roeve@cip-s01.informatik.rwth-aachen.de (Michael Roevenich) (04/15/91)
Well, the subject says about everything: Why are those programs repacked with ZOO? In their original ZIP-archive, they are packed using the -AV-Option, which is supposed to be a guard against tangling with its contents. Thanks a lot Michael ------------------------------------------------ /\ /\ Michael Roevenich / \/ \ In der Laag 17 / \R 5160 Dueren 4 FRG Internet: roeve@rwthi3.informatik.rwth-aachen.de FIDO: 2:242/42.1 (Michael Roevenich) Phone: ++49/2421/82360 FAX: ++49/2421/85045 ------------------------------------------------
desimone@cse.uta.edu (David DeSimone) (05/09/91)
In article <1042@iiasa.UUCP> wnp@iiasa.AT (Wolf PAUL ) writes: >roeve@cip-s01.informatik.rwth-aachen.de (Michael Roevenich) writes: >+ Well, the subject says about everything: Why are those programs >+ repacked with ZOO? In their original ZIP-archive, they are packed >+ using the -AV-Option, which is supposed to be a guard against >+ tangling with its contents. > >Because it is C.B.I.P. policy to package all postings in ZOO format. >ZOO has the advantage of being fully functional in a wider range of >hardware/software environments (including UNIX on practically any CPU) >than ZIP or any of the other PC Archivers. It is available in source >and is FREEWARE rather than Shareware. Um...According to the license I read, PKZIP does not *require* a registration fee, it only asks for one. Isn't that freeware? Also, ZIP is quickly gaining use on Unix machines. >Anyway, how could any option to an archiver really guard against >tampering? All you would have to do is unpack them (w/ pkunzip), >tamper with them, and repack them (w/ zip -av), and you would be none >the wiser. The -AV option requires a special serial number, hopefully known only to the original vendor who packed the archive. Thus you cannot actually recreate an archive with verification unless you are a serial number holder, and that is controlled by PK-Ware. -- David DeSimone, aka "Fuzzy Fox" on some networks. /!/! INET: an207@cleveland.freenet.edu / .. Q-Link: Fuzzy Fox / --* Quote: "Foxes are people too! And vice versa." / ---
jpc@fct.unl.pt (Jose Pina Coelho) (05/09/91)
In article <1042@iiasa.UUCP> wnp@iiasa.AT (Wolf PAUL ) writes: > Because it is C.B.I.P. policy to package all postings in ZOO format. > ZOO has the advantage of being fully functional in a wider range of > hardware/software environments (including UNIX on practically any CPU) > than ZIP or any of the other PC Archivers. It is available in source > and is FREEWARE rather than Shareware. Yes, I like to check CRC's right on the UNIX machine, (after all my DOS machine is five miles away). > Anyway, how could any option to an archiver really guard against > tampering? All you would have to do is unpack them (w/ pkunzip), > tamper with them, and repack them (w/ zip -av), and you would be none > the wiser. Put it does, when you register under a certain name, PKware takes that name an generates a KEY, that will be your key. When you pack things with -av you give both the name and the key. When somebody extracts the files, there is only the name and the cripted file. It's a plain problem of public keys. There is a public key: MacAfee Associates There is a private key: WhatDoIKnow ? The zip file carries only the public key. PKunzip can from the file and the public key check if a file has the correct crc. You can't from the public key and the cripted file guess what the private key. The time and effort necessary to break the system would be quite superior to the one necessary to make a fake pkunzip that would pretend to confirm the safeness of the zip file. -- Jose Pedro T. Pina Coelho | BITNET/Internet: jpc@fct.unl.pt Rua Jau N 1, 2 Dto | UUCP: ...!mcsun!unl!jpc 1300 Lisboa, PORTUGAL | Home phone: (+351) (1) 640767 - If all men were brothers, would you let one marry your sister ?
ts@uwasa.fi (Timo Salmi) (05/09/91)
In article <1042@iiasa.UUCP> wnp@iiasa.AT (Wolf PAUL ) writes: : >Anyway, how could any option to an archiver really guard against >tampering? All you would have to do is unpack them (w/ pkunzip), >tamper with them, and repack them (w/ zip -av), and you would be none >the wiser. Have you tried it? If not, please do, and then let us know what happened. Unless I'm throughly mistaken you just might be in for a surprise. ................................................................... Prof. Timo Salmi Moderating at garbo.uwasa.fi anonymous ftp archives 128.214.12.37 School of Business Studies, University of Vaasa, SF-65101, Finland Internet: ts@chyde.uwasa.fi Funet: gado::salmi Bitnet: salmi@finfun
ts@uwasa.fi (Timo Salmi) (05/14/91)
In article <1991May9.165210.20097@uwasa.fi> ts@uwasa.fi (Timo Salmi) writes: >In article <1042@iiasa.UUCP> wnp@iiasa.AT (Wolf PAUL ) writes: >: >>Anyway, how could any option to an archiver really guard against >>tampering? All you would have to do is unpack them (w/ pkunzip), >>tamper with them, and repack them (w/ zip -av), and you would be none >>the wiser. > >Have you tried it? If not, please do, and then let us know what >happened. Unless I'm throughly mistaken you just might be in for a >surprise. We obviously owe Wolf a collective apology. If we read the virus warning about SCANV78.ZIP, we'll see why. ... So this feature can be hacked and mimicked after all. All the best, Timo ................................................................... Prof. Timo Salmi Moderating at garbo.uwasa.fi anonymous ftp archives 128.214.12.37 School of Business Studies, University of Vaasa, SF-65101, Finland Internet: ts@chyde.uwasa.fi Funet: gado::salmi Bitnet: salmi@finfun
reisert@mast.enet.dec.com (Jim Reisert) (05/15/91)
Why not leave the VIRUSCAN software in it's original .ZIP form, then ZOO the .ZIP file so it can be posted to comp.binaries.ibm.pc? Or did I miss the point? According to Keith, ZIP has to be ported to one more platform, then all the files on SIMTEL20 will probably be available in ZIPped form. Why should comp.binaries.ibm.pc be different? - Jim =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= "The opinions expressed here in no way represent the views of Digital Equipment Corporation." James J. Reisert Internet: reisert@mast.enet.dec.com Digital Equipment Corp. UUCP: ...decwrl!mast.enet!reisert 146 Main Street Voice: 508-493-5747 Maynard, MA 01754 FAX: 508-493-0395