nemossan@uitec.ac.jp (Sakurao NEMOTO) (04/24/91)
In article <1991Apr24.030220.15637@agate.berkeley.edu> c60b-1eq@e260-1g.berkeley.edu (Noam Mendelson) writes: >In article <1991Apr23.113026.2657@unlinfo.unl.edu> riddle@hoss.unl.edu (Michael H. Riddle) writes: >>McAfee has identified over 501 virus strains now known for MS-DOS. Am I >>the only one who is concerned about infection potential in SFX.EXE-type >>files? >--------- abbreviated --------- >The newer versions of LHa and PKZIP can extract their SFX files. I.e., >if you get lha212.exe and want to unpack it using an LHa.exe you already >have, just do 'lha x lha212.exe'. >This works around the very important virus problem that you mentioned. >No matter how reliable the source, a hacker can always seed it with a virus. >Better to be safe than sorry. Further you can *test* newly arrived LHA-selfextracted file using older LHA.EXE program. Try C:>LHA T lha212.exe | | | | | +--------- Newly arrived selfextract file | +-------------- specify to TEST +----------------- older executable file of LHA If the newly arrived selfextract-LHA is from Yoshi, you will see "This is original from Yoshi."-message. Fortunately, I have no experience stated another message, but when I tested one version of LHA212.COM (original is .EXE), the above message didn't not appear, thus I've trushed the file. :-) (Wed) Apr 24 14:58 JST(+0900) 1991 nemossan@uitec.ac.jp
c60b-1eq@e260-1e.berkeley.edu (Noam Mendelson) (04/25/91)
In article <625@uitecgw.uitec.ac.jp> nemossan@uitec.ac.jp (Sakurao NEMOTO) writes: >Further you can *test* newly arrived LHA-selfextracted file using older >LHA.EXE program. >Try C:>LHA T lha212.exe > | | | > | | +--------- Newly arrived selfextract file > | +-------------- specify to TEST > +----------------- older executable file of LHA > >If the newly arrived selfextract-LHA is from Yoshi, you will see > "This is original from Yoshi."-message. You shouldn't count on this type of check. The source code for LHa is out, and any determined hacker could make an EXE file look as if it came from Yoshi. This is sort of like doing a CRC test and comparing it to the CRC listed in the documentation (LHa is a bad example, unless you read Kana). I've seen people claim that source files were genuine because the CRCs of the EXE files matched those in the docs ... -- +==========================================================================+ | Noam Mendelson ..!ucbvax!web!c60b-1eq | "I haven't lost my mind, | | c60b-1eq@web.Berkeley.EDU | it's backed up on tape | | University of California at Berkeley | somewhere." |