| Author | Message | ||
     Stefan Fleischmann Username: admin Registered: 1-2001 |
The scripting language supported by WinHex and WinHex's functionality for file and disk editing can be used to program malicious scripts. That's why WinHex warns before executing a script and even gives the user an idea of what may be manipulated by the script. Of course, one should never execute a WinHex script (.whs) if not sure about its origin and functionality, just as with any other executable/interpretable files. A proof-of-concept virus for WinHex was submitted to F-Secure Corporation by an anonymous source. F-Secure published this information and lab news. | ||
| Ross Johnson Username: ross_winpro_net Registered: N/A |
"proof-of-concept virus"? That is an idiotic labeling. You do not need a proof of concept; it is the nature of scripting languages to be able to alter media content. Any who use such scripting languages already know this and do not need a patronizing warning from a company trying to keep itself on the "radar". I believe it is their warning that is malicious. Rather than issuing a "warning" that implicates negativity towards a product or company; they should simply state the obvious: "programs, scripts, batch files etc. can alter media content" or in other words "if it is not a file you created, you better know what it is doing". (of course, there is no money in such a warning.) I mean, how good are they really; if it took them this many years to realize what WinHex can do? They should have issued a warning the day it offered scripting. You just do not need a proof of concept (come on folks, get a clue, it is simply a priori). If I wanted to act like that company, I could issue a proof of concept warning from an anonymous source that demonstrated that the F-Secure CEO has a knife in his kitchen! ... And, as a proof of concept, this knife has been shown to be able to easily cut parts out of a turkey, but could be used maliciously, therefore anyone going into his kitchen is at risk? This leads to my simple "all around" warning for computers and life: If the tool can cut, you better know who's hands are on it! Sorry for the the rant. I truly wish this type of spam would stop. The only motive I can see for their statement is to profit from it; otherwise they could generously post a list of all software that can alter media and is therefore potentially damaging, including there own! BTW, The list would be HUGE. OK, OK, I am almost done. I just do not want to see malicious damage to a fine product. When F-Secure posts such a warning, they should be required by law to post any relevant business connections to rivals of the targeted company (e.g. is Enc.s a big client of theirs?) This would be similar to news organizations posting their connections to entities mentioned in their articles. Sorry, delete this at will, thank you for the vent. Ross@WinPro.net | ||
| Stefan Fleischmann Username: admin Registered: 1-2001 |
Thanks for the very clear and logical statement. Right, really not surprising that such things are possible. However, I personally am not angry, considering that F-Secure repeatedly labels WinHex "the powerful computer forensics, data recovery, and IT security tool" just as we do. |