I use Visual Basic regulary for many things, mainly connected to Excel, sometimes to Word and very few times to Powerpoint.
Now sometimes these must be used in different countries and sometimes changes take days, because somebody is afraid to bypass our remover.
Did anybody try to build in kind of a signature to clearly show a 'good' one (=created by me) and differentiate it from an 'unknown' one that will be removed. - There is great fear of Trojans right now (again).
Ideas? - I think about it for days and in fact the only idea I had would be kind of a Trojan itself to bypass the remover on condition that the Macro has a certain key as a comment in a certain line.
10  1064 
I use Visual Basic regulary for many things, mainly connected to Excel, sometimes to Word and very few times to Powerpoint.
Now sometimes these must be used in different countries and sometimes changes take days, because somebody is afraid to bypass our remover.
Did anybody try to build in kind of a signature to clearly show a 'good' one (=created by me) and differentiate it from an 'unknown' one that will be removed. - There is great fear of Trojans right now (again).
Ideas? - I think about it for days and in fact the only idea I had would be kind of a Trojan itself to bypass the remover on condition that the Macro has a certain key as a comment in a certain line.
There is an official way to "digitally sign" macros. I can't remember exactly how to do it, but I bet you can find the procedure on microsoft.com or by googling.
-bm
Do you mean the ancient Microsoft Secure Signature, 'secure' was the joke about it...
The problem with this ancient procedure from 2001 or 2002 is, that our IT security doesn't accept it since there have been one or two Trojans that slipped through these check years ago in some companies somebody of them has been before.
I really try to develop something where I can use my security code that uses symbols from different languages in a combination that is very unique and too crazy that anybody would try it... The encoding key is there, I just need a way to check it.
Do you mean the ancient Microsoft Secure Signature, 'secure' was the joke about it...
The problem with this ancient procedure from 2001 or 2002 is, that our IT security doesn't accept it since there have been one or two Trojans that slipped through these check years ago in some companies somebody of them has been before.
I really try to develop something where I can use my security code that uses symbols from different languages in a combination that is very unique and too crazy that anybody would try it... The encoding key is there, I just need a way to check it.
well, since it's possible to open .bas files (code modules) as text files, the idea to have a comment on a certain line and check for that line to contain the right value isn't that bad. but keep in mind that whichever way you do it, if you write a program that will bypass an automated remover, that program will in itself be a security risk, since hackers could use it. and if you write a program that is so secure that these IT security people will accept it, it'll be enough work for you to consider other solutions...
there might be other companies than microsoft that issue digital signatures - and there might be newer versions than the ancient 2001/2002 ones - so it could be worth the effort looking into a bit deeper...
Well, I only want to bypass the remover on check of this key signature that I developed years ago. The key is great, I mean really great, since I 'place the mouse on top of the alligator's mouth' again, I guess to use this backdoor to the system won't happen. - Too much effort needed for much too little possible gain.
Hacking into a 128 symbol key mainly consisting of symbols/letters not existing in most languages is really hard work nobody will do for seeing some planning numbers that are probably outdated for a day as soon as you succeed.
What am really looking for is an idea to really write my own bypass that I can really narrow down to such a key, so there is not "I want to phone home"-routine from the creator; I know those signature have wanted weaknesses for user locking themselves out of their system/docs. I want a "right key or destruct", since I can just resend the tool is destructed.
Well, I only want to bypass the remover on check of this key signature that I developed years ago. The key is great, I mean really great, since I 'place the mouse on top of the alligator's mouth' again, I guess to use this backdoor to the system won't happen. - Too much effort needed for much too little possible gain.
Hacking into a 128 symbol key mainly consisting of symbols/letters not existing in most languages is really hard work nobody will do for seeing some planning numbers that are probably outdated for a day as soon as you succeed.
What am really looking for is an idea to really write my own bypass that I can really narrow down to such a key, so there is not "I want to phone home"-routine from the creator; I know those signature have wanted weaknesses for user locking themselves out of their system/docs. I want a "right key or destruct", since I can just resend the tool is destructed.
as far as i understand the removal tool for suspicious software works automatically, so the optimal way would be to actually build your keycheck into the security software. and if that's not possible, i think your trojan version probably is the easiest way.
my concern is not that your trojan won't be a "safe one", but rather that if you can find a glitch in the security system where you could slip macros in if you think they qualify (that is, have the key), someone else could probably build another trojan that does other things or lets other software in without looking for the security key. and that won't be very popular with the security guys...
Well, for that securing of the Trojan bypass I trust my key. I guess knowing how complicated this key is, I can do so.
The security watch dogs wouldn't even understand that key, it was born out of much creativity and some Absinthé ;-)
My only problem is, I don't really find a start programming the first lines of that bypass. For days I keep working on the concept from time to time; basicly between calculators and scenario tools that I usually create.
As soon as I have the first lines it will develop further, but what I usually do in Visual Basic is so different from that. I can use any hint...
Well, for that securing of the Trojan bypass I trust my key. I guess knowing how complicated this key is, I can do so.
The security watch dogs wouldn't even understand that key, it was born out of much creativity and some Absinthé ;-)
My only problem is, I don't really find a start programming the first lines of that bypass. For days I keep working on the concept from time to time; basicly between calculators and scenario tools that I usually create.
As soon as I have the first lines it will develop further, but what I usually do in Visual Basic is so different from that. I can use any hint...
i really must admit that i don't have any idea how it would work either... but i might be able to help brainstorming anyway =) how does the removal tool work that you're trying to bypass?
Well, until now it opens the Excel in kind of a isolated zone, checks for macros and removes any macro there.
The exact routine to do this are not even known by our high-level security guys, it was developed by some eastern European (probably Romanian) IT company. In Western Europe it is hardly used, except us and some Austrian companies.
The only bypass I think is to let the system think that this is not a macro.In fact I do not know how it works with zips, but there the whole File doesn't arrive.
By now, I send the files as 8 letter wit no ".xxx" renamed in a zip, but still this causes so much misunderstanding...
Well, until now it opens the Excel in kind of a isolated zone, checks for macros and removes any macro there.
The exact routine to do this are not even known by our high-level security guys, it was developed by some eastern European (probably Romanian) IT company. In Western Europe it is hardly used, except us and some Austrian companies.
The only bypass I think is to let the system think that this is not a macro.In fact I do not know how it works with zips, but there the whole File doesn't arrive.
By now, I send the files as 8 letter wit no ".xxx" renamed in a zip, but still this causes so much misunderstanding...
well, the most efficient equivalent to a digital certificate would be to get your security people to insert a check routine into the routine that deletes macros. to make this possible without making your secret code available, maybe you could compile a dll with the check routine in it (for example, a function that checks for your special line in a file, with the file as input and true/false as output), and then they could just call the function with some equivalent to "if checkok = true then exit sub" and that way avoid deleting safe files.
again, i think this is something you have to discuss with the security people directly - any attempt to bypass them without their knowledge will be looked upon with suspicion, so if you're frank with them you'll probably get a lot further...
Well, by now I gave up the "good semi Trojan" idea.
There was a more simply way, I have a first Macro distributed by SD cards. This Macro will check files with a certain extension that seems useless (assume .123) for the security code and rename them to xls.
Complicated, but it should work for some time...
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Andrew |
last post by:
Hello,
Is it bad practice to use a function as a parameter of a macro? Will
the compiler create a full copy of the function's machine code for
each invocation of the macro? Or does it create...
|
by: Edward Diener |
last post by:
The documentation states the names of the various managed operators but does
not give the signature for them. Is there some documentation which I have
missed that gives the correct signature ? In...
|
by: Mason |
last post by:
I'm having some problems converting VBA for Word 2000 to code that
VB.Net understands. I recorded a macro in Word to add numbering (a.
b. c.) to my paragraphs. I managed to translate quite a bit...
|
by: robert.dodier |
last post by:
Hello,
I have looked through the documentation for the Java and C#
security classes, and I can't find an answer to the following question.
How can the same RSA signature object (class...
|
by: psujkov |
last post by:
Hi everybody,
int f(int a, int b) { return a + b; };
is it possible to obtain this function signature - int (int, int) in
this case - for use in boost::function_traits ?
e.g. std::cout << "f's...
|
by: WaterWalk |
last post by:
I've just read an article "Building Robust System" by Gerald Jay
Sussman. The article is here:
http://swiss.csail.mit.edu/classes/symbolic/spring07/readings/robust-systems.pdf
In it there is a...
|
by: ambikasd |
last post by:
Hi,
What if the static modifier is removed from the signature of the main method?
thanks,
ambikasd
|
by: Srinivas Mudireddy |
last post by:
Hi,
We have bunch of message levels and depending on whether that level is
turned on, messages of that level are printed. For example, we have
levels like MSG_LOW, MSG_MED etc.
We want to...
|
by: chesshan |
last post by:
Hi Everyone,
I am very new to this forum. i have a doubt in HTML where i have designed a Javascript, as signature in which if you drag ur mouse over my name it wil give u my complete details and if...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
| |
