Subscribe to An Interesting Weekend        RSS Feed

An Interesting Weekend has no entries yet


Page 1 of 1

The dark side of .net

I will start with this:
Do Not PM Me asking for code, I will not give it to you and you waste me PM space
Disclaimer:
I did not touch any machines other than my own with my code.

Its interesting how often we (people, programmers, Script Kiddies) are given the tools to create some thing absolutely brilliant, but someone then uses for an alternate purpose. Maybe its because they cant make anything better or maybe just to prove a point these people I am describing are the millions of so called computer "Hackers" who terrorise the general public with the male-ware that they have written in either vb.net or C#. Though I will mention the now degraded Virus writing language vb 6.0, please I don't mean offence if you have a genuine reason for programming in VB6, but if you are get on the .net band wagon. But Don't worry they will all have to get over themselves and move to .net within the next generation or so of windows.

So why am I writing this?

Well quite recently I spent a couple of days seeing what you could do with a good knowledge of Visual basic and an imagination. So what I ended up with was a piece of code that was really quite effective at getting into a machine and doing what ever it wanted. Luckily for us (the general public) most of the people who write vb.net "Trojans" and "worms" don't know how to use Code-Dom or how to access low level C functions. My Code was capable of the following things:
  • Finding a random Directory and copying itself to it
  • Setting itself up to run in the registry
  • registering itself as a process
  • removing any av's from the system (removing them from registry)
  • Emailing me to tell me that it had happened
  • (I stopped here because this was all I needed to prove this point)

This list isn't the most amazing thing in the world. If this was in some other programming language then the list would be more like (note the low level hooks):
  • Infect machine in system 32
  • low level hook the machine and remove all traces to prevent detection
  • remove av
  • Hook the Boot sector of the machine
  • replace critical system files with itself
  • and the list goes on...

And why cant we do this in vb.net? Maybe Microsoft foresaw this coming and removed the power from the .net frame work. Or maybe they just decided that it was too much power anyway?

How does this affect the slightly more legal ( tongue.gif ) programmers?
well it doesn't really, except that if things continue with these idiots making Trojans that don't work, then Microsoft may start cutting down our access to core functions like the registry and copying files, requiring direct user permission. An then that will start to imped into the good work the rest of us do.

Has Giving the tools to the common people caused this effect and if so why do we still have these tools available?
Unfortunately great though it is being able to write your own apps, (and viruses). Microsoft will never remove these tools, maybe change them but never remove them. The number of programs currently available commercial and otherwise for the .net framework is huge. and that's all down to the tools. And the viruses. So maybe a sensible solution would be to remove the free tools and keep Visual studio, the paid version. As that means not just anyone can pick up a copy and start making viruses surely? Well yes but that also means that people like me who could not always buy it could not join in with the programming experience.

What about this potential merge between C# and Vb.net?

This could give the .net framework more power, though Microsoft will probably cut down the power of the .net framework, whilst increasing what you can do with it. For example you will no longer be able to copy a file to the system directory but you will be more than able to build a sha2204 hash (Made Up tongue.gif ). If this does happen the everyday user will not notice, we will silently be the victims of silencing, but oh well if you don't notice and you don't care, plus you get the benefit of a safer PC experience then does it really matter what Microsoft do?

My conclusion
You shouldn't write male-ware, but if your going to do it to you own computer and don't use a .net language. The .net framework should be freed up for leisure programming and business solutions. Also I strongly believe that Microsoft should remove free download of the .net development tools and replace it with some kind of on-line version that prevents virus like activities, or even a desktop version to the same effect.

If you have any thoughts I would be very interested to hear them. Especially on what should be done to try to prevent virus development.

December 2014

S M T W T F S
 123456
78910111213
1415161718 19 20
21222324252627
28293031   

Tags

    Search My Blog

    0 user(s) viewing

    0 Guests
    0 member(s)
    0 anonymous member(s)