Navigation
|
|||||||
|
|
|
Hi there! You're viewing as a guest which give you limited access. By joining our community, you'll have free access to forex trading systems, articles, metatrader indicators and expert advisors. Join us today |
 |
|
|
LinkBack | Thread Tools | Display Modes |
Security Issues in MetaTrader 4
01-27-2005, 11:04 AM
|
||||
|
||||
Security Issues in MetaTrader 4
The security hole in MetaTrader 4 is nothing but its new MQ4 Expert Language. The new language allows external API calls to any MQ4 and DLL files, which introduce many posibilties on expert developments: close-source expert, for example, since some developers don't want to expose their creations to the public.
While giving such benefit, it also gives off a security issue to users. It is extremely dangerous to allow such calls. If you're unlucky, you will run malicious expert without realising what would happen. Believe it or not, API calls can infect your pc with viruses, spy on your keyboard activities, delete your files, and even format your harddisk. I've attached an expert that makes two api calls: first it open thebugs.ws website, and second it attempts to send a blank email to me. This expert is safe and worth to demostrate. Note: Luckily, the "Allow DLL imports" checkbox must be checked for any expert to call external api. 
|
 |
|
01-27-2005, 02:26 PM
|
||||
|
||||
|
Scorpion,
Indeed this is a bit threatening, I did have to check the box in order for something to happen. BUT it prompted me before asking if I would allow this with a Yes No or Cancel situtation. I think that if any files were to be deleted or a disk formatted there would still be a prompt. Other than that viruses are going to be tricky to avoid. Now what exactly does this checking the box suppose to do?
__________________
____________________________\¦/ ___________________________(ò ó) ______________________o0o___(_)___o0o__ ___¦_____¦_____¦_____¦_____¦_____¦_____¦ ¦_____¦_____¦_____¦_____¦_____¦_____¦__ ___¦_____¦_____¦_____¦_____¦_____¦_____¦ ¦_____¦_____¦_____¦_____¦_____¦_____¦__
|
|
01-27-2005, 02:47 PM
|
||||
|
||||
|
If you check "Allow DLL imports" box then Experts are allowed to call dangerous external APIs, and if you check "Confirms DLL functions call" then you will be asked (YES or NO) to grant or deny the dangerous calls; it's up to you.
Well, I classify this functionality of MT4 as an serious security issue, because most users don't know what these checkboxs are, so they are at risk of being cheated to allow the dangerous calls. Confirmation of such dangerous call is no use for novice users.
|
|
01-27-2005, 02:51 PM
|
||||
|
||||
|
Anyway, just wanna warn you guys of this security issue, so be aware is better.
 Don't check the boxs if you are not supposed to check 'em.
|
|
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Getting spread in MetaTrader 4 | karan | MetaTrader and ZeroCode | 3 | 05-23-2006 04:31 AM |
| Metatrader 4 released | Rastarr | MetaTrader and ZeroCode | 17 | 07-08-2005 03:38 PM |
| Neurex goes to metatrader 4 !!! | Belzebut | MetaTrader and ZeroCode | 1 | 07-07-2005 10:14 AM |
| Upcoming MetaTrader Version 4 | scorpion | MetaTrader and ZeroCode | 12 | 11-26-2004 12:30 AM |
All times are GMT. The time now is 11:46 AM.
Powered by vBulletin Version 3.6.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.1.0
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.1.0
Registered members have access to special online forex currency trading tools, software, mt4 expert advisors and indicators. Register now
Main Menu
Economic Forecast
