You are here

Protect Exe

12 posts / 0 new
Last post
Aciago
Aciago's picture
Offline
Last seen: 9 months 1 week ago
Joined: 2007-01-24 14:23
Protect Exe

I was surfing the forum and found a link to another web that show me a software called Protect Exe 0.4 beta. I still need to check for license, but most of the software in that page is open source so I think it's not a problem...

This program encrypt and password protect exe files... yes, I know is not "the best solution" but I think is something to help protect our PApps.

i.e. block firefox.exe with a password and then nobody can access our bookmarks and stored passwords so easy... I know it just need to copy our profiles, but that is not simple to figure out by regular people (like my secretary and other sneakers around here... lol)...

Also need to check for portability because it looks like it uses some kind of registry...

I'm thinking in protecting something like PAM or PStart exes, then when somebody double-click on my PDrive icon or it just try to run it it will run autorun.inf that's going to ask for a password (because it's just calling to a protected exe) and then... "dude! I can't use your PDrive, duh!" Blum

Yeah, just explore the Pdrive, but must people just press enter on the window asking what to do... Wink

Security trough obscurity is how JTH called it... Smile

EDIT: I protected an exe on my PDrive inserted ni a Desktop runing WinXP, then went to my Laptop runing WinVista Home Premium... Norton detected as a trojan and deleted it automatically, I wasn't able to test it... But on the desktop, spyware terminator and NOD32 specifically run on the file didn't detected anything... Pardon ...I'll try again...

EDIT 2: I just updated clamwin portable and tested the file... nothing detected, so it's probably another fake from Norton... Sad

Simeon
Simeon's picture
Offline
Last seen: 9 years 9 months ago
DeveloperTranslator
Joined: 2006-09-25 15:15
Nice find

Would be cool to have...
And don't we just love Norton for doing that...:(

"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate

Tim Clark
Tim Clark's picture
Offline
Last seen: 13 years 3 months ago
Joined: 2006-06-18 13:55
Give Norton a Break

I think we should give Norton a break on this one.

He has seriously altered the file. The odds are that it was done in a way which Norton considers suspicious.

Unless you want all Malware detectors to go strictly by signatures, in which case they are worthless with a slight modification of the malware, there has to be some behavioral heuristics involved.

He has altered the file, he knows what was done, he knows it is safe. Someone with malicious intent could do the same thing and it might not be safe. I would want Norton, or McAfee, or what ever, to alert me to a possible danger, wouldn't you?

And of course we are Assuming that "Protect.Exe Beta" is safe, aren't we?
If we use the same tools for good, that others use for evil, false positives are to be expected, No?

It's when we get false positive for things that a common that I get annoyed.

Tim

Things have got to get better, they can't get worse, or can they?

Patrick Patience
Offline
Last seen: 4 years 7 months ago
DeveloperModerator
Joined: 2007-02-20 19:26
Lol

Then you give Flash (Flush) a break. Blum Just for Christmas. Smile

Tim Clark
Tim Clark's picture
Offline
Last seen: 13 years 3 months ago
Joined: 2006-06-18 13:55
Afraid Not :-(

I wish I could but I'm afraid not Sad

Serious Flash vulns menace at least 10,000 websites
http://www.dozleng.com/updates/index.php?showtopic=16745

No patch anytime soon
http://www.theregister.co.uk/2007/12/21/flash_vulnerability_menace/

This latest round of vulnerabilities announced just the other day does not look good. They Are NOT patched by the latest update I announced in an other thread Sad

It looks like this latest discovery of vulnerabilities will Not be easy to fix :o

Looks like we have Adobe/Macromedia coal in our stockings for the holidays Bad

Tim

Things have got to get better, they can't get worse, or can they?

Ryan McCue
Ryan McCue's picture
Offline
Last seen: 14 years 9 months ago
Joined: 2006-01-06 21:27
And the rest...

The other smilies you didn't use:
Smile
Biggrin
:evil:
Blum
Pardon
:cool:
Shock

Hehe Blum

"If you're not part of the solution, you're part of the precipitate."

Tim Clark
Tim Clark's picture
Offline
Last seen: 13 years 3 months ago
Joined: 2006-06-18 13:55
They were not appropriate to

They were not appropriate to the content/nature of the post.
Of course with "Flush" --> }:)

Things have got to get better, they can't get worse, or can they?

nycjv321
Offline
Last seen: 15 years 12 months ago
Joined: 2006-06-04 15:53
...

"i.e. block firefox.exe with a password and then nobody can access our bookmarks and stored passwords so easy... I know it just need to copy our profiles, but that is not simple to figure out by regular people (like my secretary and other sneakers around here... lol)..."

bookmarks are stored in a file so encrypting Firefox wouldn't do so much only set off anti virus off (would sound alarm since its a tool to hide trojan files Smile Smile

"I'm thinking in protecting something like PAM or PStart exes, then when somebody double-click on my PDrive icon or it just try to run it it will run autorun.inf that's going to ask for a password (because it's just calling to a protected exe) and then... "dude! I can't use your PDrive, duh!" Sticking out tongue"

then they just go into drive and look into subdirectories and take what they want

Slackware 12 for system
MCP (For XP and Server 2003)
Network + Certified
aim is "nycjv321" (minus quotes)

Patrick Patience
Offline
Last seen: 4 years 7 months ago
DeveloperModerator
Joined: 2007-02-20 19:26
Well

I'll leave it at.

'Many computer users aren't are smart as you think'

And he knows they're stored in a file which is why he said:

I know it just need to copy our profiles, but that is not simple to figure out by regular people

Also he said, they'll get confused about the Menu:

then when somebody double-click on my PDrive icon or it just try to run it it will run autorun.inf that's going to ask for a password (because it's just calling to a protected exe) and then... "dude! I can't use your PDrive, duh!"

So you basically just repeated what he already explained he knows. Blum

nycjv321
Offline
Last seen: 15 years 12 months ago
Joined: 2006-06-04 15:53
...

SORRY I didn't read his whole post Smile

Slackware 12 for system
MCP (For XP and Server 2003)
Network + Certified
aim is "nycjv321" (minus quotes)

Aciago
Aciago's picture
Offline
Last seen: 9 months 1 week ago
Joined: 2007-01-24 14:23
After testing

When you finish protecting the exe file, you'll have two files in your computer program.exe (with the protecter's icon), and program.exe.back, just removing .back you'll have your unprotected exe again... so it's really security trough obscurity... lol

But I don't worry about that, 1) many people don't realize it, and 2) is a beta 0.4, stuff must improve... Blum

And since turning off Norton is not an option... I think I'll need to contact the program's owner to invite him to join us... Wink ...to ask if the program is Open Source, to request the source... and then ask ede (Convey), Ryan McCue (Lost), SmithTech (PApps launcher), John T. Haller (Papps.com) and even PegTop (Pstart), how can something like this can be integrated into those Apps... for example in Lost.exe with the launcher, the option to set a password and if it doesn't match then when pressing "ok" Lost don't launch anything and show an error message, the same with PApps launcher or in the Menus...

Something simple, not "super-FBI-proof" encryption system.

What do you think?

BTW, nycjv321, I suppose that since English is not my native language (but Spanish), that I didn't explain myself very well, but I'm conscious of all those obvious ways to skip the protection, and even more that I'm discovering, I'm just suggesting a first step... Wink

If a packet hits a pocket on a socket on a port,
and the bus is interrupted as a very last resort,
and the address of the memory makes your floppy disk abort,
then the socket packet pocket has an error to report Biggrin

nycjv321
Offline
Last seen: 15 years 12 months ago
Joined: 2006-06-04 15:53
...

no dont worry I wasnt reading your post correctly Smile SORRY I didn't the whole post Smile

Slackware 12 for system
MCP (For XP and Server 2003)
Network + Certified
aim is "nycjv321" (minus quotes)

Log in or register to post comments