Why I had to stop using PureBasic
Re: Why I had to stop using PureBasic
Post deleted in case I offended anyone.
Last edited by Dude on Mon Sep 18, 2017 8:17 am, edited 1 time in total.
-
- Always Here
- Posts: 6425
- Joined: Fri Oct 23, 2009 2:33 am
- Location: Wales, UK
- Contact:
Re: Why I had to stop using PureBasic
Aha Dude - but they didn't ask how to make a skull and cross bones icon!
In fairness to those that inadvertently helped someone that certainly seems intent on creating nasty apps, the questions are often asked bit-by-bit, so as not to arouse suspicion. I think the key clue though is when a relatively new User is asking about how to write system manipulating code that nobody would normally require.
So, in conclusion, everyone that has contributed to this post has made a valid point, made us all think. If a poster disagrees with what you had to say, that is that, don't get personal about it. You won't find a better more helpful forum anywhere else.
In fairness to those that inadvertently helped someone that certainly seems intent on creating nasty apps, the questions are often asked bit-by-bit, so as not to arouse suspicion. I think the key clue though is when a relatively new User is asking about how to write system manipulating code that nobody would normally require.
So, in conclusion, everyone that has contributed to this post has made a valid point, made us all think. If a poster disagrees with what you had to say, that is that, don't get personal about it. You won't find a better more helpful forum anywhere else.
IdeasVacuum
If it sounds simple, you have not grasped the complexity.
If it sounds simple, you have not grasped the complexity.
Re: Why I had to stop using PureBasic
Post deleted in case I offended anyone.
Last edited by Dude on Mon Sep 18, 2017 8:17 am, edited 1 time in total.
Re: Why I had to stop using PureBasic
Hi Guys
Looking also for this thread, its more as strange, i think...
http://forums.purebasic.com/english/vie ... 13&t=67548
Looking also for this thread, its more as strange, i think...
http://forums.purebasic.com/english/vie ... 13&t=67548
Re: Why I had to stop using PureBasic
I understand it's a problem if pb is used for evil malwares.
But i also crave for knowledge even in that area, even if i don't use it.
So i am glad nobody censure these threads.
I think internet should be a wide source of knowledge.
Knowledge is nor good nor bad, it depends of what you do with it. And this is everyones responsability.
But i also crave for knowledge even in that area, even if i don't use it.
So i am glad nobody censure these threads.
I think internet should be a wide source of knowledge.
Knowledge is nor good nor bad, it depends of what you do with it. And this is everyones responsability.
There are 2 methods to program bugless.
But only the third works fine.
Win10, Pb x64 5.71 LTS
But only the third works fine.
Win10, Pb x64 5.71 LTS
Re: Why I had to stop using PureBasic
Knowledge is not evil
Humans are evil !
So fahr :
He's a child without a mind ?
He's grown up but stupid ?
Bragging, ha, look how great I am ?
Inferiority complexes ?
Make money ?
If he doesn't have the necessary knowledge, he has to get it
If he asks, it's more than unwise to give him this information
It's also just not true that an experienced coder doesn't immediately realize what the boy wants.
Humans are evil !
So fahr :
He's a child without a mind ?
He's grown up but stupid ?
Bragging, ha, look how great I am ?
Inferiority complexes ?
Make money ?
If he doesn't have the necessary knowledge, he has to get it
If he asks, it's more than unwise to give him this information
It's also just not true that an experienced coder doesn't immediately realize what the boy wants.
Re: Why I had to stop using PureBasic
Just as a reminder i agree on that!walbus wrote:...If he asks, it's more than unwise to give him this information
...
If you however feel the need to discuss the issue i raised a few posts back im here - we can talk
Edit: preferable via PM!
Re: Why I had to stop using PureBasic
You can send my with PN
Also on PN, you can written in german
Also on PN, you can written in german
Last edited by walbus on Tue Sep 26, 2017 8:42 am, edited 1 time in total.
Re: Why I had to stop using PureBasic
Here's a fresh example of compromised certs, that happened yesterday (Sep 18, 2017) for "CCleaner" (red text color added by myself):
Read the red text again: "the legitimate signed version of CCleaner [...] contained a multi-stage malware payload"
So users faithfully downloaded the Setup.exe for CCleaner, saw that it was "safely signed", installed it, and got infected anyway.
Signed certs are NOT the answer.
Source: https://www.theverge.com/2017/9/18/1632 ... e-securityTheVerge wrote:Hackers have successfully breached CCleaner’s security to inject malware into the app and distribute it to millions of users. Security researchers at Cisco Talos discovered that download servers used by Avast (the company that owns CCleaner) were compromised to distribute malware inside CCleaner. "For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner," says the Talos team.
Read the red text again: "the legitimate signed version of CCleaner [...] contained a multi-stage malware payload"
So users faithfully downloaded the Setup.exe for CCleaner, saw that it was "safely signed", installed it, and got infected anyway.
Signed certs are NOT the answer.
Last edited by Dude on Tue Sep 19, 2017 10:39 pm, edited 1 time in total.
Re: Why I had to stop using PureBasic
May be they are not, but the antivirus trust them better than nonsigned exe, so it answers the false positive stuff than PB programs are facing.
Re: Why I had to stop using PureBasic
You're wrong the certificate worked correctly. The malware was inserted into ccleaner before the executable was signed. Therefore there was no way to tell the executable was tampered with by looking at the certificate.Dude wrote:Here's a fresh example of cert hacking that I mentioned, that happened yesterday (Sep 18, 2017) for "CCleaner":
Signed certs are NOT the answer.
Signed certificates are very important. Just make sure your employees aren't tampering with your executables.
Re: Why I had to stop using PureBasic
When I say "hacked certs", I literally mean certs that can't be trusted, no matter how legit they look. I concede that "hacked" probably isn't the best word, so I've edited my above post to reflect that.
That's my point: the signed exe can "look" safe, but in reality it may not be.Samuel wrote:there was no way to tell the executable was tampered with by looking at the certificate.
Re: Why I had to stop using PureBasic
A very good point, Fred; but it smells like the signing companies and AV companies are in bed with this.Fred wrote:the antivirus trust them better than nonsigned exe
Re: Why I had to stop using PureBasic
signatures arent the final solution, but they do raise the bar for malicious software a lot and are a good method for now. If you have a better solution - present it and get filthy rich
Let's just have the best (affordable) we have, till something better shows up.
Let's just have the best (affordable) we have, till something better shows up.