Hello everyone another beautiful day! I am wondering about knowledge that exceeds mine. I am considering the small little program : Neutron which is a time sync program that I press two buttons and it sets my clock with world time. What I am wondering is does a little program like this make my internet insecure for firewall/anti virus? I emailed the maker but I am considering what people think about here as well.

Thank you,

Joshua

a time sync program that I press two buttons and it sets my clock with world time

There is no need for that in this era. These programs were fairly commonplace in the 1980s and early 1990s. I even released one way back in 2001 or so. But that need has passed.

Windows XP introduced an automatic time synchronization, and it remains in place. In the Unix world there has been NTPD, Network Time Protocol Daemon, since about 1990, and other programs before that so network servers could stay in sync. Mobile devices have this built-in, cell phones update based on the cellular network.

You might build your program as a learning tool, but realize the functionality is already built in for most systems.

does a little program like this make my internet insecure for firewall/anti virus?

Possibly, yes. But the degree of insecurity depends on the details.

You are making outbound connections and using the data, so there are some attack vectors. The attacks are moderately more difficult since outbound connections would require faking the server and giving a carefully crafted response that your program is vulnerable to. You can reduce this by validating that the data you receive is exactly the right size, contains exactly what you expect, and is within the bounds you consider reasonable.

If you allow inbound connections there are additional attacks possible. Anyone scanning the computer's open ports could find the port, and they could probe it with all kinds of data attempting to find a weakness. There are various weaknesses, including the possibility of extracting data from the network handshaking itself, like the Heartbleed vulnerability.

There are protections around modifying the system time, so you will need elevated privileges. If you are doing it as a learning experience, figuring out how to properly request elevated privileges could be enlightening. However, be aware that with elevated privileges comes elevated responsibility, that is a vulnerability by itself. Any bugs in your program could do damage to the system, and people may not trust it.

I am considering what people think about here as well.

If you are doing it as a learning exercise, that's great and I'm sure you can learn a lot.

If you are doing it to make a utility for the world to consume, don't bother. There are already great programs for that, generally built into the operating system directly.

Wait, is this Neutron a program that someone else had made? If so, then running any executable you get from anyone is always a risky thing.

Oh, I was considering a program that is already made by someone else. I installed it, should I uninstall it and did I make a very big mistake installing this to begin with...Is everything now in jeopardy even after uninstalling?

There are already great programs for that, generally built into the operating system directly.

I'm running windows 7 and there is a sync program that "syncronize(s) on a scheduled basis" And although it "automatically synchronizes" I'm not seeing that it is ever synchronizing and it doesn't sync when I go on the internet for example.

As far as I know, Windows comes with time synchronization built in. Is that not working for you?

Yes, I can't get it to work.

Thanks everyone,

Josheir

I'm running windows 7 and there is a sync program that "syncronize(s) on a scheduled basis" And although it "automatically synchronizes" I'm not seeing that it is ever synchronizing and it doesn't sync when I go on the internet for example. ... I can't get it to work.

If your computer is hooked up to a domain it is possible the domain is set to block internet time synchronization. In that case it will sync to the domain controller instead. But let's assume that isn't the case.

You should be able to right-click on the clock in the task bar, pick the option to adjust date and time, choose the Internet Time option, and somewhere on the dialog (I forget exactly the name) allows you to update the time immediately.

It should also show if automatic time synchronization is running.

To make it run more frequently, follow the instructions here. You can use the task scheduler to pick as often as you want, up to running once per hour.

Usually the PC clock doesn't drift very much, and if it does that's a good sign your CMOS battery is dying.

I know there was confusion that I was writing this software. It's someone else's program that looks professional.

You are making outbound connections and using the data, so there are some attack vectors. The attacks are moderately more difficult since outbound connections would require faking the server and giving a carefully crafted response that your program is vulnerable to. You can reduce this by validating that the data you receive is exactly the right size, contains exactly what you expect, and is within the bounds you consider reasonable.

Okay, by faking you mean that the software took advantage of me and was connecting to some different server than I was assuming? wrongful connection by the software.

If you allow inbound connections there are additional attacks possible. Anyone scanning the computer's open ports could find the port, and they could probe it with all kinds of data attempting to find a weakness. There are various weaknesses, including the possibility of extracting data from the network handshaking itself, like the Heartbleed vulnerability.

Okay if there was hacking, the scan would be done by those who are associated with the software? Or were you assuming I was writing the program? Are the threats (network handshaking, etc.) terribly bad? And can it be hacked only when the software is fuctioning?

Sincerely and thankfully,

Josheir

You probably have hundreds of programs on your computer - why are you especially worried about this one?

Any software you run on your computer could, theoretically, pose a risk. It could deliberately cause damage, it could accidentally cause damage, it could accidentally provide a way for an attacker to take partial or full control of your computer, etc. But this applies to everything you download - every Steam game, every Windows update, every off-the-shelf program. The risks can apply even when the software is not running, because it could change other software or configuration settings.

Thankfully, the vast majority of software is neither dangerous nor malicious, and the accidental risks are also quite low providing you follow good 'hygeine' - e.g. keep your OS and browsers updated often, don't download from or browse on shady or illegal sites. I expect this piece of software is completely benign (if somewhat redundant, as pointed out above).

You probably have hundreds of programs on your computer - why are you especially worried about this one?

Well, I don't understand viruses and firewalls to well.

Since this program by nature communicates to the internet I was thinking it wouldn't be using the available firewall, and a firewall is said to be needed. So, hmm...I'm concerned about security.

Now I'm wondering if maybe it does use the firewall, my thinking though is that it doesn't and I am scared. Is this true, it doesn't use it?

Thank you,

Josheir

Firewalls are designed to stop outside attackers from connecting to programs on your computer. Unless you have explicitly allowed incoming connections to this new program, your firewall will be unaffected.