Spyware, Viruses, & Security forum

Question

How To Proceed With A Suspect Application?

by nipotap / September 29, 2015 1:54 PM PDT

Hi,

A freelance developper has to send me an application he developped for me.
I found this person on internet and don't know much about him.
I highly suspect these files might either be infected or hide a feature that transfers data of mine to an external server.
So I really want to make sure that :
1. the files he sends me are not infected
2. the files he sends me can't include a trojan
3. the application he sends me can't communicate with internet to steal information from my PC (this application should not need internet to work).
How do you recommend proceeding in this specific case?

Thank you

PS : I use Windows 10, 64 bits, and I use Bitdefender Antivirus Plus 2015.
I don't use other security programm or firewall. If I should, feel free to let me know what you recommend.

Discussion is locked
You are posting a reply to: How To Proceed With A Suspect Application?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: How To Proceed With A Suspect Application?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

All Answers

Collapse -
Answer
Here's a thing.
by R. Proffitt Forum moderator / September 29, 2015 2:04 PM PDT

Just for a test we wrote Hello World in C++ and compiled it using Visual Studio and the antivirus claimed it's a trojan. How can that be?

After much haranguing about why this is or is not, we learned that many antivirus seem to be more touchy than an IED by the roadside. So why not ask for source code plus how to build it yourself?

Collapse -
This is probably a good idea, but...
by nipotap / September 29, 2015 2:22 PM PDT
In reply to: Here's a thing.

... I don't know how to do that.
I don't know how to code or build a software.

+ I wouldn't even be able to look at the code and notice if there was a malware or anything dangerous.
So I might rebuild it with the dangerous code inside.

Collapse -
Kees covers it next.
by R. Proffitt Forum moderator / September 29, 2015 2:41 PM PDT

You need to get a coder in your camp. Sometimes apps are not purposely infected by the author. Read what happened in China because coders there wanted the dev tools faster.

http://www.cnet.com/news/apple-struck-by-its-first-major-cyber-attack/

"The developers using XcodeGhost were likely unaware that they were using spurious software. Chinese developers often download Xcode from unofficial, local sites due to the slow download speed associated with sourcing it from Apple's faraway US servers. The attackers took advantage by slipping the counterfeit versions in among the regular programs."

Collapse -
How to check the source code?
by nipotap / October 1, 2015 7:51 AM PDT
In reply to: Kees covers it next.

I asked the developper to send me the source code instead of the .exe
I plann to build it with this : http://www.qt.io/
I hope it's simple... I'll go deeper into that subject later.

So, before building the .exe, I need to check everything's OK in the code.
But I am a noob in coding. Never did that in my life, although I have some knowledge in computers/IT.
So here's my question : how do you check everything's safe in the source code???

Collapse -
You can't today.
by R. Proffitt Forum moderator / October 1, 2015 8:15 AM PDT

While there are red flags you can look for such as any hard coded IP Addresses, URLs that you don't know and more. I can't write what to look for since there are so many today.

If you read http://www.sans.edu/research/security-laboratory/article/log-bmb-trp-door at the end are over a dozen other methods of attack folk place in code. I'm not an expert in all of these but have read far too much code over the years looking for Waldo.

Collapse -
so what's the solution?
by nipotap / October 1, 2015 8:41 AM PDT
In reply to: You can't today.

Your original tip was to ask for source code and build it myself, but this implies that I check it before building the exe file, doesn't it?
Is there a difference between using the exe file he sends me and building the exe file myself without checking his source code?

If there's no way to check the code, then we are back to the original point : how to make sure I won't be hacked or data of mine won't be stolen?

Collapse -
Answer
Re: suspect application
by Kees_B Forum moderator / September 29, 2015 2:36 PM PDT

Having the source code is always a good idea, just in case you want something changed and you can't find the developer any more. If you don't have the source, that's impossible, and somebody else would have to write it all over.
If you pay him to develop it, you've every right of the world to have that source code, being the owner of the application. Of course, he might put something in the contract, so that if you sell it to somebody else he gets a part of the price, but that's not unreasonable. Or even that you aren't allowed to resell it.

Then all you've got to do is to find another developer to the tech work, such as checking the source code and building the application.

Kees

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!