Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I have written a c# program to monitor what my daughter is doing on her computer during her online lessons (due to COVID lockdown).
She has a habit of going onto Discord to chat with her friends instead of following the lesson. She also plays Minecraft during lesson time.
I don’t have the time to keep checking up on her so my wife urged me to write this software.
But the software is detected by Windows Defender as a Trojan as shown below;
Detected: Trojan:Script/Wacatac.B!ml
This program is dangerous and executes commands from an attacker
I can see that it is a Trojan of sorts but it is not being used in that vein. I am simply using TCP SOCKETS to allow myself or my wife to keep an eye on our daughter and to message her and if need be to close down the offending application remotely.
The way that MS Defender keeps quarantining each new compilation as I fine tune the exe to do what I need it to do is a real bind.
I am hoping that somebody might know a way around this.
After all I am using an API (System.Net.Sockets) that is part of the Microsoft DotNet library.
It is as if Microsoft were banning the use of an API that it provides.
My daughter is back at school on the 8th March 2021 so it will be redundant after that (hopefully) but as a developer I would still like to know how to solve this.
... close down the offending application remotely.
To some extent, this indeed makes your program "execute commands from an attacker." It seems like the issue does not lie in whatever API you use - but instead, what the program actually does.
You may try obfuscating your program with something like ConfuserEx, though it is possible that Windows Defender flags the obfuscated build as well, because this is what some real malwares do to hide themselves. The easiest solution is to place the program in a separate directory and add that directory to Windows Defender's exclude list.
We run up against this kind of problem frequently, and realistically there's not a lot you can do about it. False positives are just a part of what we have to deal with, and the only way to deal with them for low-distribution items like personal remote administration tools - or my own common case, custom AV upgrade scripts - is to add exceptions for your own programs when you install them on a computer, and every time you update the code.
It is as if Microsoft were banning the use of an API that it provides.
Unfortunately malware uses those same APIs. AV vendors are constantly upgrading their definitions to catch as many threats as possible and common techniques used by malware are also present in remote administration tools.
From a quick search it looks like Wacatac.B!ml is a particularly problematic detection that has struck all sorts of legitimate applications, including an open-source launcher for Blender recently and several other items.
From experience the !ml tag means that the definition was derived via machine learning which means it most likely is a deep heuristic rather than a code fingerprint.
Possible Solutions
The most general way to get around this type of heuristic detection is with extended validation code signing. Since this requires a relatively expensive certification process it's unlikely to be a useful solution for your in-house child monitoring tools.
In your case perhaps a path or file exclusion would allow you to continue to refine your tool without having to worry about it constantly being detected and blocked. I wouldn't recommend this for production systems, but for home use only it's simple, althout occasionally unreliable.
Finally, you could radically change the code. If you can't find a way to avoid detection using your current code base then consider using a different technique altogether. Enable powershell remoting and run a collector script on another machine on the network. Build a web-based agent that polls a web service (on the local network of course) to get commands to run. Use a popular library that will handle the actual communications for you rather than accessing the sockets yourself. Not as efficient maybe, but sometimes all it takes is one change to get the false positives to leave you the hell alone.
Related
One of my problems, is that I support clients who often spend a lot of time monitoring if their servers (and services) are functioning properly, and that their network is up and running smoothly.
All of these tasks are easily re mediated through PowerShell, and I had a grand idea to unify all of the tasks and present them in a GUI, with the ability to tail the logs on remote servers at will.
I can execute PowerShell remotely to ascertain all of the facts I need about the servers involved, can poll and retrieve all the relevant points of data, aggregate them in a database, perform trend and abnormality analysis, that's all good.
But I want to aggregate it all into a sort of "management console" to alleviate all of the mundane tasks. Why not?
So I'm looking for some pointers as to where I can look for any frameworks, HTML based or application based, that can leverage the power of PowerShell into a somewhat modular UI interface. From what I've seen and experimented with, C# is abnormally complicated when executing PowerShell cmdlets.
Pardon my ignorance, I'm mainly a scripter. Please point me to the right direction!
I can imagine the exact GUI I want, and can grab and analyze all the data I need to accomplish it... Just not sure of the glue that connects the two.
Take a look on PowerGUI by Dell - it's designed for tasks like this.
Also you can try to do all with bare-hands coding using Windows Forms in PowerShell, like described on this TechNet blog post's series.
Also there is many PowerShell IDE's with visual Form designers - AdminScript is one of oldest.
This is a very general question, I beleive too general for StackOverflow. Here are my first thoughts as is :
1) Collecting datas on server is avery old story, begining with SNMP and continuing with WMI and more generaly "Windows Management Framework" on Windows. So client UI, you can adapt to your clients exists on the market. Have a look to Centreon, or Paessler.
2) As far as PowerShell is involved have a look to the Quest (now DELL) PowerGUI console (not the script editor)
3) If really you want it (not a good idea for me) you can write a PowerShell UI application, have a look to Sapien's PowerShell Studio. I give some clues about programming PowerShell UIs here.
I recently launched my desktop application and it got cracked after a few days. I posted a question on stack overflow and people said that i cannot stop that. In the start of the software i cannot allow this to happen and i want a solution. So, following is what i am thinking.
Currently, I have desktop application that communicates with the web server to verify the user. Once the user is verified it saves the values in Registry. The hacker has bypassed the communication code and added fake values in registry and he can use my software now.
Now, i am planning to take some of my code from MAIN features of the software to a WEB SERVICE hosted somewhere else on a web server. Whenever the software needs to run that feature the software will give a call to the WEB SERVICE with the values in REGISTRY. I will verify those values and return the results. But if the values will not match my database then i will reject the call.
So, my questions is:
1- Do you think this solution is feasible ?
2- According to my thinking, it will make the software useless to the hacker. What do you think ?
3- Any flaws in this solution ?
You don't have to get cracked. Jeez, everybody thinks there's no solutions available to prevent piracy, but there are. Disclaimer: I work for a company (Wibu Systems) that prevents software piracy and provides license management solutions.
Here's the thing: this (like all security issues) is a highly specialized area of focus and the crackers are smarter at this than you are. They are already familiar with the different home-grown solutions people roll themselves and can crack those quickly.
Commercial solutions (ours is CodeMeter; in all fairness other companies make good solutions too like SafeNet and KeyLoc) rely on strong encryption with multiple layers of protection against key discovery. These companies have spent years developing, improving, and testing their solutions; it's unlikely you will be able to come close to the robustness and quality of such a solution on your own. I can almost guarantee you that any solution you create on your own will get cracked very quickly, unless your product is uninteresting to the crackers.
I'm not trying to create an ad here; I just want to set the record straight. Companies that traditionally got cracked constantly who switched to CodeMeter stopped getting cracked. Check out Propellerhead's Record product for a good example.
I searching people who know some experience with bug tracking on client machines,
if my application works on many client machines who i don't have to it any access.
I have in my application very huge debug logging feature, but in many cases this is
to less to good detect problem of crash without very bigs and unreadable logs, then i searching some other solution for detect this type of problems.
I want to develop some code who good transport me information about software crashes.
On Developer machine i use after crash Visual Studio JIT Debugger, but in remote option i can't use it (i think) is any good way to transport information about crash to me in for example JIT crash format?
I want this solution for pure C++ unmanaged project and for managed C# separately.
Greetings,
Thanks for good answers.
See this blog post about minidumps. It should do what you want (I think).
The nice thing about this is that you don't need to write a line of code. Microsoft has already written all the code for you. Have you ever encountered one of those "Report this crash to Microsoft" dialogs? That's sending the crash information that you want.
Wait, you may say, that's going to Microsoft, not me. Indeed, but you can get the information from Microsoft. They will even group the crashes by crash location, and provide nice statistics. You only need to do a few things. One, you need to sign your software so Microsoft knows it's your software. Two, you need to sign up for the Windows Quality Online Services (WinQual). Three, you need to list which versions of your software you've released.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I want to create a small helpdesk ticket control system at work, that would allow users to enter a help request ticket; these tickets would then be assigned to a technician to work on, and the technician would mark it as "FINISHED" after the job is done. The requesting user would then be able to confirm and "CLOSE" the ticket, so that a Help Desk supervisor can keep track of response times and other stats based on the ticket details. Nothing too complicated, using .NET and SQL Server.
I am not sure if I should develop this as a Web application or a Windows application. This application would be used in the plant floor, so it would have to be easily available in the LAN. But we currently host a list of Windows applications via Citrix, so deployment would not really be an issue here. I don't really have experience creating winapps from scratch (though I've modified quite a few), but it feels like a web application would not look as "solid".
What advice can readers provide that could guide me into deciding the better architecture for this purpose?
EDIT
Thank you all for your thoughts! Given that this is a very simple application, I could go either way. I decided to go with a Web application, as our local Citrix setup still has some quirks that need to be fixed.
If you develop a web app you can pop it on your local intranet and your users can use either their browser within Citrix, or via the browser on their terminal.
However, if you've got the infrastructure in place, then perhaps a Windows application would be easier to develop and deploy. The only limitation with a windows application would be that if you were to move away from a Citrix environment, or were to expand to wanting to use the system externally to the plant floor, then it's harder to deploy and maintain your installations.
You can use Web Deployment with Windows applications which is quite nice as it updates itself whenever you publish a new version, however it is a bit of a faf for the users and you've no guarantees that the user will allow the update to occur. So if you had a critical update, the users could, in effect, choose to ignore it.
That's where the web application gets its bonus points. One installation and one point of access. If you update it, then all users are instantly on the latest version.
Personally, I'd go with the web application for future proofing and ease of acccess. It's slightly more work than a windows application, but the payoff usually exceeds the extra time required for the web application.
Before writing this system, I would highly recommend searching www.codeplex.com and making sure that adapting another work isn't a better choice. You may find something that is already written and meets your needs while allowing you to dig around, learn and be ready to modify when they want some new feature not already present. (I believe all projects grow if the users believe in the developer.)
If you are going to write your own and can do it in the time you have, I would highly recommend that you either go with MVC if web based, or WPF (using MVVM) if you want a desktop client. There is a definitive learning curve to either MVC or WPF with MVVM. But I believe the payoff will come. I have found changes much easier when there is a clear line between business logic and visual behavior.
Personally, in this situation I would go for a windows application - as it doesn't sound as though you've any compelling reason to invoke the complexity of web-ness (perhaps it's just me that thinks web => additional complexity). I'm sure you could create a neat little windows app. in half the time it would take to create a clunky web version of the same thing!
As a sidenote:
I really like the way Eclipse Mylyn integrates with XML-RPC. Check this architecture out for inspiration:
http://www.eclipse.org/mylyn/
If you went for a similar strategy you might start off with a simple front end (Maybe as a C# with a native GUI and augment with a web-based integration with your intranet at a later point whichever is the fastest for you to do).
In esscente a 3-tier approach where you have:
The database.
The application layer wich implements an XML communication protocol (XML-RPC is quite simple).
A front end where information fields and workflow steps are 'introspected' rather than hardcoded in the client.
Just a though, hope it helps.
Write a winform app, and distribute it over ClickOnce. It's the best way to go, IMO.
Don't rush to make this decision. In the end, the Web vs Win question is about user accessibility. Much of the processing logic for your business need is independent of the interface. Spend your up front time building the right data model and identifying the necessary processing/services that you need. A well designed DB and service layer will work with both Web and Win apps. This will also give you the best flexibility as your "product" inevitably grows. You may very well want a web interface for managers needing reporting functionality and a WinForms application if you need more advanced user processing abilities for your users. And that is when your initial design work will payoff.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
I've been looking for a simple key/license system for our users. Its partly to stop piracy (avoid users from sharing the application around) and the other half to track the number of 'licensed users' we have. I have already read a few good suggestions on SO but I'm curious as to how people have implemented the 30 day evaluation criteria.
Do you generate a key that stores the date somewhere and do a comparison each time or is it a little more complicated - deleting the file/removing the registry shouldn't deactivate.
Are there any example implementations out there that can give me a head start? The irony is that our PM doesn't want to license a third-party system to do it for us.
This is for a Windows Forms application.
Have you checked out the Rhino-Licensing project by Ayende Rahien. You can also see his blog post about licensing a commercial product which led him to develop this solution.
There are two separate challenges: i. How do you prevent a copied app from running. ii. How to prevent users from ripping out/bypassing your prevention scheme. The first one is usually done by taking a hard to copy signature of the user's system (e.g. Hard Drive ID + Processor ID + RAM, etc) and using it as the seed/key AND activating it on-line by calling "home".
The Second issue is harder to do in .Net since the source code can be in someway extracted and recompiled to exclude your protection system. The key here is to make it cheaper to buy the license than to remove the protection at the user's end. You may find that for most products, the suggestion to use a customized engine to encrypt your product libraries that also contain your copy-protect and decrypt it at initial run-time, might be enough.
I am not sure you can actually protect a .NET - There may be commercial solutions that do the trick. The reason is .NET code can be seen through Lutz Roeder (Thanks Jasonh for the heads up) Red Gate's Reflector (It was formerly by the named guy above). The best way to deal with it is to look for code obfuscation which makes reflecting more trickier, I can point you to one place I know of that does this for free - Phoenix - NtCore.Com.
The more esoteric solution would be to create a .NET hosting environment in C++, load the binary image (which could be encrypted) and the hosting environment than undecrypt it in memory - have heard of that theory but not sure how that would be done in practice. Please do not use your own protection scheme as there could be a weakness.
Someone once said - "Security through obscurity"....
Hope this helps,
Best regards,
Tom.
I worked on a project that handled this by putting some critical functionality (for example data storage, reporting, or payments) on an external server we ran, and requiring the user to log in to this server to get the functionality.
Customers can make backups, share, or run the application locally, but to access this critical function they have to type a password in to our application and connect to our server. Customers knew the password allowed changing their data, so they would not want to share the password with other people.
This was handy because we do not care how many copes of the application are out in the wild, we only track server connections. We included machine-identifying data like MAC address in the connection data, so we can track which machines are connecting.
I'm not just saying this because my company sells the OffByZero Cobalt software licensing solution for .NET: your PM should know that software licensing is very hard to get right, and if you roll your own, you'll be supporting it for the foreseeable future.
Take a look at the article Developing for Software Protection and Licensing; it explains how to choose a solution, why you should obfuscate your application and gives a number of tips for structuring your code to be harder to crack.
In particular it makes the point that the vast majority of companies should outsource their software licensing, as it makes no sense to spend developer time on building and maintaining a complex system that isn't your core business.
What is more important to your company: adding an important new feature to your product, or tracking down a peculiar permission behaviour on an ancient version of Windows that's clobbering your licensing system?