"Security" programs

There have been an overwhelming number of posts lately about taking the user's control away (eg, disabling the "Alt" key). Now, personally, if there is a program on my computer that threatens to take my control away, I will uninstall it immediatly. I just hate that sort of thing, as do many users.

Now, I know this can be used in some programs that are useful and good, but think about it. This forum was down for about 10 hours today, probably becuase of Nimda. The doing of hackers and virus-writing "programmers". I feel that this place is just a harbor, almost a school for hacker wannabees (and "real" hackers), even though that is clearly not the meaning.

Now, if someone wants to make a virus, and they come here asking for some code, all they have to say is, "It's for a security program", and boom, we give them the code. Now, I understand that some of these probably ARE security programs, but I have a feeling most of them aren't. Think about it. If you wanted help making a virus, but didn't want anyone to know, how would you do it?

I guess I'm just a little edgy today since my website got it by Nimda and was out for 2 hours, but I still believe that maybe we should impliment stricter rules on this sort of thing.

"I do not agree with a word you say, but I will defend to the death your right to say it" - Voltaire

It's a debatable point. But I'm leaning your way on this.....

There are lots of legitimate uses for that kind of stuff, but unfortunately, it's often abused.

Maybe if we had a private section of the forum for these kinds of questions and openned it up to regulars and above. That way, we might keep out the posters who only ask one or two suspect questions and are never heard of again....

Incidentally, today we were warned about a new virus, Voter something or other....It's an e-mail virus that is supposedly about the WTC thing but just trys to install wtc.exe on your system, deletes c: drive etc. It isn't too sophisticated but because of the subject matter, it's making some headway. It was apparently written in VB5.



"I have a plan so cunning you could put a tail on it and call it a weasel!" - Edmund Blackadder

Yep, got it about 2 mins ago - WTC.EXE

Delete, delete, delete ! :D

<font color=green>Do or do not
There is no try</font color=green>

While I agree we should have a private section for longer standing members, I have concerns.

Recently I joined a hacker forum, because, lets face it, hackers are often the most knowledgeable people when it comes to computers. So. I wanted to know some of the information and coding practices that they obviously felt was a bit "holy grail". They had a group, or invisible gathering caled "the underground". Whether this is THE internet underground, or a small wannabee section, it was there and promised an Aladdins cave of rewards. But... I could not get into the cave. In order to be accepted into the underground, I had to prove myself as loyal and trustworthy, but how could I do this without knowing anything? I came to learn, and they refused me because I knew nothing.

What worries me is those that do only have the odd question on secruity won't be able to get into the regulars section, because they are not regular. They wont want to hang about for ages, being nice, and chatting, they might be selfish and want a quick answer, and not to join a community. Agreed this probably isn't the sort of person we want to attract, but thats why I'm not too sure about the title system, I believe it should be slighty more based on how the forum perceives the user.

I can't remember what board it was, but you could rate users. This would be way cool if we could implement it here....

Thats my little rant.... images/icons/wink.gif

Chief

"Junior Contributor?? Argh...... ***.. ***.... I preferred 'Centurion'! So much more...."

That was kinda the point I was trying to make in this post (http://www.visualbasicforum.com/bbs/showflat.php?Cat=&Board=RandomThoughts&Number=45826&page=1&view=collapsed&sb=5&o=31&part=) but everybody seemed to take it the wrong way. LOL

Oh well.


"The LORD is my strength and my shield" - Psalms 28:7

I read that post a while back before the edit, and I didn't take it the wrong way... I was saying "RIGHT ON!!" the entire time while chuckling to myself.


I personally am sick of that behavior and I think its criminal to put loaded weapons in the hands of people who have no respect for their power. I also think its criminal for them to ask us to do THEIR WORK for them, although I get suckered into that more often than I care to admit.


So, <font color=red>RIGHT ON</font color=red> Mill, and I personally hope you keep using the [sarcasm] tags :-)

-<font color=purple>The Hand</font color=purple>

<font color=green>All your code are belong to us...</font color=green> images/icons/tongue.gif

Actually, the sarcasm tags were put in by the Moderator (KesleyK, I think), because he wanted to emphasize something, but I never did quite understand what.

[soap box]
Anyway, to me, programming is a lot like how technology is described in Jurassic Park, the book (not sure if it's in the movie or not).

The mathematician described technology as a form of inherited wealth. To explain, Let's take a man who came to America in the 1920's and worked his way through the depression and 2 wars and actually saved up quite a bit of money and left it in his will to his grandson. The grandson didn't have the benefit of all that hard work to really appreciate what went into it, so he'll be quite likely to take the money for granted.

In the book, he also pointed out a martial arts black belt. A lot of new students to martial arts like the idea that they could potentially kill someone with their bare hands, but by the time they have put in the time and effort to gain that knowledge and skill, they've also gained the discipline to know NOT to do it.

Programming (or technology, in the book) isn't like that. I could be a 16 year old kid and have a general knowledge of programming and computers but be ****ed off at the world and ask a hacking question in a forum such as this one. If someone is nice enough to answer my question for me, then I'm off and running with no appreciation as to what harm my newly developed program might do to others - just hoping to screw up my girlfriend's dad's computer because he won't let me date his daughter or something or possibly because I want my name and picture on the news for being the creator of the next great virus. In the mean time, businesses could literally be destroyed if they didn't have sufficient back-up systems in place and they were unfortunate enough to get my little "revenge of the horny hormonal teenager bug".

But a programmer who has had to deal with protecting a network of computers or getting rid of a pesky virus or whatever won't (in theory, at least) be as likely to let something like that loose because he'll know the consequences, not only to himself if he gets caught, but to others.

Okay, this rant is getting a little long now, so I'll wrap it up by re-phrasing my other post's general idea: when you answer a question, do you ever ask yourself why someone who is a "vb newbie" or a high school student or whatever would want to disable CTRL-ALT-DEL or ALT-TAB or get passwords from "my own" computer's registry? I think we should ask ourselves those questions before we answer, especially if it's that user's first post.
[/soap box]

"The LORD is my strength and my shield" - Psalms 28:7

Very well put and intelligently thought out. I always hated the Jurassic Park movie for just that reason... it totally bypasses the philisophical message of the book in favor of some really big flesh-eating lizards.

And in response, I personally ALWAYS ask myself why a newbie wants to know about an API call before I answer for just that reason... And I think that most of the Moderators, Admins, and Gurus/Experts do to.

-<font color=purple>The Hand</font color=purple>

<font color=green>All your code are belong to us...</font color=green> images/icons/tongue.gif

Well, anybody who's not a complete newbie to this forum will know (hopefully) that there is a search feature....So, say for example, I wanted the Alt key disabling code, I would just search for the numerous examples that have been posted, not ask again. This brings me to the idea that maybe threads more that a week old, that are on shady subjects, could be deleted to minimise the risk that a maliciuos hacker might see them? Or am I just a little too paranoid?

"I do not agree with a word you say, but I will defend to the death your right to say it" - Voltaire

I think you have a good point there orufet, there is lots of powerful information floating around

There's about 10 people who know how to use the search feature of this site, and most of them have posted in this thread...

-cl

lol cl!

(plus, I just wanted to be included in the 10 or so ppl who had posted in this thread! ;)

__________
HOOOaaaaa! Semper Fi!

LOL!

Still, never understimate a hacker

"I do not agree with a word you say, but I will defend to the death your right to say it" - Voltaire

Ooh Ooh *wave hand* pick me, pick me!
haha I just figured that I would comment with "Oh yea, I have used the search too...er once I think". rofl And since I took the 10 minutes to read this thread...I figured I should add my name to the list...now we have ELEVEN! &lt;loopygrin&gt;

Sort

quos deus vult peredere prius dementat

If I ask security type questions its only because I'm trying to keep my 3 year old out of my computer. Disable taskbar, c-a-d, hide startbutton, disable the special keys, etc will not stop him! I"VE CREATED A MONSTER!!! literally hehe
Shawn

What does he do? Just unplug it and spend three hours trying to plug it in? Heh heh heh....watch out, he'll get ya!

"I do not agree with a word you say, but I will defend to the death your right to say it" - Voltaire

The search is still pretty crap though

No... it's really not...
It's actually "extreme"ly good...

-cl

Ha ha ha, very funny.....anybody else actually have any ideas realting to the topic?

"I do not agree with a word you say, but I will defend to the death your right to say it" - Voltaire

How about voting members off? I know some that would get a few........

This isn't Survivor....although, that idea might work, although it would probably take place in the moderators forum...

"I do not agree with a word you say, but I will defend to the death your right to say it" - Voltaire

Oh, so this is serious ideas only is it? hmm...... brain not tuned in at 1:30 am images/icons/frown.gif

Well, I think I might have a word in this. When people ask to make security "programs" who is anyone to judge how and what they are going to do with these programs? I'm not trying to critizize anyone or anything but its not right for anyone to say " ohh he looks like a hacker and might use this information to write an evil virus" because none of you can judge who is who and what is what because rarly any of us know each other on a personal basis.
I'm not saying that people hasn't used this information to write evil codes because they have.. And some of us probably know who has. But, you can't finger anyone out on this subject because we are all inocent.
Tommy

Candy is Dandy, But Liqour is Quicker

Well, if you read the original post carefully, you wouldn't have posted that, but to clear things up a little....

<blockquote><font size=1>In reply to:</font><hr>

...Now, I understand that some of these probably ARE security programs, but I have a feeling most of them aren't...

<hr></blockquote>

"I do not agree with a word you say, but I will defend to the death your right to say it" - Voltaire

Funny you should bring it up. We had another member once who was also a Comp Sci student in Florida named Tommy. He had similar views but he annoyed too many people. Eventually he got banned.

"I have a plan so cunning you could put a tail on it and call it a weasel!" - Edmund Blackadder

As Mods and Admins, it IS our job to determine when it is appropriate to provide information and (which is most of the time) when it is too risky to do so.

__________
HOOOaaaaa! Semper Fi!

I think you can pick out those who are "guilty" merely because they all talk about securtiy programs, disabling things, shutting down, etc...
However, we dont have the right to condone them for their activities, whatever they may be. If they want to end up in jail, then by all means..... Of course, for all we know, they could be legitimate research consultants or something; then again, they could be wannabee Wozniaks. However, I doubt this most of the time, because I recgonise the questions - I originally came here for help with malicious code. Since then, I have learned more than i can believe, and I can see that writing trojans and virii, although immense fun, is NOT a good idea.
What we (the mods and admins at least) do have the right to do is tell them to take it somewhere else, because this isn't a hacker forum, and any dubious discussion should take place in PM.
Personally I wouldn't mind a bit of hacker chat now and then, but only with ppl i felt comfortable with, and trusted not to go and wipe someones hard drive, but of course, that raises more questions than my brain can handle. images/icons/wink.gif

Chief

"How are we to learn, if those that know will not teach... ?" - Me.

And when someone says something like "I've only been programming for a few months..." or "I'm just learning VB..." and then "... and I'm setting up security at my company..."

You have to ask yourself, what kind of company is going to have someone who is new to programming (never mind Network administration) in charge of security for their system?


"The LORD is my strength and my shield" - Psalms 28:7

I just deleted an entire thread that was a bit close to the edge.

In this case though, the reason I deleted it was not because of "proscribed knowlege" being bandied about, but because the thread was starting to degenerate into animosity with tempers starting to flare.

I really hate it when that happens....

So once again. If anybody wants to know about how to write a trojan/virus etc. Go to another forum. Or ask questions via Private Messages to specific members. It should be obvious by now who is and who is not receptive to this....



"I have a plan so cunning you could put a tail on it and call it a weasel!" - Edmund Blackadder

good point mill. since i'm often guilty of supporting the underdog of this topic, i'm gonna put in my 2 cents. i don't know if i'm viewed as one of these "questionable" posters, nor do i care...simply because i know that i am NOT. however one of my main interests in computing is security. since i have joined this forum my knowledge has doubled, and i'm grateful to you all for that. i worked on a VB trojan of my own, studying things like propogation, installation, hiding, etc, within the controlled limit of my own systems. only one other person has the code to it (well trusted by all of you), and that is all who will see it...TRUSTED people. anyway, since my studies i have learned to deal with security threats in a much better way: portscanning being one of them. REAL EXAMPLE: just 2 days ago my job got hit by the BadTrans worm; a worm that mass emails itself from system to system and drops an impressively small trojan on each system it hits. AV trapped it on the system it infected, and it oculdn't get to the outbox. i watched as it slowly begon to flood the machine. AV could not get rid of it (didn't have the latest dat file), so i searched the registry and the system for the location of the infected files. i hard booted into DOS and cleaned it, rebooted to windows and fixed the registry. later we got the dats and it cleaned one other machine....the machine i worked on was clean.

my point is that this stuff has a big place in the world of computing, and should be taken seriuosly and responsibly; not disregarded or banned. a seperate forum could be good, or very careful and wise judgements, but it should not be condemned. i realize that this is a touchy subject, but it needs to be dealt with. i also realize that there will be nay-sayers no matter what the decision. just a bit to consider.

Hey BG,

Speaking for myself, I don't consider you a questionable poster. Certainly your opinion differs from mine, but that's no crime.

The thing is, there is a balance between freedom and security, between power and safety. In the past we (as in western civ) tended to lean more towards freedom and power but as recent events have shown, the world is still a dangerous place so we have to pay more attention to security.

I appreciate your comments since you probably speak for a silent percentage of the forum. And as we shift the balance, we will keep you in mind.



"I have a plan so cunning you could put a tail on it and call it a weasel!" - Edmund Blackadder

I am glad that this thread has started a good discussion, I don't want it to go too far...

The idea that we segrate security-related questions into a different board just doesn't seem right to me, nor does cutting them out altogether. I think that the moderaters here are quite wise, and may be good judges about the intentions of the posters. What I'm saying is that I don't want this board to become seperated into different groups surrounding this issue. I'm sure we can solve this in a nice manner. "Solving" this problem could be as simple as just ignoring posts that you think are too close to the edge...

"I do not agree with a word you say, but I will defend to the death your right to say it" - Voltaire

I just want to throw in my two cents here, I do quite a bit of security work, in fact It is a large portion of my job.
I will admit here I am a hacker, the thing is I do it for profit and to provide more secure networks.

Now I am resposible for the security of large networks from both the inside and outside, policies are both tedious and fall short many times of what I truely need. This means I often write programs that limit a users control of their PC or rather their company's PC. Just as there are hundreds of software vendors who make these types of programs so do I.

I do not write viruses, I do not destroy. I do present what is out there to the people that hire me and I show them every thing I do. I have had many suprised clients, yet none displeased.

I hear the word security mentioned here so many times in quotes like it is some dirty topic, it is like a weapon,
a gun is a weapon in the hands of a killer, it is a tool in the hands of a soldier. Either way it is still a gun and ultimately nothing more, use or misuse decides it value, not its manufacturer.

If a user asked a question such as how to wipe out a hard drive after mailing to all entries in the address book, well hell yeah that would be suspicious of ill behavior, but I have recently had it questioned because I wanted to enumerate a list of users off a domain, how many legitimate tools do this?

I for one come here to learn, and help in any way I can, not judge.

I thank the operators for the board and understand their decisions for these restrictions. But I think we should all be a little more careful when we think we know the evil intent of others.



"No one can know everything, only so much as to drive us to look for the rest." -PrOpHeT-

I don't know that we necessarily claim to "know the evil intent of others" but rather that we must decide whether a line is being crossed that we would rather not be crossed. If posts are taken out that upon further review by others in the Mod/Admin arena are judged fair and innocent enough, they can usually be restored. However, to separate this from becoming a hacking forum (there are plenty sources for this information, don't know why another one would be needed) judgement calls are necessary.

We all value the input and help everyone in this community puts forth, we just want to the guidelines that have been put forth to be followed.

__________
HOOOaaaaa! Semper Fi!

<blockquote><font class="small">In reply to:</font><hr>

We all value the input and help everyone in this community puts forth, we just want to the guidelines that have been put forth to be followed

<hr></blockquote>
The majority in here would agree wholeheartedly with you Kesley. This is a <font color=red>*wicked*</font color=red> forum, to put it bluntly. images/icons/wink.gif

Chief

"How are we to learn, if those that know will not teach... ?" - Me.

I support that view as well,

I was speaking more so of the finger pointing that happens all too often, I stated that I supported the moderators position and understood their reasoning.

I merely wanted to point out that knowledge is not dangerous, questions are not sinister.

Action is where blame for wrong doing should fall, and judgement should fall on powers much greater than ourselves.

"No one can know everything, only so much as to drive us to look for the rest." -PrOpHeT-

<blockquote><font class="small">In reply to:</font><hr>

I merely wanted to point out that knowledge is not dangerous, questions are not sinister

<hr></blockquote>
This has to be the understatement of the year.
Knowledge is incredibly dangerous. Knowledge of computers is that which enables demons such as the Nimda worm to spread.
Knowledge of course if also the greatest of all gifts - the power to learn is unrivalled, but with knowledge comes the need for respsonsibility, and this is where the danger lies.
Knowledge without true understanding, and a lack of moral responsibility is the real threat to society.
As to questions being sinister - nothing could be further form the truth - a question is sinister if it arouses suspicion. Granted, this is a personal opinion, but it is a consideration that must be taken when asking.

Chief

"How are we to learn, if those that know will not teach... ?" - Me.

prophet does have a point...knowledge in of itself is not dangerous...It was u do with this knowledge which makes it dangerous or not...my 1/2 of cent
regards
jcd

*BOW* Very good, grasshopper... ;)

__________
HOOOaaaaa! Semper Fi!

Grasshoppper?

Chief

"How are we to learn, if those that know will not teach... ?" - Me.

Yes, a little quote from Kung Fu. Notice the ';)' afterward. lol

__________
HOOOaaaaa! Semper Fi!