Is Winrar or 7zip quicker at unpacking RAR archives?

Page 2 of 2 [ 18 posts ]  Go to page Previous  1, 2

Fogman
Veteran
Veteran

User avatar

Joined: 19 Jun 2005
Age: 53
Gender: Male
Posts: 4,268
Location: Frå Nord Dakota til Vermont

20 Apr 2008, 2:27 am

Encyclopedia wrote:
Spybot is proprietary freeware, not open-source so they must have reverse engineered it somehow. As for the "dark-side" argument, I think it's quite the reverse. Open-source software can proven safe, because you can examine the source code and even compile it yourself. Any malicious clone would have to close the source to protect the secret. Even legitimate commercial software can be malicious, but very hard to detect. (remember the Sony rootkit fiasco?) Open source is probably the safest there is.


Thanks for clearing that up with Spybot. I'll stick with the 'Dark Side' argument, and here's why.

Even though Open Source software grants everybody the potential to compile their own software from the available source code, the average end user isn't going to do this because it's not an expedient thing, they want the binaries installed, as most end users have no interest in using a compiler, or for that matter have no idea how to compile software from source code with a compiler such as GCC. They can't read, and have no desire to read source code. --This is where the subterfuge comes in.

Scam artists can take advatage of this by rewriting code as they see fit. This can be problematic with software under the GNU copyleft agreement, because scammers would have to make their code available, if they followed the rules of the GNU agreement. Then again, scam artists being who they are, don't feel compelled to follow any rules other than their own to maximise their profit at other people's expense. The GNU arraingement stipulates that coders who utilise GNU code are going to be honest, and furnish, or at least make available their modifications to GNU code. Scam artists aren't honest, and don't play by the rules.

If scam artists can decompile/ reverse engineer proprietary software like Spybot, with relative impunity, and make their own versions of it, what's to stop them from doing the same with code that they don't have to go through the trouble of decompiling binaries, and debugging the code? Why would they go through that hassle when the code is readily available seemingly free for the taking? --Scam artists don't feel the need to play by the rules that everybody else plays by because they feel that rules do not apply to them, why would they care about resharing code that they've altered for their own benefit?

Also, assuming that these people due have a shred of conscience, they would opt for modifying software that utilises a BSD style licence, where you don't have to furnish altered code.


_________________
When There's No There to get to, I'm so There!


lau
Veteran
Veteran

User avatar

Joined: 17 Jun 2006
Age: 71
Gender: Male
Posts: 10,598
Location: Somerset UK

20 Apr 2008, 11:44 am

A few points, fogman.

From earlier, you complained about Linux and its write access to NTFS. There's an inherent problem there. Linux does support write access, but cannot give a guarantee that it will always work. This is because NTFS is not an open standard. If Microsoft suddenly decides that setting a bit in a header somewhere suddenly means the entire structure changes, they can do that.

The current status of Spybot is really no different from any software. If you download it from a reputable site, it should be fine. When it was first released, there were a glut of people producing tampered versions of it (usually just via patches that changed its appearance - not a full-blown reverse engineer). I don't think that's happening much, any more.

Generally, your arguments about open source don't really work that way. Again, if you want to get a pre-built version of an open source product, get it from a reputable source.

The major argument in favour of the security of open source is not that YOU are going to look at the source code, to see if someone has sneaked a nasty trojan payload into it, but that a whole bunch of independent people, from around the world, WILL have looked at the code.

Sneaking code past that sort of scrutiny isn't anything like as easy as one fired employee of a company activating the evil code he put in their closed source product a few years previously - code which no one else in the company has ever even bothered to look at.


_________________
"Striking up conversations with strangers is an autistic person's version of extreme sports." Kamran Nazeer


tomadao
Raven
Raven

User avatar

Joined: 10 Mar 2008
Gender: Female
Posts: 115

20 Apr 2008, 2:51 pm

Encyclopedia wrote:
The problem is how you tell for sure which site is the developer's. There are a lot of malicious websites offering downloads that pretend to be something they aren't. That's why I recommended using a reputable central repository site.


By employing DNS spoofing or man-in-the-middle attacks, a determined black-hat can easily redirect some unsuspecting user to a bogus webserver running a fake copy of Download.com, Tucows.com or even Sourceforge.net. Of course this is a bit paranoid, but nothing is secure in this world. That's why I prefer to google for the name of the developer and use some skill/intuition to work out if it's real.

And about the spywares, we can't forget that Windows is a system designed with non-technical people in mind. Security and ease of operation are things that cannot be together. That's why Windows has administrator/power-user accounts by default, a bunch of useless and dangerous services enabled, bad permissions in some folders, bad registry hardening, etc. Linux doesn't have spyware problems because its DEFAULT configuration is generally much more secure than the Windows' one.