search

efmde / skype-log-viewer

Automatically exported from code.google.com/p/skype-log-viewer
0 stars 0 forks source link

Malicious Software #3

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Download the program
2. Run the program in an Antivirus Sandbox environment
3. Access Skype logs

What is the expected output? What do you see instead?
Expected output is to open the log files flawlessly, or at the vary least 
reliably. What is seen instead is when running the software in an Antivirus 
Sandbox environment produces flags similar to malicious software in the form of 
attempting to access core system files

What version of the product are you using? On what operating system?
Latest version as of 06-09-2013. Operating system Windows 7

Please provide any additional information below.
Running program in Comodo Internet Security Sandbox environment, program 
attempts to access core system files that is recognized as malicious activity.

Original issue reported on code.google.com by ShaydeM...@gmail.com on 13 Jun 2013 at 3:40

GoogleCodeExporter commented 9 years ago 
I appreciate you doing a security check on the program, it's a good idea to do 
that with anything you let on your computer, however it is equally important to 
be able to understand the output.
For starts, I did a sha1 check between the file downloaded, the hash saved on 
Google downloads, and my own local build copy, they all match, so I do know 
that the file I uploaded is the one you downloaded.

As for the "core system files" being accessed, there are a few things this 
program does which may trigger that alert.  To start with, this is a C# .NET 
application, that means that it uses shared .net libraris from microsoft to 
run. (This is why you must have dot net framework installed first)  Every C# 
program does this, although not every C# program needs to access the same 
libraries.

Also, keep in mind what this program is designed to do, it reads your skype 
logs.  These are by default stored in what could be considered a "core system 
file" inside your Application Data Directory.  It must be able to do this in 
order to be functional.  You will notice that when it first starts up, it will 
scan that directory in an attempt to intelligently provide you with a list of 
user names in the default location for you to open.

Also, you don't need to take my word on this, in fact it is better if you do 
not.  One of the nice things about this project is that it is totally open 
source.  All of the source code used to create this program (the files where I 
tell it to do what it does) are available freely right here, you can read them 
for yourself to see exactly what goes on.  This ofcourse has the assumption 
that the binary I uploaded came from a un-modified copy of the source code 
provided.. which you can also verify by using one of many C# decompile 
programs.  There is no obfuscation or encryption applied to these files, they 
will cleanly be readable.

Sorry for responding so slow, apparently google doesn't notify me when people 
add issues, if you have any questions feel free to email me at the email 
address provided on the help form. (you can view the source for this if you do 
not want to run the program yet)

Original comment by lordgreggreg on 1 Aug 2013 at 9:16