Is there hidden application backdoors in MT4 ?? - page 2
You are missing trading opportunities:
- Free trading apps
- Over 8,000 signals for copying
- Economic news for exploring financial markets
Registration
Log in
You agree to website policy and terms of use
If you do not have an account, please register
I am NOT accusing MetaQuotes for for anything here, I'm only speaking up on some concerns that I have.
I would like MetaQuotes to submit their sourcecode for scrutiny by independent western security firms, and have the code
( including updates) certified free of application backdoors.
IF MetaQuotes has clean hands and want to appear as a serious company this should also be in their interest.
Knowing the Russian origin of MetaQuotes I would be surprised if they haven't already (or will in some future update)
put backdoor functionality into their code... purpose would be to steal profitable indicators or EAs that might come to their
attention... profitable code could even be reported back to MetaQuotes by MT4, saying "come take me!"
If MetaQuotes IS a trustworthy and serious business they will let this post stand,
but I suspect this post will be removed as soon as they see it.
If you don't trust in the MT4 code you can choose another platform, nobody will kill you ....
1. I think metaquotes makes a ton of money selling their software to dealers all over the world and are not interested in any experts.
2. all orders from whatever experts go to particular dealers not to metaquotes.
In order for MQ to determine some profitable experts they need to send to themselves every order received by hundreds of dealers every second of the day.
Then they have to sort them out to see which ones are manual and which come from experts. Then the will need some time to follow all possible experts to see if they are fantastically profitable. Sounds a little crazy to me.
3. I haven't seen any experts except in backtests often posted here in this forum, that are so wildly profitable to go though all this trouble to try to track them down.
4. And finally, if your expert is so gooood and you already made a million or two with it, what do you care.
1) Do they? I guess there are less than 100 brokers on this globe that uses MT... 100 customers in a global market is a small number whichever way you look at it.
2) Right on the orderpath. But not on the process. Filtering out potential targets would be done in MT, and if you're programming you'll understand how simple it
could be done in technical terms, a tiny little routine in MT4 monitoring activities and some key parameters...and:
IF (account=live) & (total profit > xxxx) & (Profit Factor > 3) & (DrawDown < xxx) & (trading time > xxx weeks) THEN
send account number and MT4 id and terminal IP to MQ for further investigation. Or simply send 'offending' EA file to MQ.
MT4 is doing extensive 2way networking all the time, and transferring a 10KB EA file takes about 1/100 sec...you wouldn't have a chance to notice it even if it took a whole day!
3) See 2)
4) Well, maybe I'm just a selfish greedy, (maybe even a touch paranoid) guy that wants to keep everything to himself?
Or maybe there is a legitimate concern that a WILDLY effective EA could destroy for all the other EAs and manual traders, even alter or destroy the whole Forex market?
Or that a beast of an EA ( 'money tree' ) let loose in the public could, or would fall in the wrong hands... criminals, terrorists... you name it ?
I think there are good reasons to treat such a 'beast' like a state secret. At least I would never lend, lease, sell, or make it available to ANYONE.
That would be the next season's 24 theme.
Jack Bauer saves the world from evil forex trader who is sucking all the money out with the help of powerful expert adviser called "The Vacuum Cleaner"
That would be the next season's 24 theme.
Jack Bauer saves the world from evil forex trader who is sucking all the money out with the help of powerful expert adviser called "The Vacuum Cleaner"
Wickedly evil riposte dude!
That would be the next season's 24 theme.
Jack Bauer saves the world from evil forex trader who is sucking all the money out with the help of powerful expert adviser called "The Vacuum Cleaner"
Yeah you can joke all you want.
But imagine if people could go online and buy a 'solution' that allowed them to win every lottery they entered.... it WOULD have unwanted consequences !
Hello Friends,
I am Russian, born and live in Russia.
I find starting post of the topic is abusive.
Yours sincerely,
Airat Safin
Yeah you can joke all you want.
Okay, if you want a more serious answer, Metaquotes could hypothetically post EAs to themselves if the perfomance broadly matched certain criteria. However, they'd be inundated with rubbish. Some poor sod in Russia would then have an endless job examining the code of all the EAs and eliminating the vast majority which (a) were achieving their performance purely through chance, and/or (b) which were outperforming through strategies which sooner or later would lead to equivalent losses.
Even if you did believe this to be a risk, catching Metaquotes at it would be near impossible. Either the source code would need to be held in escrow, and verified from start to finish on every release by someone extremely good at that job, or there'd have to be a pretty hopeless attempt to catch the MetaTrader executable in the act of sending EAs to a Metaquotes server. More or less undetectable in the context of software which has good reasons to exchange obscure binary data with those servers.
But Metaquotes would stand a very good chance of getting caught - via news of what they were doing leaking out, rather than by external inspection of the software. A very serious risk to their nice little business, and extremely unlikely from a firm which has made their money as much from sound commercial sense and structure as from the actual software.
Personally, I can only agree with and paraphrase what psychoxand has said: you're either mad to distrust the platform this much, or you're mad to continue using it.
Okay, if you want a more serious answer, Metaquotes could hypothetically post EAs to themselves if the perfomance broadly matched certain criteria. However, they'd be inundated with rubbish. Some poor sod in Russia would then have an endless job examining the code of all the EAs and eliminating the vast majority which (a) were achieving their performance purely through chance, and/or (b) which were outperforming through strategies which sooner or later would lead to equivalent losses.
Even if you did believe this to be a risk, catching Metaquotes at it would be near impossible. Either the source code would need to be held in escrow, and verified from start to finish on every release by someone extremely good at that job, or there'd have to be a pretty hopeless attempt to catch the MetaTrader executable in the act of sending EAs to a Metaquotes server. More or less undetectable in the context of software which has good reasons to exchange obscure binary data with those servers.
But Metaquotes would stand a very good chance of getting caught - via news of what they were doing leaking out, rather than by external inspection of the software. A very serious risk to their nice little business, and extremely unlikely from a firm which has made their money as much from sound commercial sense and structure as from the actual software.
Personally, I can only agree with and paraphrase what psychoxand has said: you're either mad to distrust the platform this much, or you're mad to continue using it.
I agree with you on one thing: MQ shouldn't even dare to put such backdoors in their code, because IF they got caught it would be equal to commercial suicide... noone, be it brokers or traders would use MT.
Looks like I've opened a can of worms here, and people are getting upset and agitated.
I suggest we should just put this thread to rest at this point.
It can be detected that other than broker is connected to us via MetaTrader with netstat command. But what can we do if the broker steal the code?
when i enter netstat -an at command prompt and whois the ip, it can bee seen that only broker connected and it is connected via port 443 that has description;
Name: https
Purpose: http protocol over TLS/SSL
Description: This port is used for secure web browser communication. Data transferred across such connections are highly resistant to eavesdropping and interception. Moreover, the identity of the remotely connected server can be verified with significant confidence. Web servers offering to accept and establish secure connections listen on this port for connections from web browsers desiring strong communication security.
Once established, web browsers inform their users of these secured connections by displaying an icon a padlock, an unbroken key, etc. in the status region of their window.
as we know this protocol doesn't allow any file uploads in our harddisk without our permit, so we can relax.
[...]
as we know this protocol doesn't allow any file uploads in our harddisk without our permit, so we can relax.
I hate to rain on your parade, but a protocol doesn't "allow" or "disallow" anything in this sense. MT4 could be sending anything over the https connection to the broker: your EA code, your email inbox, documents on your hard disk, anything. But it's a safe bet that it isn't doing this.