Home Network, PC, and MQL5 Code Security

[Ryan L Johnson]

Several forum users have reported hacking and malware intrusion into trading platforms and pc's, so the purpose of this thread is to give some guidance about security measures. No one knows everything, and I certainly never claimed to, so please post up any additional or superior security measures that you have. I'm merely starting things off:

1. Good security starts with the portion of your network that you have control over, which is your home network. For purposes of your home network, incoming data starts at your router. Log into your router firmware and find the settings for managing wireless devices by MAC address. Enable filtering by MAC address. This is designed to only allow MAC addresses that you enter into the router firmware to connect. Every wireless device is assigned a Wi-Fi machine address by its manufacturer. On most wireless devices, go to Settings ==> About" ==> Device (or thereabout)., and then enter it into your router settings accordingly. This includes any wireless pc's, laptops, phones, printers, smart TV's, etc. that you want to continue using with Wi-Fi. If a trusted visitor wants to use your Wi-Fi but won't disclose their MAC address, just say "Sorry. No can do."
2. Hardwire your trading pc('s) directly to your router with an Ethernet cable. For additional layers of protection, including protection from interference, use shielded Ethernet cable and install a physical emergency Ethernet kill switch between you your trading pc('s) and your router. Such switches are generally wall mountable. Obviously, the switch must be easily accessible. If your pc notifies of an unauthorized download or connection starting, slap that switch open as fast as you can. Be sure to have your back-up trading device at the ready to temporarily monitor any open positions.
3. Install Windows on your pc('s) using a security key (not using online sign-in).
4. Create a unique login ID and password for each pc. Do not reuse your login credentials on multiple pc's.
5. Make sure that at least Windows Defender is running and is properly configured for all apps that need access through the firewall. Microsoft Security is superior for real time protection on Windows pc's. If you're using Windows 7 or Windows 10 and Microsoft Security is no longer supported, make sure that any third-party real time protection apps don't interfere with Windows Defender. Keep all security apps updated.
6. Turn off automatic pc connections and file sharing on all devices.
7. When you want to connect to another pc on your home network, you can right click the lower left Windows icon in your desktop taskbar, click Run, enter two backslashes followed by the computer name (ex: \\my_laptop), and click OK--or you can go to your File Explorer, click on Network in the left frame, and click on the computer name. Either way, you'll get a pop-up window that asks you for the target computer's login credentials. Enter them and click OK, and the two pc's will connect.
8. When you want to disconnect, do a taskbar search for Command Prompt. Make sure that you either are an Administrator or that you open as Administrator. In Command Prompt, type: net use * /del, and press Enter. Then confirm by typing Y and press Enter. This will forcibly disconnect all other network devices from your pc.
9. Regarding MT5, set up and enable two factor authentication for your trading account(s), Your broker-dealer must support this. Not all broker-dealers do.
10. Regarding MQL5 code, any executable file that can be run can generally be memory dumped. This hacking process is laborious and time consuming, but it is possible. Hackers use their own software to mimic the Tester's debug mode for memory dumping. Therefore, one solution is to disable backtesting in your source code. Indicators are much more difficult to dump, so you could also put much of your EA code into an indicator which is called by the EA (personally, I would not rely on this alone).
11. Be sure to use mql5.com Cloud Protection when compiling source code. This adds an additional layer of encryption to the standard compiler encryption. Again, encryption does not affect memory dumping.

[Michael Charles Schefe]

12. have a network connection, just for trading, whether that be a unique network ssid and password for a wifi network, OR, unique ethernet connection name and id for your trading computer. And then, give your trading computer or computers 1st priority on your router. Backup your trading systems at least "weekly", keeping 3 or more backups, so if one or 2 are infected, you can go back futher to the 3rd to recover your system. Put everyone else on a different network connection. It does not have to be a "guest network"; it could even be a 2nd instance of the same lan driver, just with a different connection name.

13. use sandboxes and encrypted drives for all trading stuff. There are several highly encrypted programs out there. Some are crap. But others are bulletproof. And just because many are free, does not mean that they are crap.

14. ALWAYS have a backup internet connection, ie a sim card is always the easiest and fastest to setup in a pinch. This is good for both security and a fall over proofed internet connection. You can even swap between your 2 connections to keep any hacker guessing. And as these are often fast and easy to replace, i have 2; 1 that i use as backup daily, but 2nd is not being used, but always onhand in the event that i get suspicious activity on my computer.

15. and maybe this should be number 1. DELETE AND BLOCK ALL REMOTE HELP AND REMOTE SYSTEM/DESKTOP ABILITIES. These are on by default on all windows systems. Your router may also have open connections to the www without your knowledge also. All major router brands have these, such connections for microsoft remote help and also router support; which makes it easier for hackers to use these same routes to connect to your router, and from there, they can hack your computer. Windows has rules to ask you for permission before allowing these, however, a hacker can stop windows from notifying you of these connections.

16. if you do get a virus or hacker, then, do not think that you only have to update your antivirus definitions and firewall rules!!!!!! Even if you are 100% successful in removing any virus, trojan or hacker connection, most often, the way that that virus or hacker got access to your system, most often remains on your system, even after you have updated windows; so they can hack you again in days or weeks later, again. You have to change your ip address if at all possible, or at least use a new sim card for a few months before going back to your original web connection. And remember to format your hard drive after EVERY event. Just reinstalling windows is not good enuf.

17. change your mt5/4 account passwords periodicly. This way, if a hacker has got access to your computer and they downloaded your passwords yesterday, but you changed them today, then, your accounts are saved.

[Ryan L Johnson]

Nice additions!

Regarding #12, I forgot to mention the ability to disable broadcast of a wireless SSID... even though I mentioned it previous thread. It's tough to hack into wireless router when the hacker's device can't identify it.

Also regarding #12, Windows 7 Backup & Restore supports a complete system image backup of Windows 7, Windows 10, and Windows 11--on an external hard drive. This backs up everything in case of needing to overwrite your entire internal hard drive in the future.

And yes sir, #15 is a big one.

[Miguel Angel Vico Alba]

Excellent thread and kudos to both Ryan and Michael for putting together such a comprehensive security overview. This is the kind of discussion that brings real value to the community, especially since many traders and developers tend to overlook local network and device security.

Just wanted to contribute a few thoughts and clarifications based on experience.

• MAC filtering at the router level can help reduce casual intrusions but it is not a strong security measure by itself. A determined attacker can easily spoof a known MAC address once network traffic is observed. It is a useful layer but should not be relied upon alone.

• Formatting the hard drive after every incident is definitely the most thorough way to ensure no persistent threats remain. However it might be excessive in situations where the infection is contained and has not installed low-level components like rootkits. Tools such as offline antivirus scanners or clean boot environments can sometimes provide sufficient assurance depending on the case.

• Disabling remote desktop and remote assistance features in Windows is a great idea and users should also log in to their routers and disable any remote management or UPnP services that may be enabled by default. These are often overlooked entry points.

• The explanation around executable dumping is accurate. Any file that runs in memory can potentially be dumped and techniques exist that attempt to simulate the Strategy Tester or hook into processes to extract sensitive data. Cloud Protection adds meaningful encryption at the compiler level and breaking the logic into multiple components like indicators can raise the difficulty for reverse engineering attempts. While not unbreakable these steps do help increase the time and effort required for tampering.

• Backup routines, sandboxed environments, and having redundant network access are all excellent strategies especially for those managing live trading accounts or commercial software. Isolating trading devices on a dedicated SSID or Ethernet connection also helps reduce the attack surface.

• Finally changing trading account passwords regularly and enabling two factor authentication where supported are simple but effective practices that everyone should follow.

Again a great contribution. I hope this thread stays visible as it could easily serve as a reference for anyone serious about trading securely. 😉👍

[Michael Charles Schefe]

for a backup "system" that you can use while you are cleaning your system of viruses or just while you are setting up your main system again, I recommend using a local vps, such as virtual box or there are other free ones you can use, including windows own. I wont say its name as i do not recommend it to anyone, although it does work too; it tends to be slower than the ones created with 3rd party programs. The cute thing about this is that the vps can be used on the same system that is infected without being infected itself, or you can use the vps as your primary system, and if the vps gets infected, the "host" system will not be infected. The downside of this is that you need more memory than most systems if you want to run the vps all of the time. However it makes a great "preventative measure", and as the vps is generally installed on a single file, this file can be simply copied to an external drive, to be used as a backup, and to restore it, is usually a simple copy to the host to restore the vps after an infection.

You can also use "Windows To Go". It is simply "windows on a stick". In years gone by, this was a common method that big business minimised their computer hardware costs. These usb sticks are slower than a laptop, however, they do the job nicely. I have a dozen charts with 5 indicators on each chart, all working on my WTG, usb stick, that works well; but due to the slowness, trading is fine, I cannot do general internet browsing such as loading amazon page at same time without seeing obvious lag on the charts; otherwise it works well for me when i want to simply check my balance and have ability to close trades if i need to; when the android app is not reliable. These sticks can be installed with antivirus utilities and formattting utilities that you can use to recover your primary system or do a full recovery from the WTG stick. I carry this in my bag everywhere i go. i may not use it every month, however, i know it works if i need to use it. I just put it into a clients laptop or their computer without interfering with their systems, and i can do all my regular stuff when I do not feel motivated enuf to pull out my laptop and set it up. The stick is slow, but much faster than pulling out my laptop, sitting it upright, waiting for windows to load and mt to startup etc etc. The stick is slow, however, most of the setup process is simply pushing the stick into a usb port --- much easier! not to forget the whole process of packing up the laptop again!

For further info, google has much more detail than I could ever give you via a pm or dm.

[Ryan L Johnson]

Miguel Angel Vico Alba #:
Formatting the hard drive after every incident is definitely the most thorough way to ensure no persistent threats remain. However it might be excessive in situations where the infection is contained and has not installed low-level components like rootkits. Tools such as offline antivirus scanners or clean boot environments can sometimes provide sufficient assurance depending on the case.

Yes, the user's knowledge is key here. Windows 7 Backup & Restore includes an option to do a limited traditional backup, and to create a recovery disc/thumb drive (as opposed to a full system image). Many pc's are built with a second "backup" drive included. Backing up to that drive on the same pc that is infected is not a good idea. I'm a big fan of keeping backups on my local external drives which are only connected during backups, recoveries, or overwrites--and require no internet connection. An experienced hacker can install a trojan on the second drive that runs on a timer, only to reinfect the whole pc at a later time. An unassuming user might not be aware of this--especially if their scanning software doesn't scan the second drive. In this case, both drives should be formatted.

[Michael Charles Schefe]

Ryan L Johnson #:

Yes, the user's knowledge is key here. Windows 7 Backup & Restore includes an option to do a limited traditional backup, and to create a recovery disc/thumb drive (as opposed to a full system image). Many pc's are built with a second "backup" drive included. Backing up to that drive on the same pc that is infected is not a good idea. I'm a big fan of keeping backups on my local external drives which are only connected during backups, recoveries, or overwrites--and require no internet connection. An experienced hacker can install a trojan on the second drive that runs on a timer, only to reinfect the whole pc at a later time. An unassuming user might not be aware of this--especially if their scanning software doesn't scan the second drive. In this case, both drives should be formatted.

yeah; i was never a fan of backing up of windows on a 2nd partition that was on the same physical drive that windows was on. Viruses have always been notorious for installing themselves on these backup drives even when windows had hidden all trace of their drive letters. So when the user reinstalled windows to what they thought was "factory reset", then, the virus was often reinstalled at same time.

[Miguel Angel Vico Alba]

Just a quick note regarding the mention of Windows 7 in the context of trading and security.

While it's true that some of its tools (like Backup & Restore) may still work, relying on Windows 7 in 2025, especially for financial or trading operations, is highly discouraged and frankly irresponsible. The OS has been officially unsupported since 2020, meaning no critical security updates, no patches, and no protection against modern threats.

Even with antivirus and firewalls, an unpatched kernel or outdated network stack can be exploited by attackers with minimal effort. For anyone serious about trading securely or protecting MQL5 code, moving to a supported OS like Windows 10 or 11 or a hardened Linux setup is no longer optional, it's a basic requirement.

It's understandable that some users stick with legacy setups, but the risks in 2025 are simply too high to ignore.

[Ryan L Johnson]

Miguel Angel Vico Alba #:
The OS has been officially unsupported since 2020, meaning no critical security updates, no patches, and no protection against modern threats.

I wouldn't speak to the same fatal extent about Windows 7. Windows Defender continues to update multiple times per week and although Microsoft Security Essentials quit updating, it works in concert with Windows Defender for purposes of Real-time protection. Is it as good a modern Wndows Security? No, but I wouldn't say "no security updates" nor "no protection against modern threats." My oldest machine is a Windows 7 laptop. It's never been hacked--likely due to better and greater security practices listed in this thread.

Miguel Angel Vico Alba #:
For anyone serious about trading securely or protecting MQL5 code, moving to a supported OS like Windows 10

Yeah, I think the real challenge to using a Windows 7 machine as a primary trading pc is the fact that available system resources on such a machine are likely very limited.

Of course, Windows 10 support ends in October of 2025 so...

[Miguel Angel Vico Alba]

Ryan L Johnson #:

I wouldn't speak to the same fatal extent about Windows 7. Windows Defender continues to update multiple times per week and although Microsoft Security Essentials quit updating, it works in concert with Windows Defender for purposes of Real-time protection. Is it as good a modern Wndows Security? No, but I wouldn't say "no security updates" nor "no protection against modern threats." My oldest machine is a Windows 7 laptop. It's never been hacked--likely due to better and greater security practices listed in this thread.

Yeah, I think the real challenge to using a Windows 7 machine as a primary trading pc is the fact that available system resources on such a machine are likely very limited.

Of course, Windows 10 support ends in October of 2025 so...

I completely respect your exerience and the security practices you've outlined in the thread; they're solid recommendations, and your contribution to this topic is very much appreciated.

That said, I'd like to respectfully clarify and reinforce a few key technical points regarding Windows 7 security, as I believe it’s important for users who read this thread to have a complete and accurate understanding of the risks.

While Microsoft Security Essentials and Windows Defender definitions may still update in some cases through legacy update channels, it’s important to make a clear distinction between: Signature/database updates (used for detecting known malware) vs. Security updates to the OS kernel, drivers, network stack, and system services

The critial problem with Windows 7 is that it no longer receives any kernel-level or OS-level security patches since January 14, 2020, unless you're part of the (now expired) Extended Security Updates (ESU) program; which was only available to enterprises, and even that ended in January 2023.

This means that new zero-day vulnerabilities affecting Windows 7 remain permanently unpatched. An up-to-date antivirus simply cannot compensate for an exploitable unpatched OS; especially when the vulnerabilities lie in core components like SMB, RDP, the TCP/IP stack, or privilege escalation vectors.

You mentioned your Windows 7 machine hasn't been hacked, which is great. But as you surely know, most modern compromises are:

• Silent and persistent (rootkits, supply chain infections, remote backdoors).
• Often undetectable by AV alone.
• May involve lateral movement in a home network. (Stealing credentials stored on another computer, infecting more valuable servers or PCs (such as your VPS or trading PC), installing persistent backdoors, etc.).
• So the absence of obvious symptoms isn’t strong evidence of security; it's more likely a lack of detection.

You're absolutely right that Windows 10 reaches end-of-support in October 2025. However:

• It still receives critical updates today (monthly).
• Microsoft already announced Extended Security Updates (ESU) through 2028, available to both enterprises and individual users for a fee.

This puts Windows 10 in a completely different category from Windows 7, which is now entirely unsupported in terms of system-level security.

This is not about fear-mongering or being dramatic. It’s just a reflection of what Microsoft has clearly communicated and what we, as developers and traders, must accept as a minimum operational standard.

Legacy systems might still run, but using them in 2025 for financial operations or development work poses a risk that cannot be mitigated solely through good practices. A modern OS is not just a luxury; it’s part of the minimum baseline for responsible trading infrastructure.

About Windows 11:

One of the major reasons Windows 11 enforces TPM 2.0 (Trusted Platform Module) and Secure Boot as mandatory requirements is precisely to combat firmware-level attacks, bootkits, and credential theft through memory scraping or physical attacks.

TPM provides:

• Hardware-based key storage.
• Measured boot paths.
• Remote attestation.
• Protection against credential replay and tampering.

This represents a fundamental shift in security architecture.

In summary, It’s no longer just about patching software, but about building trust into the hardware layer.

[Ryan L Johnson]

Miguel Angel Vico Alba #:
This puts Windows 10 in a completely different category from Windows 7, which is now entirely unsupported in terms of system-level security.

Thank you for clarifying.

I suspect that my old Windows 7 laptop is likely fine because I've basically reduced to a storage device and dummy test signals receiver--due to its spec's. It's rarely online or even running and when it is, its network connection is manually controlled using the tactics in my OP.

Interestingly, my Windows 10 pc was hit a few years ago by a fake update that hit millions of Windows 10 pc's around the world. There was no way to detect it because the hackers spoofed as Microsoft, itself. Of course, this is my desktop that's almost always running and online so...

Then again, my Windows 11 laptop is fine too.