Yeah, I too was using the web in the late 90s. I remember countless programming and "hacking" forums where .exes were shared, and I downloaded and ran anything and everything that had a download link.
It was a fun time, and I do harbor some nostalgia for it. But I can't imagine going back.
Corporate? That's not a sound way to describe the totality of the world of programmers that lean towards free/open and beyond.
Sure, closed-source communities exist and have for a long age, but many folk have grown beyond the ethos or tradition of closed releases for reasons like, IDK, competitive individualism for clout or potential code quality shame that AFAICT drive such corners of the software world, especially at the level of freeware, not just for business. It's certainly a new world for younger people who skipped the era when that was more prevalent.
If people don't like corporate, there are newer source available licence options that folk to the left of free/open have been advocating more recently.
Tell us more about "I don't aee anything suspicious". How exactly do you know it's not a binary that hashes all your files using a key and asks for btc to revert?
Open in hex/text editor, scroll through and look for anything suspicious like network, crypto, obfuscated sections (major red flag), strange strings, etc. The #1 most reliable sign of malware is if it's unusually large and packed/obfuscated, but this isn't.
The guy even has his full name and contact info in there.
This is harmless.
If you don't trust me you could upload to an online malware multiscanner (which tends to invite false positives, but better than nothing).
It's not about whether this particular announcement, with these particular executables, is trustworthy or not.
It's about the whole process of regularly downloading and running executables uploaded by individuals to a BBS-type forum being unimaginable in most other parts of the software world, and violating every security "best practice" written about in the past 30 years.
I know that this is how things were once done everywhere. But that was a long time ago.
A lot of malware just waits for a while and the opens another file (or a pastebin) and downloads the payload from somewhere else. A small executable without anything dodgy in it means nothing.
It is still possible that the author's machine had a virus and the executable got infected without the author's knowledge. I too trust the author in that matter, but that's irrelevant here.
There are libraries that would be useful for cryptography that you wouldn’t likely need in an audio codec. If the binary imports those libraries, it may be visible with a bit of prodding.
Hey, could you please edit out swipes and/or name-calling from your HN posts? This is in the site guidelines: https://news.ycombinator.com/newsguidelines.html.
Your comment would be just fine without the (first clause of the) second sentence.
Yeah, I too was using the web in the late 90s. I remember countless programming and "hacking" forums where .exes were shared, and I downloaded and ran anything and everything that had a download link.
It was a fun time, and I do harbor some nostalgia for it. But I can't imagine going back.
it was okay back then though, because the cracked copy of NOD32 on your system would totally protect you =)
Corporate? That's not a sound way to describe the totality of the world of programmers that lean towards free/open and beyond.
Sure, closed-source communities exist and have for a long age, but many folk have grown beyond the ethos or tradition of closed releases for reasons like, IDK, competitive individualism for clout or potential code quality shame that AFAICT drive such corners of the software world, especially at the level of freeware, not just for business. It's certainly a new world for younger people who skipped the era when that was more prevalent.
If people don't like corporate, there are newer source available licence options that folk to the left of free/open have been advocating more recently.
Tell us more about "I don't aee anything suspicious". How exactly do you know it's not a binary that hashes all your files using a key and asks for btc to revert?
Open in hex/text editor, scroll through and look for anything suspicious like network, crypto, obfuscated sections (major red flag), strange strings, etc. The #1 most reliable sign of malware is if it's unusually large and packed/obfuscated, but this isn't.
The guy even has his full name and contact info in there.
This is harmless.
If you don't trust me you could upload to an online malware multiscanner (which tends to invite false positives, but better than nothing).
It's not about whether this particular announcement, with these particular executables, is trustworthy or not.
It's about the whole process of regularly downloading and running executables uploaded by individuals to a BBS-type forum being unimaginable in most other parts of the software world, and violating every security "best practice" written about in the past 30 years.
I know that this is how things were once done everywhere. But that was a long time ago.
7 replies →
A lot of malware just waits for a while and the opens another file (or a pastebin) and downloads the payload from somewhere else. A small executable without anything dodgy in it means nothing.
2 replies →
It is still possible that the author's machine had a virus and the executable got infected without the author's knowledge. I too trust the author in that matter, but that's irrelevant here.
1 reply →
There are libraries that would be useful for cryptography that you wouldn’t likely need in an audio codec. If the binary imports those libraries, it may be visible with a bit of prodding.
Unless they are statically linked.
Or the binary uses executable compression.
Or obfuscated dynamic loading.
Or about a million other techniques that can thwart dependency analysis, and which have been well-known for decades.
2 replies →