Scorpion,
Indeed this is a bit threatening, I did have to check the box in order for something to happen. BUT it prompted me before asking if I would allow this with a Yes No or Cancel situtation. I think that if any files were to be deleted or a disk formatted there would still be a prompt. Other than that viruses are going to be tricky to avoid. Now what exactly does this checking the box suppose to do?
If you check "Allow DLL imports" box then Experts are allowed to call dangerous external APIs, and if you check "Confirms DLL functions call" then you will be asked (YES or NO) to grant or deny the dangerous calls; it's up to you.
Well, I classify this functionality of MT4 as an serious security issue, because most users don't know what these checkboxs are, so they are at risk of being cheated to allow the dangerous calls. Confirmation of such dangerous call is no use for novice users.
- Free trading apps
- Over 8,000 signals for copying
- Economic news for exploring financial markets
You agree to website policy and terms of use
The security hole in MetaTrader 4 is nothing but its new MQ4 Expert Language. The new language allows external API calls to any MQ4 and DLL files, which introduce many posibilties on expert developments: close-source expert, for example, since some developers don't want to expose their creations to the public.
While giving such benefit, it also gives off a security issue to users. It is extremely dangerous to allow such calls. If you're unlucky, you will run malicious expert without realising what would happen. Believe it or not, API calls can infect your pc with viruses, spy on your keyboard activities, delete your files, and even format your harddisk.
I've attached an expert that makes two api calls: first it open thebugs.ws website, and second it attempts to send a blank email to me. This expert is safe and worth to demostrate.
Note: Luckily, the "Allow DLL imports" checkbox must be checked for any expert to call external api.