Thread: Is this true?
View Single Post
  #14  
Old November 9th 19, 11:26 PM posted to alt.comp.os.windows-10,alt.computer.workshop,alt.comp.freeware
Paul[_32_]
external usenet poster
  
Posts: 11,873
Default Is this true?
~BD~ wrote:
On 09/11/2019 19:07, ~BD~ wrote:
On 08/11/2019 22:07, Paul wrote:
~BD~ wrote:
On 08/11/2019 12:05, Wolffan wrote:
On 08 Nov 2019, BD~ wrote
(in article ):

'Shadow' claims ....

That the Kaspersky *FREE* 'Rescue Disk' is a Linux Dist

it is

How do you know? How can you tell?


Dude, less yapping, more researching.

OK! :-)

KRD.iso
September 19, 2019, 11:25:30 PM
594,067,456 bytes)

https://i.postimg.cc/LsWZpcpN/KRD-is-gentoo.gif

I changed the filename of the ISO, to prevent
a name collision with a previous one. Many of my
other KAV files are dated.

The KRD disc is noteworthy, in that it has
a registry editor on board. There's an icon
on the desktop.

*******

Your next task, is find the scanning engine.

My Apple iMac didn't like the ISO!

https://www.dropbox.com/s/jv8oy3qwnp...20ISO.png?dl=0


When I try to open a DMG file I get this:-

"There may be a problem with this disk image. Are you sure you want to
open it?

Opening this disk image may make your computer less secure or cause
other problems."

=

What does that mean in fact? What's really wrong with it, and what kind
of problem can it cause just by mounting?

Are you doing this on Windows now, or on a Mac ?
I can guess if you like.

A .dmg can be disassembled into parts. I used to do
that at one time, on my Mac G4 in a bygone era. A part
of getting something to run, relied on users being
able to get inside and fix something. That's how I
know the format isn't a barrier to entry, like an
Installshield might be.

It's possible that .dmg has an autorun capability,
so that "things start to run for the user, without
effort". And such a mechanism would be a good attack
surface for malware. Like, if you downloaded a
..dmg from an untrusted site and tried to open it.

I can probably simulate this a little bit.

I used to use Firefox on the G4 (PowerPC based)
(because at the time, Safari didn't render all web
pages well) and the file came as a .dmg. I can get
one of these today for a look.

http://releases.mozilla.org/pub/fire...x%2070.0.1.dmg

And you can see that 7ZIP on Windows, has no problem
inspecting what is inside a .dmg. Using your Mac
specific knowledge, you can look at the specimen
you have acquired, and see if there are any issues
of note. I'm sure there's a TN (Apple Technical Note),
or someone in a Mac group, who can help with attack
vectors or autorun mechanisms with such things.

https://i.postimg.cc/fb3hqwYT/7-ZIP-...mine-a-DMG.gif

In that picture, you can see there is a code signing
resource, so in principle, an executable can be checked
for adulteration since it left the hands of the developer.
But stuff like this, there's always someone out there
who has figured out a way to fuzz such things and
break them. So the warning is about "unknown attack
vectors. based on the ability to autorun stuff
from a .dmg". And that only applies if, somehow,
the machine is deciding it *must* open that .dmg
right away. That would take two levels of autorun
to do that.

On Windows, autorun has been partially shut off, to
reduce the attack surface caused by it. But some people
on the Internet, feel Microsoft didn't do enough,
and at least one dude was showing how to use
SRP to prevent any "autorun.inf" file from
being executed on Windows. So that's a way to
harden Windows (a tiny bit), from inserted media attacks.

Paul
Ads