It is currently Tue Feb 25, 2020 11:12 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 155 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6, 7, 8 ... 11  Next
Author Message
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Sat Sep 16, 2017 1:08 pm 
Offline
Addict
Addict

Joined: Mon Feb 16, 2015 2:49 pm
Posts: 1905
Post deleted in case I offended anyone.


Last edited by Dude on Mon Sep 18, 2017 8:17 am, edited 1 time in total.

Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Sat Sep 16, 2017 1:25 pm 
Offline
Always Here
Always Here

Joined: Fri Oct 23, 2009 2:33 am
Posts: 6001
Location: Wales, UK
Aha Dude - but they didn't ask how to make a skull and cross bones icon! :mrgreen:

In fairness to those that inadvertently helped someone that certainly seems intent on creating nasty apps, the questions are often asked bit-by-bit, so as not to arouse suspicion. I think the key clue though is when a relatively new User is asking about how to write system manipulating code that nobody would normally require.

So, in conclusion, everyone that has contributed to this post has made a valid point, made us all think. If a poster disagrees with what you had to say, that is that, don't get personal about it. You won't find a better more helpful forum anywhere else.

_________________
IdeasVacuum
If it sounds simple, you have not grasped the complexity.


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Sat Sep 16, 2017 1:46 pm 
Offline
Addict
Addict

Joined: Mon Feb 16, 2015 2:49 pm
Posts: 1905
Post deleted in case I offended anyone.


Last edited by Dude on Mon Sep 18, 2017 8:17 am, edited 1 time in total.

Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Sat Sep 16, 2017 2:53 pm 
Offline
Addict
Addict

Joined: Sat Mar 02, 2013 9:17 am
Posts: 930
Hi Guys
Looking also for this thread, its more as strange, i think...
http://forums.purebasic.com/english/vie ... 13&t=67548

_________________
http://www.nachtoptik.de


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Sat Sep 16, 2017 8:46 pm 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Thu Apr 30, 2009 5:23 pm
Posts: 308
Location: Côtes d'Azur, France
I understand it's a problem if pb is used for evil malwares.
But i also crave for knowledge even in that area, even if i don't use it.

So i am glad nobody censure these threads.
I think internet should be a wide source of knowledge.
Knowledge is nor good nor bad, it depends of what you do with it. And this is everyones responsability.

_________________
There are 2 methods to program bugless.
But only the third works fine.

Win10, Pb x64 5.70 LTS


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Sun Sep 17, 2017 8:51 am 
Offline
Addict
Addict

Joined: Sat Mar 02, 2013 9:17 am
Posts: 930
Knowledge is not evil

Humans are evil !

So fahr :

He's a child without a mind ?

He's grown up but stupid ?

Bragging, ha, look how great I am ?

Inferiority complexes ?

Make money ?

If he doesn't have the necessary knowledge, he has to get it

If he asks, it's more than unwise to give him this information

It's also just not true that an experienced coder doesn't immediately realize what the boy wants.

_________________
http://www.nachtoptik.de


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Sun Sep 17, 2017 5:12 pm 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Sun Sep 11, 2016 2:17 pm
Posts: 610
walbus wrote:
...If he asks, it's more than unwise to give him this information
...


Just as a reminder i agree on that!
If you however feel the need to discuss the issue i raised a few posts back im here - we can talk :)

Edit: preferable via PM!


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Sun Sep 17, 2017 6:30 pm 
Offline
Addict
Addict

Joined: Sat Mar 02, 2013 9:17 am
Posts: 930
You can send my with PN
Also on PN, you can written in german

_________________
http://www.nachtoptik.de


Last edited by walbus on Tue Sep 26, 2017 8:42 am, edited 1 time in total.

Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Tue Sep 19, 2017 12:37 pm 
Offline
Addict
Addict

Joined: Mon Feb 16, 2015 2:49 pm
Posts: 1905
Here's a fresh example of compromised certs, that happened yesterday (Sep 18, 2017) for "CCleaner" (red text color added by myself):

TheVerge wrote:
Hackers have successfully breached CCleaner’s security to inject malware into the app and distribute it to millions of users. Security researchers at Cisco Talos discovered that download servers used by Avast (the company that owns CCleaner) were compromised to distribute malware inside CCleaner. "For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner," says the Talos team.

Source: https://www.theverge.com/2017/9/18/1632 ... e-security

Read the red text again: "the legitimate signed version of CCleaner [...] contained a multi-stage malware payload"

So users faithfully downloaded the Setup.exe for CCleaner, saw that it was "safely signed", installed it, and got infected anyway.

Signed certs are NOT the answer.


Last edited by Dude on Tue Sep 19, 2017 10:39 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Tue Sep 19, 2017 4:13 pm 
Offline
Administrator
Administrator

Joined: Fri May 17, 2002 4:39 pm
Posts: 13916
Location: France
May be they are not, but the antivirus trust them better than nonsigned exe, so it answers the false positive stuff than PB programs are facing.


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Tue Sep 19, 2017 4:44 pm 
Offline
Enthusiast
Enthusiast
User avatar

Joined: Sun Jul 29, 2012 10:33 pm
Posts: 747
Location: United States
Dude wrote:
Here's a fresh example of cert hacking that I mentioned, that happened yesterday (Sep 18, 2017) for "CCleaner":

Signed certs are NOT the answer.

You're wrong the certificate worked correctly. The malware was inserted into ccleaner before the executable was signed. Therefore there was no way to tell the executable was tampered with by looking at the certificate.
Signed certificates are very important. Just make sure your employees aren't tampering with your executables.


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Tue Sep 19, 2017 4:46 pm 
Offline
Addict
Addict

Joined: Sat Mar 02, 2013 9:17 am
Posts: 930
English :
http://blog.talosintelligence.com/2017/ ... lware.html

_________________
http://www.nachtoptik.de


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Tue Sep 19, 2017 10:38 pm 
Offline
Addict
Addict

Joined: Mon Feb 16, 2015 2:49 pm
Posts: 1905
When I say "hacked certs", I literally mean certs that can't be trusted, no matter how legit they look. I concede that "hacked" probably isn't the best word, so I've edited my above post to reflect that.

Samuel wrote:
there was no way to tell the executable was tampered with by looking at the certificate.

That's my point: the signed exe can "look" safe, but in reality it may not be. :(


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Tue Sep 19, 2017 10:39 pm 
Offline
Addict
Addict

Joined: Mon Feb 16, 2015 2:49 pm
Posts: 1905
Fred wrote:
the antivirus trust them better than nonsigned exe

A very good point, Fred; but it smells like the signing companies and AV companies are in bed with this.


Top
 Profile  
Reply with quote  
 Post subject: Re: Why I had to stop using PureBasic
PostPosted: Tue Sep 19, 2017 11:37 pm 
Offline
Enthusiast
Enthusiast

Joined: Mon Apr 10, 2017 6:17 pm
Posts: 312
Location: Germany
signatures arent the final solution, but they do raise the bar for malicious software a lot and are a good method for now. If you have a better solution - present it and get filthy rich ;)

Let's just have the best (affordable) we have, till something better shows up.

_________________
webpage


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 155 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6, 7, 8 ... 11  Next

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

 


Powered by phpBB © 2008 phpBB Group
subSilver+ theme by Canver Software, sponsor Sanal Modifiye