Path: utzoo!attcan!uunet!van-bc! From: lphillips@lpami.wimsey.bc.ca (Larry Phillips) Newsgroups: comp.sys.amiga Subject: Re: Self Extracting Archives Message-ID: <1245@lpami.wimsey.bc.ca> Date: 13 Mar 90 21:08:42 GMT Lines: 53 Return-Path: To: van-bc!rnews In <104.25fdcdd4@uoft02.utoledo.edu>, grx1042@uoft02.utoledo.edu (Steve Snodgrass) writes: >In article <492d7755.1a5bf@moth.engin.umich.edu>, chrisl@caen.engin.umich.edu (Chris Lang) writes: >> >> Anyone who was going to go to the trouble of distributing malicious code under >> the guise of a self-extracting archive could very easily create fake code to >> mimic a file listing, no? Or even use a real archive and just change the >> executable code, so it would look, for all intents and purposes, exactly >> like a real archive. > >Anyone who goes to *THAT* much trouble could just as easily create an >executable file that looked completely innocuous and put it in a zoo archive. >The point here is that any argument applied against a self-extracting archive >can also be applied against an executable inside a zoo file. You miss the point entirely. The purpose of an archiver is to keep a group of files together and to compress them for quicker transmission and less disk usage. In order to use or test any part of an archive, it must be extracted. The files that are extracted could indeed include a virus or trojan, but chances are that anyone having any amount of experience, and a reasonable amount of caution, can _THEN_ make the judgement as to the nature of the contents. Before the extraction of all files, you don't have much to go on. Consider two files such as might come across comp.binaries or comp.sources, one of which is the source, and one of which is the executable for a package. There are folks who will, as a matter of course, examine the source, compile or assemble it, and see how it compares with the binary, running only the version you compiled, if necessary. Make these two files self extracting, and it means that you are at risk from the moment you type the name of the unarchiver, without ever having had the chance to evaluate the contents of the file. A 'safe' method of testing a self extracting file might consist of turning off all hard drives, making sure your boot disk is backed up, and unarchiving using floppies, at floppy speeds. Not for me thanks! I prefer to go that route when I see a suspect set of files or a set of files I cannot properly test, which is in the minority of cases. The basic idea is that anything that is treated as data is relatively safe, but hat anything that is treated as program is a potential bomb. Nothing is stopping you from supporting self extracting archives, writing them, or using them, just as there is nothing to stop me from speaking out against them. I think this horse is dead. -larry -- Entomology bugs me. +-----------------------------------------------------------------------+ | // Larry Phillips | | \X/ lphillips@lpami.wimsey.bc.ca -or- uunet!van-bc!lpami!lphillips | | COMPUSERVE: 76703,4322 -or- 76703.4322@compuserve.com | +-----------------------------------------------------------------------+