ts@uwasa.fi (Timo Salmi) (04/21/91)
Sun 21-Apr-91: Acquired the Japanese version of LHa .lzh archiving program version 2.12 from Japan. I used the patch of the author to include a version with an English help screen into the package. Since the documents are still in Japanese, I'll call the self-extracting file I made /pc/arcers/lha212jp.exe, and for the time being we'll retain also lha211.exe on our archives, since it has English documentation. Available in the usual manner from our site. ................................................................... Prof. Timo Salmi Moderating at garbo.uwasa.fi anonymous ftp archives 128.214.12.37 School of Business Studies, University of Vaasa, SF-65101, Finland Internet: ts@chyde.uwasa.fi Funet: gado::salmi Bitnet: salmi@finfun
c60b-1eq@e260-1e.berkeley.edu (Noam Mendelson) (04/22/91)
In article <1991Apr21.074001.18243@uwasa.fi> ts@uwasa.fi (Timo Salmi) writes: >Sun 21-Apr-91: Acquired the Japanese version of LHa .lzh archiving >program version 2.12 from Japan. I used the patch of the author to >include a version with an English help screen into the package. > Available in the usual manner from our >site. Alternately, you can FTP the latest version of LHa directly from utsun.s.u-tokyo.ac.jp (133.11.11.11) under /fj/lha (you'll find the patch there too). Utsun is one of the first sites to receive new versions of LHa, as well as other things (archives of fj.sources and fj.binaries.msdos). -- +==========================================================================+ | Noam Mendelson ..!ucbvax!web!c60b-1eq | "I haven't lost my mind, | | c60b-1eq@web.Berkeley.EDU | it's backed up on tape | | University of California at Berkeley | somewhere." |
riddle@hoss.unl.edu (Michael H. Riddle) (04/23/91)
In <1991Apr22.032912.23254@agate.berkeley.edu> c60b-1eq@e260-1e.berkeley.edu (Noam Mendelson) writes: >In article <1991Apr21.074001.18243@uwasa.fi> ts@uwasa.fi (Timo Salmi) writes: >>Sun 21-Apr-91: Acquired the Japanese version of LHa .lzh archiving >>program version 2.12 from Japan. I used the patch of the author to >>include a version with an English help screen into the package. >> Available in the usual manner from our >>site. >Alternately, you can FTP the latest version of LHa directly from >utsun.s.u-tokyo.ac.jp (133.11.11.11) under /fj/lha (you'll find the >patch there too). Utsun is one of the first sites to receive new >versions of LHa, as well as other things (archives of fj.sources and >fj.binaries.msdos). I, for one, certainly appreciate Yoshi-San's contribution of the LH/LHA series of programs, but have one nagging concern. McAfee has identified over 501 virus strains now known for MS-DOS. Am I the only one who is concerned about infection potential in SFX.EXE-type files? I know /I'm/ not enough of a technician to look inside a self-extracting archive and check it out ahead of time. That makes me reluctant to unpack LHA212.EXE or any other such archive, no matter what the reputation of the alleged source. I get concerned about spoofing, etc, by persons unknown. I'm certain most readers remember the PKZ102.EXE virus problem, for example. Is there an alternative which will protect the rights of the authors to insist all files be sent, and yet allow inspection by various utilities before unpacking? Is there a method I'm not aware of? Does anyone have any comments? (Like I'm too paranoid, or maybe something useful?) Thanks, Mike -- <<<< insert standard disclaimer here >>>> riddle@hoss.unl.edu | University of Nebraska postmaster%inns@iugate.unomaha.edu | College of Law mike.riddle@f27.n285.z1.fidonet.org | Lincoln, Nebraska, USA
jochenw@ikki.informatik.rwth-aachen.de (Jochen Wolters) (04/23/91)
Hi Mike,
as far as I know, SFX-archives *can* be extracted by using the appropriate unpacker. I'm not sure, if
this will work with the archive in question, since it might be compressed with a method that has been
introduced to LHA from the version that's in the archive :-). Just try to extract it with LHA 2.11, for
instance.
Greetinx,
Jochen.
--
.....................................................................
Jochen Wolters jochenw@cip-s02.informatik.rwth-aachen.de
"What you C is not necessarily what you get..."c60b-1eq@e260-1g.berkeley.edu (Noam Mendelson) (04/24/91)
In article <1991Apr23.113026.2657@unlinfo.unl.edu> riddle@hoss.unl.edu (Michael H. Riddle) writes: >McAfee has identified over 501 virus strains now known for MS-DOS. Am I >the only one who is concerned about infection potential in SFX.EXE-type >files? > Is there a method I'm not aware of? Does anyone have >any comments? (Like I'm too paranoid, or maybe something useful?) The newer versions of LHa and PKZIP can extract their SFX files. I.e., if you get lha212.exe and want to unpack it using an LHa.exe you already have, just do 'lha x lha212.exe'. This works around the very important virus problem that you mentioned. No matter how reliable the source, a hacker can always seed it with a virus. Better to be safe than sorry. -- +==========================================================================+ | Noam Mendelson ..!ucbvax!web!c60b-1eq | "I haven't lost my mind, | | c60b-1eq@web.Berkeley.EDU | it's backed up on tape | | University of California at Berkeley | somewhere." |
groot@idca.tds.philips.nl (Henk de Groot) (04/24/91)
About SFX files:
What is the problem with selfextracting files <-> virusses? You can scan the
SFX file with a good virus scanner (like F-PROT) and than run it! The
resulting files may be contaminated but you have the same result with
running an unpacker on an arbitrary archive. If you fear for unknow viruses
(i.e. not recognized by the scanner) who proves that your unpacker is
not contaminated or that the software inside the archive is not. The only
way to be save is not to get files from an anywhere.
Just my 5 cents (in Holland there are no single cents anymore, so 5 cents is
as close to 2 cents as one can get) worth
Henk.
--
/ / Henk de Groot | Department: PG 9000i - System Services
/---/ __ __ / V2/A12-A13 | Internet : groot@idca.tds.philips.nl
/ / (-_ / / /( Tel: +31 55 432099 | == PHILIPS INFORMATION SYSTEMS ==
Disclaimer: I only speak for myself, not for my employer!dfs@doe.carleton.ca (David F. Skoll) (04/25/91)
In <groot.672485960@baukje.idca.tds.philips.nl> groot@idca.tds.philips.nl (Henk de Groot) writes: >About SFX files: >What is the problem with selfextracting files <-> virusses? You can scan the >SFX file with a good virus scanner (like F-PROT) and than run it! The >resulting files may be contaminated but you have the same result with >running an unpacker on an arbitrary archive. Not quite. Here's the problem: Suppose a self-extracting archive "A" contains a file "F" which is contaminated with known virus. When you first scan "A", you will not detect the virus, since "F" is compressed. So you innocently execute "A", which unpacks "F" and then... Someone has modified "A" so that after unpacking "F", it immediately executes it. This is a seemingly innocent operation which most virus scanners will not catch! If you make a scanner which catches all attempts to execute a file named "F", you might catch a lot of legitimate software. The whole problem is that a self-extracting archive has the potential to execute unpacked files before you've had a chance to scan them. -- David F. Skoll
c60b-1eq@e260-1e.berkeley.edu (Noam Mendelson) (04/25/91)
In article <groot.672485960@baukje.idca.tds.philips.nl> groot@idca.tds.philips.nl (Henk de Groot) writes: >About SFX files: >What is the problem with selfextracting files <-> virusses? You can scan the >SFX file with a good virus scanner (like F-PROT) and than run it! The >resulting files may be contaminated but you have the same result with >running an unpacker on an arbitrary archive. If you fear for unknow viruses >(i.e. not recognized by the scanner) who proves that your unpacker is >not contaminated or that the software inside the archive is not. The only >way to be save is not to get files from an anywhere. You could run a virus scanner on the self-extracting file, but why not take the easier (and safer) approach of unpacking them directly? As for the files inside, you're pretty much on your own. This newsgroup is the wrong place for this discussion, so I suggest that follow-ups be posted to comp.sys.ibm.pc.misc or an appropriate group. -- +==========================================================================+ | Noam Mendelson ..!ucbvax!web!c60b-1eq | "I haven't lost my mind, | | c60b-1eq@web.Berkeley.EDU | it's backed up on tape | | University of California at Berkeley | somewhere." |
ts@uwasa.fi (Timo Salmi) (04/25/91)
In article <1991Apr24.030220.15637@agate.berkeley.edu> c60b-1eq@e260-1g.berkeley.edu (Noam Mendelson) writes: : >The newer versions of LHa and PKZIP can extract their SFX files. I.e., >if you get lha212.exe and want to unpack it using an LHa.exe you already >have, just do 'lha x lha212.exe'. >This works around the very important virus problem that you mentioned. >No matter how reliable the source, a hacker can always seed it with a virus. >Better to be safe than sorry. Yes, better safe than sorry. I checked lha212.exe before making /pc/arcers/lha212jp.exe available from garbo.uwasa.fi, and noticed no problems. But let's bear nevertheless the following in mind: 16. ***** Q: Am I safe against viruses if download files from FTP sites? A: I'll give some information on this from an FTP moderator's point of view. The official stand is the following directly from one of our file lists: No liability is accepted for the consequences of using, or the inability to use, any of these files. No absolute guarantees are given that these programs are clean from nasties, although none have been in evidence. Please duly observe shareware rules wherever indicated. But remember that there are no absolute guarantees _whatever_ your sources are. There have even been cases of contaminated commercial products. So the safety factor will never be a 100 per cent whether you keep on downloading from ftp sites or not. At worst you can even catch a virus if you buy a new machine (this has been known to happen). On the other hand, the scare should not be exaggerated. It is certainly a good idea to employ two or three good virus testers / protectors such as McAfee's /pc/virus/scanv76c.zip and /pc/virus/fprot114.zip by Fridrik Skulason (or whatever are the latest version numbers). I have one small additional trick up in my sleeve. Put my dtetimal.exe in your autoexec.bat. If dtetimal gets contaminated, it will loudly inform you of the fact. Dtetimal is part of my /pc/ts/tsutil31.arc (or later) package at garbo.uwasa.fi archives. Also use /pc/sysutil/chksum.zip to always check at least your io.sys, msdos.sys, and command.com at boot time. You then have a better chance of being alerted if you use these measures. ................................................................... Prof. Timo Salmi Moderating at garbo.uwasa.fi anonymous ftp archives 128.214.12.37 School of Business Studies, University of Vaasa, SF-65101, Finland Internet: ts@chyde.uwasa.fi Funet: gado::salmi Bitnet: salmi@finfun
system@syzzle.chi.il.us (awol) (04/27/91)
dfs@doe.carleton.ca (David F. Skoll) writes: > Not quite. Here's the problem: Suppose a self-extracting archive "A" > contains a file "F" which is contaminated with known virus. When you first > scan "A", you will not detect the virus, since "F" is compressed. So you > innocently execute "A", which unpacks "F" and then... > > Someone has modified "A" so that after unpacking "F", it immediately executes > it. This is a seemingly innocent operation which most virus scanners will > not catch! If you make a scanner which catches all attempts to execute > a file named "F", you might catch a lot of legitimate software. > > The whole problem is that a self-extracting archive has the potential to > execute unpacked files before you've had a chance to scan them. There is one possible help for this, an that is the device driver included in the F-PROT package. It will not allow any program which contains a known virus to execute. I have *seen* it prevent infections on 2 seperate occasions. On one of these occasions the infected file was one of the files contained in PKZ110.EXE (which is a self extracting ZIP file). When trying to execute this, F-DRIVER displayed a message saying that a certain virus was detected, and then said 'permission denied', and would not execute!!! I can highly recomend this program! It is installed at boot, and then forget about it (until you need it!!!). +------------------------+-----------------------------------+ | Al Oomens (awol) | Inside every LARGE program is | | awol@syzzle.chi.il.us | a small program trying to get out.| +------------------------+-----------------------------------+