eboston@hpbsla.HP.COM (Ed_Boston) (04/13/89)
With all the talk of which compression format to change to, I would like to take a moment and transfer some information about the program LZARC. I have seen a couple of messages about how LZARC might be slower than most other program, but it creates smaller files. Also, it has the ability to create self-running COM files. It is this last part I wish to address. I am fairly active on the PC based BBS systems. There has been a lot of discussion as to which program to use on these systems. A lot of users and sysops liked the LZARC program because it produced smaller code. However, as time went on, the ability to create self-running COM files were discovered and the feeling about LZARC changed. This function now allow people with a warped sense of humor, a simple way of infecting disks with a virus. What can happen is the person could get a hold of a normal GOOD program and add thier virus as a self-running COM file. Now you go and un-compress the file, the virus runs, picks a file to attach onto and now your in trouble. Because of this, there have already been several programs written to de-fuse the LZARC programs. Because of this problem, I would suggust not using LZARC unless you have placed safegards against viruses and trojans on your system. I vote against LZARC or any program that allows self-running programs. Ed Boston eboston@hpbsla.HP.COM
eboston@hpbsla.HP.COM (Ed_Boston) (04/14/89)
Opps. In my text, replace LZARC with LHARC. Sorry. Ed Boston eboston@hpbsla.HP.COM
goehring@cs.purdue.EDU (Scott Goehring) (04/15/89)
In article <2530005@hpbsla.HP.COM> eboston@hpbsla.HP.COM (Ed_Boston) writes: >I have seen a couple of messages about how LZARC might be slower than most >other program, but it creates smaller files. Also, it has the ability to >create self-running COM files. It is this last part I wish to address. [...] >However, as time went on, the ability to create self-running COM >files were discovered and the feeling about LZARC changed. This >function now allow people with a warped sense of humor, a simple way >of infecting disks with a virus. >Because of this problem, I would suggust not using LZARC unless you have >placed safegards against viruses and trojans on your system. I vote against >LZARC or any program that allows self-running programs. ARC, PKPAK, ZIP, and ZOO all have the capability to create self-extracting archives (which is what I assume you are talking about). Are you then recommending against the use ARC, ZIP, ZOO, and PKPAK, and instead recommending that we go back to LBR and SQ? I agree with you that self-extracting archives should be avoided, but that does not mean that we should not use archivers that allow them to be created; simply do not make them. Also, ZOO and, I understand, ZIP and ARC, allow you to unpack a self-extracting archive using the normal tool (without running it) so even then it's not that much of a problem. -- Scott Goehring | Arpanet: goehring@cs.purdue.edu ---------------' UUCP: ...!{decwrl,gatech,ucbvax}!purdue!goehring EggNet: 99:9700/80 Purdue: eyu@n, gms@mentor, qbu@mentor The ultimate truth begins at digit 231,454
maa@nbires.nbi.com (Mark Armbrust) (04/15/89)
In article <2530005@hpbsla.HP.COM> eboston@hpbsla.HP.COM (Ed_Boston) writes: > >as time went on, the ability to create self-running COM files were discovered >and the feeling about LZARC changed. This function now allow people with a >warped sense of humor, a simple way of infecting disks with a virus. This is really no different that ANY self-extracting archive file. Anyone who runs software of questionable origin on his system is asking for trouble. The self running batch file option only works with self-extracting LHARC archives. From the LHARC manual: 3. Self-Extracting Files. If a self-extracting file is executed, then it will try to extract all of the archived files into the current directory. Every extracted file has the attribute 20h. If a file with a name of AUTOLARC.BAT exists, this batch file is activated immediately. It is possible to embed some jokes or even so-called viruses in this autolarc.bat file. The possibility exits even with other SFX files from ARC or PKware. So I have chosen to keep the batch file option active in the present version because the world is now well-prepared for those tricks. >Because of this problem, I would suggust not using LZARC unless you have >placed safegards against viruses and trojans on your system. I vote against >LZARC or any program that allows self-running programs. I have just finished writing a program that scans LHARC files and reports the location of file headers in them. This info can be used by the same program to extract files from damaged archives and self-extracting archives. It should be sent to comp.binaries.ibm.pc later this weekend or on Monday if I cannot get it uploaded from home. Mark Armbrust maa@nbires.nbi.com maa@nbires.UUCP
eboston@hpbsla.HP.COM (Ed_Boston) (04/19/89)
Either you missed the point I was trying to get across, or I was very unclear about what I was saying. I am not against Self-Extracting programs. In fact, I use PKZIP for all my personal files. It is the SELF-RUNNING programs in the Self-Extracting programs that I object to. When I run a .EXE program that is compressed, I don't want a program inside of the archive to start running. Ed Boston
fvs@ncnoc.tucc.edu (Frank Schubert) (04/21/89)
In article <2530007@hpbsla.HP.COM> eboston@hpbsla.HP.COM (Ed_Boston) writes: >Either you missed the point I was trying to get across, or I was very >unclear about what I was saying. > >I am not against Self-Extracting programs. In fact, I use PKZIP for all >my personal files. It is the SELF-RUNNING programs in the Self-Extracting >programs that I object to. When I run a .EXE program that is compressed, >I don't want a program inside of the archive to start running. > >Ed Boston Then I suppose you would not mind receiving a file that had ZIP as the last level that was claimed to be a SE-P that in reality was a virus?