- Re: Comcast does not allow .exe executable files on personal websites !?
- Posted by John Navas on July 8th, 2003
[POSTED TO comp.dcom.modems.cable - REPLY ON USENET PLEASE]
In <c4eb6b70.0307080903.6d0e6deb@posting.google.com > on 8 Jul 2003 10:03:08
-0700, chrisspencer0703@yahoo.com (Chris Spencer) wrote:
What's the big deal? Downloading of EXE files is a common mechanism for the
spreading of such things as computer viruses. ZIP files are safer and more
efficient. Seems reasonable to me.
--
Best regards,
John Navas <http://navasgrp.home.att.net/>
CABLE MODEM/DSL GUIDE: <http://Cable-DSL.home.att.net/>
- Posted by VAXman- @SendSpamHere.ORG on July 8th, 2003
In article <3dDOa.9163$%3.413480@typhoon.sonic.net>, John Navas <spamfilter0@navasgroup.com> writes:
If a ZIPped .EXE -- assuming it contains a virus or malicious code -- is
downloaded and UNZIPped, how is that any safer than downloading the .EXE
uncompressed? While I will agree it is more efficient in terms of server
storage requirements and may be faster in the overall download time, it's
not any safer.
--
VAXman- OpenVMS APE certification number: AAA-0001 VAXman(at)TMESIS(dot)COM
"Well my son, life is like a beanstalk, isn't it?"
- Posted by John Navas on July 8th, 2003
[POSTED TO comp.dcom.modems.cable - REPLY ON USENET PLEASE]
In <00A228E6.D94C3CB6@SendSpamHere.ORG> on Tue, 08 Jul 2003 18:36:53 GMT,
VAXman- @SendSpamHere.ORG wrote:
It is safer -- too many people will inadvertently execute an EXE file as part
of the download process. They have to jump through more hoops to execute an
EXE in a ZIP.
--
Best regards,
John Navas <http://navasgrp.home.att.net/>
CABLE MODEM/DSL GUIDE: <http://Cable-DSL.home.att.net/>
- Posted by VAXman- @SendSpamHere.ORG on July 8th, 2003
In article <3AEOa.14$dk4.706@typhoon.sonic.net>, John Navas <spamfilter0@navasgroup.com> writes:
Pointing a loaded gun at one's head and pulling the trigger has the same
effect whether one jumps through no hoops or through twenty. In addition,
the .EXE has to be downloaded first before it can be executed (with the
exception of a VMS DECnet execute but I'm certain you're speaking of PCs
here); UNZIP is merely a hoop -- not a brick wall.
You still haven't shown how ZIPping a malicious .EXE inherently makes it
any safer.
--
VAXman- OpenVMS APE certification number: AAA-0001 VAXman(at)TMESIS(dot)COM
"Well my son, life is like a beanstalk, isn't it?"
- Posted by John Navas on July 8th, 2003
[POSTED TO comp.dcom.modems.cable - REPLY ON USENET PLEASE]
In <00A228F1.D4B26647@SendSpamHere.ORG> on Tue, 08 Jul 2003 19:55:29 GMT,
VAXman- @SendSpamHere.ORG wrote:
I guess we'll just have to agree to disagree. :-)
--
Best regards,
John Navas <http://navasgrp.home.att.net/>
CABLE MODEM/DSL GUIDE: <http://Cable-DSL.home.att.net/>
- Posted by Michael Walsh on July 8th, 2003
VAXman-, @SendSpamHere.ORG wrote:
I won't enter the rest of the discussion, but you seem to be assuming
that safety devices on guns are useless. This will be a surprise to
quite a few gun owners.
Safety devices on guns vary from locks that have to be removed or
unlocked to things like "grip" safeties where a pistol will not fire when
the trigger is inadvertenly pressed, but will require the hilt of the pistol
be gripped.
Of course, if you really are interested in murder or suicide you can
unlock all the safety devices and go ahead. Or, for that matter,
just have an unfortunate accident.
Mike Walsh
- Posted by Tom Gerhart on July 8th, 2003
"Michael Walsh" <mp1walsh@Adelphia.net> wrote in message
news:3F0B39DD.5F4EFBCE@Adelphia.net...
one and not an invitation to open a forum on the danger of guns.
As for this:
Regards,
TJG
- Posted by Michael Walsh on July 9th, 2003
Tom Gerhart wrote:
I had no intention of doing anything other than pointing out that it
was a bad metaphor.
Trying to start some sort of a flame war? Sorry, I don't feel like getting
involved.
I was just pointing out that since guns were made to be fired that you can
unlock the safety devices and use it. The
"Pointing a loaded gun at one's head and pulling the trigger" reference was
used by the original poster to whom I was replying.
My original comment was to point out that safety devices on guns are
similar to the action of ZIPping a .exe file for protective purposes.
Mike Walsh
- Posted by Ed Wensell III on July 9th, 2003
VAXman-, @SendSpamHere.ORG wrote:
VAXMAN,
Don't get too deep into this fight. Keep in mind there are still many
individuals that use web browsers that like to execute .EXE upon
download completion. You and I do not have the problem because we use
web browsers that force us to save .EXE files to disk (I'm assuming you
do not regularly use IE). Others use web browsers in which the option to
save a .EXE rather than execute may or may not be set by default, and
even then the browser in question can be tricked into executing the file
regardless of what the user picks.
To you and me, .ZIP is simply a compressed/compiled file. Most .ZIPs do
not offer us any additional protection. They only take two clicks (or
several keystroke) to get to the .EXE (or whatever) inside. To others
who prefer to use an unpredictable web browser on an unpredictable OS,
downloading a .ZIP can be much safer than downloading a .EXE .
--
Ed Wensell III - E-mail address is valid if you know the right bits to
drop.
There is no reason anyone would want a computer in their home.
- Ken Olsen, President & founder of Digital Equipment Corp, 1977
- Posted by VAXman- @SendSpamHere.ORG on July 9th, 2003
In article <3F0B6085.827F179D@Adelphia.net>, Michael Walsh <mp1walsh@Adelphia.net> writes:
Your post came close to the initial flash point.
OK. Assuming that ZIP/UNZIP are like the gun safety, there is nothing
preventing the user from undoing the safety and then running the .EXE
(or shooting the gun). They're both still as dangerous.
Short of actual analysis of the image, there is no guarantee that the
image is devoid of malicious code. All that ZIP/UNZIP will do for a
PC user is delay the stupidity of automatically launching into some ap-
plication or running an image. It is this braindamage that has fueled
the spread of malicious code (viruses, worms, etc.) and the complete
lack or appreciation of any security model in any progeny of Redmon
Wash.'s most notorious company.
--
VAXman- OpenVMS APE certification number: AAA-0001 VAXman(at)TMESIS(dot)COM
"Well my son, life is like a beanstalk, isn't it?"
- Posted by $Bill on July 9th, 2003
My II cents:
1) There is no real reason that an exe file can't be handled on a website
with a decent server (eg: Apache). There are plenty of sites that can
handle it free.
2) Forcing one to zip it before uploading and forcing the downloader to
unzip it are just extra work and really don't add much security.
3) Before running that exe file after downloading, I would be extremely careful
and run a virus check on it if available.
4) This just smacks of laziness on the part of Comcast or just a brute force
method to lessen the amount of virus infected exes on their websites (by
making it hard to get them there in the first place). Thus less emails
about D/Ling viruses from Comcast websites.
- Posted by Michael Walsh on July 10th, 2003
VAXman-, @SendSpamHere.ORG wrote:
Basically, I agree with you. In a way, guns are less dangerous because
you recognize them as dangerous. A .EXE file may or may not be
dangerous. Sort of like assuming a gun is unloaded.
Mike Walsh
