AutoHotkey Community

[BoyWhoCriedMacro]

Are you protected from threats and malicious programs? You probably think so. Norton Anti-Virus, MacAffee, Kaspersky, and all your other fancy heuristics, built with state-of-the-art detection technology to stop malicious software.

My experiment reveals startling details about the ease with which your software can be tricked - no, tricked wouldn't be the right word, since no trickery is required to slip right by these "high-tech" scanners.

I start with a new autohotkey script. I type 2 lines. Yes, that's right, 2 lines and I've got myself a fully working tojan-horse:

[jonny]

[Guest]

[jonny]

Alright, but this fact changes the assertion. It's acceptable to say that it's inconvenient for you to operate that way, but then you can't say that it's an unavoidable risk.

[Laszlo]

[jps]

I wouldnt run an exe as administrator from a source I dont feel I can trust but holy crap!!

I just wrote and compiled a script that copies itself to the default shared folder for limewire,runs and hides limewire and then deletes my avg folder.

Scanned it with avg and it said it was fine.I even called it virus.exe

Lol I'm not so confident in avg anymore.

[Titan]

Thanks for the link... *bookmarks*.
_________________

RegExReplace("irc.freenode.net/autohotkey", "^(?=(.(?=[\0-r\[]*((?<=\.).))))(?:[c-\x73]{2,8}(\S))+((2)|\b[^\2-]){2}\D++$", "$u3$1$3$4$2")

[garry]

Laszlo wrote:

[Grumpy]

Technically, what you wrote isn't a trojan, but a virus. A trojan, AFAIK, is a program quietly working on the background to steal vital information and send it somewhere.
A virus is generally written to hurt the host. It often has something you didn't wrote: the capability to reproduce itself and spread.

Most of the anti-virus / malware work with a database of known menaces. They can't statically analyze a program and mark it as malware. It is a difficult matter anyway: a program written to synchronize directories is likely to delete files automatically. It must not be flagged as malware.

Hey, you can even write a script to automatically remove from your Windows directory a bunch of files you know you will never use... (eg. TAPI drivers).

Now, if you upload your compiled script and make it available as "anti-popup program", it will be eventually detected by some anti-virus company (and shared with the other companies) and added to the database of known menaces.
So you are never protected against brand new menaces, but theoritically, they shouldn't hurt many people.

[majkinetor]

[jps]

Clearly I also shared the OP's misunderstanding of what av software can do.

Is there such software that will try and run an exe in some sort of virtual environment to see if the effects would be harmful?

[majkinetor]

Ofc.

That class of sw is calld sandbox.


See sandboxie
_________________

[jps]

Cool,looks like my internet experience is about to get safer.

Thanks

Unfortunately sandboxie crashes whenever I run it.I think maybe somethings blocking it.I've been lazy and havent run any scans for ages. I'll check for viruses and the like and hopefully I can get it running.

[majkinetor]

Use Opera and you will be safe.

There are alternatives for sandboxie, toralf poested one recently in Utilities forum.
_________________

[jps]

Ran some scans,found some stuff and now it works.
I'll look into the alternatives.

I used opera for a while last year but didnt enjoy it much.I'll read up on the security aspects and if it seems worth it I'll give it another shot.

Thanks again