Do my Windows system binaries contain sensitive information?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












25















I have a dataset from a malware detection project that others want to use. Part of that dataset is system binaries that I had retrieved from my PC by searching for *.exe files (to serve as a benign dataset). Is it safe to share these files or can they contain sensitive information about accounts/identity etc.?










share|improve this question






















  • Are any system (or other important) binaries .NET assemblies? Those are compiled to native code at runtime. Could this compilation process (NGEN I think) incorporate additional information which then gets cached and unintentionally shared?

    – DaveInCaz
    Mar 3 at 13:31







  • 1





    Another thing to watch out for is the legality of what you intend to do. Copyright laws could be getting in the way of this. Sharing a virus infect executable could potentially be violating the copyright of both the author of the virus as well as the author of the original software. On the other hand it could be argued that this falls under the definition of fair use. A question about that could be on-topic for Law.

    – kasperd
    Mar 3 at 15:49






  • 2





    @kasperd Never heard of an "author of the virus" claiming or attempting to enforce copyright over the code in their virus.

    – fpmurphy
    Mar 4 at 0:27






  • 1





    @fpmurphy Agree that there are copyright issues. The OP wan't to share original, uninfected files: "to serve as a benign dataset".

    – user71659
    Mar 4 at 4:06






  • 1





    @fpmurphy I mentioned both the author of the virus as well as the author of the original software. There is little doubt somebody owns copyright on the virus code. But there are multiple reasons why it's unlikely the owner of the virus is going to claim their ownership in court. The author of the original software is much more likely to make a claim in court, and if they are going to sue over distribution of the original uninfected files, they may have a good case.

    – kasperd
    Mar 4 at 11:41















25















I have a dataset from a malware detection project that others want to use. Part of that dataset is system binaries that I had retrieved from my PC by searching for *.exe files (to serve as a benign dataset). Is it safe to share these files or can they contain sensitive information about accounts/identity etc.?










share|improve this question






















  • Are any system (or other important) binaries .NET assemblies? Those are compiled to native code at runtime. Could this compilation process (NGEN I think) incorporate additional information which then gets cached and unintentionally shared?

    – DaveInCaz
    Mar 3 at 13:31







  • 1





    Another thing to watch out for is the legality of what you intend to do. Copyright laws could be getting in the way of this. Sharing a virus infect executable could potentially be violating the copyright of both the author of the virus as well as the author of the original software. On the other hand it could be argued that this falls under the definition of fair use. A question about that could be on-topic for Law.

    – kasperd
    Mar 3 at 15:49






  • 2





    @kasperd Never heard of an "author of the virus" claiming or attempting to enforce copyright over the code in their virus.

    – fpmurphy
    Mar 4 at 0:27






  • 1





    @fpmurphy Agree that there are copyright issues. The OP wan't to share original, uninfected files: "to serve as a benign dataset".

    – user71659
    Mar 4 at 4:06






  • 1





    @fpmurphy I mentioned both the author of the virus as well as the author of the original software. There is little doubt somebody owns copyright on the virus code. But there are multiple reasons why it's unlikely the owner of the virus is going to claim their ownership in court. The author of the original software is much more likely to make a claim in court, and if they are going to sue over distribution of the original uninfected files, they may have a good case.

    – kasperd
    Mar 4 at 11:41













25












25








25


5






I have a dataset from a malware detection project that others want to use. Part of that dataset is system binaries that I had retrieved from my PC by searching for *.exe files (to serve as a benign dataset). Is it safe to share these files or can they contain sensitive information about accounts/identity etc.?










share|improve this question














I have a dataset from a malware detection project that others want to use. Part of that dataset is system binaries that I had retrieved from my PC by searching for *.exe files (to serve as a benign dataset). Is it safe to share these files or can they contain sensitive information about accounts/identity etc.?







windows sensitive-data-exposure






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Mar 3 at 3:57









Niket BhodiaNiket Bhodia

12924




12924












  • Are any system (or other important) binaries .NET assemblies? Those are compiled to native code at runtime. Could this compilation process (NGEN I think) incorporate additional information which then gets cached and unintentionally shared?

    – DaveInCaz
    Mar 3 at 13:31







  • 1





    Another thing to watch out for is the legality of what you intend to do. Copyright laws could be getting in the way of this. Sharing a virus infect executable could potentially be violating the copyright of both the author of the virus as well as the author of the original software. On the other hand it could be argued that this falls under the definition of fair use. A question about that could be on-topic for Law.

    – kasperd
    Mar 3 at 15:49






  • 2





    @kasperd Never heard of an "author of the virus" claiming or attempting to enforce copyright over the code in their virus.

    – fpmurphy
    Mar 4 at 0:27






  • 1





    @fpmurphy Agree that there are copyright issues. The OP wan't to share original, uninfected files: "to serve as a benign dataset".

    – user71659
    Mar 4 at 4:06






  • 1





    @fpmurphy I mentioned both the author of the virus as well as the author of the original software. There is little doubt somebody owns copyright on the virus code. But there are multiple reasons why it's unlikely the owner of the virus is going to claim their ownership in court. The author of the original software is much more likely to make a claim in court, and if they are going to sue over distribution of the original uninfected files, they may have a good case.

    – kasperd
    Mar 4 at 11:41

















  • Are any system (or other important) binaries .NET assemblies? Those are compiled to native code at runtime. Could this compilation process (NGEN I think) incorporate additional information which then gets cached and unintentionally shared?

    – DaveInCaz
    Mar 3 at 13:31







  • 1





    Another thing to watch out for is the legality of what you intend to do. Copyright laws could be getting in the way of this. Sharing a virus infect executable could potentially be violating the copyright of both the author of the virus as well as the author of the original software. On the other hand it could be argued that this falls under the definition of fair use. A question about that could be on-topic for Law.

    – kasperd
    Mar 3 at 15:49






  • 2





    @kasperd Never heard of an "author of the virus" claiming or attempting to enforce copyright over the code in their virus.

    – fpmurphy
    Mar 4 at 0:27






  • 1





    @fpmurphy Agree that there are copyright issues. The OP wan't to share original, uninfected files: "to serve as a benign dataset".

    – user71659
    Mar 4 at 4:06






  • 1





    @fpmurphy I mentioned both the author of the virus as well as the author of the original software. There is little doubt somebody owns copyright on the virus code. But there are multiple reasons why it's unlikely the owner of the virus is going to claim their ownership in court. The author of the original software is much more likely to make a claim in court, and if they are going to sue over distribution of the original uninfected files, they may have a good case.

    – kasperd
    Mar 4 at 11:41
















Are any system (or other important) binaries .NET assemblies? Those are compiled to native code at runtime. Could this compilation process (NGEN I think) incorporate additional information which then gets cached and unintentionally shared?

– DaveInCaz
Mar 3 at 13:31






Are any system (or other important) binaries .NET assemblies? Those are compiled to native code at runtime. Could this compilation process (NGEN I think) incorporate additional information which then gets cached and unintentionally shared?

– DaveInCaz
Mar 3 at 13:31





1




1





Another thing to watch out for is the legality of what you intend to do. Copyright laws could be getting in the way of this. Sharing a virus infect executable could potentially be violating the copyright of both the author of the virus as well as the author of the original software. On the other hand it could be argued that this falls under the definition of fair use. A question about that could be on-topic for Law.

– kasperd
Mar 3 at 15:49





Another thing to watch out for is the legality of what you intend to do. Copyright laws could be getting in the way of this. Sharing a virus infect executable could potentially be violating the copyright of both the author of the virus as well as the author of the original software. On the other hand it could be argued that this falls under the definition of fair use. A question about that could be on-topic for Law.

– kasperd
Mar 3 at 15:49




2




2





@kasperd Never heard of an "author of the virus" claiming or attempting to enforce copyright over the code in their virus.

– fpmurphy
Mar 4 at 0:27





@kasperd Never heard of an "author of the virus" claiming or attempting to enforce copyright over the code in their virus.

– fpmurphy
Mar 4 at 0:27




1




1





@fpmurphy Agree that there are copyright issues. The OP wan't to share original, uninfected files: "to serve as a benign dataset".

– user71659
Mar 4 at 4:06





@fpmurphy Agree that there are copyright issues. The OP wan't to share original, uninfected files: "to serve as a benign dataset".

– user71659
Mar 4 at 4:06




1




1





@fpmurphy I mentioned both the author of the virus as well as the author of the original software. There is little doubt somebody owns copyright on the virus code. But there are multiple reasons why it's unlikely the owner of the virus is going to claim their ownership in court. The author of the original software is much more likely to make a claim in court, and if they are going to sue over distribution of the original uninfected files, they may have a good case.

– kasperd
Mar 4 at 11:41





@fpmurphy I mentioned both the author of the virus as well as the author of the original software. There is little doubt somebody owns copyright on the virus code. But there are multiple reasons why it's unlikely the owner of the virus is going to claim their ownership in court. The author of the original software is much more likely to make a claim in court, and if they are going to sue over distribution of the original uninfected files, they may have a good case.

– kasperd
Mar 4 at 11:41










4 Answers
4






active

oldest

votes


















32














Everybody's (me included) reflex answer to such a question will normally be: Huh huh huh (falls off chair). No! How would you think this could even work? Executables are signed nowadays, which prevents them from being modified!



However, if you consider "exe" files in general, not just those from a fresh naked Windows install, the answer must be: Careful!.



Some executables (an increasing number) are specially crafted for you. And yeah, they're signed, doesn't make a difference.



This includes at least some, but more likely most executables you downloaded from one of those modern software-as-a-service or online shop or whatever you call them things. Adobe, Steam, Office360, you name it.

I don't know the technical details about each and every of these, they're just examples that came to my mind as possible candidates. It is however certain, that among other methods, custom-signed executables exist (not just on PC, for example the Nintendo shop definitively works that way).



So, if your Windows system is not just a Windows system, but one that includes custom-signed (or what would one call it? custom-branded?) executables, then you may give out sensitive information.



Also, not all executables are the same version, and not all executables are present on every computer. Unless one also considers file creation dates, it is probably a bit far fetched to say that they provide a unique fingerprint, but this information could certainly be used to more or less identify your system, with a little error margin.



While in theory, there's probably enough combinations of features and versions to identify every atom in every computer, in practice most installs will have mostly the same features, and mostly the same versions. Which amounts to maybe a few dozen million real permutations. But still, if it's a problem that someone might tell that's this-and-that combination points to your specific computer with, say, 85-90% likelihood, then... be aware.

Mind you, it's not so much different with genetic analysis, although of course numbers are much bigger in that case. Folklore tells us that siblings are 50% genetically identical, but in reality, complete strangers are 98% genetically identical. That's because, well, they need these genes in that particular composition to even exist (you will be surprised how much you have in common with, say, a rat or a bunny!). But even if people are mostly identical in almost everything, there's enough in the small, remaining bit to tell quite a lot about someone.






share|improve this answer


















  • 13





    +1 Easy way to check is to Google the checksum. If you see it anywhere then it's not customized for you.

    – Mehrdad
    Mar 3 at 13:10






  • 1





    examples include "video conference" apps such as BlueJeans and software like Autopilot by FogBugz

    – aaaaaa
    Mar 3 at 16:41






  • 3





    @Tim 365, not 356.

    – JAB
    Mar 4 at 13:14






  • 3





    But, next year is a leap year! Won't it function on Feb 29?

    – Mawg
    Mar 4 at 14:25







  • 1





    @DuncanXSimpson Hopefully it doesn't turn into Wolf 359.

    – JAB
    Mar 4 at 19:11


















18














Windows system executables do not contain any sensitive information. They may reveal the version of the operating system you are using, but personal information is not stored in executables. Instead, it is stored in configuration files or databases kept throughout the system. While it would be theoretically possible to store sensitive information in executables, I can't think of any reason it would be done.






share|improve this answer


















  • 9





    Also, storing something inside executables after installation will render their digital signature invalid.

    – rkosegi
    Mar 3 at 11:30











  • What about self-extracting Zip files? That used to be quite common.

    – penguin359
    Mar 4 at 4:54






  • 1





    @penguin359: Nothing special. They can be signed, and so can their contents.

    – MSalters
    Mar 4 at 8:19


















8














They can contain file paths from the system they were compiled on, which may be sensitive if these are programs you compiled on your own system.






share|improve this answer


















  • 4





    I'm assuming OP hasn't compiled his own copy of Windows locally.

    – forest
    Mar 3 at 4:50






  • 4





    @forest: Very true, but I'm worried searching for *.exe files might result in more files than true OS binaries. You'll find other binaries that way too, especially if you planted any inside System32 yourself for whatever reason.

    – Mehrdad
    Mar 3 at 4:54






  • 4





    That's a good point. And of course, some people create self-unpacking archives with 7zip that are exe files and which may contain sensitive data.

    – forest
    Mar 3 at 5:02












  • @Mehrdad, thanks for the reply. Yes .exe files of other installed s/w are also in this set. But it's unlikely they would contain any sensitive information, correct? And I have not compiled any binaries myself. Just checking out of caution.

    – Niket Bhodia
    Mar 3 at 9:55






  • 2





    @NiketBhodia: If you haven't built the EXEs yourself, then they indeed should not contain any sensitive information from your machine. But for example, if an EXE comes from your work's IT department, and they built it themselves, then maybe the company name is somewhere there. You need to think through who may have built each EXE and whether they might have information that is indirectly or directly associated with you.

    – Mehrdad
    Mar 3 at 9:58



















1














Internal / company specific applications may well contain sensitive algorithms (eg pricing/discounting rules, fraud detection). They might be analysed by hostile parties for security flaws.



Revealing which versions of Commercial / third party applications are actively used (especially if not fully up-to-date with security patches) may also allow hostile parties to target your company using known vulnerabilities in those versions.






share|improve this answer























    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "162"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204628%2fdo-my-windows-system-binaries-contain-sensitive-information%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    4 Answers
    4






    active

    oldest

    votes








    4 Answers
    4






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    32














    Everybody's (me included) reflex answer to such a question will normally be: Huh huh huh (falls off chair). No! How would you think this could even work? Executables are signed nowadays, which prevents them from being modified!



    However, if you consider "exe" files in general, not just those from a fresh naked Windows install, the answer must be: Careful!.



    Some executables (an increasing number) are specially crafted for you. And yeah, they're signed, doesn't make a difference.



    This includes at least some, but more likely most executables you downloaded from one of those modern software-as-a-service or online shop or whatever you call them things. Adobe, Steam, Office360, you name it.

    I don't know the technical details about each and every of these, they're just examples that came to my mind as possible candidates. It is however certain, that among other methods, custom-signed executables exist (not just on PC, for example the Nintendo shop definitively works that way).



    So, if your Windows system is not just a Windows system, but one that includes custom-signed (or what would one call it? custom-branded?) executables, then you may give out sensitive information.



    Also, not all executables are the same version, and not all executables are present on every computer. Unless one also considers file creation dates, it is probably a bit far fetched to say that they provide a unique fingerprint, but this information could certainly be used to more or less identify your system, with a little error margin.



    While in theory, there's probably enough combinations of features and versions to identify every atom in every computer, in practice most installs will have mostly the same features, and mostly the same versions. Which amounts to maybe a few dozen million real permutations. But still, if it's a problem that someone might tell that's this-and-that combination points to your specific computer with, say, 85-90% likelihood, then... be aware.

    Mind you, it's not so much different with genetic analysis, although of course numbers are much bigger in that case. Folklore tells us that siblings are 50% genetically identical, but in reality, complete strangers are 98% genetically identical. That's because, well, they need these genes in that particular composition to even exist (you will be surprised how much you have in common with, say, a rat or a bunny!). But even if people are mostly identical in almost everything, there's enough in the small, remaining bit to tell quite a lot about someone.






    share|improve this answer


















    • 13





      +1 Easy way to check is to Google the checksum. If you see it anywhere then it's not customized for you.

      – Mehrdad
      Mar 3 at 13:10






    • 1





      examples include "video conference" apps such as BlueJeans and software like Autopilot by FogBugz

      – aaaaaa
      Mar 3 at 16:41






    • 3





      @Tim 365, not 356.

      – JAB
      Mar 4 at 13:14






    • 3





      But, next year is a leap year! Won't it function on Feb 29?

      – Mawg
      Mar 4 at 14:25







    • 1





      @DuncanXSimpson Hopefully it doesn't turn into Wolf 359.

      – JAB
      Mar 4 at 19:11















    32














    Everybody's (me included) reflex answer to such a question will normally be: Huh huh huh (falls off chair). No! How would you think this could even work? Executables are signed nowadays, which prevents them from being modified!



    However, if you consider "exe" files in general, not just those from a fresh naked Windows install, the answer must be: Careful!.



    Some executables (an increasing number) are specially crafted for you. And yeah, they're signed, doesn't make a difference.



    This includes at least some, but more likely most executables you downloaded from one of those modern software-as-a-service or online shop or whatever you call them things. Adobe, Steam, Office360, you name it.

    I don't know the technical details about each and every of these, they're just examples that came to my mind as possible candidates. It is however certain, that among other methods, custom-signed executables exist (not just on PC, for example the Nintendo shop definitively works that way).



    So, if your Windows system is not just a Windows system, but one that includes custom-signed (or what would one call it? custom-branded?) executables, then you may give out sensitive information.



    Also, not all executables are the same version, and not all executables are present on every computer. Unless one also considers file creation dates, it is probably a bit far fetched to say that they provide a unique fingerprint, but this information could certainly be used to more or less identify your system, with a little error margin.



    While in theory, there's probably enough combinations of features and versions to identify every atom in every computer, in practice most installs will have mostly the same features, and mostly the same versions. Which amounts to maybe a few dozen million real permutations. But still, if it's a problem that someone might tell that's this-and-that combination points to your specific computer with, say, 85-90% likelihood, then... be aware.

    Mind you, it's not so much different with genetic analysis, although of course numbers are much bigger in that case. Folklore tells us that siblings are 50% genetically identical, but in reality, complete strangers are 98% genetically identical. That's because, well, they need these genes in that particular composition to even exist (you will be surprised how much you have in common with, say, a rat or a bunny!). But even if people are mostly identical in almost everything, there's enough in the small, remaining bit to tell quite a lot about someone.






    share|improve this answer


















    • 13





      +1 Easy way to check is to Google the checksum. If you see it anywhere then it's not customized for you.

      – Mehrdad
      Mar 3 at 13:10






    • 1





      examples include "video conference" apps such as BlueJeans and software like Autopilot by FogBugz

      – aaaaaa
      Mar 3 at 16:41






    • 3





      @Tim 365, not 356.

      – JAB
      Mar 4 at 13:14






    • 3





      But, next year is a leap year! Won't it function on Feb 29?

      – Mawg
      Mar 4 at 14:25







    • 1





      @DuncanXSimpson Hopefully it doesn't turn into Wolf 359.

      – JAB
      Mar 4 at 19:11













    32












    32








    32







    Everybody's (me included) reflex answer to such a question will normally be: Huh huh huh (falls off chair). No! How would you think this could even work? Executables are signed nowadays, which prevents them from being modified!



    However, if you consider "exe" files in general, not just those from a fresh naked Windows install, the answer must be: Careful!.



    Some executables (an increasing number) are specially crafted for you. And yeah, they're signed, doesn't make a difference.



    This includes at least some, but more likely most executables you downloaded from one of those modern software-as-a-service or online shop or whatever you call them things. Adobe, Steam, Office360, you name it.

    I don't know the technical details about each and every of these, they're just examples that came to my mind as possible candidates. It is however certain, that among other methods, custom-signed executables exist (not just on PC, for example the Nintendo shop definitively works that way).



    So, if your Windows system is not just a Windows system, but one that includes custom-signed (or what would one call it? custom-branded?) executables, then you may give out sensitive information.



    Also, not all executables are the same version, and not all executables are present on every computer. Unless one also considers file creation dates, it is probably a bit far fetched to say that they provide a unique fingerprint, but this information could certainly be used to more or less identify your system, with a little error margin.



    While in theory, there's probably enough combinations of features and versions to identify every atom in every computer, in practice most installs will have mostly the same features, and mostly the same versions. Which amounts to maybe a few dozen million real permutations. But still, if it's a problem that someone might tell that's this-and-that combination points to your specific computer with, say, 85-90% likelihood, then... be aware.

    Mind you, it's not so much different with genetic analysis, although of course numbers are much bigger in that case. Folklore tells us that siblings are 50% genetically identical, but in reality, complete strangers are 98% genetically identical. That's because, well, they need these genes in that particular composition to even exist (you will be surprised how much you have in common with, say, a rat or a bunny!). But even if people are mostly identical in almost everything, there's enough in the small, remaining bit to tell quite a lot about someone.






    share|improve this answer













    Everybody's (me included) reflex answer to such a question will normally be: Huh huh huh (falls off chair). No! How would you think this could even work? Executables are signed nowadays, which prevents them from being modified!



    However, if you consider "exe" files in general, not just those from a fresh naked Windows install, the answer must be: Careful!.



    Some executables (an increasing number) are specially crafted for you. And yeah, they're signed, doesn't make a difference.



    This includes at least some, but more likely most executables you downloaded from one of those modern software-as-a-service or online shop or whatever you call them things. Adobe, Steam, Office360, you name it.

    I don't know the technical details about each and every of these, they're just examples that came to my mind as possible candidates. It is however certain, that among other methods, custom-signed executables exist (not just on PC, for example the Nintendo shop definitively works that way).



    So, if your Windows system is not just a Windows system, but one that includes custom-signed (or what would one call it? custom-branded?) executables, then you may give out sensitive information.



    Also, not all executables are the same version, and not all executables are present on every computer. Unless one also considers file creation dates, it is probably a bit far fetched to say that they provide a unique fingerprint, but this information could certainly be used to more or less identify your system, with a little error margin.



    While in theory, there's probably enough combinations of features and versions to identify every atom in every computer, in practice most installs will have mostly the same features, and mostly the same versions. Which amounts to maybe a few dozen million real permutations. But still, if it's a problem that someone might tell that's this-and-that combination points to your specific computer with, say, 85-90% likelihood, then... be aware.

    Mind you, it's not so much different with genetic analysis, although of course numbers are much bigger in that case. Folklore tells us that siblings are 50% genetically identical, but in reality, complete strangers are 98% genetically identical. That's because, well, they need these genes in that particular composition to even exist (you will be surprised how much you have in common with, say, a rat or a bunny!). But even if people are mostly identical in almost everything, there's enough in the small, remaining bit to tell quite a lot about someone.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Mar 3 at 11:58









    DamonDamon

    3,177916




    3,177916







    • 13





      +1 Easy way to check is to Google the checksum. If you see it anywhere then it's not customized for you.

      – Mehrdad
      Mar 3 at 13:10






    • 1





      examples include "video conference" apps such as BlueJeans and software like Autopilot by FogBugz

      – aaaaaa
      Mar 3 at 16:41






    • 3





      @Tim 365, not 356.

      – JAB
      Mar 4 at 13:14






    • 3





      But, next year is a leap year! Won't it function on Feb 29?

      – Mawg
      Mar 4 at 14:25







    • 1





      @DuncanXSimpson Hopefully it doesn't turn into Wolf 359.

      – JAB
      Mar 4 at 19:11












    • 13





      +1 Easy way to check is to Google the checksum. If you see it anywhere then it's not customized for you.

      – Mehrdad
      Mar 3 at 13:10






    • 1





      examples include "video conference" apps such as BlueJeans and software like Autopilot by FogBugz

      – aaaaaa
      Mar 3 at 16:41






    • 3





      @Tim 365, not 356.

      – JAB
      Mar 4 at 13:14






    • 3





      But, next year is a leap year! Won't it function on Feb 29?

      – Mawg
      Mar 4 at 14:25







    • 1





      @DuncanXSimpson Hopefully it doesn't turn into Wolf 359.

      – JAB
      Mar 4 at 19:11







    13




    13





    +1 Easy way to check is to Google the checksum. If you see it anywhere then it's not customized for you.

    – Mehrdad
    Mar 3 at 13:10





    +1 Easy way to check is to Google the checksum. If you see it anywhere then it's not customized for you.

    – Mehrdad
    Mar 3 at 13:10




    1




    1





    examples include "video conference" apps such as BlueJeans and software like Autopilot by FogBugz

    – aaaaaa
    Mar 3 at 16:41





    examples include "video conference" apps such as BlueJeans and software like Autopilot by FogBugz

    – aaaaaa
    Mar 3 at 16:41




    3




    3





    @Tim 365, not 356.

    – JAB
    Mar 4 at 13:14





    @Tim 365, not 356.

    – JAB
    Mar 4 at 13:14




    3




    3





    But, next year is a leap year! Won't it function on Feb 29?

    – Mawg
    Mar 4 at 14:25






    But, next year is a leap year! Won't it function on Feb 29?

    – Mawg
    Mar 4 at 14:25





    1




    1





    @DuncanXSimpson Hopefully it doesn't turn into Wolf 359.

    – JAB
    Mar 4 at 19:11





    @DuncanXSimpson Hopefully it doesn't turn into Wolf 359.

    – JAB
    Mar 4 at 19:11













    18














    Windows system executables do not contain any sensitive information. They may reveal the version of the operating system you are using, but personal information is not stored in executables. Instead, it is stored in configuration files or databases kept throughout the system. While it would be theoretically possible to store sensitive information in executables, I can't think of any reason it would be done.






    share|improve this answer


















    • 9





      Also, storing something inside executables after installation will render their digital signature invalid.

      – rkosegi
      Mar 3 at 11:30











    • What about self-extracting Zip files? That used to be quite common.

      – penguin359
      Mar 4 at 4:54






    • 1





      @penguin359: Nothing special. They can be signed, and so can their contents.

      – MSalters
      Mar 4 at 8:19















    18














    Windows system executables do not contain any sensitive information. They may reveal the version of the operating system you are using, but personal information is not stored in executables. Instead, it is stored in configuration files or databases kept throughout the system. While it would be theoretically possible to store sensitive information in executables, I can't think of any reason it would be done.






    share|improve this answer


















    • 9





      Also, storing something inside executables after installation will render their digital signature invalid.

      – rkosegi
      Mar 3 at 11:30











    • What about self-extracting Zip files? That used to be quite common.

      – penguin359
      Mar 4 at 4:54






    • 1





      @penguin359: Nothing special. They can be signed, and so can their contents.

      – MSalters
      Mar 4 at 8:19













    18












    18








    18







    Windows system executables do not contain any sensitive information. They may reveal the version of the operating system you are using, but personal information is not stored in executables. Instead, it is stored in configuration files or databases kept throughout the system. While it would be theoretically possible to store sensitive information in executables, I can't think of any reason it would be done.






    share|improve this answer













    Windows system executables do not contain any sensitive information. They may reveal the version of the operating system you are using, but personal information is not stored in executables. Instead, it is stored in configuration files or databases kept throughout the system. While it would be theoretically possible to store sensitive information in executables, I can't think of any reason it would be done.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Mar 3 at 4:12









    forestforest

    39.1k18127139




    39.1k18127139







    • 9





      Also, storing something inside executables after installation will render their digital signature invalid.

      – rkosegi
      Mar 3 at 11:30











    • What about self-extracting Zip files? That used to be quite common.

      – penguin359
      Mar 4 at 4:54






    • 1





      @penguin359: Nothing special. They can be signed, and so can their contents.

      – MSalters
      Mar 4 at 8:19












    • 9





      Also, storing something inside executables after installation will render their digital signature invalid.

      – rkosegi
      Mar 3 at 11:30











    • What about self-extracting Zip files? That used to be quite common.

      – penguin359
      Mar 4 at 4:54






    • 1





      @penguin359: Nothing special. They can be signed, and so can their contents.

      – MSalters
      Mar 4 at 8:19







    9




    9





    Also, storing something inside executables after installation will render their digital signature invalid.

    – rkosegi
    Mar 3 at 11:30





    Also, storing something inside executables after installation will render their digital signature invalid.

    – rkosegi
    Mar 3 at 11:30













    What about self-extracting Zip files? That used to be quite common.

    – penguin359
    Mar 4 at 4:54





    What about self-extracting Zip files? That used to be quite common.

    – penguin359
    Mar 4 at 4:54




    1




    1





    @penguin359: Nothing special. They can be signed, and so can their contents.

    – MSalters
    Mar 4 at 8:19





    @penguin359: Nothing special. They can be signed, and so can their contents.

    – MSalters
    Mar 4 at 8:19











    8














    They can contain file paths from the system they were compiled on, which may be sensitive if these are programs you compiled on your own system.






    share|improve this answer


















    • 4





      I'm assuming OP hasn't compiled his own copy of Windows locally.

      – forest
      Mar 3 at 4:50






    • 4





      @forest: Very true, but I'm worried searching for *.exe files might result in more files than true OS binaries. You'll find other binaries that way too, especially if you planted any inside System32 yourself for whatever reason.

      – Mehrdad
      Mar 3 at 4:54






    • 4





      That's a good point. And of course, some people create self-unpacking archives with 7zip that are exe files and which may contain sensitive data.

      – forest
      Mar 3 at 5:02












    • @Mehrdad, thanks for the reply. Yes .exe files of other installed s/w are also in this set. But it's unlikely they would contain any sensitive information, correct? And I have not compiled any binaries myself. Just checking out of caution.

      – Niket Bhodia
      Mar 3 at 9:55






    • 2





      @NiketBhodia: If you haven't built the EXEs yourself, then they indeed should not contain any sensitive information from your machine. But for example, if an EXE comes from your work's IT department, and they built it themselves, then maybe the company name is somewhere there. You need to think through who may have built each EXE and whether they might have information that is indirectly or directly associated with you.

      – Mehrdad
      Mar 3 at 9:58
















    8














    They can contain file paths from the system they were compiled on, which may be sensitive if these are programs you compiled on your own system.






    share|improve this answer


















    • 4





      I'm assuming OP hasn't compiled his own copy of Windows locally.

      – forest
      Mar 3 at 4:50






    • 4





      @forest: Very true, but I'm worried searching for *.exe files might result in more files than true OS binaries. You'll find other binaries that way too, especially if you planted any inside System32 yourself for whatever reason.

      – Mehrdad
      Mar 3 at 4:54






    • 4





      That's a good point. And of course, some people create self-unpacking archives with 7zip that are exe files and which may contain sensitive data.

      – forest
      Mar 3 at 5:02












    • @Mehrdad, thanks for the reply. Yes .exe files of other installed s/w are also in this set. But it's unlikely they would contain any sensitive information, correct? And I have not compiled any binaries myself. Just checking out of caution.

      – Niket Bhodia
      Mar 3 at 9:55






    • 2





      @NiketBhodia: If you haven't built the EXEs yourself, then they indeed should not contain any sensitive information from your machine. But for example, if an EXE comes from your work's IT department, and they built it themselves, then maybe the company name is somewhere there. You need to think through who may have built each EXE and whether they might have information that is indirectly or directly associated with you.

      – Mehrdad
      Mar 3 at 9:58














    8












    8








    8







    They can contain file paths from the system they were compiled on, which may be sensitive if these are programs you compiled on your own system.






    share|improve this answer













    They can contain file paths from the system they were compiled on, which may be sensitive if these are programs you compiled on your own system.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Mar 3 at 4:39









    MehrdadMehrdad

    1,51011222




    1,51011222







    • 4





      I'm assuming OP hasn't compiled his own copy of Windows locally.

      – forest
      Mar 3 at 4:50






    • 4





      @forest: Very true, but I'm worried searching for *.exe files might result in more files than true OS binaries. You'll find other binaries that way too, especially if you planted any inside System32 yourself for whatever reason.

      – Mehrdad
      Mar 3 at 4:54






    • 4





      That's a good point. And of course, some people create self-unpacking archives with 7zip that are exe files and which may contain sensitive data.

      – forest
      Mar 3 at 5:02












    • @Mehrdad, thanks for the reply. Yes .exe files of other installed s/w are also in this set. But it's unlikely they would contain any sensitive information, correct? And I have not compiled any binaries myself. Just checking out of caution.

      – Niket Bhodia
      Mar 3 at 9:55






    • 2





      @NiketBhodia: If you haven't built the EXEs yourself, then they indeed should not contain any sensitive information from your machine. But for example, if an EXE comes from your work's IT department, and they built it themselves, then maybe the company name is somewhere there. You need to think through who may have built each EXE and whether they might have information that is indirectly or directly associated with you.

      – Mehrdad
      Mar 3 at 9:58













    • 4





      I'm assuming OP hasn't compiled his own copy of Windows locally.

      – forest
      Mar 3 at 4:50






    • 4





      @forest: Very true, but I'm worried searching for *.exe files might result in more files than true OS binaries. You'll find other binaries that way too, especially if you planted any inside System32 yourself for whatever reason.

      – Mehrdad
      Mar 3 at 4:54






    • 4





      That's a good point. And of course, some people create self-unpacking archives with 7zip that are exe files and which may contain sensitive data.

      – forest
      Mar 3 at 5:02












    • @Mehrdad, thanks for the reply. Yes .exe files of other installed s/w are also in this set. But it's unlikely they would contain any sensitive information, correct? And I have not compiled any binaries myself. Just checking out of caution.

      – Niket Bhodia
      Mar 3 at 9:55






    • 2





      @NiketBhodia: If you haven't built the EXEs yourself, then they indeed should not contain any sensitive information from your machine. But for example, if an EXE comes from your work's IT department, and they built it themselves, then maybe the company name is somewhere there. You need to think through who may have built each EXE and whether they might have information that is indirectly or directly associated with you.

      – Mehrdad
      Mar 3 at 9:58








    4




    4





    I'm assuming OP hasn't compiled his own copy of Windows locally.

    – forest
    Mar 3 at 4:50





    I'm assuming OP hasn't compiled his own copy of Windows locally.

    – forest
    Mar 3 at 4:50




    4




    4





    @forest: Very true, but I'm worried searching for *.exe files might result in more files than true OS binaries. You'll find other binaries that way too, especially if you planted any inside System32 yourself for whatever reason.

    – Mehrdad
    Mar 3 at 4:54





    @forest: Very true, but I'm worried searching for *.exe files might result in more files than true OS binaries. You'll find other binaries that way too, especially if you planted any inside System32 yourself for whatever reason.

    – Mehrdad
    Mar 3 at 4:54




    4




    4





    That's a good point. And of course, some people create self-unpacking archives with 7zip that are exe files and which may contain sensitive data.

    – forest
    Mar 3 at 5:02






    That's a good point. And of course, some people create self-unpacking archives with 7zip that are exe files and which may contain sensitive data.

    – forest
    Mar 3 at 5:02














    @Mehrdad, thanks for the reply. Yes .exe files of other installed s/w are also in this set. But it's unlikely they would contain any sensitive information, correct? And I have not compiled any binaries myself. Just checking out of caution.

    – Niket Bhodia
    Mar 3 at 9:55





    @Mehrdad, thanks for the reply. Yes .exe files of other installed s/w are also in this set. But it's unlikely they would contain any sensitive information, correct? And I have not compiled any binaries myself. Just checking out of caution.

    – Niket Bhodia
    Mar 3 at 9:55




    2




    2





    @NiketBhodia: If you haven't built the EXEs yourself, then they indeed should not contain any sensitive information from your machine. But for example, if an EXE comes from your work's IT department, and they built it themselves, then maybe the company name is somewhere there. You need to think through who may have built each EXE and whether they might have information that is indirectly or directly associated with you.

    – Mehrdad
    Mar 3 at 9:58






    @NiketBhodia: If you haven't built the EXEs yourself, then they indeed should not contain any sensitive information from your machine. But for example, if an EXE comes from your work's IT department, and they built it themselves, then maybe the company name is somewhere there. You need to think through who may have built each EXE and whether they might have information that is indirectly or directly associated with you.

    – Mehrdad
    Mar 3 at 9:58












    1














    Internal / company specific applications may well contain sensitive algorithms (eg pricing/discounting rules, fraud detection). They might be analysed by hostile parties for security flaws.



    Revealing which versions of Commercial / third party applications are actively used (especially if not fully up-to-date with security patches) may also allow hostile parties to target your company using known vulnerabilities in those versions.






    share|improve this answer



























      1














      Internal / company specific applications may well contain sensitive algorithms (eg pricing/discounting rules, fraud detection). They might be analysed by hostile parties for security flaws.



      Revealing which versions of Commercial / third party applications are actively used (especially if not fully up-to-date with security patches) may also allow hostile parties to target your company using known vulnerabilities in those versions.






      share|improve this answer

























        1












        1








        1







        Internal / company specific applications may well contain sensitive algorithms (eg pricing/discounting rules, fraud detection). They might be analysed by hostile parties for security flaws.



        Revealing which versions of Commercial / third party applications are actively used (especially if not fully up-to-date with security patches) may also allow hostile parties to target your company using known vulnerabilities in those versions.






        share|improve this answer













        Internal / company specific applications may well contain sensitive algorithms (eg pricing/discounting rules, fraud detection). They might be analysed by hostile parties for security flaws.



        Revealing which versions of Commercial / third party applications are actively used (especially if not fully up-to-date with security patches) may also allow hostile parties to target your company using known vulnerabilities in those versions.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Mar 3 at 22:48









        GaryGary

        734612




        734612



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Information Security Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204628%2fdo-my-windows-system-binaries-contain-sensitive-information%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown






            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?