Contributors: How to avoid aiding the development of malicious code RRS feed

  • General discussion

  • I would like to ask our community to take a brief moment to consider the outcome of answering a question before doing so. Sometimes a question can lead down a path to examples of how to create malware applications, and that is something we want to try to avoid. There are a few key things we can watch out for which would often indicates a question about malicious code intent. First, watch for requests to do network communications that violate one or more RFC documents (e.g. How do I spoof my IP address?). Second, watch for requests on automating other websites - a quick check of the other site's AUP or TOU will typically tell you if the automation is permitted. Third, watch for requests that appear to want to harvest data from the web, without following the typical procedures for a web crawler (bot).

    I would also ask that everyone take a moment to review the TOU for this site:

    Please note the paragraph under "MATERIALS PROVIDED TO MICROSOFT OR POSTED AT ANY MICROSOFT WEB SITE." which states:
    "By Posting a Submission you warrant and represent that you own or otherwise control all of the rights to your Submission as described in these TOU including, without limitation, all the rights necessary for you to Post the Submissions."

    If the code you post violates another site's Terms of Use, then that site may claim that you do not have rights to the code, which could then make your post violate the TOU here at MSDN. By posting a modified version of someone's code in an attempt to help them, you may actually be posting code for which you do not have full rights.

    Now obviously we cannot all recognize every instance of an attempt to write malicious code, or a violation of any given TOU. However, we can each take just a moment to review the question against what we know, inform the OP if they are headed into potentially dangerous territory, and notify the mod/admin community by marking posts abusive when appropriate. I don't think too many of our community members would be proud to know that their knowledge helped create yet another piece of malware, so we'll have to police ourselves and each other to help prevent such a thing from happening.

    My suggestion would be to treat this the same as the homework questions we see posted - many contributors have gotten used to spotting a homework assignment and will only give suggestions to help the OP without doing the work for them. Spotting attempts at creating malicious software is much the same; when you see red flags, confront the OP and give them some suggestions on a legitimate course of action, or mark the post abusive if appropriate.

    I thank all of our community members for their continued support and know that together we can keep the MSDN forums clean, productive, and safe for all to use.

    Rudy   =8^D

    Mark the best replies as answers. "Fooling computers since 1971."

    Edit:  there is a discussion thread for this topic

    Thursday, August 4, 2011 9:40 PM