Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: Murray_RJ@cc.curtin.edu.au
Newsgroups: comp.virus
Subject: Re: What's so bad about self-extracting archives?
Message-ID: <0006.9105141950.AA12065@ubu.cert.sei.cmu.edu>
Date: 14 May 91 12:51:00 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 37
Approved: krvw@sei.cmu.edu

groot@idca.tds.philips.nl (Henk de Groot) writes:
> Murray_RJ@cc.curtin.edu.au writes:
>
>>magnus%thep.lu.se@Urd.lth.se (Magnus Olsson) writes:
>>> Can't you just first run the archive file through your favourite virus
>>> checker, and if it passes the test extract it, and then test the
>>> individual files that were inside it? Or have I missed something?
>
>>   Well, yes, I suppose you could, but it involves an extra step which
>>is unnecessary. The other objection I have with self-extracting
>>archives is that you're stuck with extracting the whole lot, even if
>>you only want to find out what the !@#$%^&*() thing does.
>
> Most of the popular archiveing programs (ZIP, LHA, ARJ) are able to
> extract files from their SFX files. If you insist on using a shell on
> it just rename the .EXE file to a file with the proper extension. You
> can avoid virus problems this way.

   Very, very good. Ten points out of ten. See me after class.
   Only one problem: How do I find out what format the thing was
archived in in the first place, when all I'm confronted with is a .EXE
file? If there was only one standardised archive format then there
wouldn't be any problem, but that was apparently too simple.
   My contention is that self-extracting archives are one of those
things that became technically possible, and were implemented before
it was found that they were a complete waste of time.
   Perhaps we should move this discussion elsewhere: it's getting less
and less to do with viruses (virii?)
.....Ron

===============================================================================
 Internet: Murray_RJ@cc.curtin.edu.au                | "A pipe gives a wise man
 Bitnet: Murray_RJ%cc.curtin.edu.au@cunyvm.bitnet    | time to think, and a
 UUCP  : uunet!munnari.oz!cc.curtin.edu.au!Murray_RJ | fool something to stick
Amateur Packet Radio: VK6ZJM@VK6BBS.#WA.AUS.OC       | in his mouth"
               TCP/IP: 44.136.204.14, 44.136.204.19  |    -- Murphy's Law I
===============================================================================