for the state of things nowadays stems from early system designs where the emphasis was on getting PCs to talk to eah other - e.g. serial ports, ASCII, and eventually networking etc. But little or NO attention was ever given to security. The result, is that we now have the crazy situation where we rely on bolt-on sw to protect us from other sw. I would dearly love to see a PC along the following lines. It would have two (or more) separate CPUs (not just multi-cores). The OS would have it's very own processor, ROM and RAM which would NOT be physically connected in any way to the user processor(s). The OS and its sw apps. would be on ROM and accessible only from the OS's processor - not from the users processor(s). The OS would NOT be installed onto HD (or anywhere else writable). The processor(s) for the user would NOT even be able to see/read the ROM based OS or its ROM.

The bulk of the code in the OS ROM could consist of sw that monitored all user procesor(s) activities and actively prevent the user processor(s) from doing anything damaging - i.e. the user processor(s) would be well and truly sandboxed. All OS calls would have to be done from a well protected API/interface (similar to the &H005 call in CP/M) or Int 21 in DOS etc. That would be the ony way that any user ran sw could interact with OS.

There would be no installable sw drivers. All hw would have its own driver onboard on ROM with a suitable sw interface for the OS to use it. All 3rd party sw would be sandboxed (something along similar lines to, say, Java apps.) The actual OS processor would be of unknow type and not have its opcodes ever published (and there would be NO way for the user or user processors to give it executable instructions anyway).

Going to the extreme - it would also be possible to make such a machine NOT have any excuatble code other than, say, byte code (Java style or BASIC token style) which te OS's byte-code interpreter would run in a kind of VM.

Of course people will say that means that the OS cannot be updated in real-time (true, but if the OS is properly written in the first place, updates and service packs etc. would be unncessary). And as for new hw developments, like I said, it's hw device would have it's own device driver on ROM.

The hd would be non-bootable - so if you want to use an alternative OS, you would have to boot it from, say, CD or memory stick (even if the majority of the alternative OS is put on HD).

That to my mind would be the start of a safe and secure PC and then, if such PCs became the norm, adequate policing of the internet and of intranets would be a much simpler task.

Those are just a couple of ideas/thoughts/wishes that I have for a safe PC. Until then, I think that we, as helpers and code providers, do have to act responsibly when offerig advice, posting code etc.

Allan

Big Al

Dienstag, 2. August 2011 16:29

0

" I'm sure I've seen him post in the past 12 months in other threads too."

That can only mean one thing: HE"S ALIVE!!!!!!!!

I thought the world of him! We've go to find out more.

Renee

Dienstag, 2. August 2011 16:37

0

"have for a long time wished that the IT industry would get around to producing a safe and secure PC."

You wrong there, bigAl. Digital's VMS was secure AND we also had privileges to get around security. Actually I fully support taking pc's away from people who do us harm.

Security slows us way down. We have to pay for the sins of the sinners. I think security has gone way over board without a privilege system for the honest people to actually do work.

But take this up on a different thread please.

Renee

Dienstag, 2. August 2011 16:48

1

As I'm learning C#, I have the full source code to LOIC (DDoS Client by Team Anonymous). I read it to learn ethical counter-hacking practices. Its not bad to have it, its bad if you use it the wrong way.

The whole point of these guidelines was to convey that. Would you be fine posting code that can be modified easily to something malicious? Like Renee said, its up to you to decide whether or not to post.

If there asking for something deemed as a key logger, are you going to the full code for everybody to see? Yes, it may already be on google with a simple search as "VB.NET Key logger code". Sites that display malicious code other than the MSDN we cannot control. But by limiting how much google shows by not posting malicious code will decrease the rate of hackers looking to leech code.

On the other hand, most hackers I know of don't even leech. They work 24/7 on programming VIP hack tools. They may look at code online for reference, but most of it they will write completely by themselves.

Basically, there are 2 kinds of hackers. The leecher, and the professional. The leecher is a "script-kiddy" who copy/paste code in hopes the program works. The professional does everything from scratch.

By not posting code that can be used maliciously, we essentially can reduce "leechers".

- Jordan

If you find an answer helpful, click the Helpful button. If you find an answer to your question, mark it as the answer.
www.metasdevelopment.com

Helpful Links:

Visual Basic for Applications (VBA) Information
Visual Basic for Applications (VBA) MSDN Forum
Convert C# to VB.Net

Dienstag, 2. August 2011 18:21

0

Didn't we loose him before I went to the hospital in 2008?

Renee

Renee,

Before this gets too far, you have your dates wrong:

http://social.msdn.microsoft.com/Forums/en-US/Vsexpressvb/thread/dfed8711-ddf2-491f-b9f8-40c0e46af691

...no, sadly - he's gone.

Dienstag, 2. August 2011 18:38

0

Jeff was a good friend, we communicated a lot via email his last post was in May - 2010 but the forum has it listed as 2 months ago. So your mind is not playing tricks the forum could be though.

Curtis

Always Lost in Code. Always mark answers as correct if they answer your question and solve your problem. This way others when searching for similar problems can find the answer faster.

Mittwoch, 3. August 2011 00:47

0

"Monday, June 28, 2010 2:34 PM"

Something is wrong Curtiss. I was hit July, 2008. I believe Jeff was already gone then. I would have been REALLY upset to loose jeff

While this was going on. Are you absolutely sure?

Renee

Mittwoch, 3. August 2011 00:58

0

Curtis has said the dates are not correct. What I'm asking however is...Curtises date wrong also? If he died in 2010, that was would his loss after I was hit by the car. I don't think I had been hit yet when we lost Jeff.

Renee

Mittwoch, 3. August 2011 01:06

0

Curtis has said the dates are not correct. What I'm asking however is...Curtises date wrong also? If he died in 2010, that was would his loss after I was hit by the car. I don't think I had been hit yet when we lost Jeff.

Renee

Renee,

It sure would help if you'd direct your responses - if you don't want to quote them, then at least explain who you're talking TO.

I'll assume that's to me based on my earlier reply wherein I posted a link back to one of your older posts in the VB Express forum.

I recall it - Jeff and I talked in e-mail periodically.

You originally posted the notice in the VB Express forum, then later in this forum and when you posted it in this forum, I as much as replied saying "you misspelled his last name!!"

I don't recall the date specifically, but what I found that I posted from your post then matches the "about when" in my recollection.

Mittwoch, 3. August 2011 01:22

0

Renee,

Yes I am sure Jeff's last post was May/2010. I recieved the last email I got from Jeff on 7/28/2010 just before his passing away. He had not posted for about two months.

Curtis

Always Lost in Code. Always mark answers as correct if they answer your question and solve your problem. This way others when searching for similar problems can find the answer faster.

Mittwoch, 3. August 2011 01:29

0

Wow....I don't know how I survived that!

Renee-whi just sent Curtis a note.

Mittwoch, 3. August 2011 01:31

0

As to the dates being wrong it is wrong only in his profile page not on the actual posts I went back and checked.

It said his last post was 2 months ago not 1 year and two months.

This is where the date was wrong. So I check and there is another Jeff but Jeff wwwSrsoft and the last post was here on this thread in June 28 2010 so his profile is even wrong about when he last posted.

Curtis

Always Lost in Code. Always mark answers as correct if they answer your question and solve your problem. This way others when searching for similar problems can find the answer faster.

Mittwoch, 3. August 2011 01:42

0

I once, not long back, have experienced one (source still unknown) which compromised one of my email accounts which was subsequently used to spam people...

Allan,

Not to in any way mitigate your experience, but what you describe here actually doesn't sound like a keylogger at all. Not saying that it wasn't, but it fits the "MO" of something unrelated to you or your computer.

It actually sounds more like a Trojan on someone else's computer. I can't now recall the name of this type Trojan, but I'll explain how it works basically (this was discussed at length in another forum years ago when it first hit the streets, and before Norton and McAfee caught on and quelled it to a large extent):

Someone that you know uses MS Outlook for e-mail and has you in their address book. This someone has this Trojan. The Trojan's job is simple really - it will look through that person's Outlook address book and grab a name/e-mail address at random. That becomes the "From". It will then send the spam e-mail to everyone ELSE in that Outlook address book.

It's never happened to me - yet - but it has to people I know which is what started the topic all those years ago. If I'm right, it actually has nothing at all to do with you other than, sadly, that you were victimized by it.

Mittwoch, 3. August 2011 02:48

0

Hi Frank

I can't swear to it being a keylogger (as I don't really know for sure what it was or where it was from). But a couple of points - one, when the email account first started spamming people I triple checked my PCs by running every bit of anti-malware I had in my possession - including using and changing AV packages and full scans. I did system restores to earlier dates. I tried changng my email accounts passwords. But the [one of several] email acount was still being used for spamming - and by then I'd already informed friends to junk any email from that account. Eventually 'MS' emailed me and said that the account was being deactivated (I'd never had an email like that before from MS) - so I stopped using the account. I had obviously already looked at what was running on my PCs in task manager. I'd used msconfig to stop any unknown/strange startups (there were known showing). But friends told me that they were still gettinig spam from the account. At that point I knew that that particular email account had definitely been compromised. That's when I decided on the drastic action to boot up from a Linux Live CD - delete all partitions from both drives (of my then main PC), change all email account passwords (while still booted from the Linux CD), repartition the hard disks (I had two physical HDs - one for Windows and one for Linux) and reisntall both Windows and Linux from scratch. Then later I got another email alledgedly from MS saying to log-in to the account to re-activate it (it had, according to the email, been de-activated due to several unsuccessful unauthorised attempts at trying to log in according to MS and hence the terms of using hotmail had been broken by me in that I hadn't kept it secure or some such). Anyway, some days/weeks later I reactivated the account by succesfully logging into it (directly, not from any email links). Later another email again purporting to be from MS said that I had to supply the new login details etc. - of course I ignored and deleted it. But since wiping the HDs, reinstalling Windows and Linux, and changing account passwords after booting from the Linux Live CD and signing in using Linux I've not had any trouble with the account. So I've 'assumed' that it was a keylogger/trojan that I had somehow picked up - possibly/probably because of using an external hd/usb stick to help sort other peoples PCs (as well as occasionally using them on my own PC) - but again I can't say for sure what the actual source of the malware was. Technically, it could have been on some remote computer - BUT since the email account was still being used despite a simple passsword change from me I've always suspected that a keylogger was involved somehere along the line. The really annoying thing is that I am normally SO careful regarding my own machines but unfortunately the other people whose PCs I from time to time sort definitly are NOT security conscious. So now I've resolved to ONLY use CDs when helping others - and to taking my external USB DVD writer drive with me if necessary to read the [finalized] CDs - rather than risk using ANY writable media like external HDs, memory sticks, etc.

That pretty much describes my bad experience of malware problems of only a few months ago.

Allan

Big Al

Mittwoch, 3. August 2011 02:57

0

PS Another thought that went through my mind is that I may have signed into the email account on someone's elses PC while sorting it - and that may have had a keylogger/trojan - but I dismissed this scenario due to the fact that the email account was still being compromised despite an initial change of account password uing my own PC,

Whatever the malware is/was it was very effective and damn well hidden. At one point I thought about writing some sw to generate my own checksums for every file on my PCs using my own algorithms to generate the checksums. But given the difficulty I had just accessing ALL files - I kinda put that project on the back burner. But now that I know how to access all the files programmatically, I might actually write some security sw of my own.

On one of my PCs - I've taken to installing/running OS's inside VM ware (again, in order to minimise any damage that may arise in future from malware).

Allan

Big Al

Mittwoch, 3. August 2011 03:00

0

Hi Frank

I can't swear to it being a keylogger...

Hi Allan,

It's anyone's guess, but what you said still doesn't mean that my supposition is incorrect (nor does it mean that it's correct - one cannot prove a negative).

It doesn't need or use your login information - it only uses your e-mail address and name, that's all.

Dang - I started to write how it might could be one with .NET ... ha!

... nope, won't do that ... but think it through. It's NOT you, it just purports to be you in order to fool the recipient into thinking that it's safe. If they actually traced the sender info back, it would show that it's not from you and never was.

Mittwoch, 3. August 2011 03:16

0

Hmmm you could be right - and I don't know whether I'm much relieved or much more alarmed if indeed you are right.

One thing I will say is that nowadays the web/internet is more like 'noon at dodge city' than it ever was before.

One difficulty I forsee in trying to track the senders of the spam is that I have a variable IP account - by choice, since I don't host any web services on my own PCs.

I used to occasionally use torrents but nowadays I don't use any P2P/file sharing sw at all - as it did cross my mind that using P2P kinda broadcasts your IP.

Allan

Big Al

Mittwoch, 3. August 2011 03:51

0

Hi bigal69,

In case you don't know this.

In emails the spoffer's actual sending address can most of the time be found in the details .if you right click on the email and then select details it will give all the data about this email, the return address of who actually sent the mail. But this can be altered fairly easily to make it look like some one else sent it. There is web sites that is dedicated to making emails appear as if it was sent by someone else. I recieve these all the time. If the sender and reuturn address is not the same then I do not open the mail. I just block it because if I don't know them then it most likely contains a trojan or data minor.

Also The only antivirus I use is Microsoft Essentials with the firewalls setup correctly. I have been using this for two years and have not got a virus yet. It has caught several and isolated them. Before I was using Nortans and I had to format my drives and reinstall my OS several times due to viruses getting thru.

My suggestion is use the MS essentials it works for me and it is free.

Curtis

Always Lost in Code. Always mark answers as correct if they answer your question and solve your problem. This way others when searching for similar problems can find the answer faster.

Contributors: How to avoid aiding the development of malicious code

Alle Antworten

Most Popular

Regards, John

Regards,

John