Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Operating Systems Software Windows IT

New Virus Attacks Via RAR Files 585

sscottsci writes "A new article at eWeek indicates that Virus writers are using .RAR files to bypass Filters and Anti-Virus systems to infect computers. Most anti-virus software cannot scan a .RAR file, and most firewalls do not block the extension yet."
This discussion has been archived. No new comments can be posted.

New Virus Attacks Via RAR Files

Comments Filter:
  • by FyRE666 ( 263011 ) * on Monday February 21, 2005 @02:55PM (#11738319) Homepage
    ...most firewalls do not block the extension yet.

    Well, I know of a few that do now... Seriously, is this that much of a threat? Winzip (AFAIK) doesn't handle Rar archives, and most users wouldn't know how to open one if they did find one in their inbox...
    • by LoRdTAW ( 99712 ) on Monday February 21, 2005 @02:58PM (#11738355)
      Well it could definatly cause a problem with warez. Most warez is usually packed using RAR.
      • by Jhon ( 241832 ) * on Monday February 21, 2005 @03:11PM (#11738523) Homepage Journal
        I doubt eweek's demographic is strong in the 'warez' crowd. And if your in charge of a corporate firewall and your users are downloading 'warez', you've got serious problems. .rar have been blocked at our proxy (both extension and mimetype) and email scanner for years. Along with rtf, password protected zip files, exe files, cpl files, etc. It's a long list.

        I'm waiting for the email attachments without extension that include 'instructions' on how to 'save as' to add the extenion, then execute the code. The password protected zip file worms were close...
        • I doubt eweek's demographic is strong in the 'warez' crowd.

          Actually, I suspect that e-week is exactly the demographics. Many ppl in that group do not care about the legality of such an action and yet, must have enough knowledge to get to warez.

        • by Lord Kano ( 13027 ) on Monday February 21, 2005 @04:21PM (#11739126) Homepage Journal
          doubt eweek's demographic is strong in the 'warez' crowd. And if your in charge of a corporate firewall and your users are downloading 'warez', you've got serious problems.

          Contrary to popular opinion, Corporate admins aren't the only people who worry about security.

          LK
          • and they don't so much care about it, as install some piece of shit filter, leave all the defaults on no matter how idiotic they are in the sense of the buisness they are "protecting", and feel happy in the knowledge that someone else is worrying about security for them (not bitter, honest)...
      • by rkmath ( 26375 ) on Monday February 21, 2005 @03:13PM (#11738542)
        It is true that most warez files are compressed using RAR. But it is also true that the general warez kiddie is not the type who would click on any executable without some virus checking. (Yes - it seems a shame - but the run of the mill warez kiddie is not the clueless user who clicks on every attachment in their email).

        • by LoRdTAW ( 99712 ) on Monday February 21, 2005 @03:27PM (#11738676)
          Warez has changed allot in the past years. Gone are the days where you had to know someone with an ftp site (similar to the old BBS days). Back then you had to know what you were doing and how to talk your way in. Enter edonky/kazaa and bittorrent where any joe can download anything they want. I know my brothers friends download using emule and they certainly dont know any more then your average joe.
    • by zbeeble ( 808759 ) on Monday February 21, 2005 @03:07PM (#11738472)
      I suppose it depends what you download. But quite a lot of games and movies are compressed with rar. Also I know a few people who send rar files through their work address's because zip is blocked.
      • by Trejkaz ( 615352 ) on Monday February 21, 2005 @04:17PM (#11739085) Homepage

        If zip (or any) files are blocked, I like sending files encrypted, or merely scrambled.

        You would be surprised how few email filters detect an attachment which is simply sent as Base64 or UUEncoded text, in the body. As it's not an attachment, it frequently gets ignored.

        • You would be surprised how few email filters detect an attachment which is simply sent as Base64 or UUEncoded text, in the body. As it's not an attachment, it frequently gets ignored.

          Why would we be surprised? People who write e-mail filters have to balance between security and convenience of the user.

          I mean, imagine a super complex e-mail filter program that blocked every conceivable way of sending an attachment. If I sent a letter to my mom asking her how her stay was in the hospital, and got someth

      • Also I know a few people who send rar files through their work address's because zip is blocked.

        Gmail blocks sending attachments of "executable" files, which includes .pl .exe .bat .com etc..., It even checks inside of zip, tar/gz archives to see if a file with matching extension is found. If it is found, gmail will not allow you to send your email.

        On the other hand if you compress your archive using RAR, gmail cannot check the contents and thus does not complain about executable files.

    • Comment removed (Score:5, Insightful)

      by account_deleted ( 4530225 ) on Monday February 21, 2005 @03:13PM (#11738544)
      Comment removed based on user account deletion
      • by hab136 ( 30884 ) on Monday February 21, 2005 @03:22PM (#11738630) Journal
        I've always wondered why a virus writter couldn't just wrap a virus in a self-extracting encryption algorithm? [...] How could scanning for a virus figure that as a virus (unless you block all executables)?

        You've answered your own question - most corporations and free email providers block executables.

      • by Rei ( 128717 ) on Monday February 21, 2005 @03:31PM (#11738711) Homepage
        ... because you can detect the part that does the self-extracting, of course. :)

        A more clever approach is to have another program do the extracting for you - for example, to distribute it as a password-protected zip file and make the password known to the user. That way, you don't need the identifiable extractor.
    • by ThosLives ( 686517 ) on Monday February 21, 2005 @03:54PM (#11738896) Journal
      Actually, this points at a more fundamental issue. What happens if you simply take the extension off the file and set the MIME type to something like "binary stream" and just send it "raw"? I often have to rename files to get them through company (*ahem* outlook) filters that block files.

      Associating the name of a file with its content type is quite ludicrous; Apple used to do a better job of this with the file resources (the average user couldn't change file type - the name wasn't the type!) but with the transition to OS X (Unix) the metadata with files can be lost and is associated via file extension again.

      This boils down to the fact that digital data is inherently untyped; there is no way to tell if something is *really* a word document, bitmap, executable, or a random collection of bits (you can use signatures in the data to help with this, but that's about it).

      However, more on topic: I didn't know RAR files had "executable" content. If a file in a .RAR archive has a virus, that's no different than any other "hidden" trojan: shouldn't the virus scanner realise there is a problem as soon as the user tries to do something with the uncompressed/unencrypted file?

      • Actually, UNIX doesn't necessarily need the file extension - the kernel looks at the file's 'magic number' (as well as the executable bit) to decide if it should be executed and how to execute it.
    • by HD Webdev ( 247266 ) on Monday February 21, 2005 @04:33PM (#11739225) Homepage Journal
      Well, I know of a few that do now... Seriously, is this that much of a threat? Winzip (AFAIK) doesn't handle Rar archives, and most users wouldn't know how to open one if they did find one in their inbox...

      .rar archives being infected is very old news as well as every other archive format.

      .rar files have been infected since they have existed and posted to USENET. Rar files are much better than zip files in that people can download (let's say) a .rar that's been split into 15 parts. By using smartpar [sourceforge.net], even if a part of that .rar is corrupted, Smartpar does parity and other checks to reconstruct the missing part(s)

      As you note, most people don't know about rar files. And even if they do, the anti-virus program will block the virus as soon as the rar set is put back together.

      This is a complete non-issue. Not to mention, Winrar, which creates and reassembles .rar files prompts users to scan files for infections before extracting them.
      • Rar files are much better than zip files in that people can download (let's say) a .rar that's been split into 15 parts.

        ZIP has been able to do this since long before RAR has existed; it just wasn't very convenient. ARJ and loads of other archivers could do it conveniently, but ZIP became a de-facto standard on PR grounds, rather than technical ones. RAR is pretty much exactly the same as any number of formats that existed 15 years ago, but people are willing to adopt it because it's new and better, rathe

    • Slow news day! (Score:5, Insightful)

      by francisew ( 611090 ) on Monday February 21, 2005 @05:06PM (#11739467) Homepage

      Why exactly does putting viruses into .rar's count as a new virus attack technique?

      This is the same thing that has been going of for a long time with viruses in compressed files.

      What's next, complaining that there are viruses in tar files? Suggesting that propagation of viruses by usb-flash drives, DVD-RW's, SD camera memory and so on... are new vectors of propagation?

      This seems like a really lousy way of trying to instill virus paranoia in people to sell more A/V software.

      Then again, maybe my tinfoil hat is just a bit tight today. Does anyone think there is merit to this article?

  • by Tablizer ( 95088 ) on Monday February 21, 2005 @02:57PM (#11738340) Journal
    Goatse once came to me in a .REAR file. Close enough to avoid.
    • by tehshen ( 794722 ) <tehshen@gmail.com> on Monday February 21, 2005 @03:12PM (#11738526)
      I hope you didn't have any wide open ports for a virus to exploit.
    • Ah yes. Reminds me of the great goatse.exe I found on some troll resource server years ago that set the desktop and window background to Mr Goatse and changed the mouse pointer and screensaver accordingly, all in a way that required registry fiddling to EVER get rid of all that. Send that as "niceass.exe" to the jerk who won't stop sending you all his funny, funny PowerPoint "jokes". Hilarity ensues.

      Of course, remotely putting that into the autostart folders of pesky coworkers is nice too. Praise Billy Boy
  • uh... (Score:5, Funny)

    by koreaman ( 835838 ) <uman@umanwizard.com> on Monday February 21, 2005 @02:57PM (#11738343)
    don't accept rar files from people you don't know. And, if you do, don't run random executables inside them?
  • by Anonymous Coward on Monday February 21, 2005 @02:57PM (#11738346)
    Rar files are most commonly used in the legal archiving of binary files and DVDs.
  • Can't scan rar?? (Score:5, Insightful)

    by nuclear305 ( 674185 ) * on Monday February 21, 2005 @02:58PM (#11738353)
    "Most anti-virus software cannot scan a .RAR file"

    What? Is it really a case where the software can't scan the archive or is it just that it's not included in the default types of files to scan?

    Just tested this on AVG and it indeed scans rar archives.
  • No problem! (Score:4, Insightful)

    by ChibiLZ ( 697816 ) * <[john] [at] [easygoldguide.com]> on Monday February 21, 2005 @02:59PM (#11738362) Homepage Journal
    I fail to see the problem here. TFA says that the .rar contains a file like foto.jpg.exe. This is nothing new, they're just using a better compression program to spread their malware.

    Carry on with the downloading, there's nothing to see here...
    • If anything, we should congratulate them. They've found a way to cut down on a few bytes of junk data flying around the net.

      Cumulatively, it could be a big waste reduction. :)
    • Re:No problem! (Score:4, Insightful)

      by dan_sdot ( 721837 ) on Monday February 21, 2005 @03:30PM (#11738706)
      TFA says that the .rar contains a file like foto.jpg.exe.
      I actually believe that if Windows didn't "Hide the file extension for known types", as is the default setting, viruses would be a much less serious issue. In other words, what they see for that file is "foto.jpg". They know what a jpg file is, and forget the Windows is actually hiding the true file extension. I think most people actually know that you shouldn't open an exe file from an unknown source, but hiding the file extension makes people forget.
      Just another example of how very often trying to make computers "easier to use" actually makes things more of a pain in the butt when it comes down to it.
  • Big deal (Score:4, Interesting)

    by fudgefactor7 ( 581449 ) on Monday February 21, 2005 @02:59PM (#11738365)
    This would have been more of a threat had it been in .CAB format. Not everyone uses .RAR files. Heck, in my company there are a grand total of 3 computers capable of even opneing a .RAR file...the one I'm posting from is one. On a side note: my wife got this virus emailed to her and she called me at work to ask what a rar file was... Needless to say, this virus will not be long-lived as it's just plain stupid.
    • It may be stupid, but someone had to be stung by this, else there wouldn't be a story.
  • The Bright Side (Score:5, Insightful)

    by Dachannien ( 617929 ) on Monday February 21, 2005 @02:59PM (#11738370)
    Fortunately, your grandmother has no clue what a .rar file is or how to open one, leaving her safe from infection by this new method. In fact, it's fairly safe to say that the only people who will get owned by .rar file viruses are lamer hax0r wannabes desperate for more pr0n.

  • by im_thatoneguy ( 819432 ) on Monday February 21, 2005 @03:00PM (#11738374)
    "Warez is becoming infected with viruses!"
  • RAR is very popular (Score:5, Interesting)

    by bigtallmofo ( 695287 ) on Monday February 21, 2005 @03:00PM (#11738377)
    I find that more technically-abled people are familiar with and have installed WinRAR [rarlabs.com] or the unix-variant based RAR on their system.

    Of course, such people are less likely to be taken in by a virus, so I'm forced to believe that this new spin on virus writing isn't going to be very effective.

    Similarly, I suppose virus-writers could rename their .exe file to be .txt and leave instructions within the .txt file to rename the file to .exe and from there ask them to execute it but the people that would understand those instructions would not be likely to follow them.
    • by rainman_bc ( 735332 ) on Monday February 21, 2005 @03:07PM (#11738476)
      Just to point out that some places use stuff like UltimateZIP or something that'll handle all compressed archives, including ace and rar. It isn't just winrar that opens rar files.
    • by SunFan ( 845761 )
      I thought technically abled people still used tar and bzip2? Putting the compression separate from the archiving makes sense--it still works great in piped UNIX commands and bzip2 is more aggressive than Zip is.
      • by m50d ( 797211 )
        RAR is better compression, and the compression ratio is all that matters. I had 1.2gb of binaries to fit on a CD, tar+bzip2 had it at around 780mb (gzip I interrupted at around 900mb). Arj was 706, but rar did it without breaking into a sweat: 636 mb, I had enough space for feather linux as well.
  • And I've always extracted and scanned the contents before executing.

    It just makes sense to me.
  • Last week's virus was "disguised as a patch from Microsoft Corp" and apparently nobody wanted to click it (who's afraid of the BSOD?)

    ... but free pr0n, well who ain't gonna click that?

  • How's this new? (Score:5, Insightful)

    by Phanatic1a ( 413374 ) on Monday February 21, 2005 @03:02PM (#11738405)
    It's not that there's a virus piggybacked on the .rar, which you infect yourself with by unraring the .rar, it's that they're sending around .rared viruses, which you infect yourself wih if you unrar and then execute them.

    Not seeing the problem, aside from the same old 'don't go happy-assing around executing any damn old executable that someone emails you.'
  • eWeek ... (Score:5, Funny)

    by jest3r ( 458429 ) on Monday February 21, 2005 @03:04PM (#11738420)
    ... in related news eWeek is able to sell more impressions and generate more revenue by getting coverage on Slashdot for pointless non-news articles such as new Virus hides in compressed files ...
  • by JamesP ( 688957 )
    A new virus is spreading through password-protected .arj files.

    Fortunatelly, no one got it, as no one remembers anymore what the heck an .ARJ file is, let alone find a password cracker for it.

    Rumors said the password is "G04TSE.CXR0X".. go now then, have some fun...

  • ClamAV wins again... (Score:5, Informative)

    by Vellmont ( 569020 ) on Monday February 21, 2005 @03:05PM (#11738445) Homepage
    The OSS program ClamAV supports scanning of RAR files. If most anti-virus programs truly don't support RAR format, this is another big win for ClamAV. (I run it on my own server, and as part of an anti spam/virus email service and it runs flawlessly).
    • by j-turkey ( 187775 ) on Monday February 21, 2005 @03:19PM (#11738610) Homepage
      The OSS program ClamAV supports scanning of RAR files. If most anti-virus programs truly don't support RAR format, this is another big win for ClamAV. (I run it on my own server, and as part of an anti spam/virus email service and it runs flawlessly).

      ClamAV just wins period. Not having to pay per-seat licensing is awesome. Never needing to track or renew a subscription is worth every penny you'll spend on Clam AV (umm...$0.00).

      I can't think of any reason to run anything else for an email server. Am I missing something really big that ClamAV just can't do?

      • by swillden ( 191260 ) * <shawn-ds@willden.org> on Monday February 21, 2005 @05:40PM (#11739737) Journal

        Am I missing something really big that ClamAV just can't do?

        Get updates about a major new virus a week too late to do any good?

        I was working for a client who had a vigorously-enforced anti-virus policy. Before anyone is allowed to connect to the network, the I/T security dept. has to verify that they have an anti-virus package installed, running and up-to-date. This policy created a bit of a problem when I showed up with my laptop running Debian Linux. I tried to argue that there are no Linux viruses in the wild and, further, that as a 100% Windows shop, even if my machine did have a virus, it wouldn't run on any of *theirs*. No luck. "NO AV, NO NETWORK," was the decision from on high.

        Not expecting much, I ran "apt-cache search anti-virus" and was shocked to see that there were two different AV tools packaged by Debian, and that clamav even had the ability to scan local files on my system. I set it up to scan periodically, left "freshclam" set on the default update schedule (daily), showed the I/T security guy how it worked (and that it had found nothing), and he grudgingly allowed me on the network, convinced, I think, that my open source anti-virus tool *had* to be crap.

        A couple of days later, I noticed that ClamAV had flagged a file in my mailbox as being infected. It was a document that the client's project manager had sent me -- from a machine running an up-to-date copy of Norton Anti-Virus Gold, Corporate Edition. I reported the incident and didn't think much of it. I figured the manager that sent it to me must not have had his AV software running (Lord knows if I ran Windows I'd be tempted to shut the CPU- and RAM-hogging thing down so I could get some work done).

        Over the next two days, nearly all productive work in the I/T dept. ground to a halt, because by the time I got the infected document, almost the entire company was infected. I don't recall which virus it was (it didn't really interfere with anything I was doing), but I know they had a devil of a time getting it all cleaned up.

        As it turned out, NONE of the three major commercial AV tools deployed at the company detected the new virus until about a week later.

        I found out later that this experience is the rule, not the exception, with fast-moving new viruses. ClamAV is not only community-developed, but the databased is community-maintained as well, so whenever a sysadmin somewhere notices a new virus, it gets added to the database very quickly. The commercial AV vendors don't move as quickly, and consequently their tools often miss fast-spreading viruses long enough for them to become a problem.

        ClamAV rocks.

    • Not by Default! (Score:3, Informative)

      by lorcha ( 464930 )
      > man clamd.conf
      [...]
      ScanRAR
      Enable scanning of RAR archives. Due to license issues libclamav does not support RAR 3.0 archives (only the old 2.0 format is sup-ported). Because some users report stability problems with unrarlib it's disabled by default and must be enabled in the config file.
      Default: disabled
      [...]
  • Whats the point? (Score:4, Interesting)

    by bizitch ( 546406 ) on Monday February 21, 2005 @03:06PM (#11738457) Homepage
    Blocking extensions is pretty pointless ... how hard is it to rename before/after going thru a wall?
  • by jptechnical ( 644454 ) on Monday February 21, 2005 @03:07PM (#11738467) Homepage
    It seems to me this would be the simplest. Just require the virus makers to use the .virus extension and that will give the AV makers more time to perfect RAR scanning.

    Is anyone with me?
  • RAR bombs (Score:2, Insightful)

    This is great. They have still not all figured out how to avoid bzip2 bombs [netsys.com], how are they supposed to be able to scan RAR files? I mean, heck, they can't adopt a new compression file every 2 weeks! Oh wait...
  • by winkydink ( 650484 ) * <sv.dude@gmail.com> on Monday February 21, 2005 @03:08PM (#11738494) Homepage Journal
    at least it is with my 2 subsidiaries there. Winzip does not do a Chinese version. RAR does.
  • So.. (Score:2, Insightful)

    by mysidia ( 191772 )

    If your firewall blocks ZIP files and RAR files, then how are you supposed to exchange groups of files with your friends efficiently?

    Isn't the WHOLE POINT of having archive file software on your computer defeated by blocking content with these extensions?

  • Not a big deal (Score:3, Informative)

    by Artifakt ( 700173 ) on Monday February 21, 2005 @03:12PM (#11738527)
    As the article explains it (you do read the articles ,don't you?). The .RAR has to be unpacked, to reveal a file with dual extensions - like "Pron.jpg.exe".
    The user still has to be dumb enough to click on that .exe without running a virus scanner on it first. No one has made a .rar that somehow executes on its own.
    The article expresses a fear that there are people out there in cluelessland that will think "Gee, I know I should scan .exe's that came packed in .zip's, but this came packed in another compression. Duuh! it must be safe!".
    There may be three people on the whole planet who are actually at that particular mix of clueless and clueful states. The rest either still don't know the first thing about what a .rar or an .exe is, or they won't be fooled.
    If a journalist tried to make us all afraid of the risk of terrorists that try to sneak through customs by disguising themselves as Mexican Banditos, complete with bandoleers of bullets, some people would probably buy that too.
  • REALLY old news (Score:3, Informative)

    by JohnVH ( 86999 ) on Monday February 21, 2005 @03:19PM (#11738608) Homepage
    Umm, this is REALLY old news. This particular method of trying to sneak past virus scanners has been around since at least March 2004 (search Google for W32.Beagle@mm!rar).
  • by emarkp ( 67813 ) <slashdot@@@roadq...com> on Monday February 21, 2005 @03:27PM (#11738673) Journal
    ...when you block filetypes.

    Educate the users not to be morons. At our site, we've had trouble working with a university because our ISP removes .exe files from attachments and their server removes .zip files. Pretty hard to exchange executables in that kind of environment.

    Now we use an ftp server. All because idiots click on attachments without thinking.

  • Gosh.
    All my household systems come with software to decrypt rars, bzip2s, gzips, tars, etc. . .

    All this extra functionality results in vulnerabilities, eh?

    Oh. Wait. Even when I get the file open, the trojan won't excute. Guess I better fire up Wine, see if I can get it to work.

    If only Win32 was better supported in Linux, then I wouldn't have these cross-platform issues.
  • by Jugalator ( 259273 ) on Monday February 21, 2005 @03:37PM (#11738771) Journal
    It's about people clicking on RAR archives said to contain Anna Kournikova pictures, and other women with hot grits? Well what's new there?

    It's not a problem with RAR in specific... If they block RAR files, I'm sure they could instead just be guided to a web page and told to install an ActiveX control instead. :-P (of course a digitally signed one so they get a false sense of security)

    If you could only patch the real serious security holes here -- the ones in the users' brains...
  • *sigh* (Score:5, Insightful)

    by Nephroth ( 586753 ) on Monday February 21, 2005 @03:45PM (#11738831)
    This bothers me, it always bothers me when something that is not a vulnerability gets pegged as one. .RAR is not a vulnerability, and it's not a means for spreading viruses any more than any other format is. The vulnerability lies in short-sighted software development that failed to take into account that perhaps .RAR files might be used in addition to .ZIP. It's similar to the claims that international support in mozilla was a vulnerability. It isn't. the USER is the vulnerabitlity, educate the user and the vast majority of these problems will go away.

    Why didn't we have problems like this in the past? Why did virus writers have to be so much more clever? It was because the only people using computers had at least something of an idea of what they were doing. Viruses are, for the most part, easily avoided. It's only when users are clueless and trusting that they are allowed to flourish.
    • Re:*sigh* (Score:3, Insightful)

      by Alan Hicks ( 660661 )

      It's similar to the claims that international support in mozilla was a vulnerability. It isn't. the USER is the vulnerabitlity, educate the user and the vast majority of these problems will go away.

      While I agree with you to some extent, you picked a really poor example there. The international characters in the URL toolbar are really very deceptive. Allow me to offer you two picture links.

      Letter "a" [fileformat.info]
      Letter "a" [fileformat.info]

      Now you tell me which one is the cyrillic character, and which is the roman charact

  • by RaguMS ( 149511 ) on Monday February 21, 2005 @04:04PM (#11738976) Journal
    Correct me if I'm wrong, but I do not understand how this poses a new threat to any system that is protected by a working antivirus.
    Scenario 1: System cannot unpack .rar files. System is safe from virus.
    Scenario 2: System can unpack .rar files. User manually executes virus contained in .rar file. File is first decompressed to the Temp directory, where antivirus catches it.

    I just tested eTrust Antivirus, and it does catch the EICAR test file if I try to open it from a RAR, so I don't see what the problem is.
  • by Chief Typist ( 110285 ) on Monday February 21, 2005 @04:11PM (#11739036) Homepage
    It's only a matter of time before we see a .TXT virus. Sounds implausible, but virus writers are very good at adapting to people's work habits.

    Many companies block .ZIP at the perimeter (at a firewall or mail server.) People still have work to do -- so they workaround this block by renaming .ZIP files as .TXT files. We have several clients who *REQUIRE* us to send them files us like this.

    So, once people get into the .TXT -> .ZIP -> unarchive habit, they'll be happy to do the same with a virus.

    And it's going to be fun seeing the whole IT infrastructure that relies on file extensions fall into a crumbling heap.

    -ch
  • by tod_miller ( 792541 ) on Monday February 21, 2005 @04:49PM (#11739359) Journal
    Why even **consider** having to block rar files?

    THEY ARE USEFUL ESPECIALLY OVER A NETWORK, you know, they reduce file sizes.

    Instead: educate, and write decent sandboxing / active protection software that will scan on decompress.

    OK, don't bothc the job, do it right.

    blocking rar files... great then all warez sites will rename to .r4r or something. get real. what are we, a bunch of 3rd grade marketting types?
  • by iamcf13 ( 736250 ) on Monday February 21, 2005 @08:57PM (#11741062) Homepage Journal
    My approach [cf13.com] simply tacks on '.txt' on the end of ALL email file attachments filenames. As a result, system compromise is IMPOSSIBLE this way provided Windows still associates .txt files with Notepad/Wordpad and those programs haven't been compromised.

    In this manner the incoming file attachments can be safely scanned for viruses, deleted, quarantined, or renamed by removing the '.txt' at the end and put to use.

    If you want to learn more and download my quality (but bland-looking) Windows freeware/shareware, visit now. [cf13.com]

    P.S. since July 2004, I've only gotten a handful of 'no content' email spam at iamcf13@hotpop.com. This technique is used by spammers to validate working email addresses that do not bounce. That is the only spam I recieve nowadays. All the rest is autodeleted by cf13-pop3.

    However, I DO wish I could run my shareware mailserver cf13-smtp and avoid downloading the spam in the first place.

Things are not as simple as they seems at first. - Edward Thorp

Working...