Illegal usage of Quasar.

[ValonK]

Hej,

I love working on Quasar and I would love it too even work more on it but we need something to prevent Scriptkiddos to use Quasar illegally.

Don't want potentially go to Jail because I contributed to a Project I love. We need to start a discussion about this matter.

My ideas: . Remove the Password and Keylogger feature and put them in some kind of plugin that doesn't relate to Quasar. . Show a Warning to the user when establishing a connection.

Don't get me wrong but there are so many people out there that harm other people. Software should help people not rob them.

If those steps are taken more people would contribute.

[yankejustin]

There are two things about the premise of this argument that makes me not worry about script kiddies trying to do illegal things with this program:

1) Pretty much all antiviruses will be all over this program. To run this program correctly, technical knowledge is required. I think this learning curve is appropriate to keep malicious users away from it. Manual configuration is required on the client's side too, so it would be pretty hard for someone to just get this program on their computer without their knowledge.

2) As is the case in my country (which I do not think the law would vary for other countries either), contributing to this project will not hold you liable. If you want to think of it like this, knife manufacturers can make knives for kitchens, but are not held liable for potential damage their knives cause if someone decides to misuse them.

I think the warning to the user would be a little bit redundant. Unless it was a little notification from the notification tray. That could be useful. Better yet, just abstract all of the features in Quasar and add in only the ones we find necessary when building the client executable.

The last line is a good summary of where we are at with Quasar right now. Going forward, we would love to completely re-write Quasar (preferably into a WPF app instead of WinForms). In this re-write, we expect to make Quasar have a nice plugin system. This would entirely eliminate the many requests that have already been made to be able to pick and choose features. While I do agree with you that this should happen (and would bring in more developers to help with the project), this is a pretty time-consuming task that I don't think anyone wants to collaborate on until MaxXor has more free time.

---

From: valon notifications@github.com Sent: Friday, July 21, 2017 4:02 AM To: quasar/QuasarRAT Cc: Subscribed Subject: [quasar/QuasarRAT] Illegal usage of Quasar. (#614)

Hej,

I love working on Quasar and I would love it too even work more on it but we need something to prevent Scriptkiddos to use Quasar illegally.

Don't want potentially go to Jail because I contributed to a Project I love. We need to start a discussion about this matter.

My ideas: . Remove the Password and Keylogger feature and put them in some kind of plugin that doesn't relate to Quasar. . Show a Warning to the user when establishing a connection.

Don't get me wrong but there are so many people out there that harm other people. Software should help people not rob them.

If those steps are taken more people would contribute.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/quasar/QuasarRAT/issues/614, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AI5_dvl3DAiWYRg42h7EcKFpUou4PPFdks5sQFsLgaJpZM4OfFPu.

[axe-usat]

at last is a remote desktop application so any feature of it can be used for good purposes or for bad , for learning, etc... for programming, and i think if you want to avoid this the best solution will be to include some removal program to delete the program completely.

[prophetnite]

As far as a notification to the connecting party, that should be an optional flag. If this was used as production software you may or may not want that. For employee monitoring you might prefer it to not appear, however, under HIPPA compliance it would be required.

[ValonK]

@yankejustin thanks for the explanation.

[cyclo-techtwister]

@ValonK as system admin there are legit uses for Password and Keylogger features and removing them would make this next to useless for many admins. Are you brainwashed thinking you must police other people or something you seem a bit paranoid as well. May be this tool is just a bit to powerful for your needs, you may want to consider using something else (Or remove/alter the unwanted code on your end this is a open source project).

[Aholicknight]

My ideas: . Remove the Password and Keylogger feature and put them in some kind of plugin that doesn't relate to Quasar. . Show a Warning to the user when establishing a connection.

Password and keylogger feature is LEGIT because a lot of employers like to see what there workers are searching and typing on there own computer.

[ghost]

There are two things about the premise of this argument that makes me not worry about script kiddies trying to do illegal things with this program: 1) Pretty much all antiviruses will be all over this program. To run this program correctly, technical knowledge is required. I think this learning curve is appropriate to keep malicious users away from it. Manual configuration is required on the client's side too, so it would be pretty hard for someone to just get this program on their computer without their knowledge. 2) As is the case in my country (which I do not think the law would vary for other countries either), contributing to this project will not hold you liable. If you want to think of it like this, knife manufacturers can make knives for kitchens, but are not held liable for potential damage their knives cause if someone decides to misuse them. I think the warning to the user would be a little bit redundant. Unless it was a little notification from the notification tray. That could be useful. Better yet, just abstract all of the features in Quasar and add in only the ones we find necessary when building the client executable. The last line is a good summary of where we are at with Quasar right now. Going forward, we would love to completely re-write Quasar (preferably into a WPF app instead of WinForms). In this re-write, we expect to make Quasar have a nice plugin system. This would entirely eliminate the many requests that have already been made to be able to pick and choose features. While I do agree with you that this should happen (and would bring in more developers to help with the project), this is a pretty time-consuming task that I don't think anyone wants to collaborate on until MaxXor has more free time. … ____ From: valon notifications@github.com Sent: Friday, July 21, 2017 4:02 AM To: quasar/QuasarRAT Cc: Subscribed Subject: [quasar/QuasarRAT] Illegal usage of Quasar. (#614) Hej, I love working on Quasar and I would love it too even work more on it but we need something to prevent Scriptkiddos to use Quasar illegally. Don't want potentially go to Jail because I contributed to a Project I love. We need to start a discussion about this matter. My ideas: . Remove the Password and Keylogger feature and put them in some kind of plugin that doesn't relate to Quasar. . Show a Warning to the user when establishing a connection. Don't get me wrong but there are so many people out there that harm other people. Software should help people not rob them. If those steps are taken more people would contribute. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub<#614>, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AI5_dvl3DAiWYRg42h7EcKFpUou4PPFdks5sQFsLgaJpZM4OfFPu.

I coded myself a fun trolling malware that disables uac, win defender (its one of my more recent repos on github if you don't think it's possible) and most system protections if not all in c# in one day, plus payloads. I think that there needs to be a limit and a warning if you disable that limit that there is A HIGH if not MAJOR potential to go to court / prison.