←back to thread

Cyber Scarecrow

(www.cyberscarecrow.com)
606 points toby_tw | 4 comments | 18 Jun 24 08:08 UTC | HN request time: 0s | source
Show context
scosman ◴[18 Jun 24 08:25 UTC] No.40715334[source]
Fun concept.

If the creators read this, I suggest some ways of building trust. There’s no “about us”, no GitHub link, etc. It’s a random webpage that wants my personal details, and sends me a “exe”. The overlap of people who understand what this tool does, and people who would run that “exe” is pretty small.

replies(7): >>40715364 #>>40715425 #>>40715446 #>>40715473 #>>40716059 #>>40716538 #>>40723731 #
CyberScarecrow ◴[18 Jun 24 08:55 UTC] No.40715473[source]
Author of cyber scarecrow here. Thank you for your feedback, and you are 100% right. We also dont have a code signing certificate yet either, they are expensive for windows. Smartscreen also triggers when you install it. Id be weary of installing it myself as well, especially considering it runs as admin, to be able to create the fake indicators.

I have just added a bit of info about us on the website. I'm not sure what else we can do really. Its a trust thing, same with any software and AV vendors.

replies(18): >>40715568 #>>40715665 #>>40715733 #>>40716043 #>>40716134 #>>40716229 #>>40716260 #>>40716317 #>>40716684 #>>40716889 #>>40719030 #>>40719198 #>>40719439 #>>40720186 #>>40720416 #>>40720493 #>>40723898 #>>40727328 #
yamakadi ◴[18 Jun 24 11:08 UTC] No.40716317[source]
I’m sure it’s closed source for the eventual plans to monetize it, but what’s the real difference to something like https://github.com/NavyTitanium/Fake-Sandbox-Artifacts and why can’t you at least name yourselves?

Not many software promises to fend off attackers, asks for an email address before download, and creates a bunch of processes using a closed source dll the existence of which can easily be checked.

Then again, not many malware targeting consumers at random check for security software. You are more likely to see a malware stop working if you fake the amount of ram and cpu and your network driver vendor than if you have CrowdStrike, etc. running.

replies(1): >>40722597 #
1. mistercheph ◴[18 Jun 24 22:06 UTC] No.40722597[source]
I am pretty sure this is just malware being upvoted with sockpuppet accounts, I'm surprised it hasn't been flagged.
replies(2): >>40723667 #>>40723707 #
2. patcon ◴[19 Jun 24 00:57 UTC] No.40723667[source]
agreed
3. flexagoon ◴[19 Jun 24 01:05 UTC] No.40723707[source]
Are you talking about this GitHub script or the Scarecrow app?
replies(1): >>40723951 #
4. maronato ◴[19 Jun 24 01:43 UTC] No.40723951[source]
The closed source one that asks for your email and has very little information about its developers.