Path: utzoo!censor!geac!yunexus!rreiner
From: rreiner@yunexus.UUCP (Richard Reiner)
Newsgroups: comp.binaries.ibm.pc.d
Subject: Re: LZEXE - Is it too good to be true?
Message-ID: <9960@yunexus.UUCP>
Date: 12 Apr 90 15:12:43 GMT
References: <4953@vanuata.cs.glasgow.ac.uk> <10262@medusa.cs.purdue.edu> <90101.182631GILLA@QUCDN.BITNET>
Organization: York U. Computing Services
Lines: 17

GILLA@QUCDN.QueensU.CA (Arnold G. Gill) writes:

>     Is the use of LZEXE a partial safeguard against viruses?  With the
>encoded file, is a virus able to simply infect it as it would a normal .EXE
>file?  Or does that not make much of a difference?  I was just thinking that
>the decoding step would corrupt the virus and make it unworkable - essentially
>kill it.  Or is it not just that simple?

The decoding step might kill it -- one would have to probe into LZEXE
internals to know for sure.

However, a bigger issue is that the compression would make infected
executables appear clean to ViruScan and simialr programs.  There have
been reports of this kind of thing, involving AXE, which is a (much
slower) functional equivalent of LZEXE.

--richard