1. Wave

    Wave Guest

    #101 Wave, Jan 7, 2017
    Last edited by a moderator: Jan 7, 2017
    The Von Neumann Architecture was introduced so programs had their own memory to work with, so when a problem occurred in memory the whole system wouldn't need to be rebooted to fix the problem - this is why when an issue occurs in kernel-mode, a BSOD crash occurs, because you have access to all the memory and therefore it affects the system altogether and not just one particular program. Whereas, with user-mode, each process has it's own threads running in their own section of memory (the memory is divided up and this happens more for the more programs running on the OS).

    When your process is terminated, it's not running in memory anymore, it's all cleaned up obviously... Otherwise you would end up in a situation of opening a few programs, closing them, and then not being able to open anymore due to memory still being active but not being used by the programs you had previously closed down. It'd just be a stupid design.

    Maybe I got mixed up/confused and need to go back to learning theory since I learnt this back in 2015 but what I wrote above seems correct.

    Just keep on doing what you are doing, you don't need to explain yourself :) You're doing well, and the program is looking good and it'll improve over time. ;)

    Good work on the updates btw :)
     
    Deletedmessiah, Svoll, AtlBo and 6 others like this.
  2. tim one

    tim one Level 18
    Trusted AV Tester

    Jul 31, 2014
    885
    8,975
    Europe
    Windows 10
    Emsisoft
    Some questions:

    Can you please better explain the reason for your request?
    What would be the logical reason why the Dev should give you the source code?
    Do you want to be a co-developer with him?
     
    Svoll, AtlBo, Sr. Normal 2.0 and 5 others like this.
  3. JM Security

    JM Security Level 28
    Trusted

    Apr 12, 2015
    1,746
    13,954
    SecureMyBit Developer
    Unknown
    Thank you @Wave ! :) ;)
     
    Svoll, AtlBo, Sr. Normal 2.0 and 4 others like this.
  4. iangcarroll

    iangcarroll Level 1

    Jan 24, 2016
    9
    37
    Birmingham, MI
    That is fine. Different programs have different threat models, and if you don't want to protect against it that's okay. But it's important to at least know that this is going to happen.

    What I meant was that once the process exits, it would be very difficult to read the password from userland. Not entirely sure if it could even be done. Obviously protecting this in the kernel would be pointless.

    Technically. I don't know enough about the .NET internals to reliably assert that this is very difficult, but given the 72 copies of the string that end up in memory, it's likely that some memory management magic will mess up the implementation. And I doubt .NET's garbage collector will zero out memory.

    I am not sure exactly when Windows will zero out memory after it being freed. But I would not rely on it doing so instantly.


    It was an offer to look for other vulnerabilities. There isn't much to steal from this... Closed source encryption software just makes me nervous; it becomes much harder to audit.


    If my original post was taken as disparaging, I apologize. I appreciate the effort people put into making things more secure. But I have seen too many encryption tools that add a false sense of security because they are poorly designed.
     
    AtlBo and Sr. Normal 2.0 like this.
  5. tim one

    tim one Level 18
    Trusted AV Tester

    Jul 31, 2014
    885
    8,975
    Europe
    Windows 10
    Emsisoft
    I think that no one has asked for your help to "look for other vulnerabilities" even considering that you might be just a troll to my eyes.
    And your statement "there is not much to steal from this"...does not need further explanations.
    You can discuss about technical reasons, but your claim to have the source code puts you at a very low credibility level.
    I think that no one here can give confidence to you as you've proposed yourself and I don't see other good reasons to continue this discussion with people like you.

    Regards!
     
    Svoll, JM Security, AtlBo and 2 others like this.
  6. iangcarroll

    iangcarroll Level 1

    Jan 24, 2016
    9
    37
    Birmingham, MI
    I don't know why you and others are hung up on me offering to audit it. I figured the author would like another person to review their encryption code. But it was not the primary intent of my post, and since the author does not seem to want me to I won't.

    Not sure what you mean by "claiming to have the source code", because I don't, though I ran it through a decompiler to look at it.

    In any case, I'm posting with my real name, am a senior in BleepingComputer's training program, and my URL blacklist is on VirusTotal. Sorry if I seem suspicious.
     
    AtlBo likes this.
  7. Aura

    Aura Level 20

    Jul 29, 2014
    963
    2,479
    Technical Support Tier 2
    Québec, Canada
    Windows 10
    Emsisoft
    :D
    +1
     
    AtlBo likes this.
  8. Wave

    Wave Guest

    Being part of a training program at BleepingComputer, owning a URL blacklist and posting with his real name is completely irrelevant to the discussion... It doesn't change anything, since this discussion has nothing to do with who is more intelligent or who has more experience what so ever.

    Let me ask you a question: if you owned a program of your own and someone left suggestions to help you improve, but then asked for the source code (for whatever the purpose, even though it's closed source), would you really hand it over to them (regardless of their identity)?

    It's like Bill Gates finding a flaw design in OS X and asking for the source code so he can help them... Obviously they're not going to hand it over.
     
    Svoll, JM Security, AtlBo and 2 others like this.
  9. DardiM

    DardiM Level 26
    Trusted AV Tester

    May 14, 2016
    1,567
    15,193
    France
    Windows 10
    Kaspersky
    Peace and Love, all we need !

    @JM Security

    Thanks for your great free (and useful) tool, and the time you pass to make it is updated regularly :)
     
  10. Spawn

    Spawn Administrator
    Staff Member Content Creator

    Jan 8, 2011
    16,256
    24,183
  11. Svoll

    Svoll Level 12

    Nov 17, 2016
    554
    6,418
    Student/Engineering Failure
    US
    macOS Sierra
    Norton
    Thank you for an awesome program
    @JM Security
    I truly appreciate the time and effort you put in constantly updating it to help a community of new members like myself. Keep up the good work and when you decide to bring this out of freeware, I would still purchase it :)
     
  12. JM Security

    JM Security Level 28
    Trusted

    Apr 12, 2015
    1,746
    13,954
    SecureMyBit Developer
    Unknown
    Thank you very much @Spawn !! :)
     
  13. JM Security

    JM Security Level 28
    Trusted

    Apr 12, 2015
    1,746
    13,954
    SecureMyBit Developer
    Unknown
    Thanks for your amazing words @Svoll ! :) ;)
     
  14. JM Security

    JM Security Level 28
    Trusted

    Apr 12, 2015
    1,746
    13,954
    SecureMyBit Developer
    Unknown
    Great @DardiM I'm glad to hear that :)
     
  15. Svoll

    Svoll Level 12

    Nov 17, 2016
    554
    6,418
    Student/Engineering Failure
    US
    macOS Sierra
    Norton
    Just know there are other members who truly appreciates what you do, either they post or not. I need to thank you constantly for a great program!
     
  16. Sr. Normal 2.0

    Sr. Normal 2.0 Level 5
    Trusted

    Sep 14, 2016
    235
    6,280
    Talavera, España
    Windows 10
    Norton
    That is the explanation. Can not be more accurate :)
     
  17. tim one

    tim one Level 18
    Trusted AV Tester

    Jul 31, 2014
    885
    8,975
    Europe
    Windows 10
    Emsisoft
    Yes congrats @JM Security for having done an awesome program!! :)
     
  18. Wave

    Wave Guest

    Congrats from me too! I like SecureMyBit! :)
     
  19. JM Security

    JM Security Level 28
    Trusted

    Apr 12, 2015
    1,746
    13,954
    SecureMyBit Developer
    Unknown
    Download SecureMyBit 2.1 (added Smart Monitor to monitor in real-time modifies on encrypted file(s), added “Start with Windows” option, several bugs fixed)

    [​IMG]
     
  20. Winter Soldier

    Winter Soldier Level 25

    Feb 13, 2017
    1,466
    10,341
    PLC programmer - Robotics industry
    Wormhole
    Windows 10
    Emsisoft
    The new feature Smart Monitor surely provides additional security to the encrypted files and folders. @users : we are already working on the next version!
     
Loading...
Similar Threads Forum Date
SecureMyBit DHScan (EXE Analyzer) - Beta Released Other Security for Windows Nov 5, 2017
Video Review SecureMyBit vs KeyLoggers (Test) Video Reviews Sep 13, 2017
Video Review SecureMyBit vs Cerber 3 Ransomware Video Reviews Nov 1, 2016