oper1%drcv06.decnet@drcvax.af.mil (DRCV06::OPER1) (11/28/90)
keithm@ashtate.A-T.COM (Keith Mund) writes: >>Speaking personally as a software author, buy software from the >>manufacturer or a legitimate dealer. The same fears you have are felt >>by them manyfold, and great care is taken to insure safe software. >>Although you threw out names of companies freely, none of them has >>distributed software with any problems. Why fear a problem that does >>not exist. Viruses are spread by individuals copying software, not by >>legitamate manufacturers. One way of insuring that the SCAN or F-PROT programs are legitamate is for the authors to ZIP their program with the -AV (Authenticate Verification) switch on. That way if the programs were modified PKUNZIP would tell you. It would also be a way for users to know that the ZIP file came straight from the author and hasn't been modified in any way. Glenn.
millerje@holst.tmc.edu (jeffrey scott miller) (11/29/90)
oper1%drcv06.decnet@drcvax.af.mil (DRCV06::OPER1) writes: >keithm@ashtate.A-T.COM (Keith Mund) writes: > [about buyin direct...] > > One way of insuring that the SCAN or F-PROT programs are >legitamate is for the authors to ZIP their program with the -AV >(Authenticate Verification) switch on. That way if the programs were >modified PKUNZIP would tell you. It would also be a way for users to >know that the ZIP file came straight from the author and hasn't been >modified in any way. > >Glenn. yes and no. As I remember, there was a PKZIP1.2 (or was it 1.1) that had come out with was a bogus version, and yet whoever hacked it was able to retain the AV verification.. _____________________________________________________________________________ | | | "NUKE THE UNBORN GAY WHALES!" | Jeff Miller | | - graffiti | millerje@handel.CS.ColoState.Edu | |_____________________________________________________________________________|
herrickd@uunet.UU.NET (12/01/90)
oper1%drcv06.decnet@drcvax.af.mil (DRCV06::OPER1) writes: > keithm@ashtate.A-T.COM (Keith Mund) writes: > >>>Speaking personally as a software author, buy software from the >>>manufacturer or a legitimate dealer. The same fears you have are felt >>>by them manyfold, and great care is taken to insure safe software. >>>Although you threw out names of companies freely, none of them has >>>distributed software with any problems. Why fear a problem that does >>>not exist. Viruses are spread by individuals copying software, not by >>>legitamate manufacturers. > > One way of insuring that the SCAN or F-PROT programs are > legitamate is for the authors to ZIP their program with the -AV > (Authenticate Verification) switch on. That way if the programs were > modified PKUNZIP would tell you. It would also be a way for users to > know that the ZIP file came straight from the author and hasn't been > modified in any way. Does Authenticate Verification really do something that is not subvertible? Forgive my skepticism. What does it say it does? dan herrick herrickd@astro.pc.ab.com