[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Spyware in Octave
From: |
Rob Mahurin |
Subject: |
Re: Spyware in Octave |
Date: |
Thu, 18 Sep 2008 13:19:50 -0400 |
On Sep 18, 2008, at 5:43 AM, Michael Goffioul wrote:
Anyway, those files are not vital for octave to run. You can simply
delete
them, the help system will just not work.
In a teaching environment, I would say that the help system is a
vital part of Octave.
Reports of malware detectors flagging the Windows distribution of
Octave also surfaced shortly after the release of 3.0.1 [http://
www.nabble.com/Zhelatin.aan-email-worm-in-windows-octave-forge-
installer-td18009788.html]. That detection was reported after some
20k downloads and was cautiously dismissed as a false positive after
the same signature was reported in December's 3.0.0 installer. Now
there is a reproducible detection of a different bit of malware in
the 3.0.1 installer. Even if this is also a false alarm, it might be
good PR to have a way to say "so-and-so believed on such-and-such
date that the installer with checksum abcd0123... was clean."
I don't see any way to verify that the windows installers linked from
http://octave.sourceforge.net/ are the same installers that Michael
uploaded. The four most recent ones have md5 checksums
df11819d9d7a9db7bc24e67c2f1bcd96 octave-3.0.0-setup.exe
d1f0ef7190f83997c4b48143ebb219d6 octave-3.0.1-setup.exe
d5cb626c18a71b2e6d2bc77d97fc95f6 octave-3.0.1-vs2008-setup.exe
391541c973f317cf04da46adede9ac81 octave-3.1.50-setup.exe
Are these the same files that were uploaded?
If I read Bruce Labitt's message correctly, the sed.exe reported
"suspicious" by virscan.org was the one produced by Michael Goffioul,
not the one from MinGW. The Calvin College student did not say which
scanner he used, but that both "sed"s were suspicious. Two other
"sed" executables from the same or similar source code also come back
from virscan.org clean:
http://virscan.org/report/c5122f5237f29ea46022057be548fab1.html (Mac
OS X 10.4)
http://virscan.org/report/cd62d224da632b2577a2d444c26e93eb.html
(Debian 3.1)
So there doesn't seem to be anything intrinsic about sed that
triggers virus scanners.
I agree the most likely explanation is a false detection. But I
haven't seen in this discussion any way to verify that
1. the octave-forge installer is the same file uploaded in May
(Bruce installed his version a week or so after the upload)
2. the "suspicious" binaries are the same binaries carried by the
installer
If both of these are true, and the false detection is on a file from
the Octave project, it would be good PR to try and avoid the problem
in the windows release of 3.0.2.
Cheers,
Rob
--
Rob Mahurin
Dept. of Physics & Astronomy
University of Tennessee phone: 865 207 2594
Knoxville, TN 37996 email: address@hidden
- RE: Spyware in Octave, (continued)
Spyware in Octave, Thomas L. Scofield, 2008/09/16
- Re: Spyware in Octave, dbateman, 2008/09/17
- RE: Spyware in Octave, Labitt, Bruce, 2008/09/17
- RE: Spyware in Octave, dbateman, 2008/09/17
- RE: Spyware in Octave, Labitt, Bruce, 2008/09/17
- Re: Spyware in Octave, Michael Goffioul, 2008/09/18
- Re: Spyware in Octave, dbateman, 2008/09/18
Re: Spyware in Octave, Michael Goffioul, 2008/09/18