mIRC Home    About    Download    Register    News    Help

Print Thread
Another idea ;-) #28471 06/06/03 06:41 PM
Joined: Mar 2003
Posts: 58
A
Adler Offline OP
Babel fish
OP Offline
Babel fish
A
Joined: Mar 2003
Posts: 58
Here are posted some threads with suggestions, and the answers to this threads are "its dangerous" and "you could use com objects"
Com Objects, i think, are also dangerous and my suggesion is:

If i load a file, mirc should be warning the user (if com objects included)

e.g. Security warning...


Re: Another idea ;-) #28472 07/06/03 12:22 PM
Joined: Dec 2002
Posts: 774
T
theRat Offline
Hoopy frood
Offline
Hoopy frood
T
Joined: Dec 2002
Posts: 774
Why would you load a script whitout knowing what it does?


Code:
//if ( khaled isgod ) echo yes | else echo no
Re: Another idea ;-) #28473 07/06/03 01:28 PM
Joined: Apr 2003
Posts: 210
S
saxon Offline
Fjord artisan
Offline
Fjord artisan
S
Joined: Apr 2003
Posts: 210
i Suppose it's something that a non-technical minded person would get used too. With computers, your always dealing with code and programs, you have no idea what's in the .exe file. Even if you have the source code for a program, the chances are, they would not be able to spot a virus or whatever. This is where Anti-Virus programs, and intelligent warning systems come in, so the non-technical user doesn't have to be deprived of trying out scripts/programs. Sockets and COM, and maybe file manipulation should really be added to the disableable commands... The average popup-sharing newbie doesn't need the risk.

Re: Another idea ;-) #28474 07/06/03 05:17 PM
Joined: Dec 2002
Posts: 2,962
S
starbucks_mafia Offline
Hoopy frood
Offline
Hoopy frood
S
Joined: Dec 2002
Posts: 2,962
If someone would run a script without having any idea what it contained would they be any less likely to stop a script when a warning came up saying that it was trying to make use of COM objects? I doubt it. The scripter could just put in the readme file that if a warning pops up the user must click yes for the script to work. People who will run things without checking them will almost inevitably do whatever they're told by strangers. An exe file is different because it is by nature closed-source, and anti-virus programs are made to look for viruses in them. The number of mIRC script related false positives and succesful mIRC script trojans just goes to show how inadequate AV software is when it comes to mIRC.

Quick list of the commands available in mIRC scripting that could be used for backdoors: /sock*, /dll, /run, $dll, /bwrite, /bread, $com, /com*, on TEXT, on NOTICE, /remove, /rename, $read, /write*, $*code, /dcc*, /savebuf, /loadbuf, /play, $cb.

And those are just things I came up with that I would consider 'dangerous'. To remove creation of unwitting spam bots and the like you're gonna have to remove /while, /timer and /goto aswell. Hell, you'd have to remove all methods of output entirely.

My point being that if someone doesn't have the know-how and doesn't know anyone trustworthy who does then they probably should miss out on certain scripts.


Spelling mistakes, grammatical errors, and stupid comments are intentional.
Re: Another idea ;-) #28475 07/06/03 05:49 PM
Joined: Apr 2003
Posts: 210
S
saxon Offline
Fjord artisan
Offline
Fjord artisan
S
Joined: Apr 2003
Posts: 210
Yeah I wasn't really supporting the idea of the warning message, I was however supporting the idea that COM can be harmful. As harmful as /dll and /run ... So why not give it the same option to be disabled?

It wouldn't be an impossible task to disable other harmful commands, mIRC's library isn't that vast. But COM is a specific problem, Seeing as at the end of the day, it doesn't matter what you disable in mIRC, a user can most probably use COM support to do it.

Weve already seen that COM write to the registry "with utmost ease", and Im sure you don't need me to repeat all the fears people have about that.

Re: Another idea ;-) #28476 07/06/03 05:57 PM
Joined: Dec 2002
Posts: 2,809
C
codemastr Offline
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 2,809
Not to mention since COM support will allow you to access the registry, you can use COM to turn off lock settings, so if COM is allowed, even if every other dangerous command is not, you can just edit the registry and delete the key that stores the "lock" options.