How do you determine if an app is safe or evil? Page 2
Links: home · search · speed test · login · more ·
Links: Reply New Topic
Forums » Security » Security » How do you determine if an app is safe or evil?
page: 1 · 2
Link Logger @ 1st Nov 01:31AM:
Re: How do you determine if an app is safe or evil?
I hate the internet sometimes, especially when it loses a post for me, so lets try this again.
said by dave :
I'm just now reconsidering the title of this thread. It's a little strange since 'evil' is not the opposite of 'safe'.
You can, for example, have an evil app that's safe, because it is designed by the clueless. (For a non-app example, the average Nigerian scam email is both evil and safe).
You can have a non-evil app that is not safe, because it is designed by the clueless and wrecks your system.
I think I'm mostly interested in the safe/unsafe axis: will it do bad things to my system?
Now I would agree that unsafe might be a better word, but sometimes software is unsafe because of how its installed/used so when I say evil I really mean designed and intended to be unsafe. I see software as a spectrum of designed to be safe and is safe in all situations (still looking for one of these), to it provides a useful function with good intentions but wasn't particularly designed to be safe, to designed and intended to be pure evil and will empty your bank account and rape your dog while you sleep sort of thing. Most software tends to fall in the middle somewhere with a lean towards safe.
Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool
reply
anon @ 1st Nov 07:09AM:
Re: How do you determine if an app is safe or evil?
I will download and install any program that I find interesting, just to check it out. It doesn't really matter to me where it comes from. I would rather download it from a reputable source but sometimes that's not possible, so where ever I can get it is fine if I want it bad enough.
Sometimes I'll check the hashes if that's an option, or send it off to Virustotal. Google I always do before install to get opinions or comments about problems beforehand.
I have all kinds of security apps to check it before I install and while it is installing. As far as disassembling the code to see what makes it tick that's not an option for me.
When I'm ready to click the install button and the program after all my checks still seems iffy to me or if I don't want it leaving things all over my hard drive , I am only doing a test run after all, I turn on Power Shadow. Install the program and check it out. Works for me, haven't had any infections yet.
The only drawback is I can't do a reboot without losing everything just installed. So if the program needs a reboot to work properly then that's out. Then I have to decide if from what I've seen if I want to install the program in real time or let it go.
reply
anon @ 2nd Nov 04:00PM:
Re: How do you determine if an app is safe or evil?
I believe the answer to the question is based in the foundation of each user's definition of safe (or secure to use another word).
That, in combination with their own efforts to assure the security of a given computer will yield many points of view.
If you'll bear with me, I'll try to stay on topic with a few examples.
1. Adobe systems, creative suite 2 premium web bundle.
Adobe put their best efforts into this package with (very deeply rooted) DRM protection, not creating a better product for the user. It created a nightmare for a huge number of paying customers rendering an expensive purchase useless (at least until activation issues are resolved). In addition, long before purchasing omniture, they were making use of 2o7.net in a very sneaky way with this package. Don't know if this qualifies as evil or unsafe, but leaves the software as untrustworthy to me (or more accurately, requiring the use of nanny controls in my security setup to keep an eye on it).
2. While recently preparing for a possible cleanup request, I was following the steps from the faq page. When I got to the msrt tool, I discovered the link is only good for 32 bit tool. I have a legit xp x64 here (no WGA), so I googled, and dl'd the 64 bit version from an MS location, installed and ran it. I do realize that the tool can be obtained from several venues (windows update, etc) within MS. Ran it, zero infections found. Now here's the interesting part. Post install, every time a search is performed within windows explorer, explorer flags my firewall (default prompt all) that explorer.exe is attempting to connect to 65.55.11.179 HTTP via TCP 80. A search indicated that this is MS in Redmond. I'm not sure if I can substantiate this claim with any further proof, but I'm reporting this accurately. Conclusion is that this is unsafe (not necessarily evil) and leads to a further erosion of trust toward MS by me.
3. Regarding the sysinternals suite, I have observed that some of the tools seek permission to touch the net while in use. It is my belief, that this activity is required in order to accomplish such functions as endpoint mapping and the like. As well, these tools are really quite valuable when attempting to pin down the source of inconsistent activity. I must admit, that when I first discovered that the tools were under the umbrella of MS, I was disappointed. See note above regarding erosion of trust. However I have used them at length, not found any security issues, and am very happy for the developers that they are in a stable employment scenario with MS. Conclusion is safe not evil, but keeping an eye on them anyway.
I could provide another example (unrelated to anything already mentioned), but have no substantial evidence to prove the claim, I'll leave that one alone. I believe that behind the answer you seek is the level of trust that users grant to the software developers. Each of us has our own individual placement on that scale, so an absolute answer is unlikely, even though we can often agree on certain examples. And BTW, good thread with well composed posts.
reply
caffeinator @ 2nd Nov 10:51PM:
Re: How do you determine if an app is safe or evil?
Ok, is Nmap good or evil?
Yes, it's a trick question as it depends who you are. ;)
IMO, it's a silly topic...there's no 'good' or 'evil'...just useage and intent.
The average user barely knows what a monitor is versus a hard drive...they will NEVER, EVER, EVER know what is safe.
EVER.
I can use Windows's, Linux's, OR BSD's own built-in TCP/IP functions for Evil use...so, thus, ALL OS's are evil?
Hell, I could hook up my Mac LC 575 and run a botnet from it if I were so educated. It's been sitting in a closet for 10 yrs, but it'd boot up right now if I chose and it has Ethernet and every capability of the BSD kernel at that time.
Be one hell of a referrer string eh?
--
My 9/11 Tribute..online since 9/14/01
Need an Avatar? Check out Wafen's Avatar Pages
reply
Link Logger @ 2nd Nov 11:43PM:
Re: How do you determine if an app is safe or evil?
said by caffeinator :
Ok, is Nmap good or evil?
Yes, it's a trick question as it depends who you are. ;)
IMO, it's a silly topic...there's no 'good' or 'evil'...just useage and intent.
The average user barely knows what a monitor is versus a hard drive...they will NEVER, EVER, EVER know what is safe.
EVER.
I can use Windows's, Linux's, OR BSD's own built-in TCP/IP functions for Evil use...so, thus, ALL OS's are evil?
Hell, I could hook up my Mac LC 575 and run a botnet from it if I were so educated. It's been sitting in a closet for 10 yrs, but it'd boot up right now if I chose and it has Ethernet and every capability of the BSD kernel at that time.
Be one hell of a referrer string eh?
Whenever I use nMap its always 'safe', never 'evil' ;)
Now agreed user intent is a key component, but I'm more interested in just the software with user intent aside so I'd rank nMap as being safe as there hasn't been much of a history of exploits against it. That said however the Windows version of nMap uses WinPcap and there have been a few advisories concerning it, but I'd still rank it as being safe overall.
Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool
reply
caffeinator @ 3rd Nov 02:53PM:
Re: How do you determine if an app is safe or evil?
I agree it's pretty much safe as an app, but in this weird day and times, it's considered a "hacker" tool...as are most pen testing and network analysis tools.
I've read where IT admins can get busted for just HAVING them...to do their jobs.
»blogs.techrepublic.com.com/networking/?p=263
Meanwhile, the fakeAV industry advertises on network TV every night...
It's all crazyness, IMO.
--
My 9/11 Tribute..online since 9/14/01
Need an Avatar? Check out Wafen's Avatar Pages
reply
Thank you for using lo-fi dslreports.com - report bugs
© 99-2009 silver matrix LLC