flat assembler
Message board for the users of flat assembler.

Index > Heap > i wasted my today with killing ...

Goto page Previous  1, 2, 3, 4, 5, 6, 7  Next
Author
Thread Post new topic Reply to topic
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
Azu wrote:
Wow. You actually believe that it would be infeasible just to recognize some file sizes and change them?

Ignorance is bliss I suppose, until someone takes advantage of it and leaves you devastated.
man, you are sounding too sci-fi.

How do you expect it to know the contents of a file? The virus receives the real size of the zip file, which is X bytes. Now, to deceive it must give you X+Y, where Y is the added size because it adds itself on the app inside the zip.

But it doesn't know the zip's contents before downloading it, but the browser displays its size before download beings. Therefore has no idea how compressed, or even if the file is a damn zip! (a browser will display the size of the file before you download). If it has no idea how compressed it is, it cannot predict the size it will be when it adds itself. It has no idea of the contents before downloading.

It has no idea what the file is. It cannot, unless it looks into the future. Razz
It could be an .mp3 as far as it is concerned.

Please explain this in down-to-earth terms and not fictional Razz
any security experts here?

_________________
Previously known as The_Grey_Beast
Post 28 Jul 2009, 02:02
View user's profile Send private message Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu
Borsuc wrote:
Azu wrote:
Wow. You actually believe that it would be infeasible just to recognize some file sizes and change them?

Ignorance is bliss I suppose, until someone takes advantage of it and leaves you devastated.
man, you are sounding too sci-fi.

How do you expect it to know the contents of a file? The virus receives the real size of the zip file, which is X bytes. Now, to deceive it must give you X+Y, where Y is the added size because it adds itself on the app inside the zip.

But it doesn't know the zip's contents before downloading it, but the browser displays its size before download beings. Therefore has no idea how compressed, or even if the file is a damn zip! (a browser will display the size of the file before you download). If it has no idea how compressed it is, it cannot predict the size it will be when it adds itself. It has no idea of the contents before downloading.

It has no idea what the file is. It cannot, unless it looks into the future. Razz
It could be an .mp3 as far as it is concerned.

Please explain this in down-to-earth terms and not fictional Razz
any security experts here?
Gee, maybe it can tell the size by reading what the website says the size is, adding a bit extra to the number to make room for error, and then when you download the file replaces it with a modified version. Oooo so sci-fi.
Post 28 Jul 2009, 02:06
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
doh
it knows the size
but it doesn't know the contents man.
The contents. It can't PREDICT A NEW SIZE without the contents!

and it HAS to give you this new size to deceive you, before it is downloaded. I compare the size of the zip with the size it is displayed before i download it.

To deceive me, it must give me the fake size BEFORE download begins. Which is impossible considering it must know the contents in advance.
Post 28 Jul 2009, 02:08
View user's profile Send private message Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
Nah I'll just leave it at that. If some expert comes and has something to add I'm all ears (meaning, someone who works at an anti-virus company or something like that).

But if you really wanna be paranoid, then the anti-viruses are also infected with the virus, who knows? Maybe the guys with the anti-virus' website don't know that themselves.

So I'm fucked up either way, if I believe in paranoia. Wink

_________________
Previously known as The_Grey_Beast
Post 28 Jul 2009, 02:12
View user's profile Send private message Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu
Borsuc wrote:
doh
it knows the size
but it doesn't know the contents man.
The contents. It can't PREDICT A NEW SIZE without the contents!

and it HAS to give you this new size to deceive you, before it is downloaded. I compare the size of the zip with the size it is displayed before i download it.

To deceive me, it must give me the fake size BEFORE download begins. Which is impossible considering it must know the contents in advance.
No, it doesn't need to know what the contents are. It knows what the size of the compressed file is, and what the size of itself is uncompressed. If it adds those together, adds itself into the file, and if neccasary adds some garbage to make the compressed file big enough, it all works perfectly. None of this is complicated or science fictionish. It doesn't even involve advanced techniques for getting some code into a file without changing the size. What's the big deal?
Post 28 Jul 2009, 02:15
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
Azu wrote:
No, it doesn't need to know what the contents are. It knows what the size of the compressed file is, and what the size of itself is uncompressed. If it adds those together, adds itself into the file, and if neccasary adds some garbage to make the compressed file big enough, it all works perfectly. None of this is complicated or science fictionish. It doesn't even involve advanced techniques for getting some code into a file without changing the size. What's the big deal?
First of all, NO it doesn't know the uncompressed size.
Secondly, how can it know the resulting size? It must know the CONTENTS. Because compression is based on CONTENTS, not uncompressed size.

An empty file with 0s everywhere, no matter how big uncompressed, is gonna be pretty small zip file...

_________________
Previously known as The_Grey_Beast
Post 28 Jul 2009, 02:20
View user's profile Send private message Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu
Borsuc wrote:
Azu wrote:
No, it doesn't need to know what the contents are. It knows what the size of the compressed file is, and what the size of itself is uncompressed. If it adds those together, adds itself into the file, and if neccasary adds some garbage to make the compressed file big enough, it all works perfectly. None of this is complicated or science fictionish. It doesn't even involve advanced techniques for getting some code into a file without changing the size. What's the big deal?
First of all, NO it doesn't know the uncompressed size.
Secondly, how can it know the resulting size? It must know the CONTENTS. Because compression is based on CONTENTS, not uncompressed size.

An empty file with 0s everywhere, no matter how big uncompressed, is gonna be pretty small zip file...
You aren't even reading my post before replying. I said the compressed size of the file.
Post 28 Jul 2009, 02:21
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
oh yeah, adding garbage. But in a zip that would be invalid authentication, unless it actually adds garbage in the .exe file. I find that unlikely though: if I had a rootkit, files would get infected.

However, some files I personally know can't get over 100MB exact because of filesharing limitations (e.g: rapidshare, and must be EXACT that size), and it would be impossible to add virus to such file. And it would need to add it, if it worked on other zip files.

Furthermore, without the contents it cannot know the filetype. This means, it has no idea whether that's a zip, a mp3, a password encrypted rar (ruins the entire virus and gives it away).

Like I said, it's pretty impossible. Not impossible, but pretty close.
Post 28 Jul 2009, 02:25
View user's profile Send private message Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu
Borsuc wrote:
oh yeah, adding garbage. But in a zip that would be invalid authentication, unless it actually adds garbage in the .exe file. I find that unlikely though: if I had a rootkit, files would get infected.
Yes to the exe obviously. You've never put anything into an exe as padding before?

Borsuc wrote:
However, some files I personally know can't get over 100MB exact because of filesharing limitations (e.g: rapidshare, and must be EXACT that size), and it would be impossible to add virus to such file. And it would need to add it, if it worked on other zip files.
In extreme niche cases like that, yes, it might be a problem.

Borsuc wrote:
Furthermore, without the contents it cannot know the filetype. This means, it has no idea whether that's a zip, a mp3, a password encrypted rar (ruins the entire virus and gives it away).

Like I said, it's pretty impossible. Not impossible, but pretty close.
Duh, it would mess around with it while or after it is downloaded, not before. And if it turns out to be a type that can't be infected, it would have to just add pure padding rather then infect it, naturally.
Post 28 Jul 2009, 02:27
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
Yes but it's still complicated to do that on ANY file without knowing what the file is about. I'd say it either needs extreme luck, or read the future.

At any rate there is no virus-proof solution, it's just that my odds of not getting one are really high. That pleases me instead of being paranoid and not being connected to the internet Razz

BTW I can detect "pure padding". It can't do it "after' because, depending on file, this means I would get a bigger mp3 than usual.

Sorry but I examine mp3 files myself and trust me, they aren't padded to reach the 'predicted' size. Wink
Post 28 Jul 2009, 02:29
View user's profile Send private message Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu
Borsuc wrote:
Yes but it's still complicated to do that on ANY file without knowing what the file is about. I'd say it either needs extreme luck, or read the future.
Like I said, if it's a wav or something like that that it can't infect, it would have to just add garbage to the file or something. Obviously you can't be infected by files that can't be infected. Unless the music player or whatever has a vulnerability.. Wink

Borsuc wrote:
At any rate there is no virus-proof solution, it's just that my odds of not getting one are really high. That pleases me instead of being paranoid and not being connected to the internet Razz
Yes there is. Use something that isn't buggy to the point of allowing arbitrary code execution attacks. And if you can't find anything like that, make it.
Post 28 Jul 2009, 02:31
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
Azu wrote:
Like I said, if it's a wav or something like that that it can't infect, it would have to just add garbage to the file or something. Obviously you can't be infected by files that can't be infected. Unless the music player or whatever has a vulnerability.. Wink
Yes I understood that and I agree with you, but I check any file I download. So far no mp3 or wav I downloaded had any extra padding. Wink (I still check with Hex Editor, I'm not joking, I know the wav container and the mp3 format(s) Razz)

Azu wrote:
Yes there is. Use something that isn't buggy to the point of allowing arbitrary code execution attacks. And if you can't find anything like that, make it.
That means never downloading any application? Confused

_________________
Previously known as The_Grey_Beast
Post 28 Jul 2009, 02:33
View user's profile Send private message Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu
Borsuc wrote:
Azu wrote:
Like I said, if it's a wav or something like that that it can't infect, it would have to just add garbage to the file or something. Obviously you can't be infected by files that can't be infected. Unless the music player or whatever has a vulnerability.. Wink
Yes I understood that and I agree with you, but I check any file I download. So far no mp3 or wav I downloaded had any extra padding. Wink (I still check with Hex Editor, I'm not joking, I know the wav container and the mp3 format(s) Razz)
With formats like that that are publicly known/documented, it could simply re-arrange the contents to make them less compressible, without actually adding anything. at all

Borsuc wrote:
Azu wrote:
Yes there is. Use something that isn't buggy to the point of allowing arbitrary code execution attacks. And if you can't find anything like that, make it.
That means never downloading any application? Confused
No. It means not downloading applications using something untrustworthy, unless you have some trustworthy way to verify them, like asking the program's creator in-person what the SHA-256 hash of the program should be, or something.
Post 28 Jul 2009, 02:37
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel
Borsuc wrote:
Viruses infect .exe files, not .zips.

Many infect files inside .zip, .rar, .cab, etc. archives. Many infect any kind of binaries (.exe, .dll, .sys, .ocx, etc.), but also help files (the old .hlp, .chm), MS Office files (macroviruses, although infection is done differently), etc.

Borsuc wrote:
If they do infect .zip files, they will change the size. My bet is, bigger.

The .exe stored in the archive may not be resized at all, resulting in the same archive size. Viruses can find relatively large chunks of empty space and inject themselves there without changing the .exe size. Most appending viruses 15 years old or less do that.

Borsuc wrote:
Nah. The size is usually on the site

Most of the time, the approximate size in KB/MB, yes. Not in bytes. Most viruses* are very small** and you won't notice any difference with such notation. And anyway, as already mentioned, neither the .exe nor the archive sizes must necessarily change.
* spyware, trojans, etc. excluded
** since coded in C or mostly in ASM and highly optimized for size

Borsuc wrote:
then the anti-viruses are also infected with the virus, who knows

Thousands of viruses try to deceive AVs and some try to manipulate them, disable them, crash them or render them ineffective.
The Goner worm was able to easily stop many of the most famous AVs (Kaspersky, McAfee, Norton, etc.) and firewalls (McAfee, ZA, etc.) And it's not even the best example, just the one I can remember right now.
Ever seen those very $$$ commercial apps that detect, then crash or just disable debuggers (e.g. SoftICE) in an attempt to slow a cracker/reverser down? Well, viruses use similar techniques and much more!

Borsuc wrote:
oh yeah, adding garbage. But in a zip that would be invalid authentication

Wrong. Have you ever noticed you can artificially set the size of any file (including a zip)? I wrote two files, one twice as big as the other, and compressed them. The resulting archives were obviously different in size. I appended X bytes to the end of the smaller archive to compensate the discrepancy. When I open, extract or test both archives, I get the same successful result.
Unless programs compare the file size on disk* with what they are reading/decoding/manipulating, they won't even notice.
* returned by an API, provided it was not hooked by the virus/rootkit Wink
Post 28 Jul 2009, 11:56
View user's profile Send private message Reply with quote
drhowarddrfine



Joined: 10 Jul 2007
Posts: 535
drhowarddrfine
tom tobias wrote:

In particular, neither Linux nor BSD recognizes the ethernet controller on the Biostar motherboard with the aforementioned 64 bit cpu. This is a Realtek RTL 8111DL controller, probably about 15 months old, i.e. not something that came on the scene yesterday, and the Unix world has no idea that it exists....
FreeBSD supports the 8111S and RealTek supplies the driver for the DL on their web site.
http://www.realtek.com.tw/downloads/downloadsView.aspx?Langid=1&PNid=5&PFid=5&Level=5&Conn=4&DownTypeID=3
Post 28 Jul 2009, 13:02
View user's profile Send private message Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu
tom tobias wrote:
The problem with both of these versions, is the same one I had fifteen years ago: hardware incompatibility.

In particular, neither Linux nor BSD recognizes the ethernet controller on the Biostar motherboard with the aforementioned 64 bit cpu. This is a Realtek RTL 8111DL controller, probably about 15 months old, i.e. not something that came on the scene yesterday, and the Unix world has no idea that it exists....
Okay, so call Realtek and ask them to make a driver for their hardware, then. This has absolutely nothing to do with the OS, and everything to do with the hardware manufacturer.

My refrigerator doesn't interface with Windows, but you don't see me using this as a point against Windows, do you?
Post 28 Jul 2009, 13:06
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
ManOfSteel wrote:
Many infect files inside .zip, .rar, .cab, etc. archives. Many infect any kind of binaries (.exe, .dll, .sys, .ocx, etc.), but also help files (the old .hlp, .chm), MS Office files (macroviruses, although infection is done differently), etc.
Yes, but they need to repack the archive, changing its size.

ManOfSteel wrote:
The .exe stored in the archive may not be resized at all, resulting in the same archive size. Viruses can find relatively large chunks of empty space and inject themselves there without changing the .exe size. Most appending viruses 15 years old or less do that.
alright this is officially pointless.

Read this carefully. I check the size of the archive, not the stuff in it. Ok that's not clear. I check the size of the zip file. Still not clear? The ZIP file, or RAR file, possibly even password protected, is what I check. Let me repeat this again. I check the size of the zip file

I cannot stress enough how much I repeated this not just in this post.

ManOfSteel wrote:
Thousands of viruses try to deceive AVs and some try to manipulate them, disable them, crash them or render them ineffective.
The Goner worm was able to easily stop many of the most famous AVs (Kaspersky, McAfee, Norton, etc.) and firewalls (McAfee, ZA, etc.) And it's not even the best example, just the one I can remember right now.
Ever seen those very $$$ commercial apps that detect, then crash or just disable debuggers (e.g. SoftICE) in an attempt to slow a cracker/reverser down? Well, viruses use similar techniques and much more!
Yes that's why my point was that I'm fucked up either way, anti-virus or no anti-virus. At least I'm taking reasonable practical measures against a general-purpose virus, but if the average joe feels good with an anti-virus, so be it. I won't bite it.

ManOfSteel wrote:
Wrong. Have you ever noticed you can artificially set the size of any file (including a zip)? I wrote two files, one twice as big as the other, and compressed them. The resulting archives were obviously different in size. I appended X bytes to the end of the smaller archive to compensate the discrepancy. When I open, extract or test both archives, I get the same successful result.
Unless programs compare the file size on disk* with what they are reading/decoding/manipulating, they won't even notice.
* returned by an API, provided it was not hooked by the virus/rootkit Wink
If you add artificial stuff to the end of a zip file I will notice that when I view it with the Hex Editor.

Besides this isn't about adding to the zip, because the size will already be bigger, it's about making it smaller without removing functionality (I would notice that).

Plus, sometimes I download text. The virus has no way of knowing the filetype before download to deceive me, so if it pads the text file with junk, I would very easily notice THAT. Didn't happen to me yet.

Ah well, have fun with paranoia. I know my computer never acted weird (even if I have a new one less than a month, the older ones I used had 6+ years of being used), but then, maybe it has deceived my software right? Here's the thing. My modem has a led when activity gets through (download/upload), and guess what, it doesn't flash when I don't use it. This viruses I have must be sleeping or something. I mean I obviously have a viruses, the chances are 90%, right? Rolling Eyes

Don't get me wrong I'm aware there are many viruses out there but I for one think I take more than enough precautions. Not to mention NoScript which disables JavaScript for any site I didn't allow yet (e.g redirects or something).

Azu wrote:
With formats like that that are publicly known/documented, it could simply re-arrange the contents to make them less compressible, without actually adding anything. at all
That sounds too complex, and doesn't always work 100%, I would've detected it by now.

Also I would NOTICE the LAG when it recompresses and re-arranges.
You're talking about possibilities. Yes it can. But in practice it's virtually impossible.

_________________
Previously known as The_Grey_Beast
Post 28 Jul 2009, 16:02
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8999
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
Quote:

The virus receives the real size of the zip file, which is X bytes. Now, to deceive it must give you X+Y, where Y is the added size because it adds itself on the app inside the zip.

somehow, ur sentence sounds weird to me.

if the virus "able" to know the real size of the zip file, that means, ur system is infected already, the virus doesn't need to add Y bytes anymore. there should be more easier and smart way to infect more files.
Post 28 Jul 2009, 16:28
View user's profile Send private message Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
I assumed it intercepted the browser and stolen that information, because the browser receives that information in most files before you download them.

I took worst case scenarios in account cause it seems everyone is paranoid around here Razz

_________________
Previously known as The_Grey_Beast
Post 28 Jul 2009, 17:11
View user's profile Send private message Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu
Borsuc wrote:
ManOfSteel wrote:
Many infect files inside .zip, .rar, .cab, etc. archives. Many infect any kind of binaries (.exe, .dll, .sys, .ocx, etc.), but also help files (the old .hlp, .chm), MS Office files (macroviruses, although infection is done differently), etc.
Yes, but they need to repack the archive, changing its size.
Or take the compression algorithm into account..

Borsuc wrote:
ManOfSteel wrote:
The .exe stored in the archive may not be resized at all, resulting in the same archive size. Viruses can find relatively large chunks of empty space and inject themselves there without changing the .exe size. Most appending viruses 15 years old or less do that.
alright this is officially pointless.

Read this carefully. I check the size of the archive, not the stuff in it. Ok that's not clear. I check the size of the zip file. Still not clear? The ZIP file, or RAR file, possibly even password protected, is what I check. Let me repeat this again. I check the size of the zip file

I cannot stress enough how much I repeated this not just in this post.
How can I make this more clear; you have no reason to assume it would be hard for any modern virus to keep your stupid little zip file the same size as well, but this is completely besides the point since guess what, you get your stupid size thing from the website, which is rendered by the browser! OOPS!

Borsuc wrote:
ManOfSteel wrote:
Thousands of viruses try to deceive AVs and some try to manipulate them, disable them, crash them or render them ineffective.
The Goner worm was able to easily stop many of the most famous AVs (Kaspersky, McAfee, Norton, etc.) and firewalls (McAfee, ZA, etc.) And it's not even the best example, just the one I can remember right now.
Ever seen those very $$$ commercial apps that detect, then crash or just disable debuggers (e.g. SoftICE) in an attempt to slow a cracker/reverser down? Well, viruses use similar techniques and much more!
Yes that's why my point was that I'm fucked up either way, anti-virus or no anti-virus. At least I'm taking reasonable practical measures against a general-purpose virus, but if the average joe feels good with an anti-virus, so be it. I won't bite it.
Practical measures would be to stop using a POS like IE6 that is filled with holes, and an AV just in case.

Borsuc wrote:
ManOfSteel wrote:
Wrong. Have you ever noticed you can artificially set the size of any file (including a zip)? I wrote two files, one twice as big as the other, and compressed them. The resulting archives were obviously different in size. I appended X bytes to the end of the smaller archive to compensate the discrepancy. When I open, extract or test both archives, I get the same successful result.
Unless programs compare the file size on disk* with what they are reading/decoding/manipulating, they won't even notice.
* returned by an API, provided it was not hooked by the virus/rootkit Wink
If you add artificial stuff to the end of a zip file I will notice that when I view it with the Hex Editor.
If it's tacked on blindly to the end, AND doesn't resemble a normal zip file ending..

Borsuc wrote:
Besides this isn't about adding to the zip, because the size will already be bigger, it's about making it smaller without removing functionality (I would notice that).
No, this part of the argument is about how a virus can get past your retarded measure without even having to keep the size the same; by replacing the "this file is XXX bytes long" thing on your little website with XXX+size of uncompressed virus, and then simply bloating the zip file until it is exactly that size.

Borsuc wrote:
Plus, sometimes I download text. The virus has no way of knowing the filetype before download to deceive me, so if it pads the text file with junk, I would very easily notice THAT. Didn't happen to me yet.
You're assuming much, here.
1. That you didn't just get lucky and not have a virus in your box while you were downloading the text file
2. That the virus couldn't have just downloaded the header of the zip file in the background and decided not to do anything unless there is something infectable in it
3. The there is no way to increase the size of a zip file that won't be easily found
4. That you haven't already let the virus out of the box in which case it is simply intercepting your computer's APIs and removing whatever detectable signs there are in files you download

Borsuc wrote:
Ah well, have fun with paranoia. I know my computer never acted weird (even if I have a new one less than a month, the older ones I used had 6+ years of being used), but then, maybe it has deceived my software right? Here's the thing. My modem has a led when activity gets through (download/upload), and guess what, it doesn't flash when I don't use it. This viruses I have must be sleeping or something. I mean I obviously have a viruses, the chances are 90%, right? Rolling Eyes
Have fun with gullibility. You do know that software can tell when there is network activity, right? It would be trivial to make a keylogger only phone home during peak network usage.

Borsuc wrote:
Azu wrote:
With formats like that that are publicly known/documented, it could simply re-arrange the contents to make them less compressible, without actually adding anything. at all
That sounds too complex, and doesn't always work 100%, I would've detected it by now.

Also I would NOTICE the LAG when it recompresses and re-arranges.
You're talking about possibilities. Yes it can. But in practice it's virtually impossible.
If the EXEs you're downloading are hundreds of megabytes, maybe. But then again, it could just ignore big files. Or have a very fast recompression algorithm. Or be able to stream the recompression in the background as the file is downloaded. Or any other number of ways to prevent detection in this way.
Post 29 Jul 2009, 00:21
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3, 4, 5, 6, 7  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.