magnus%thep.lu.se@Urd.lth.se (Magnus Olsson) (04/25/91)
I'm sorry if this question seems a bit naive, but why are people so concerned about the risk of virus-infected self-extracting archive files? Can't you just first run the archive file through your favourite virus checker, and if it passes the test extract it, and then test the individual files that were inside it? Or have I missed something? Magnus Olsson | \e+ /_ Dept. of Theoretical Physics | \ Z / q University of Lund, Sweden | >----< Internet: magnus@thep.lu.se | / \===== g Bitnet: THEPMO@SELDC52 | /e- \q
Murray_RJ@cc.curtin.edu.au (05/01/91)
magnus%thep.lu.se@Urd.lth.se (Magnus Olsson) writes: > I'm sorry if this question seems a bit naive, but why are people so > concerned about the risk of virus-infected self-extracting archive > files? > > Can't you just first run the archive file through your favourite virus > checker, and if it passes the test extract it, and then test the > individual files that were inside it? Or have I missed something? Well, yes, I suppose you could, but it involves an extra step which is unnecessary. The other objection I have with self-extracting archives is that you're stuck with extracting the whole lot, even if you only want to find out what the !@#$%^&*() thing does. If it's not a self-extracting archive, you can use a shell like SHEZ (or, even, just extract the .doc files) and do it much faster and easier. .....Ron =============================================================================== Internet: Murray_RJ@cc.curtin.edu.au | "You can lead a horse to ACSnet: Murray_RJ@cc.cut.oz.au | water, but if you can Bitnet: Murray_RJ%cc.curtin.edu.au@cunyvm.bitnet | get him to float on his UUCP : uunet!munnari.oz!cc.curtin.edu.au!Murray_RJ | back you've really got Amateur Packet Radio: VK6ZJM@VK6BBS.#WA.AUS.OC | something" TCP/IP: 44.136.204.14, 44.136.204.19 | -- Murphy's Law I ===============================================================================
padgett%tccslr.dnet@mmc.com (A. Padgett Peterson) (05/07/91)
>From: Murray_RJ@cc.curtin.edu.au >The other objection I have with self-extracting >archives is that you're stuck with extracting the whole lot, even if >you only want to find out what the !@#$%^&*() thing does. This is not a generic case. I mostly use Phil Katz' excellent PKZIP (plug) and while it can create self-extracting files using an included utility, there is nothing that requires you to use the self-extracting feature. The file can still be viewed and selectively extracted using PKUNZIP just like a regular .ZIP file. The only difference is that you must completely specify the file as PKZIP defaults to the .ZIP extension. (e.g. PKUNZIP [-v|-n|etc] SELFEXTR.EXE) The biggest difference is that the .EXE is about 10k longer than the bare .ZIP but is handy when the DE doesn't have PKUNZIP. Warmly, Padgett
MAINT@UQAM.BITNET (Peter Jones) (05/08/91)
On Mon, 06 May 91 15:08:43 -0400 you said: >>From: Murray_RJ@cc.curtin.edu.au > >>The other objection I have with self-extracting >>archives is that you're stuck with extracting the whole lot, even if >>you only want to find out what the !@#$%^&*() thing does. One objection I have is the lack of a guarantee that the incoming extraction code doesn't have a trojan lurking in it. This is a well-known security risk in UNIX self-extracting SHAR archives. There's an un-archiver on SIMTEL20 that runs without executing incoming code, allowing incoming programs to be inspected. Another is the unexpected increase in disk space use when the archive is run, and starts extracting itself unexpectedly. Peter Jones (514)-987-3542 Internet:Peter Jones <MAINT%UQAM.bitnet@ugw.utcs.utoronto.ca> UUCP: ...psuvax1!uqam.bitnet!maint N.B. "Our customers will forgive a one-time error far more quickly than they will forgive our inability to correct that error." - Karen Ward (wardk@cse.ogi.edu)
groot@idca.tds.philips.nl (Henk de Groot) (05/08/91)
Murray_RJ@cc.curtin.edu.au writes: >magnus%thep.lu.se@Urd.lth.se (Magnus Olsson) writes: >> Can't you just first run the archive file through your favourite virus >> checker, and if it passes the test extract it, and then test the >> individual files that were inside it? Or have I missed something? > Well, yes, I suppose you could, but it involves an extra step which >is unnecessary. The other objection I have with self-extracting >archives is that you're stuck with extracting the whole lot, even if >you only want to find out what the !@#$%^&*() thing does. Most of the popular archiveing programs (ZIP, LHA, ARJ) are able to extract files from their SFX files. If you insist on using a shell on it just rename the .EXE file to a file with the proper extension. You can avoid virus problems this way. An ARJ type SFX file allows you to list files just by running the SFX file with flag "-l". You can also selecively extract files. The only real problem I see with SFX files is that it may be a trojan horse. Just getting files from trusted places will cure this type of problem. (Trusted places like SIMTEL20 and Garbo). Henk. - -- / / Henk de Groot | Department: PG 9000i - System Services /---/ __ __ / V2/A12-A13 | Internet : groot@idca.tds.philips.nl / / (-_ / / /( Tel: +31 55 432099 | == PHILIPS INFORMATION SYSTEMS == Disclaimer: I only speak for myself, not for my employer!
Murray_RJ@cc.curtin.edu.au (05/14/91)
groot@idca.tds.philips.nl (Henk de Groot) writes: > Murray_RJ@cc.curtin.edu.au writes: > >>magnus%thep.lu.se@Urd.lth.se (Magnus Olsson) writes: >>> Can't you just first run the archive file through your favourite virus >>> checker, and if it passes the test extract it, and then test the >>> individual files that were inside it? Or have I missed something? > >> Well, yes, I suppose you could, but it involves an extra step which >>is unnecessary. The other objection I have with self-extracting >>archives is that you're stuck with extracting the whole lot, even if >>you only want to find out what the !@#$%^&*() thing does. > > Most of the popular archiveing programs (ZIP, LHA, ARJ) are able to > extract files from their SFX files. If you insist on using a shell on > it just rename the .EXE file to a file with the proper extension. You > can avoid virus problems this way. Very, very good. Ten points out of ten. See me after class. Only one problem: How do I find out what format the thing was archived in in the first place, when all I'm confronted with is a .EXE file? If there was only one standardised archive format then there wouldn't be any problem, but that was apparently too simple. My contention is that self-extracting archives are one of those things that became technically possible, and were implemented before it was found that they were a complete waste of time. Perhaps we should move this discussion elsewhere: it's getting less and less to do with viruses (virii?) .....Ron =============================================================================== Internet: Murray_RJ@cc.curtin.edu.au | "A pipe gives a wise man Bitnet: Murray_RJ%cc.curtin.edu.au@cunyvm.bitnet | time to think, and a UUCP : uunet!munnari.oz!cc.curtin.edu.au!Murray_RJ | fool something to stick Amateur Packet Radio: VK6ZJM@VK6BBS.#WA.AUS.OC | in his mouth" TCP/IP: 44.136.204.14, 44.136.204.19 | -- Murphy's Law I ===============================================================================
w8sdz@WSMR-SIMTEL20.ARMY.MIL (Keith Petersen) (05/15/91)
> Only one problem: How do I find out what format the thing was > archived in in the first place, when all I'm confronted with is a .EXE > file? This program will list the directory and archive type of any self-extracting MS-DOS archive. WSMR-SIMTEL20.ARMY.MIL [192.88.110.20] Directory PD1:<MSDOS.ARC-LBR> Filename Type Length Date Description ============================================== FV135.ZIP B 8128 910319 View dirs of ARC/DWC/LBR/LZH/PAK/ZIP/ZOO/SFXs Keith - - - - Keith Petersen Maintainer of SIMTEL20's MSDOS, MISC and CP/M archives - [192.88.110.20] Internet: w8sdz@WSMR-SIMTEL20.Army.Mil or w8sdz@vela.acs.oakland.edu Uucp: uunet!wsmr-simtel20.army.mil!w8sdz BITNET: w8sdz@OAKLAND