Anyone else think think the following posting is dangerous?
-
Is the most dangerous risk of all. Personally, I am still ticked that one of my articles was rejected because it may have an interest to the more devious sort.
Need software developed? Offering C# development all over the United States, ERL GLOBAL, Inc is the only call you will have to make.
If you don't ask questions the answers won't stand in your way.
Most of this sig is for Google, not ego.Ennis Ray Lynch, Jr. wrote:
Is the most dangerous risk of all. Personally, I am still ticked that one of my articles was rejected because it may have an interest to the more devious sort.
Hell, if I rejected my job because of the same danger... at least I am doing it rather than someone else!
-
And so do I. My general rule of thumb is: if it's a legitimate programming technique, if it can be helpful to others, and if it's not trying to promote illegal activities then I'll consider it. Rootkits are part of life thanks to Sony. The more the developer community knows about them the more likely it is that users will be protected through the efforts of the community to promote awarness and provide helpful utilities to detect and remove them.
cheers, Chris Maunder
CodeProject.com : C++ MVP
Consider the vast amount of "How do I make my process hidden, how do I make it unkillable" etc posts we get here a week. A week we get at least 3 per each vb.net and c# forum, I'm not going to begin on any of the others. Is the article good? Sure. I saved it and I'm going to read it. twice. Maybe more. Is this technique or knowledge useful to 90-95% of the users here on CP? No, on top of that hell no. Perhaps this might be a prime example of how user levels should be rethought? Making some articles available to silver / gold members only? Yes we can all sit and say 'but it has legitimate uses' and 'thats no reason to remove it', except we all know that there is no real legitimate use for it, and that is a damned good reason to remove it. If you wan't to play that argument, let's post a tutorial or article on how to make your own Trojan or Sub7 under the premise that, you know, if your a sysadmin and you need to monitor peoples systems that's the best route. Or not. But it's a route. Ok, let's just wink at them when we say it's for "monitoring / legitimate" uses. Comments?
-
Consider the vast amount of "How do I make my process hidden, how do I make it unkillable" etc posts we get here a week. A week we get at least 3 per each vb.net and c# forum, I'm not going to begin on any of the others. Is the article good? Sure. I saved it and I'm going to read it. twice. Maybe more. Is this technique or knowledge useful to 90-95% of the users here on CP? No, on top of that hell no. Perhaps this might be a prime example of how user levels should be rethought? Making some articles available to silver / gold members only? Yes we can all sit and say 'but it has legitimate uses' and 'thats no reason to remove it', except we all know that there is no real legitimate use for it, and that is a damned good reason to remove it. If you wan't to play that argument, let's post a tutorial or article on how to make your own Trojan or Sub7 under the premise that, you know, if your a sysadmin and you need to monitor peoples systems that's the best route. Or not. But it's a route. Ok, let's just wink at them when we say it's for "monitoring / legitimate" uses. Comments?
EliottA wrote:
Consider the vast amount of "How do I make my process hidden, how do I make it unkillable" etc posts we get here a week. A week we get at least 3 per each vb.net and c# forum, I'm not going to begin on any of the others.
Ironically none of those know how to google, or search at CP....
EliottA wrote:
useful to 90-95% of the users here on CP?
Ironically, the above still holds. :)
-
EliottA wrote:
Consider the vast amount of "How do I make my process hidden, how do I make it unkillable" etc posts we get here a week. A week we get at least 3 per each vb.net and c# forum, I'm not going to begin on any of the others.
Ironically none of those know how to google, or search at CP....
EliottA wrote:
useful to 90-95% of the users here on CP?
Ironically, the above still holds. :)
Regardless you always have a user or two who pushes them in the right direction. This article would probably be referenced a bunch of times in those posts. All it would be used for, and I do mean *all* the time would be for malicious users. If any of that 5% of CP users who look at that article have a legitimate use, they would read it for ideas, not follow it and it's direction.
El Corazon wrote:
EliottA wrote: useful to 90-95% of the users here on CP? Ironically, the above still holds.
That 10-5% was extremely generous. There's no gain to having that article on CP, the maliciousness that it will encourage should be enough to allow it's removal.
-
Regardless you always have a user or two who pushes them in the right direction. This article would probably be referenced a bunch of times in those posts. All it would be used for, and I do mean *all* the time would be for malicious users. If any of that 5% of CP users who look at that article have a legitimate use, they would read it for ideas, not follow it and it's direction.
El Corazon wrote:
EliottA wrote: useful to 90-95% of the users here on CP? Ironically, the above still holds.
That 10-5% was extremely generous. There's no gain to having that article on CP, the maliciousness that it will encourage should be enough to allow it's removal.
EliottA wrote:
That 10-5% was extremely generous. There's no gain to having that article on CP, the maliciousness that it will encourage should be enough to allow it's removal.
But I could use half the articles at CP, and certainly the existence of Visual Studio to do maliciousness. If we remove EVERYTHING that could in any way be used for harm, you might as well close up shop and remove all programmers from the workforce and lock us up. I understand the reasoning, but I disagree that hiding helps in any way. I mentioned before, pair the article with the one on detecting it. Someone could even write an answer, to the article and link them with the authors' consent, how to detect it. Knowing there is a method of detecting it will handle most of your malicious user base.
-
EliottA wrote:
That 10-5% was extremely generous. There's no gain to having that article on CP, the maliciousness that it will encourage should be enough to allow it's removal.
But I could use half the articles at CP, and certainly the existence of Visual Studio to do maliciousness. If we remove EVERYTHING that could in any way be used for harm, you might as well close up shop and remove all programmers from the workforce and lock us up. I understand the reasoning, but I disagree that hiding helps in any way. I mentioned before, pair the article with the one on detecting it. Someone could even write an answer, to the article and link them with the authors' consent, how to detect it. Knowing there is a method of detecting it will handle most of your malicious user base.
Again, half of the articles on CP that allow you to create malicious tools only get you so far. To quote my other post..
Elie wrote:
The difference is those articles on DLL injection and Hooks can be used to create malicious tools, to an extent. This tool allows complete obfuscation and stealth, making whatever tools created from the articles you mentioned above a hell of a lot more dangerous. I don't mind people making a keylogger in C# using a globalsystemhook, you can find it easily, and kill it with even more ease. This devastates the simplicity of defense against those simple applications. It makes it incredibly harder for the average user to remove the malicious application in question. This isn't about drawing a line, it's about the severity of implication this article has. And I'm sorry, but maybe at best 2% of codeproject will benefit from this article with legitimate use. The rest will draw up a hell of a lot of new malicious tools.
So to paraphrase, this article takes it to far.
-
Mladen Jankovic wrote:
Anyway, hiding process is always useful in environment where you have "expert" user(s) who think(s) your VeryImportantServiceThatShouldNotBeKilled.exe is just useless piece of software eating CPU cycles and memory, when in fact it has critical task of keeping the system consistent.
Programm3r wrote:
I kinda agree with this
And I don't. As a SW dev, I am an expert user (I mean compared to the other people here sitting all day behind a computer), and I think I am clever enough to let a service live peacefully even if it eats CPU cycles and so IF someone explains why I should have to do so. Why hiding ? Don't you think it would be better to let people know about things instead of trying to hide them ? And I do think that at least half of the processes that are started when I am logging in qualifies as "useless piece of software crap eating CPU cycles and memory", written by some sysadmin who thinks he is the latest and greatest VB developper on earth and that this includes some kind of merit. Do you find it really surprising that one of the first things I do Transparency will always be better than trying to hide, put restrictions, put access rights, set up huge amount of scripts just to restrict anything.
I'm waiting for Windows Feng Shui, where you have to re-arrange your icons in a manner which best enables your application to run. Richard Jones www.immo-brasseurs.com
-
Does anyone else share my worry about the following article recently posted here which basically talks about rootkit type techniques. I have major doubts whether it's wise/responsible to post it here: http://www.codeproject.com/KB/tips/hide-driver.aspx Anyone care to comment: Mike
Yes, but someone approved the article so my message is gone. My concern is that I wouldn't want any such thing running on my computer without my knowledge. And I doubt the author would either. I don't think anyone here would. And I see no point in running it on my system intentionally either. On the other hand, if the computer belongs to my employer, then said employer would seem to have a right to run whatever he likes on his computer. Why an employer would want to hide such processes I have no idea, there are likely better paths to reach whatever goal is sought. There should be an article on how to detect and remove such processes. The argument that "the information may be available elsewhere anyway" holds no water with me. Limit the sources of such techniques as best you can. If we stand up for what's right, maybe other such sites will too.
-
And so do I. My general rule of thumb is: if it's a legitimate programming technique, if it can be helpful to others, and if it's not trying to promote illegal activities then I'll consider it. Rootkits are part of life thanks to Sony. The more the developer community knows about them the more likely it is that users will be protected through the efforts of the community to promote awarness and provide helpful utilities to detect and remove them.
cheers, Chris Maunder
CodeProject.com : C++ MVP
Chris Maunder wrote:
Rootkits are part of life thanks to Sony.
And a contributing factor for me not buying CD's anymore. :-D
A guide to posting questions on CodeProject[^]
Dave Kreskowiak Microsoft MVP Visual Developer - Visual Basic
2006, 2007, 2008 -
Does anyone else share my worry about the following article recently posted here which basically talks about rootkit type techniques. I have major doubts whether it's wise/responsible to post it here: http://www.codeproject.com/KB/tips/hide-driver.aspx Anyone care to comment: Mike
We've been over this before many times with other articles in the past and in all cases that I recall people wisely agreed that knowledge in itself is not harmful and it's best to have it out there so people can defend against it / understand it or in some cases put it to good use.
"It's so simple to be wise. Just think of something stupid to say and then don't say it." -Sam Levenson