Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Submission + - WinZip distributes infected 18.5 update

VMB74 writes: Paying WinZip customers received an e-mail notification of the Free Upgrade to WinZip 18.5 availability yesterday. The e-mail included a link to the following site:
http://www.winzip.com/en/landi...

Clicking the Get Update button downloads a 802K winzip180xp.exe executable which installs nothing more than a Rocket PUP. Please do not try to run the downloaded winzip180xp.exe on a useful Windows machine you care about. Cleanup is very time consuming.

Here are the VirusTotal scan results:
https://www.virustotal.com/en/...

And the most amazing part is the response of the WinZip technical support which I provided with all technical details. Here it comes in full, in the original formatting, and with the original spelling:

"Hi, I am writing in response to your message:

Thank you for your inquiry.

This is the false positive warning message from Windows or Antivirus application when you are downloading any executable(.exe) files. The WinZip application setup file and other downloads from WinZip download page are safe and does not contains any Virus, malware etc.

Please temporarily disable the your Antivirus application and complete the download of WinZip application Setup file. After completing the download, Please enable your Antivirus application.

Thanks,
Mukesh, WinZip Customer Support"

Comment Re:For the love of God, let it die! (Score 1) 217 217

Interestingly enough, I started using Mercury in 2000, version 1.48.

My search criteria for the MTA included full relay control, support for SMTP AUTH, support for APOP. Mercury was the only product running on Novell that satisfied all of my requirements. It did have a couple of idiosyncrasies, but I did not see a software which does not have some. At least as of yet.

First thing I made sure my installation was not an open relay and that it passed all abuse tests available at that time. I retested it regularly, at least once a year, and it never failed, not a single time.

I did not have a chance to look into the code so I cannot be a judge here. What I can attest to is that the code runs flawlessly for as long as the host server runs. And as Novell runs practically indefinitely so the Mercury does.

I completely understand your concern regarding poor initial defaults in terms of open relaying. Maybe the software should have been rewritten at certain point to make some settings permanent. Unfortunately David stopped Novell development in May of 2000.

Should the quality of the product be questioned based on the fact that it reflected the trends of the time and was consistently backwards compatible? I doubt...

Fools ignore complexity. Pragmatists suffer it. Some can avoid it. Geniuses remove it. -- Perlis's Programming Proverb #58, SIGPLAN Notices, Sept. 1982

Working...