Allow All DLL imports for untrusted source

To add comments, please log in or register
Mrmoore007
113
Mrmoore007  

Hello,

I have heard about the risks associated with allowing Dll imports for untrusted expert advisors. But I really need more details about how bad this could be..is there a chance to copy trades, copy files from hard drive? The reason is that  I am using a dashboard EA coded from FF so I have no idea about who coded it and how credible that is. Any ideas? Since disabling imports will turn the EA off, So I technically has no option but allowing Dll imports?

Anthony Garot
1942
Anthony Garot  
Mrmoore007:

Hello,

I have heard about the risks associated with allowing Dll imports for untrusted expert advisors. But I really need more details about how bad this could be..is there a chance to copy trades, copy files from hard drive? The reason is that  I am using a dashboard EA coded from FF so I have no idea about who coded it and how credible that is. Any ideas? Since disabling imports will turn the EA off, So I technically has no option but allowing Dll imports?

When I use DLL imports from, say, kernel32.dll, it's because I want to do something that MQL5 expressly doesn't want me to do.

This might be as innocuous as:

void GetSystemTime(int& systemTimeArray[]);

because I want to get the real time when the Tester is running.

Or it might be because I want to do something with files outside the sandbox.

        bool CopyFileW(string lpExistingFileName,string lpNewFileName,bool bFailIfExists);
        bool DeleteFileW(string lpExistingFileName);

Or maybe I want to run a Windows application when I am done running the tester:

        int ShellExecuteW(int hwnd,string Operation,string File,string Parameters,string Directory,int ShowCmd);

So, if I can access these by importing functions from kernel32.dll, you must assume that any DLL you import can do these things, too.

Copy files, delete files, spawn other processes . . . .

Mrmoore007
113
Mrmoore007  
Anthony Garot:

When I use DLL imports from, say, kernel32.dll, it's because I want to do something that MQL5 expressly doesn't want me to do.

This might be as innocuous as:

because I want to get the real time when the Tester is running.

Or it might be because I want to do something with files outside the sandbox.

Or maybe I want to run a Windows application when I am done running the tester:

So, if I can access these by importing functions from kernel32.dll, you must assume that any DLL you import can do these things, too.

Copy files, delete files, spawn other processes . .

Thanks Anthony Garot for the info,

So I unchecked allowing Dll imports for all indicators on my template, Now is there a way to tell what is suspicious dll files that could be in my folder? Can I just delete them all, and Allow the ones from known resources?


Alain Verleyen
36571
Alain Verleyen  
Mrmoore007:

Thanks Anthony Garot for the info,

So I unchecked allowing Dll imports for all indicators on my template, Now is there a way to tell what is suspicious dll files that could be in my folder? Can I just delete them all, and Allow the ones from known resources?


You don't understand. It's not even about "suspicious" DLL, of course that could happen too but it's not the most probable case.

Allowing normal DLL from WinAPI is completely unsecure if you can't check the code, it potentially can take control of all your computer.

Of course it's nothing specific to MT4/MT5, it's true for any software you install on your computer with full access.

Mrmoore007
113
Mrmoore007  
Alain Verleyen:

You don't understand. It's not even about "suspicious" DLL, of course that could happen too but it's not the most probable case.

Allowing normal DLL from WinAPI is completely unsecure if you can't check the code, it potentially can take control of all your computer.

Of course it's nothing specific to MT4/MT5, it's true for any software you install on your computer with full access.

No,  I understand It should not have allowed. But I am  speaking about now..What should I do to secure my data? 

To add comments, please log in or register