"Evil" Addon Developer

You may lock Orbiter for a few people, before it is retired from OH and then people's reviews would send the author and addon into oblivion. Posting of such addon maker would be likely to be ignored and my guess is that that member would be watched for improper behavior.

How about an addon to lock an addon dev?:p
 
dgatsoulis said:
What if someone was to make an addon that would look like an "innocent" base or a new ship, but in reality gained access to all your personal information (emails, banking accounts, passwords, etc.) the minute you installed it?
Click to expand...

This is another reason why I strongly prefer open source addons. And I think that having a large open-source vs. closed-source code base is a reason why Linux seems to be safer than Windows, too. (Yes, Hielor, I know Linux is less interesting than Windows for crackers ;) )

Malicious software can only survive in the dark. If you are honest, show your code :P

regards,
Face
 
i once heard somewhere that the best way to keep your data safe, is to have it stored in redundant HDs, removed from the computer and placed in a safe deposit box in your local bank

that oughta keep the hackers at bay - HA! :chainsaw:
 
Good catch. The idea is that you can recompile it, and in case of Linux, you have all automated scripts for that, just not enough time to check all the source that you get. You have to rely on other, trusted members. This is where something like a Community is needed.
 
What's the problem? We'll make a TRON MFD that checks everything that goes in and out of the system, and de-rezz any malware with a masterful strike of frisbee.
And then we'll find out who the culprit is and target him with an R-7.
 
What I think would be a more likely scenario is that someone unknowingly puts a virus in is or her addon. I was doing some research on viruses and I found that some newer viruses can attach them selves to other programs. Like the one that infects Microsoft Word. It attaches itself to any document opened in the infected Word. So if you open a document that was saved in an infected Word you just infected your self. So a similar program could infect someone's "read me" files for their addon, Now when anyone opens they will be infected.
 
It looks like the natural outcome of this thread will be FEAR MFD.
FEAR = Frantic Evil Addon Recognition.

---------- Post added at 06:59 PM ---------- Previous post was at 06:45 PM ----------
vonneuman said:
I found that some newer viruses can attach them selves to other programs.
Click to expand...

Old viruses did that too.

vonneuman said:
Like the one that infects Microsoft Word. It attaches itself to any document opened in the infected Word. So if you open a document that was saved in an infected Word you just infected your self.
Click to expand...

Very old. By 1996 there were already such viruses.

vonneuman said:
So a similar program could infect someone's "read me" files for their addon, Now when anyone opens they will be infected.
Click to expand...

Any file that contains executable code or script or that changes options to redirect things or registry could be harmful.

Dangerous file extensions:

.386 Windows Enhanced Mode Driver.
.ADE Microsoft Access Project Extension.
.ADP Microsoft Access Project.
.ADT Abstract Data Type.
.APP Application File.
.ASP Active Server Page.
.BAS Microsoft Visual Basic Class Module.
.BAT Batch File.
.BIN Binary File.
.BTM 4DOS Batch To Memory Batch File.
.CBT Computer Based Training.
.CHM Compiled HTML Help File.
.CLA Java Class File.
.CMD Windows NT Command Script.
.COM Command (Executable File).
.CPL Control Panel Extension.
.CRT Security Certificate.
.CSC Corel Script File.
.CSS Hypertext Cascading Style Sheet.
.DLL Dynamic Link Library.
.DOC MS Word Document.
.DOT MS Word Document Template.
.DRV Device Driver.
.EML or .EMAIL MS Outlook Express E-mail.
.EXE Executable File.
.FON Font.
.HLP Help File.
.HTA HTML Program.
.HTM .HTML Hypertext Markeup Language.
.INF Setup Information.
.INI Initialization File.
.INS Internet Naming Service.
.ISP Internet Communication Settings.
.JS .JSE JavaScript.
.LIB Library.
.LNK Link.
.MDB MS Access Database or MS Access Application.
.MDE Microsoft Access MDE database.
.MHT .MHTM .MHTML MHTML Document.
.MP3 MP3 Program.
.MSO Math Script Object.
.MSC Microsoft Common Console Document.
.MSI Microsoft Windows Installer Package.
.MSP Microsoft Windows Installer Patch.
.MST Microsoft Visual Test Source Files.
.OBJ Relocatable Object Code.
.OCX Object Linking and Embedding (OLE) Control Extension.
.OV? Program File Overlay.
.PCD Photo CD MS Compiled Script.
.PGM Program File.
.PIF MS-DOS Shortcut.
.PPT MS PowerPoint Presentation.
.PRC Palmpilot Resource File.
.REG Registry Entries.
.RTF Rich Text Format.
.SCR Screen Saver or Script.
.SCT Windows Script Component.
.SHB .SHS Shell Scrap Object File.
.SMM Ami Pro Macro.
.SYS System Device Driver.
.URL Internet Shortcut.
.VB .VBE VBScript File.
.VBS Visual Basic Script.
.VXD Virtual Device Driver.
.WSC Windows Script Component.
.WSF Windows Script File.
.WSH Windows Script Host Settings File.
.XL? MS Excel File.
 
vonneuman said:
What I think would be a more likely scenario is that someone unknowingly puts a virus in is or her addon. I was doing some research on viruses and I found that some newer viruses can attach them selves to other programs. Like the one that infects Microsoft Word. It attaches itself to any document opened in the infected Word. So if you open a document that was saved in an infected Word you just infected your self. So a similar program could infect someone's "read me" files for their addon, Now when anyone opens they will be infected.
Click to expand...

It doesn't quite work like that. Orbiter read-me files tend to be plain text documents rather than word files. Word files can contain actual instructions for Word to do things, whereas a text file reader simply shows the file and doesn't accept any instructions. The biggest vulnerability through Orbiter would be a DLL that, once attached to Orbiter, infected the user's computer with something nasty. Some developers also make executable installers for their addons, and that could potentially be dangerous.
 
How much damage can one virused add-on make? It won't be up for long, as people would tell at once that something is wrong, and there would be few downloads.
Now, hijacking Martin's account and posting a "new version or Orbiter"'s full of viruses can be quite efficient.

What is the worst kind of attack we can expect? A pissed-off "genius" who made a hypercube in a vessel maker and got no thousand wow's he expected? Not the kind of a person that would have enough subtlety to do real damage.
It takes intelligence to do persistent damage, and intelligence don't mix well with malevolence.

Sure, an idiot can do a lot of damage while being in a position of power, but there are no such WMD's around our little community.
 
ar81 said:
Any file that contains executable code or script or that changes options to redirect things or registry could be harmful.

Dangerous file extensions:

.386 Windows Enhanced Mode Driver.
....
.XL? MS Excel File.
Click to expand...

ANY file could be malicious, even without having an executable extension. Or do you really think you need to name it .exe for executing it?

The list is a classic, and wrong. Because it gives you a false knowledge. For example it doesn't list other container formats, that can contain malware easily. No JPEG, no MPEG, no MP4, no JAR, no AVI, no PDF.

Instead, before you fall prone to such lists again, learn the most important rule of security: Know what goes on and be a bit paranoid.

A .txt file with strange characters can be in Unicode or could be an executable overlay downloaded by a dropper to be included in your system. The difference is the use, not the format.

With Steganography, you could even hide instructions for a Trojan in absolutely harmless images. Still think you are safe as long as you have none of the list as initial entry point? A small error in many Java implementations and a "harmless" java applet can install a complete rootkit on your PC, hidden as .tiff. which is, in fact, another container format. No heuristic security scanner would notice it, if it is not noticing the obfuscated P-code sequence. You could even hide malware in .3ds files, if you have a decoder on the system.

Once the problem is on your PC, the data transfer can be extremely innocent. It is all just a matter of bandwidth. a few packets that would easily go through most firewalls as innocent TCP/IP overhead, created already deep inside your operating system kernel.
 
From a human perspective it takes a very upset and unhappy person to do that. making such addon would imply that the author wants to play a psychological role play game called Drama Triangle. It is silly to play such a game in Orbiter community, a waste of life.

Spending weeks to make a decent addon and then find out that someone here spotted the malicious code, could make a very bad combination. Quite frustrating, because praise would become criticism, and tons of effort and headaches would bring a few downloads only.

True hackers do their stuff for money. Big money, and this is a community with no money involved. You do not use to see billionaires piloting Orbiter.

The best way not to have a problem with online stuff is to have an offline life.
 
Urwumpe said:
Once the problem is on your PC, the data transfer can be extremely innocent. It is all just a matter of bandwidth. a few packets that would easily go through most firewalls as innocent TCP/IP overhead, created already deep inside your operating system kernel.
Click to expand...

Indeed. After a short talk on IRC about dangers from data-files, Nerull mentioned this: http://scienceblogs.com/goodmath/2007/04/strange_loops_dennis_ritchie_a.php .

Imagine your Visual Studio is compiling backdoors all around... now that's for being paranoid...

regards,
Face
 
ar81 said:
True hackers do their stuff for money. Big money, and this is a community with no money involved. You do not use to see billionaires piloting Orbiter.
Click to expand...
I'm sorry, but it seems you really don't know much about what you're talking about. First, a list of 'dangerous' file extensions, which, as Urwumpe already posted, is useless. Now you're saying that the only motivation to 'hacking' (quoted because it's the wrong term to use) is money?
 
MeDiCS said:
Linux is safer, but not trouble-free.
Click to expand...
I agree.

Linux is much safer than Windows in terms of viruses and what not, but malicious scripts and programs will always exist regardless of OS. Even the not-so-widely-used FreeBSD has its share.

I personally feel that while it is entirely possible to cause harm via an Orbiter .DLL, there are few to none in the Orbiter community who would attempt such an act. We tend to be more civil and supportive than thepiratebay.org, for example.

As long as you have a good anti-virus software (I even have a program for my Linux distro) and access to a strong tech support community which provides malware removal programs and instructions, you need not worry too much about viruses.

In the end, personal responsibility and common sense is the best anti-virus measure.
 
MeDiCS said:
I'm sorry, but it seems you really don't know much about what you're talking about. First, a list of 'dangerous' file extensions, which, as Urwumpe already posted, is useless. Now you're saying that the only motivation to 'hacking' (quoted because it's the wrong term to use) is money?
Click to expand...

I did not say "only" but a truly talented hacker would not be someone trying to show off as a dev while he should remain in the shadows because of what he does. Or am I wrong?

Indeed the generic list Urwumpe criticized, was a copy-paste of a list that is available for employees at the company. So it looks like the company has IT people who present generic and incorrect info. Do not blame me, blame IT dept.

As for what Urwumpe said, you made me to recall a virus in the past that was a .TXT file that came as attachment that was supposed to contain a virus.
 
Last edited:
Urwumpe said:
ANY file could be malicious, even without having an executable extension. Or do you really think you need to name it .exe for executing it?

The list is a classic, and wrong. Because it gives you a false knowledge. For example it doesn't list other container formats, that can contain malware easily. No JPEG, no MPEG, no MP4, no JAR, no AVI, no PDF.

Instead, before you fall prone to such lists again, learn the most important rule of security: Know what goes on and be a bit paranoid.

A .txt file with strange characters can be in Unicode or could be an executable overlay downloaded by a dropper to be included in your system. The difference is the use, not the format.
Click to expand...

Well, yes and no. Generally the OS (Windows does this most) looks at the extension on a file to determine what to do with it when the user opens it. Now I've never tried renaming an executable as a .txt file on Windows, but I just did some experimenting on my Ubuntu system here. An ELF named as a txt, and with the executable flag set, will give the option to either execute or open as a text file, as with a shell script. When named as a jpeg, however, no attempt is made to execute the file, and the OS goes straight to trying to open it with Gimp. So as far as direct, user-requested execution, files without executable extensions are not as much of a threat. (Executable extension, however, can mean an extension that is opened by a program that can carry out arbitrary actions based on commands it finds in a file, such as a shell script).

With Steganography, you could even hide instructions for a Trojan in absolutely harmless images. Still think you are safe as long as you have none of the list as initial entry point? A small error in many Java implementations and a "harmless" java applet can install a complete rootkit on your PC, hidden as .tiff. which is, in fact, another container format. No heuristic security scanner would notice it, if it is not noticing the obfuscated P-code sequence. You could even hide malware in .3ds files, if you have a decoder on the system.

Once the problem is on your PC, the data transfer can be extremely innocent. It is all just a matter of bandwidth. a few packets that would easily go through most firewalls as innocent TCP/IP overhead, created already deep inside your operating system kernel.
Click to expand...

Of course, once the system has been compromised, all bets are off. A running malware program can execute another one hidden in a jpg or txt file without the users knowledge, and the OS can no longer be guaranteed to work as expected, so what it does when the user opens a file can no longer be guaranteed either.
 
You must log in or register to reply here.

Similar threads

Lucy
  • Sticky
Announcement Privacy policy update
Replies
4
Views
3K
Lucy
Lucy
TorchDesigner
Discussion Orbiter User Requirements and Post-2024 Development
2
Replies
21
Views
18K
Lucy
Lucy
polaris149Tiberius
Tutorial Tutorial Development On Orbiter 2016 Stock Space Shuttle ISS to KSC Ballistic Re-entry Case Study Project -v1.0
Replies
0
Views
5K
polaris149Tiberius
polaris149Tiberius
LadyCroussette
Project Bases for the Solar System
2
Replies
32
Views
11K
GodAtum
G
Thunder Chicken
Discussion Why SetTouchdownPoints Sends Your Add-On into Solar Orbit and How to Fix That
Replies
13
Views
5K
Thunder Chicken
Thunder Chicken
Back
Top