Path: utzoo!censor!geac!torsqnt!news-server.csri.toronto.edu!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: berg@cip-s01.informatik.rwth-aachen.de (AKA Solitair) Newsgroups: comp.virus Subject: Re: ZIPping with -AV (PC) Message-ID: <0010.9012061747.AA16948@ubu.cert.sei.cmu.edu> Date: 6 Dec 90 16:56:38 GMT Sender: Virus Discussion List Lines: 32 Approved: krvw@sei.cmu.edu Rob Slade writes: > What is to prevent anyone from infecting >the file, and then reZIPping the infected files ... with -AV on? One can only use the -AV option when PKzip is registered. When you do, you can specify the string that is to be displayed when someone unzips an archive created with your registered PKzip. The message is encrypted into the zip-file. And can only be decrypted correctly if the archive is in identical state (unmodified in any way). That means, if you know what message normally should be displayed by PKunzip when you unzip an zip-file from a particular vendor, you're safe. [Ed. Sounds (to me) to be at least a rudimentary public key system of sorts. Does anyone know how cryptographically sound this option is? Also, I assume that PK is maintaining the database of developers' signatures; could someone please post info on how a developer goes about getting registered? Making the (rather broad) assumption that the system is cryptographically secure and that it's not prohibitive for vendors (big and small) to register, this seems (in my opinion) to be a great service that PK is providing - at least to users in the U.S. For what that's worth...] - -- Sincerely, berg%cip-s01.informatik.rwth-aachen.de@unido.bitnet Stephen R. van den Berg. "I code it in 5 min, optimize it in 90 min, because it's so well optimized: it runs in only 5 min. Actually, most of the time I optimize programs."