Hackers about

Like a lot of people, I like to look at my Referrers page to
see how popular I am and how people come to find my blog. There's usually a large
clump of hits from <nowhere>, followed by lots of individual hits from the
MSN or Google or Yahoo!
search engines.The
other day, someone was looking for free software to decrypt data without
knowing the decryption key. Today someone was looking for a way to crack
FullTrust code. Who knows what people will be looking for tomorrow?

Comments (9)

  1. I’m looking for more information on the next version of VSTO!!!! 🙂

  2. Jim Ley says:

    I’m looking for reasons why the Microsoft newsmasters are so incompetent that they continually let the sobig etc. viruses through their system, creating the illusion that the patches are genuine (from a trusted Microsoft channel)

    There’s no point making the code safe, if you’re going to not stomp on these sort of human problems.

  3. Peter Torr says:

    Jim, do you still see these? I don’t see any on the VSTO or JScript .NET groups. Are you connecting to msnews.microsoft.com, or some other server? Microsoft can’t control what content goes onto other servers, even if it is in the "microsoft.public" heirarchy.

    As for human problems, we are now seeing ZIP-based viruses (please open ZIP then double-click on the EXE) because EXEs and WSH files are blocked in Outlook. At the end of the day though, what can you do? Either you let people install and run code on their machine or you don’t…

  4. mb says:

    what can you do? don’t block EXEs from outlook, stick them in an ‘untrusted’ zone somewhere, then run them with very low permissions.
    blocking them (including via ZIP-wrapping) forces people to stick them in ‘my documents’ or somwhere where they’re both trusted and likely to be forgotten about instead of deleted, only to be double-clicked on later.

  5. Peter Torr says:

    The trouble is there’s no such thing as Partial Trust for native code on Windows. Even if there was, most apps would not work and so people would simply move the EXEs to their desktops anyway.

  6. mb says:

    Sort of, there is Run As (Guest). Or similar. That way the ‘pretty screensaver’ app still displays the pretty screensaver, but can’t install spyware. Though of course the human hole always exists, it would be a start.

    The real question is why they didn’t start working on this when the whole ‘block EXE’ trend started 3 years ago. Though I guess the effort has been put on making managed code work right instead.

  7. Peter Torr says:

    The problem there (again) is that a large percentage of the "interesting" legitimate applications need access to your profile, so running attachments as Guest would not work (plus many of today’s viruses don’t actually need any specific permissions or privileges; they just need to be able to spew gunk out of the network adapter as fast as possible).

    If legitimate apps can’t run inside the sandbox, then people will disable the sandbox (or learn how to get around it) in which case sooner or later you get the malware running as Administrator (or at least the logged on user account) again. Better just to block the scenario since there really isn’t a good reason for the majority of users to ever receive an EXE or SCR as an attachment.

  8. Peter Torr says:

    Today someone was trying to get a way to crack the MSDN login. 🙂

  9. Peter Torr says:

    Actually, most days I seem to get something to do with "hack" or "crack" to do with VS or .NET or Office. It’s a sad, sad world.

Skip to main content