[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: installation of /2016-01-24/pspp-090+20160124-snapshot-64bits-setup.
|
From: |
John Darrington |
|
Subject: |
Re: installation of /2016-01-24/pspp-090+20160124-snapshot-64bits-setup.exe |
|
Date: |
Wed, 27 Jan 2016 15:09:19 +0100 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Tue, Jan 26, 2016 at 11:32:14PM +0100, news wrote:
Are you sure there is no virus and the 2nd Panda message is a
false positive ?
Interesting question. It raises a number of issues:
1. The short answer is "no" we cannot be absolutely sure. But at the
same time, there are lots of putative "virus checking" programs which
"work" in exactly the same way as http://en.wikipedia.org/wiki/ADE651
If somebody (or some program) thinks it has discovered malware, then the
onus is on them to provide evidence. Does your Panda program say WHY it
thinks
there is a virus?
2. You should note the warranty that comes with PSPP - you can see it by
executing
the command "SHOW WARRANTY." and I have reproduced it at the bottom of
this mail.
3. You must ask yourself: Who do you trust more? The people who distribute
PSPP or the people who distribute your virus checker? When I say "trust"
I mean trust NOT to have (either deliberately or inadvertently) to have
introduced something BAD into the software.
4. Assuming that you trust the PSPP developers, do you trust your ISP and
all intermediate carriers not to have tampered with the software during
download? -- If you checked the GPG signature after download, then you
can be sure it was not tampered with. Did you check it?
5. If you do not trust the developers, fortunately you can examine the source
code to ensure that there is nothing malicious there, before you
start building it.
6. However, I think you mentioned windows, so there is a good chance that
you did not build it yourself but downloaded Harry's prebuilt binary.
Do you trust Harry? Do you trust his toolchain? Do you trust the
people who built Harry's toolchain for him? All of those stages are
opportunities to insert something malicious. On the other hand, if
you are using windows why do you care - it is common knowledge that the
operating system contains malware by design.
7. My personal opinion is that I think it unlikely that any version of PSPP
contains a virus. -- but do you trust ME?
Pspp's warranty:
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
--
Avoid eavesdropping. Send strong encryted email.
PGP Public key ID: 1024D/2DE827B3
fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.
signature.asc
Description: Digital signature