Do my Windows system binaries contain sensitive information?
Clash Royale CLAN TAG#URR8PPP
I have a dataset from a malware detection project that others want to use. Part of that dataset is system binaries that I had retrieved from my PC by searching for *.exe files (to serve as a benign dataset). Is it safe to share these files or can they contain sensitive information about accounts/identity etc.?
windows sensitive-data-exposure
|
show 1 more comment
I have a dataset from a malware detection project that others want to use. Part of that dataset is system binaries that I had retrieved from my PC by searching for *.exe files (to serve as a benign dataset). Is it safe to share these files or can they contain sensitive information about accounts/identity etc.?
windows sensitive-data-exposure
Are any system (or other important) binaries .NET assemblies? Those are compiled to native code at runtime. Could this compilation process (NGEN I think) incorporate additional information which then gets cached and unintentionally shared?
– DaveInCaz
Mar 3 at 13:31
1
Another thing to watch out for is the legality of what you intend to do. Copyright laws could be getting in the way of this. Sharing a virus infect executable could potentially be violating the copyright of both the author of the virus as well as the author of the original software. On the other hand it could be argued that this falls under the definition of fair use. A question about that could be on-topic for Law.
– kasperd
Mar 3 at 15:49
2
@kasperd Never heard of an "author of the virus" claiming or attempting to enforce copyright over the code in their virus.
– fpmurphy
Mar 4 at 0:27
1
@fpmurphy Agree that there are copyright issues. The OP wan't to share original, uninfected files: "to serve as a benign dataset".
– user71659
Mar 4 at 4:06
1
@fpmurphy I mentioned both the author of the virus as well as the author of the original software. There is little doubt somebody owns copyright on the virus code. But there are multiple reasons why it's unlikely the owner of the virus is going to claim their ownership in court. The author of the original software is much more likely to make a claim in court, and if they are going to sue over distribution of the original uninfected files, they may have a good case.
– kasperd
Mar 4 at 11:41
|
show 1 more comment
I have a dataset from a malware detection project that others want to use. Part of that dataset is system binaries that I had retrieved from my PC by searching for *.exe files (to serve as a benign dataset). Is it safe to share these files or can they contain sensitive information about accounts/identity etc.?
windows sensitive-data-exposure
I have a dataset from a malware detection project that others want to use. Part of that dataset is system binaries that I had retrieved from my PC by searching for *.exe files (to serve as a benign dataset). Is it safe to share these files or can they contain sensitive information about accounts/identity etc.?
windows sensitive-data-exposure
windows sensitive-data-exposure
asked Mar 3 at 3:57
Niket BhodiaNiket Bhodia
12924
12924
Are any system (or other important) binaries .NET assemblies? Those are compiled to native code at runtime. Could this compilation process (NGEN I think) incorporate additional information which then gets cached and unintentionally shared?
– DaveInCaz
Mar 3 at 13:31
1
Another thing to watch out for is the legality of what you intend to do. Copyright laws could be getting in the way of this. Sharing a virus infect executable could potentially be violating the copyright of both the author of the virus as well as the author of the original software. On the other hand it could be argued that this falls under the definition of fair use. A question about that could be on-topic for Law.
– kasperd
Mar 3 at 15:49
2
@kasperd Never heard of an "author of the virus" claiming or attempting to enforce copyright over the code in their virus.
– fpmurphy
Mar 4 at 0:27
1
@fpmurphy Agree that there are copyright issues. The OP wan't to share original, uninfected files: "to serve as a benign dataset".
– user71659
Mar 4 at 4:06
1
@fpmurphy I mentioned both the author of the virus as well as the author of the original software. There is little doubt somebody owns copyright on the virus code. But there are multiple reasons why it's unlikely the owner of the virus is going to claim their ownership in court. The author of the original software is much more likely to make a claim in court, and if they are going to sue over distribution of the original uninfected files, they may have a good case.
– kasperd
Mar 4 at 11:41
|
show 1 more comment
Are any system (or other important) binaries .NET assemblies? Those are compiled to native code at runtime. Could this compilation process (NGEN I think) incorporate additional information which then gets cached and unintentionally shared?
– DaveInCaz
Mar 3 at 13:31
1
Another thing to watch out for is the legality of what you intend to do. Copyright laws could be getting in the way of this. Sharing a virus infect executable could potentially be violating the copyright of both the author of the virus as well as the author of the original software. On the other hand it could be argued that this falls under the definition of fair use. A question about that could be on-topic for Law.
– kasperd
Mar 3 at 15:49
2
@kasperd Never heard of an "author of the virus" claiming or attempting to enforce copyright over the code in their virus.
– fpmurphy
Mar 4 at 0:27
1
@fpmurphy Agree that there are copyright issues. The OP wan't to share original, uninfected files: "to serve as a benign dataset".
– user71659
Mar 4 at 4:06
1
@fpmurphy I mentioned both the author of the virus as well as the author of the original software. There is little doubt somebody owns copyright on the virus code. But there are multiple reasons why it's unlikely the owner of the virus is going to claim their ownership in court. The author of the original software is much more likely to make a claim in court, and if they are going to sue over distribution of the original uninfected files, they may have a good case.
– kasperd
Mar 4 at 11:41
Are any system (or other important) binaries .NET assemblies? Those are compiled to native code at runtime. Could this compilation process (NGEN I think) incorporate additional information which then gets cached and unintentionally shared?
– DaveInCaz
Mar 3 at 13:31
Are any system (or other important) binaries .NET assemblies? Those are compiled to native code at runtime. Could this compilation process (NGEN I think) incorporate additional information which then gets cached and unintentionally shared?
– DaveInCaz
Mar 3 at 13:31
1
1
Another thing to watch out for is the legality of what you intend to do. Copyright laws could be getting in the way of this. Sharing a virus infect executable could potentially be violating the copyright of both the author of the virus as well as the author of the original software. On the other hand it could be argued that this falls under the definition of fair use. A question about that could be on-topic for Law.
– kasperd
Mar 3 at 15:49
Another thing to watch out for is the legality of what you intend to do. Copyright laws could be getting in the way of this. Sharing a virus infect executable could potentially be violating the copyright of both the author of the virus as well as the author of the original software. On the other hand it could be argued that this falls under the definition of fair use. A question about that could be on-topic for Law.
– kasperd
Mar 3 at 15:49
2
2
@kasperd Never heard of an "author of the virus" claiming or attempting to enforce copyright over the code in their virus.
– fpmurphy
Mar 4 at 0:27
@kasperd Never heard of an "author of the virus" claiming or attempting to enforce copyright over the code in their virus.
– fpmurphy
Mar 4 at 0:27
1
1
@fpmurphy Agree that there are copyright issues. The OP wan't to share original, uninfected files: "to serve as a benign dataset".
– user71659
Mar 4 at 4:06
@fpmurphy Agree that there are copyright issues. The OP wan't to share original, uninfected files: "to serve as a benign dataset".
– user71659
Mar 4 at 4:06
1
1
@fpmurphy I mentioned both the author of the virus as well as the author of the original software. There is little doubt somebody owns copyright on the virus code. But there are multiple reasons why it's unlikely the owner of the virus is going to claim their ownership in court. The author of the original software is much more likely to make a claim in court, and if they are going to sue over distribution of the original uninfected files, they may have a good case.
– kasperd
Mar 4 at 11:41
@fpmurphy I mentioned both the author of the virus as well as the author of the original software. There is little doubt somebody owns copyright on the virus code. But there are multiple reasons why it's unlikely the owner of the virus is going to claim their ownership in court. The author of the original software is much more likely to make a claim in court, and if they are going to sue over distribution of the original uninfected files, they may have a good case.
– kasperd
Mar 4 at 11:41
|
show 1 more comment
4 Answers
4
active
oldest
votes
Everybody's (me included) reflex answer to such a question will normally be: Huh huh huh (falls off chair). No! How would you think this could even work? Executables are signed nowadays, which prevents them from being modified!
However, if you consider "exe" files in general, not just those from a fresh naked Windows install, the answer must be: Careful!.
Some executables (an increasing number) are specially crafted for you. And yeah, they're signed, doesn't make a difference.
This includes at least some, but more likely most executables you downloaded from one of those modern software-as-a-service or online shop or whatever you call them things. Adobe, Steam, Office360, you name it.
I don't know the technical details about each and every of these, they're just examples that came to my mind as possible candidates. It is however certain, that among other methods, custom-signed executables exist (not just on PC, for example the Nintendo shop definitively works that way).
So, if your Windows system is not just a Windows system, but one that includes custom-signed (or what would one call it? custom-branded?) executables, then you may give out sensitive information.
Also, not all executables are the same version, and not all executables are present on every computer. Unless one also considers file creation dates, it is probably a bit far fetched to say that they provide a unique fingerprint, but this information could certainly be used to more or less identify your system, with a little error margin.
While in theory, there's probably enough combinations of features and versions to identify every atom in every computer, in practice most installs will have mostly the same features, and mostly the same versions. Which amounts to maybe a few dozen million real permutations. But still, if it's a problem that someone might tell that's this-and-that combination points to your specific computer with, say, 85-90% likelihood, then... be aware.
Mind you, it's not so much different with genetic analysis, although of course numbers are much bigger in that case. Folklore tells us that siblings are 50% genetically identical, but in reality, complete strangers are 98% genetically identical. That's because, well, they need these genes in that particular composition to even exist (you will be surprised how much you have in common with, say, a rat or a bunny!). But even if people are mostly identical in almost everything, there's enough in the small, remaining bit to tell quite a lot about someone.
13
+1 Easy way to check is to Google the checksum. If you see it anywhere then it's not customized for you.
– Mehrdad
Mar 3 at 13:10
1
examples include "video conference" apps such as BlueJeans and software like Autopilot by FogBugz
– aaaaaa
Mar 3 at 16:41
3
@Tim 365, not 356.
– JAB
Mar 4 at 13:14
3
But, next year is a leap year! Won't it function on Feb 29?
– Mawg
Mar 4 at 14:25
1
@DuncanXSimpson Hopefully it doesn't turn into Wolf 359.
– JAB
Mar 4 at 19:11
|
show 2 more comments
Windows system executables do not contain any sensitive information. They may reveal the version of the operating system you are using, but personal information is not stored in executables. Instead, it is stored in configuration files or databases kept throughout the system. While it would be theoretically possible to store sensitive information in executables, I can't think of any reason it would be done.
9
Also, storing something inside executables after installation will render their digital signature invalid.
– rkosegi
Mar 3 at 11:30
What about self-extracting Zip files? That used to be quite common.
– penguin359
Mar 4 at 4:54
1
@penguin359: Nothing special. They can be signed, and so can their contents.
– MSalters
Mar 4 at 8:19
add a comment |
They can contain file paths from the system they were compiled on, which may be sensitive if these are programs you compiled on your own system.
4
I'm assuming OP hasn't compiled his own copy of Windows locally.
– forest
Mar 3 at 4:50
4
@forest: Very true, but I'm worried searching for*.exe
files might result in more files than true OS binaries. You'll find other binaries that way too, especially if you planted any insideSystem32
yourself for whatever reason.
– Mehrdad
Mar 3 at 4:54
4
That's a good point. And of course, some people create self-unpacking archives with 7zip that are exe files and which may contain sensitive data.
– forest
Mar 3 at 5:02
@Mehrdad, thanks for the reply. Yes .exe files of other installed s/w are also in this set. But it's unlikely they would contain any sensitive information, correct? And I have not compiled any binaries myself. Just checking out of caution.
– Niket Bhodia
Mar 3 at 9:55
2
@NiketBhodia: If you haven't built the EXEs yourself, then they indeed should not contain any sensitive information from your machine. But for example, if an EXE comes from your work's IT department, and they built it themselves, then maybe the company name is somewhere there. You need to think through who may have built each EXE and whether they might have information that is indirectly or directly associated with you.
– Mehrdad
Mar 3 at 9:58
|
show 1 more comment
Internal / company specific applications may well contain sensitive algorithms (eg pricing/discounting rules, fraud detection). They might be analysed by hostile parties for security flaws.
Revealing which versions of Commercial / third party applications are actively used (especially if not fully up-to-date with security patches) may also allow hostile parties to target your company using known vulnerabilities in those versions.
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204628%2fdo-my-windows-system-binaries-contain-sensitive-information%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
Everybody's (me included) reflex answer to such a question will normally be: Huh huh huh (falls off chair). No! How would you think this could even work? Executables are signed nowadays, which prevents them from being modified!
However, if you consider "exe" files in general, not just those from a fresh naked Windows install, the answer must be: Careful!.
Some executables (an increasing number) are specially crafted for you. And yeah, they're signed, doesn't make a difference.
This includes at least some, but more likely most executables you downloaded from one of those modern software-as-a-service or online shop or whatever you call them things. Adobe, Steam, Office360, you name it.
I don't know the technical details about each and every of these, they're just examples that came to my mind as possible candidates. It is however certain, that among other methods, custom-signed executables exist (not just on PC, for example the Nintendo shop definitively works that way).
So, if your Windows system is not just a Windows system, but one that includes custom-signed (or what would one call it? custom-branded?) executables, then you may give out sensitive information.
Also, not all executables are the same version, and not all executables are present on every computer. Unless one also considers file creation dates, it is probably a bit far fetched to say that they provide a unique fingerprint, but this information could certainly be used to more or less identify your system, with a little error margin.
While in theory, there's probably enough combinations of features and versions to identify every atom in every computer, in practice most installs will have mostly the same features, and mostly the same versions. Which amounts to maybe a few dozen million real permutations. But still, if it's a problem that someone might tell that's this-and-that combination points to your specific computer with, say, 85-90% likelihood, then... be aware.
Mind you, it's not so much different with genetic analysis, although of course numbers are much bigger in that case. Folklore tells us that siblings are 50% genetically identical, but in reality, complete strangers are 98% genetically identical. That's because, well, they need these genes in that particular composition to even exist (you will be surprised how much you have in common with, say, a rat or a bunny!). But even if people are mostly identical in almost everything, there's enough in the small, remaining bit to tell quite a lot about someone.
13
+1 Easy way to check is to Google the checksum. If you see it anywhere then it's not customized for you.
– Mehrdad
Mar 3 at 13:10
1
examples include "video conference" apps such as BlueJeans and software like Autopilot by FogBugz
– aaaaaa
Mar 3 at 16:41
3
@Tim 365, not 356.
– JAB
Mar 4 at 13:14
3
But, next year is a leap year! Won't it function on Feb 29?
– Mawg
Mar 4 at 14:25
1
@DuncanXSimpson Hopefully it doesn't turn into Wolf 359.
– JAB
Mar 4 at 19:11
|
show 2 more comments
Everybody's (me included) reflex answer to such a question will normally be: Huh huh huh (falls off chair). No! How would you think this could even work? Executables are signed nowadays, which prevents them from being modified!
However, if you consider "exe" files in general, not just those from a fresh naked Windows install, the answer must be: Careful!.
Some executables (an increasing number) are specially crafted for you. And yeah, they're signed, doesn't make a difference.
This includes at least some, but more likely most executables you downloaded from one of those modern software-as-a-service or online shop or whatever you call them things. Adobe, Steam, Office360, you name it.
I don't know the technical details about each and every of these, they're just examples that came to my mind as possible candidates. It is however certain, that among other methods, custom-signed executables exist (not just on PC, for example the Nintendo shop definitively works that way).
So, if your Windows system is not just a Windows system, but one that includes custom-signed (or what would one call it? custom-branded?) executables, then you may give out sensitive information.
Also, not all executables are the same version, and not all executables are present on every computer. Unless one also considers file creation dates, it is probably a bit far fetched to say that they provide a unique fingerprint, but this information could certainly be used to more or less identify your system, with a little error margin.
While in theory, there's probably enough combinations of features and versions to identify every atom in every computer, in practice most installs will have mostly the same features, and mostly the same versions. Which amounts to maybe a few dozen million real permutations. But still, if it's a problem that someone might tell that's this-and-that combination points to your specific computer with, say, 85-90% likelihood, then... be aware.
Mind you, it's not so much different with genetic analysis, although of course numbers are much bigger in that case. Folklore tells us that siblings are 50% genetically identical, but in reality, complete strangers are 98% genetically identical. That's because, well, they need these genes in that particular composition to even exist (you will be surprised how much you have in common with, say, a rat or a bunny!). But even if people are mostly identical in almost everything, there's enough in the small, remaining bit to tell quite a lot about someone.
13
+1 Easy way to check is to Google the checksum. If you see it anywhere then it's not customized for you.
– Mehrdad
Mar 3 at 13:10
1
examples include "video conference" apps such as BlueJeans and software like Autopilot by FogBugz
– aaaaaa
Mar 3 at 16:41
3
@Tim 365, not 356.
– JAB
Mar 4 at 13:14
3
But, next year is a leap year! Won't it function on Feb 29?
– Mawg
Mar 4 at 14:25
1
@DuncanXSimpson Hopefully it doesn't turn into Wolf 359.
– JAB
Mar 4 at 19:11
|
show 2 more comments
Everybody's (me included) reflex answer to such a question will normally be: Huh huh huh (falls off chair). No! How would you think this could even work? Executables are signed nowadays, which prevents them from being modified!
However, if you consider "exe" files in general, not just those from a fresh naked Windows install, the answer must be: Careful!.
Some executables (an increasing number) are specially crafted for you. And yeah, they're signed, doesn't make a difference.
This includes at least some, but more likely most executables you downloaded from one of those modern software-as-a-service or online shop or whatever you call them things. Adobe, Steam, Office360, you name it.
I don't know the technical details about each and every of these, they're just examples that came to my mind as possible candidates. It is however certain, that among other methods, custom-signed executables exist (not just on PC, for example the Nintendo shop definitively works that way).
So, if your Windows system is not just a Windows system, but one that includes custom-signed (or what would one call it? custom-branded?) executables, then you may give out sensitive information.
Also, not all executables are the same version, and not all executables are present on every computer. Unless one also considers file creation dates, it is probably a bit far fetched to say that they provide a unique fingerprint, but this information could certainly be used to more or less identify your system, with a little error margin.
While in theory, there's probably enough combinations of features and versions to identify every atom in every computer, in practice most installs will have mostly the same features, and mostly the same versions. Which amounts to maybe a few dozen million real permutations. But still, if it's a problem that someone might tell that's this-and-that combination points to your specific computer with, say, 85-90% likelihood, then... be aware.
Mind you, it's not so much different with genetic analysis, although of course numbers are much bigger in that case. Folklore tells us that siblings are 50% genetically identical, but in reality, complete strangers are 98% genetically identical. That's because, well, they need these genes in that particular composition to even exist (you will be surprised how much you have in common with, say, a rat or a bunny!). But even if people are mostly identical in almost everything, there's enough in the small, remaining bit to tell quite a lot about someone.
Everybody's (me included) reflex answer to such a question will normally be: Huh huh huh (falls off chair). No! How would you think this could even work? Executables are signed nowadays, which prevents them from being modified!
However, if you consider "exe" files in general, not just those from a fresh naked Windows install, the answer must be: Careful!.
Some executables (an increasing number) are specially crafted for you. And yeah, they're signed, doesn't make a difference.
This includes at least some, but more likely most executables you downloaded from one of those modern software-as-a-service or online shop or whatever you call them things. Adobe, Steam, Office360, you name it.
I don't know the technical details about each and every of these, they're just examples that came to my mind as possible candidates. It is however certain, that among other methods, custom-signed executables exist (not just on PC, for example the Nintendo shop definitively works that way).
So, if your Windows system is not just a Windows system, but one that includes custom-signed (or what would one call it? custom-branded?) executables, then you may give out sensitive information.
Also, not all executables are the same version, and not all executables are present on every computer. Unless one also considers file creation dates, it is probably a bit far fetched to say that they provide a unique fingerprint, but this information could certainly be used to more or less identify your system, with a little error margin.
While in theory, there's probably enough combinations of features and versions to identify every atom in every computer, in practice most installs will have mostly the same features, and mostly the same versions. Which amounts to maybe a few dozen million real permutations. But still, if it's a problem that someone might tell that's this-and-that combination points to your specific computer with, say, 85-90% likelihood, then... be aware.
Mind you, it's not so much different with genetic analysis, although of course numbers are much bigger in that case. Folklore tells us that siblings are 50% genetically identical, but in reality, complete strangers are 98% genetically identical. That's because, well, they need these genes in that particular composition to even exist (you will be surprised how much you have in common with, say, a rat or a bunny!). But even if people are mostly identical in almost everything, there's enough in the small, remaining bit to tell quite a lot about someone.
answered Mar 3 at 11:58
DamonDamon
3,177916
3,177916
13
+1 Easy way to check is to Google the checksum. If you see it anywhere then it's not customized for you.
– Mehrdad
Mar 3 at 13:10
1
examples include "video conference" apps such as BlueJeans and software like Autopilot by FogBugz
– aaaaaa
Mar 3 at 16:41
3
@Tim 365, not 356.
– JAB
Mar 4 at 13:14
3
But, next year is a leap year! Won't it function on Feb 29?
– Mawg
Mar 4 at 14:25
1
@DuncanXSimpson Hopefully it doesn't turn into Wolf 359.
– JAB
Mar 4 at 19:11
|
show 2 more comments
13
+1 Easy way to check is to Google the checksum. If you see it anywhere then it's not customized for you.
– Mehrdad
Mar 3 at 13:10
1
examples include "video conference" apps such as BlueJeans and software like Autopilot by FogBugz
– aaaaaa
Mar 3 at 16:41
3
@Tim 365, not 356.
– JAB
Mar 4 at 13:14
3
But, next year is a leap year! Won't it function on Feb 29?
– Mawg
Mar 4 at 14:25
1
@DuncanXSimpson Hopefully it doesn't turn into Wolf 359.
– JAB
Mar 4 at 19:11
13
13
+1 Easy way to check is to Google the checksum. If you see it anywhere then it's not customized for you.
– Mehrdad
Mar 3 at 13:10
+1 Easy way to check is to Google the checksum. If you see it anywhere then it's not customized for you.
– Mehrdad
Mar 3 at 13:10
1
1
examples include "video conference" apps such as BlueJeans and software like Autopilot by FogBugz
– aaaaaa
Mar 3 at 16:41
examples include "video conference" apps such as BlueJeans and software like Autopilot by FogBugz
– aaaaaa
Mar 3 at 16:41
3
3
@Tim 365, not 356.
– JAB
Mar 4 at 13:14
@Tim 365, not 356.
– JAB
Mar 4 at 13:14
3
3
But, next year is a leap year! Won't it function on Feb 29?
– Mawg
Mar 4 at 14:25
But, next year is a leap year! Won't it function on Feb 29?
– Mawg
Mar 4 at 14:25
1
1
@DuncanXSimpson Hopefully it doesn't turn into Wolf 359.
– JAB
Mar 4 at 19:11
@DuncanXSimpson Hopefully it doesn't turn into Wolf 359.
– JAB
Mar 4 at 19:11
|
show 2 more comments
Windows system executables do not contain any sensitive information. They may reveal the version of the operating system you are using, but personal information is not stored in executables. Instead, it is stored in configuration files or databases kept throughout the system. While it would be theoretically possible to store sensitive information in executables, I can't think of any reason it would be done.
9
Also, storing something inside executables after installation will render their digital signature invalid.
– rkosegi
Mar 3 at 11:30
What about self-extracting Zip files? That used to be quite common.
– penguin359
Mar 4 at 4:54
1
@penguin359: Nothing special. They can be signed, and so can their contents.
– MSalters
Mar 4 at 8:19
add a comment |
Windows system executables do not contain any sensitive information. They may reveal the version of the operating system you are using, but personal information is not stored in executables. Instead, it is stored in configuration files or databases kept throughout the system. While it would be theoretically possible to store sensitive information in executables, I can't think of any reason it would be done.
9
Also, storing something inside executables after installation will render their digital signature invalid.
– rkosegi
Mar 3 at 11:30
What about self-extracting Zip files? That used to be quite common.
– penguin359
Mar 4 at 4:54
1
@penguin359: Nothing special. They can be signed, and so can their contents.
– MSalters
Mar 4 at 8:19
add a comment |
Windows system executables do not contain any sensitive information. They may reveal the version of the operating system you are using, but personal information is not stored in executables. Instead, it is stored in configuration files or databases kept throughout the system. While it would be theoretically possible to store sensitive information in executables, I can't think of any reason it would be done.
Windows system executables do not contain any sensitive information. They may reveal the version of the operating system you are using, but personal information is not stored in executables. Instead, it is stored in configuration files or databases kept throughout the system. While it would be theoretically possible to store sensitive information in executables, I can't think of any reason it would be done.
answered Mar 3 at 4:12
forestforest
39.1k18127139
39.1k18127139
9
Also, storing something inside executables after installation will render their digital signature invalid.
– rkosegi
Mar 3 at 11:30
What about self-extracting Zip files? That used to be quite common.
– penguin359
Mar 4 at 4:54
1
@penguin359: Nothing special. They can be signed, and so can their contents.
– MSalters
Mar 4 at 8:19
add a comment |
9
Also, storing something inside executables after installation will render their digital signature invalid.
– rkosegi
Mar 3 at 11:30
What about self-extracting Zip files? That used to be quite common.
– penguin359
Mar 4 at 4:54
1
@penguin359: Nothing special. They can be signed, and so can their contents.
– MSalters
Mar 4 at 8:19
9
9
Also, storing something inside executables after installation will render their digital signature invalid.
– rkosegi
Mar 3 at 11:30
Also, storing something inside executables after installation will render their digital signature invalid.
– rkosegi
Mar 3 at 11:30
What about self-extracting Zip files? That used to be quite common.
– penguin359
Mar 4 at 4:54
What about self-extracting Zip files? That used to be quite common.
– penguin359
Mar 4 at 4:54
1
1
@penguin359: Nothing special. They can be signed, and so can their contents.
– MSalters
Mar 4 at 8:19
@penguin359: Nothing special. They can be signed, and so can their contents.
– MSalters
Mar 4 at 8:19
add a comment |
They can contain file paths from the system they were compiled on, which may be sensitive if these are programs you compiled on your own system.
4
I'm assuming OP hasn't compiled his own copy of Windows locally.
– forest
Mar 3 at 4:50
4
@forest: Very true, but I'm worried searching for*.exe
files might result in more files than true OS binaries. You'll find other binaries that way too, especially if you planted any insideSystem32
yourself for whatever reason.
– Mehrdad
Mar 3 at 4:54
4
That's a good point. And of course, some people create self-unpacking archives with 7zip that are exe files and which may contain sensitive data.
– forest
Mar 3 at 5:02
@Mehrdad, thanks for the reply. Yes .exe files of other installed s/w are also in this set. But it's unlikely they would contain any sensitive information, correct? And I have not compiled any binaries myself. Just checking out of caution.
– Niket Bhodia
Mar 3 at 9:55
2
@NiketBhodia: If you haven't built the EXEs yourself, then they indeed should not contain any sensitive information from your machine. But for example, if an EXE comes from your work's IT department, and they built it themselves, then maybe the company name is somewhere there. You need to think through who may have built each EXE and whether they might have information that is indirectly or directly associated with you.
– Mehrdad
Mar 3 at 9:58
|
show 1 more comment
They can contain file paths from the system they were compiled on, which may be sensitive if these are programs you compiled on your own system.
4
I'm assuming OP hasn't compiled his own copy of Windows locally.
– forest
Mar 3 at 4:50
4
@forest: Very true, but I'm worried searching for*.exe
files might result in more files than true OS binaries. You'll find other binaries that way too, especially if you planted any insideSystem32
yourself for whatever reason.
– Mehrdad
Mar 3 at 4:54
4
That's a good point. And of course, some people create self-unpacking archives with 7zip that are exe files and which may contain sensitive data.
– forest
Mar 3 at 5:02
@Mehrdad, thanks for the reply. Yes .exe files of other installed s/w are also in this set. But it's unlikely they would contain any sensitive information, correct? And I have not compiled any binaries myself. Just checking out of caution.
– Niket Bhodia
Mar 3 at 9:55
2
@NiketBhodia: If you haven't built the EXEs yourself, then they indeed should not contain any sensitive information from your machine. But for example, if an EXE comes from your work's IT department, and they built it themselves, then maybe the company name is somewhere there. You need to think through who may have built each EXE and whether they might have information that is indirectly or directly associated with you.
– Mehrdad
Mar 3 at 9:58
|
show 1 more comment
They can contain file paths from the system they were compiled on, which may be sensitive if these are programs you compiled on your own system.
They can contain file paths from the system they were compiled on, which may be sensitive if these are programs you compiled on your own system.
answered Mar 3 at 4:39
MehrdadMehrdad
1,51011222
1,51011222
4
I'm assuming OP hasn't compiled his own copy of Windows locally.
– forest
Mar 3 at 4:50
4
@forest: Very true, but I'm worried searching for*.exe
files might result in more files than true OS binaries. You'll find other binaries that way too, especially if you planted any insideSystem32
yourself for whatever reason.
– Mehrdad
Mar 3 at 4:54
4
That's a good point. And of course, some people create self-unpacking archives with 7zip that are exe files and which may contain sensitive data.
– forest
Mar 3 at 5:02
@Mehrdad, thanks for the reply. Yes .exe files of other installed s/w are also in this set. But it's unlikely they would contain any sensitive information, correct? And I have not compiled any binaries myself. Just checking out of caution.
– Niket Bhodia
Mar 3 at 9:55
2
@NiketBhodia: If you haven't built the EXEs yourself, then they indeed should not contain any sensitive information from your machine. But for example, if an EXE comes from your work's IT department, and they built it themselves, then maybe the company name is somewhere there. You need to think through who may have built each EXE and whether they might have information that is indirectly or directly associated with you.
– Mehrdad
Mar 3 at 9:58
|
show 1 more comment
4
I'm assuming OP hasn't compiled his own copy of Windows locally.
– forest
Mar 3 at 4:50
4
@forest: Very true, but I'm worried searching for*.exe
files might result in more files than true OS binaries. You'll find other binaries that way too, especially if you planted any insideSystem32
yourself for whatever reason.
– Mehrdad
Mar 3 at 4:54
4
That's a good point. And of course, some people create self-unpacking archives with 7zip that are exe files and which may contain sensitive data.
– forest
Mar 3 at 5:02
@Mehrdad, thanks for the reply. Yes .exe files of other installed s/w are also in this set. But it's unlikely they would contain any sensitive information, correct? And I have not compiled any binaries myself. Just checking out of caution.
– Niket Bhodia
Mar 3 at 9:55
2
@NiketBhodia: If you haven't built the EXEs yourself, then they indeed should not contain any sensitive information from your machine. But for example, if an EXE comes from your work's IT department, and they built it themselves, then maybe the company name is somewhere there. You need to think through who may have built each EXE and whether they might have information that is indirectly or directly associated with you.
– Mehrdad
Mar 3 at 9:58
4
4
I'm assuming OP hasn't compiled his own copy of Windows locally.
– forest
Mar 3 at 4:50
I'm assuming OP hasn't compiled his own copy of Windows locally.
– forest
Mar 3 at 4:50
4
4
@forest: Very true, but I'm worried searching for
*.exe
files might result in more files than true OS binaries. You'll find other binaries that way too, especially if you planted any inside System32
yourself for whatever reason.– Mehrdad
Mar 3 at 4:54
@forest: Very true, but I'm worried searching for
*.exe
files might result in more files than true OS binaries. You'll find other binaries that way too, especially if you planted any inside System32
yourself for whatever reason.– Mehrdad
Mar 3 at 4:54
4
4
That's a good point. And of course, some people create self-unpacking archives with 7zip that are exe files and which may contain sensitive data.
– forest
Mar 3 at 5:02
That's a good point. And of course, some people create self-unpacking archives with 7zip that are exe files and which may contain sensitive data.
– forest
Mar 3 at 5:02
@Mehrdad, thanks for the reply. Yes .exe files of other installed s/w are also in this set. But it's unlikely they would contain any sensitive information, correct? And I have not compiled any binaries myself. Just checking out of caution.
– Niket Bhodia
Mar 3 at 9:55
@Mehrdad, thanks for the reply. Yes .exe files of other installed s/w are also in this set. But it's unlikely they would contain any sensitive information, correct? And I have not compiled any binaries myself. Just checking out of caution.
– Niket Bhodia
Mar 3 at 9:55
2
2
@NiketBhodia: If you haven't built the EXEs yourself, then they indeed should not contain any sensitive information from your machine. But for example, if an EXE comes from your work's IT department, and they built it themselves, then maybe the company name is somewhere there. You need to think through who may have built each EXE and whether they might have information that is indirectly or directly associated with you.
– Mehrdad
Mar 3 at 9:58
@NiketBhodia: If you haven't built the EXEs yourself, then they indeed should not contain any sensitive information from your machine. But for example, if an EXE comes from your work's IT department, and they built it themselves, then maybe the company name is somewhere there. You need to think through who may have built each EXE and whether they might have information that is indirectly or directly associated with you.
– Mehrdad
Mar 3 at 9:58
|
show 1 more comment
Internal / company specific applications may well contain sensitive algorithms (eg pricing/discounting rules, fraud detection). They might be analysed by hostile parties for security flaws.
Revealing which versions of Commercial / third party applications are actively used (especially if not fully up-to-date with security patches) may also allow hostile parties to target your company using known vulnerabilities in those versions.
add a comment |
Internal / company specific applications may well contain sensitive algorithms (eg pricing/discounting rules, fraud detection). They might be analysed by hostile parties for security flaws.
Revealing which versions of Commercial / third party applications are actively used (especially if not fully up-to-date with security patches) may also allow hostile parties to target your company using known vulnerabilities in those versions.
add a comment |
Internal / company specific applications may well contain sensitive algorithms (eg pricing/discounting rules, fraud detection). They might be analysed by hostile parties for security flaws.
Revealing which versions of Commercial / third party applications are actively used (especially if not fully up-to-date with security patches) may also allow hostile parties to target your company using known vulnerabilities in those versions.
Internal / company specific applications may well contain sensitive algorithms (eg pricing/discounting rules, fraud detection). They might be analysed by hostile parties for security flaws.
Revealing which versions of Commercial / third party applications are actively used (especially if not fully up-to-date with security patches) may also allow hostile parties to target your company using known vulnerabilities in those versions.
answered Mar 3 at 22:48
GaryGary
734612
734612
add a comment |
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204628%2fdo-my-windows-system-binaries-contain-sensitive-information%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Are any system (or other important) binaries .NET assemblies? Those are compiled to native code at runtime. Could this compilation process (NGEN I think) incorporate additional information which then gets cached and unintentionally shared?
– DaveInCaz
Mar 3 at 13:31
1
Another thing to watch out for is the legality of what you intend to do. Copyright laws could be getting in the way of this. Sharing a virus infect executable could potentially be violating the copyright of both the author of the virus as well as the author of the original software. On the other hand it could be argued that this falls under the definition of fair use. A question about that could be on-topic for Law.
– kasperd
Mar 3 at 15:49
2
@kasperd Never heard of an "author of the virus" claiming or attempting to enforce copyright over the code in their virus.
– fpmurphy
Mar 4 at 0:27
1
@fpmurphy Agree that there are copyright issues. The OP wan't to share original, uninfected files: "to serve as a benign dataset".
– user71659
Mar 4 at 4:06
1
@fpmurphy I mentioned both the author of the virus as well as the author of the original software. There is little doubt somebody owns copyright on the virus code. But there are multiple reasons why it's unlikely the owner of the virus is going to claim their ownership in court. The author of the original software is much more likely to make a claim in court, and if they are going to sue over distribution of the original uninfected files, they may have a good case.
– kasperd
Mar 4 at 11:41