Sign in to follow this  
Followers 0
rschanke

How can I know if an AutoIt exe is safe?

9 posts in this topic

Basically, i've been looking for a certain script for some time now, and just today, a friend sent me an autoit exe with an .ini file and a readme that supposedly does it. He got this from someone he knows, who got it from the creator. Naturally I am skeptical, and there seems to be no way to decompile the autoit exe. I suppose this is done on purpose to protect writers from code theft.

That said, are there any steps I can take to ensure it is safe? It is supposed to run a script while communicating between computers through an IRC channel. The file is 289kb and I seem unable to attach it here due to the size, otherwise I would.

Thanks for any help!

Share this post


Link to post
Share on other sites



virus scanner maybe? have faith? lol...if possible run it on a virtual machine / older machine you dont use and see if anything starts happening to it


Dating a girl is just like writing software. Everything's going to work just fine in the testing lab (dating), but as soon as you have contract with a customer (marriage), then your program (life) is going to be facing new situations you never expected. You'll be forced to patch the code (admit you're wrong) and then the code (wife) will just end up all bloated and unmaintainable in the end.

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

Basically, i've been looking for a certain script for some time now, and just today, a friend sent me an autoit exe with an .ini file and a readme that supposedly does it. He got this from someone he knows, who got it from the creator. Naturally I am skeptical, and there seems to be no way to decompile the autoit exe. I suppose this is done on purpose to protect writers from code theft.

That said, are there any steps I can take to ensure it is safe? It is supposed to run a script while communicating between computers through an IRC channel. The file is 289kb and I seem unable to attach it here due to the size, otherwise I would.

Thanks for any help!

You never can unless you have the source script.

So, as it counts for any EXE that you didn't made yourself you need to figure out where it came from and act accordingly: Don't run it!

Edited by Jos

Visit the SciTE4AutoIt3 Download page for the latest versions  - Beta files                                How to post scriptsource        Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

You can run this script inside Virtual PC. So if it's malicious you damage only your virtual PC what isn't problem.

The question remains when you can declare it safe even after running it in VM first.

My answer would be: Never unless you have seen its source and understand how it works.

Jos


Visit the SciTE4AutoIt3 Download page for the latest versions  - Beta files                                How to post scriptsource        Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

The question remains when you can declare it safe even after running it in VM first.

My answer would be: Never unless you have seen its source and understand how it works.

Jos

thats where backups come in handy and your Windows CD Key, live in on the wild side and run it for fun!


Dating a girl is just like writing software. Everything's going to work just fine in the testing lab (dating), but as soon as you have contract with a customer (marriage), then your program (life) is going to be facing new situations you never expected. You'll be forced to patch the code (admit you're wrong) and then the code (wife) will just end up all bloated and unmaintainable in the end.

Share this post


Link to post
Share on other sites

thats where backups come in handy and your Windows CD Key, live in on the wild side and run it for fun!

This is an approach you quickly give up after loosing your system a couple of times and are depending on it. :)

Visit the SciTE4AutoIt3 Download page for the latest versions  - Beta files                                How to post scriptsource        Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

This is an approach you quickly give up after loosing your system a couple of times and are depending on it. :)

computer forensics major here....im always up for recovering data lol...

Dating a girl is just like writing software. Everything's going to work just fine in the testing lab (dating), but as soon as you have contract with a customer (marriage), then your program (life) is going to be facing new situations you never expected. You'll be forced to patch the code (admit you're wrong) and then the code (wife) will just end up all bloated and unmaintainable in the end.

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

I am not sure I'd get anything from IRC except text based help from the support channels like #unix #perl and the likes. I might download software if it was well known and came with an MD5 checksum or something similar. But what says you couldn't just get it from the original source then. IRC is a scary place sometimes :) The xVM idea might be your best option so far but I've seen Trojans and viruses that can detect VM's and attach to the host system essentially infecting all the VM's on the system. Good luck!

Your program sounds oddly like it could be one of those botnet drones.

A program that communicates over IRC with other systems and runs other scripts.

Are you serious right now? I am not even going to pass judgment here. It's not my job or place. Enjoy your help.

Edited by avery

www.abox.orgAvery HowellVisit My AutoIt Websitehttp://www.abox.org

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0