7

I'm looking at the source code of some potentially hostile code. As usual, VS 2012 is giving me the security warning: "You should only open projects from a trustworthy source" ... "ask me for every project in this solution"

You should only open projects from a trustworthy source

  • If I press OK, without compiling and running the code, what could be done to my machine?
  • What should I inspect with a text editor before opening the project in VS?
  • What should I inspect prior to compiling the code?

Assume I have a [misguided?] intent to download and compile hostile code on a trusted network, and then move that compiled output to an isolated location?

makerofthings7
  • 50,090
  • 54
  • 250
  • 536

2 Answers2

6

This has to do with the project itself and the automation in Visual Studio. It could potentially do quite a lot since Visual Studio can do some pretty low level stuff. The way to mitigate it is to either check the project and solution files manually for build steps and such prior to opening (it's all human readable XML if you have much familiarity with Visual Studio and they aren't generally too too long) or to simply add the source to a newly created project and solution.

AJ Henderson
  • 41,816
  • 5
  • 63
  • 110
1

I believe macros can make damage to your system. So disable macros before opening project from unknown source.Do not build the code blindly.Just inspect the code files,libraries etc. If anything suspicious found close it.Another precaution you can take is disconnect from internet before opening the project. Also you can try running visual studio in sand boxes(Antivirus like avast provides this).So we can minimise or prevent the damage.

Also a lot of sample projects are provided my Microsoft,which you can 100% trust.Try to use it as possible.

visual studio samples

Harikrishnan
  • 452
  • 1
  • 5
  • 18