I'm just getting into Win32 programming with C, and have noticed some funny things. Using Win32 you can shut down a computer, play around with drives, and other neat stuff. What is there to stop an evil prgrammer from exploiting these commands?
Printable View
I'm just getting into Win32 programming with C, and have noticed some funny things. Using Win32 you can shut down a computer, play around with drives, and other neat stuff. What is there to stop an evil prgrammer from exploiting these commands?
outside of needing access to the mach or getting someone else to run it on the machine...not much. virus protection does look for devistating lines of code and does provide a measure of protection.
More than likely, they are already patched since I think that form of programming is sort of outdated, I could be wrong though. I'm reading a book called "Windows 32 Programming For Dummies" and so far it has helped me learn it. I'm into learning alot of outdated or old material since I generally have a basic to advanced understanding and knowledge of today's usual stuff (VisualBasic, PHP, Perl, C/C++). I've been trying to learn, as I said, some old things so I can increase my knowledge and to see how some older programming languages started out. Anyways, my advice to you would be to read a few books, search for some e-books or tutorials, and to be a little more forward with the question (Sorry, I didn't understand part of it).
Also, what Tedob1 said is true, because with the right firewalls, virus protection, and the common means to security, it wouldn't be easy to exploit. Remember, mostly every program has a vulnerability or way to be exploited.
Depends:Quote:
Originally posted here by Ajchez
I'm just getting into Win32 programming with C, and have noticed some funny things. Using Win32 you can shut down a computer, play around with drives, and other neat stuff. What is there to stop an evil prgrammer from exploiting these commands?
On win9x/me, there are no security restrictions, so the anwser would be "nothing" except user vigilance.
On winNT4/2K/XP, it's a diffrent story: on these, system call are restricted based on the configuration (local security policy: user rights assignments, security options ), so what a program is allowed to do is restricted based on the user owning the process's permissions.
Ammo
The way C++ can do things with Internet Explorer, this can also be a great tool for makeing worms. DOS commands... you can do alot of stuff in dos. And in M$-WORD 97 you can attach code into a document. You can do alot of good and bad things in a PC. Nothing can totally protect you no matter what OS you have or how many patches you download.
Be paraniod! Thats part of the fun of being admin. over your own PC and/or network.
Thanks for your replies. After using the security juggernaut that is JAVA, I was pretty amazed you could do some of the stuff with C++.
Ajchez > Just keep in mind what it is that you are actually doing. Programming languages by themselves don't open holes for malicious hackers to penetrate your system. The assumption is that if you write a program for distribution that the people who are installing and running that piece of software know who you are and what the program does. The oneness is on the owner of the computer to make sure that the programs they install aren't malicious. In other words, if I write a C program that will wipe a hard drive and disable peripheral devices it can't do anything unless someone runs it.
And just a note about Java, while it is fundamentally secure, I can still write an application in Java that can wipe a machine. Applets are a little different since by their nature they really aren't allowed to do anything other than run in a browser, but a full Java app can toast a system as easily as a C++ app.
I am reminded of a quote... "C makes it easy to shoot yourself in the foot, C++ makes it harder, but when you do, it blows away your entire leg."
The Win32 API is there for the legitimate program to carry out legitimate tasks. Its completeness means that you can achieve most things relatively easily.
This can be used for good or evil.
The win32 API is no different from any other OS or language - I can just as easily write a hard-disc frying program in Java (except that inside an applet it would not be allowed to run - outside an applet it can still fry the disc.)
Programmers who see what you can do can now fully appreciate the risks associated with running untrusted binaries. It's a pity that (most) other users can't :)
It is true that it takes a malicious programmer to make malicious code, but there are a bunch of programmers out there. C++ is incredible, and I wish I could afford MSVC++. Can an AV program actually look for commands that delete things, or pass system handles? I wrote a test program that looked and actually worked as an SMTP client. Yet, if anyone clicked "Send", their hard drive was formatted. My friend and I put it on his computer, and none of his AV caught it. How does one protect themselves from this, as I download programs all the time.
The best way to protect yourself is to only download and run programs that are written by people or companies that you know. I think that it is generally a bad idea to download and run a lot of programs from places like download.com or similar sites. The reality is that you don't know what it is that you are getting, so unless you are willing to assume the risk then you shouldn't use those services.
What I do when I download a program that I want to test is to run it on a small PC that I have set aside for testing purposes. When I say small I mean a P1-166. If I can open it and it doesn't crash the box or attempt to connect to the internet then I usually trust it. If it does anything that I feel is malicious I normally reformat the drive and reinstall Windows on it.
C++ can do no more or less than any other language. The APIs may be more geared toward C or C++ programmers than, say, VB where all the more low-level and/or dangerous is insulated from them (treated like kiddies) - that's not to say that a VB program can't wipe your disc just as effectively.Quote:
It is true that it takes a malicious programmer to make malicious code, but there are a bunch of programmers out there. C++ is incredible, and I wish I could afford MSVC++.
The AV programs using Heuristics (unsure of spelling) are not particularly effective. The problem is that when you look closely enough, all programs do them same sorts of things.Quote:
Can an AV program actually look for commands that delete things, or pass system handles? I wrote a test program that looked and actually worked as an SMTP client. Yet, if anyone clicked "Send", their hard drive was formatted. My friend and I put it on his computer, and none of his AV caught it. How does one protect themselves from this, as I download programs all the time.
Many programs delete files. Many programs create files. Many programs access the internet. It can't detect them all as viruses.
This AV software does exist but is not terribly effective and causes lots of false alarms. However, it can potentially detect malware which nothing else does.
Nevertheless, running untrusted binaries and then hoping the AV catches them if they are nasty is really a bad idea.
Get MingW instead then it's free, there's no IDE but it compiles C++ on Windows.Quote:
C++ is incredible, and I wish I could afford MSVC++
http://www.mingw.org/
windows xp is secure enough to not allow a program to destroy the system (especially if it is not run as superuser). but win 9x... it can be crashed just using "/con/con", "/aux/aux" or "/prn/prn". and this can be done over a network, too. not to mention that win 95 (not OSR2) can be crashed with "ping of death".