Author Topic: detect particular software is not a trojan or virus  (Read 1024 times)

0 Members and 1 Guest are viewing this topic.

Offline vonrabbe

  • Jr. Member
  • **
  • Posts: 1
  • Karma: 0
  • I've just joined!
    • View Profile
    • Awards
detect particular software is not a trojan or virus
« on: June 26, 2016, 10:10:04 pm »
Hi people,

I'm a stupid Windows user and I got a question:
I have a user in my company that uses service to access our corporate network from outside.

This thing generates you a binary you run on your Linux machine, but how could I know this is not a trojan or virus? Any way to check it?

Should I allow such software in my network? This is a source repo - how could I verify it's integrity?

Thank you!!!

Online Mark Greaves (PCNetSpec)

  • Administrator
  • Hero Member
  • *****
  • Posts: 17312
  • Karma: 439
  • Gender: Male
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
    • Awards
Re: detect particular software is not a trojan or virus
« Reply #1 on: June 26, 2016, 11:30:42 pm »
This would be difficult for a binary executable.

Even if it's run without elevated privileges, and the user account it's run from has no administrative rights, I'd still be uneasy about allowing it and would first want to run it on an isolated system and try to see what it's doing.

My point is, you have no way of knowing whether the generated binary is being generated from the same code that's in the github repo

Yes, you could attempt to dissect what it's doing with things like wireshark, memory dumps, and process tracking .. but I'm guessing that's a little beyond you ?, I know it is me.

I wouldn't allow it on a corporate network unless you have the time and knowledge to do these things on an isolated system first .. but ath the end of the day it comes down to how paranoid are you ?

I'd say if you even felt the need to ask this question you shouldn't allow it .. it's unnecessary, and setting up a certificate authenticated VPN tunnel with well known trusted software (openvpn) from the repos would be the way forward.
WARNING: You are logged into reality as 'root'
logging in as 'insane' is the only safe option.


SimplePortal 2.3.3 © 2008-2010, SimplePortal