p1@arkham.wimsey.bc.ca (Rob Slade) (05/09/91)
The perils of using self-extracting programs may be more potential than real at the moment, but consider some of the following features: LHARC (and now LHA) allow the inclusion of a batch file which allows newly de-archived programs to be run automatically. Of course, being a batch file, it doesn't have to be limited to that. What a wonderful palce to put a trojan! Of course, you can just have it run an infected program, before anyone has a chance to use a nasty old virus scanner on the programs ... ARJ has a nifty new feature that allows the archiver to state that all queries are to be answered "yes". (At least, I think that is what it means. The documentation isn't entirely clear.) This means that the archivee doesn't have to worry about whether or not they want the de-archiving to proceed, it just does. "User-friendly" always seems to run counter to security. In this case, the features that make self-extraction appealing, are the very ones that you have to somehow circumvent in order to be safe. ============= Vancouver p1@arkham.wimsey.bc.ca | "If you do buy a Institute for Robert_Slade@mtsg.sfu.ca | computer, don't Research into (SUZY) INtegrity | turn it on." User Canada V7K 2G6 | Richards' 2nd Law Security | of Data Security