Not sure where to post this but I have a general question about downloading scripts, add ons etc.

I have been using NT8 for a few months now and I love the fact that there are so many 3rd party scripts, indicators, add ons etc available to enhance the platform. That said, I worry a bit about security. I'm curious about people's thoughts on how you protect yourself from the potential of downloading malicious code.

I realize there is a "self policing" aspect to a forum like NexusFi but there are also many sites that offer "free" Ninja downloads.

Has anyone ever downloaded an indicator or add-on and had it grab your login/password info or automatically execute trades without your knowledge, or worse yet, drain your brokerage account?

Maybe I am being paranoid or just ignorant, but there is money involved here and where money flows, greed follows.

Are there tools or techniques one can use to ensure you are only downloading "clean and well behaved" code?

Thanks in advance!

ralett 

Not sure where to post this but I have a general question about downloading scripts, add ons etc. I have been using NT8 for a few months now and I love the fact that there are so many 3rd party scripts, indicators, add ons etc available to enhance the platform. That said, I worry a bit about security. I'm curious about people's thoughts on how you protect yourself from the potential of downloading malicious code. I realize there is a "self policing" aspect to a forum like NexusFi but there are also many sites that offer "free" Ninja downloads. Has anyone ever downloaded an indicator or add-on and had it grab your login/password info or automatically execute trades without your knowledge, or worse yet, drain your brokerage account? Maybe I am being paranoid or just ignorant, but there is money involved here and where money flows, greed follows. Are there tools or techniques one can use to ensure you are only downloading "clean and well behaved" code? Thanks in advance!

never had any issues with the indicators on here but I always scan downloads, Im sure whatever virus software you have on your computer you can do that to.

-P

ralett 

Not sure where to post this but I have a general question about downloading scripts, add ons etc. I have been using NT8 for a few months now and I love the fact that there are so many 3rd party scripts, indicators, add ons etc available to enhance the platform. That said, I worry a bit about security. I'm curious about people's thoughts on how you protect yourself from the potential of downloading malicious code. I realize there is a "self policing" aspect to a forum like NexusFi but there are also many sites that offer "free" Ninja downloads. Has anyone ever downloaded an indicator or add-on and had it grab your login/password info or automatically execute trades without your knowledge, or worse yet, drain your brokerage account? Maybe I am being paranoid or just ignorant, but there is money involved here and where money flows, greed follows. Are there tools or techniques one can use to ensure you are only downloading "clean and well behaved" code? Thanks in advance!

That is the reason why 'obfuscated code' (e.g. code hidden in .DLL) is not permitted on NexusFi. The code for any indicator here is open for all to see.

As with most things, the user needs to be cautious.
Don't download things from questionable sources.
As was said above, be very cautious of an indicator that is not fully visible (no DLL's)
If a script has a DLL it is because something is 'hiding'.

Yes I know it is usually to 'PROTECT' the code from being pirated.
But if the source is not FULLY trusted, you don't know if it has been 'tampered' or 'hacked'.

The easiest thing to do is not use obfuscated coded indicators but if you MUST make sure it is from a trusted source.

If you don't know how to examine indicators or have a question about an indicator being malicious, you can ask on this forum and post the indicator.
Someone will check it out for you if you ask nicely.