Update SecureMyBit Stable - Released

W

Wave

Guest
Some explanations on SecureMyBit:

I would want to explain that every software is developed with a specific purpose, surely it is possible to implement new features and improve the ones already in place, and this is my work. But the main purpose of SecureMyBit, as I already mentioned, is to encrypt files and folders against malware, such as Backdoors, etc. So, even if the malware manages to connect to a server and send file(s), then the files are protected (or a PC access by someone). And by closing the program it will be removed from memory. With the latest version also the extension encoding system has been implemented, so there is more chance to be safer with ransomware(this doesn't mean all ransomware).
I will add additional info on the software on the homepage, in the "key features"
thanks for understanding.
The Von Neumann Architecture was introduced so programs had their own memory to work with, so when a problem occurred in memory the whole system wouldn't need to be rebooted to fix the problem - this is why when an issue occurs in kernel-mode, a BSOD crash occurs, because you have access to all the memory and therefore it affects the system altogether and not just one particular program. Whereas, with user-mode, each process has it's own threads running in their own section of memory (the memory is divided up and this happens more for the more programs running on the OS).

When your process is terminated, it's not running in memory anymore, it's all cleaned up obviously... Otherwise you would end up in a situation of opening a few programs, closing them, and then not being able to open anymore due to memory still being active but not being used by the programs you had previously closed down. It'd just be a stupid design.

Maybe I got mixed up/confused and need to go back to learning theory since I learnt this back in 2015 but what I wrote above seems correct.

Just keep on doing what you are doing, you don't need to explain yourself :) You're doing well, and the program is looking good and it'll improve over time. ;)

Good work on the updates btw :)
 
Last edited by a moderator:

tim one

Level 21
Trusted
AV-Tester
Joined
Jul 31, 2014
Messages
1,072
OS
Windows 10
Antivirus
F-Secure
If you want me to look at the cryptography behind this as well, feel free to send me the source code (the obfuscation is unnecessary and a bit off-putting for a sensitive application like this).
Some questions:

Can you please better explain the reason for your request?
What would be the logical reason why the Dev should give you the source code?
Do you want to be a co-developer with him?
 

JM Security

Level 30
Trusted
Joined
Apr 12, 2015
Messages
1,906
The Von Neumann Architecture was introduced so programs had their own memory to work with, so when a problem occurred in memory the whole system wouldn't need to be rebooted to fix the problem - this is why when an issue occurs in kernel-mode, a BSOD crash occurs, because you have access to all the memory and therefore it affects the system altogether and not just one particular program. Whereas, with user-mode, each process has it's own threads running in their own section of memory (the memory is divided up and this happens more for the more programs running on the OS).

When your process is terminated, it's not running in memory anymore, it's all cleaned up obviously... Otherwise you would end up in a situation of opening a few programs, closing them, and then not being able to open anymore due to memory still being active but not being used by the programs you had previously closed down. It'd just be a stupid design.

Maybe I got mixed up/confused and need to go back to learning theory since I learnt this back in 2015 but what I wrote above seems correct.

Just keep on doing what you are doing, you don't need to explain yourself :) You're doing well, and the program is looking good and it'll improve over time. ;)

Good work on the updates btw :)
Thank you @Wave ! :) ;)
 
Joined
Jan 24, 2016
Messages
9
I don't think what you are talking about is really a concern which should be necessary to the developer, he's probably focusing on other things right now.
That is fine. Different programs have different threat models, and if you don't want to protect against it that's okay. But it's important to at least know that this is going to happen.

This has nothing to do with user-mode or kernel-mode, it's a user-mode application and therefore it can be attacked from other user-mode applications - a device driver to protect the process and the process' threads is not necessary, it's not an Anti-Virus product.
What I meant was that once the process exits, it would be very difficult to read the password from userland. Not entirely sure if it could even be done. Obviously protecting this in the kernel would be pointless.

He can still free the memory, and .NET has a garbage collector which automatically free's up memory
Technically. I don't know enough about the .NET internals to reliably assert that this is very difficult, but given the 72 copies of the string that end up in memory, it's likely that some memory management magic will mess up the implementation. And I doubt .NET's garbage collector will zero out memory.

When your process is terminated, it's not running in memory anymore, it's all cleaned up obviously...
I am not sure exactly when Windows will zero out memory after it being freed. But I would not rely on it doing so instantly.


It seems to me you just want the source code, you even checked about his obfuscation? ....
Can you please better explain the reason for your request?
What would be the logical reason why the Dev should give you the source code?
Do you want to be a co-developer with him?
It was an offer to look for other vulnerabilities. There isn't much to steal from this... Closed source encryption software just makes me nervous; it becomes much harder to audit.


If my original post was taken as disparaging, I apologize. I appreciate the effort people put into making things more secure. But I have seen too many encryption tools that add a false sense of security because they are poorly designed.
 

tim one

Level 21
Trusted
AV-Tester
Joined
Jul 31, 2014
Messages
1,072
OS
Windows 10
Antivirus
F-Secure
It was an offer to look for other vulnerabilities. There isn't much to steal from this...
I think that no one has asked for your help to "look for other vulnerabilities" even considering that you might be just a troll to my eyes.
And your statement "there is not much to steal from this"...does not need further explanations.
You can discuss about technical reasons, but your claim to have the source code puts you at a very low credibility level.
I think that no one here can give confidence to you as you've proposed yourself and I don't see other good reasons to continue this discussion with people like you.

Regards!
 
Joined
Jan 24, 2016
Messages
9
I don't know why you and others are hung up on me offering to audit it. I figured the author would like another person to review their encryption code. But it was not the primary intent of my post, and since the author does not seem to want me to I won't.

Not sure what you mean by "claiming to have the source code", because I don't, though I ran it through a decompiler to look at it.

In any case, I'm posting with my real name, am a senior in BleepingComputer's training program, and my URL blacklist is on VirusTotal. Sorry if I seem suspicious.
 
Likes: AtlBo

Aura

Level 20
Joined
Jul 29, 2014
Messages
963
OS
Windows 10
Antivirus
Emsisoft
In any case, I'm posting with my real name, am a senior in BleepingComputer's training program, and my URL blacklist is on VirusTotal. Sorry if I seem suspicious.
:D
+1
 
Likes: AtlBo
W

Wave

Guest
Being part of a training program at BleepingComputer, owning a URL blacklist and posting with his real name is completely irrelevant to the discussion... It doesn't change anything, since this discussion has nothing to do with who is more intelligent or who has more experience what so ever.

Let me ask you a question: if you owned a program of your own and someone left suggestions to help you improve, but then asked for the source code (for whatever the purpose, even though it's closed source), would you really hand it over to them (regardless of their identity)?

It's like Bill Gates finding a flaw design in OS X and asking for the source code so he can help them... Obviously they're not going to hand it over.