Jafo

Join Date 03/2001

+1845

Virus Warning.

A recent uploaded LiteSTEP theme by Dervi@nS0ul, entitled RmasterD_nL included 4 executables, including Litestep.exe all infected with the W32.Elkern.4926 virus.

I missed this prior to upload but have since contacted the author and removed the theme.

Norton 2003 had no difficulty locating them within the zip and dealing with them.

This just reinforces our general policy not to accept executable files within submissions.

2 recent LS uploads were as self-installing executables, so I removed them and requested the author upload zips instead....so he put the darn executables into zips....bloody twit...

LiteSTEP themes are far more appropriate in particular to be distributed as file-structured zips so that users can access the readme file/s etc PRIOR to all hell breaking loose.

It looks like even closer scrutiny is needed to prevent future occurrences of this sort...

remember...NO EXECUTABLES

Locked Post

Advanced Search

Watch this post

Do not email me updates for this post Email me updates for this post

Successfully updated karma reason!

DarkMist ponders on how to upload the Flu in a Wall

Successfully updated karma reason!

Ehm, if you make an install program for them, is that ok?

Successfully updated karma reason!

paxx

Join Date 03/2001

Styl, no it's not. No executables of any sort please.

Successfully updated karma reason!

Sign Up or Login and this ad disappears!
There are many great features available to you once you register. Sign Up for a free account and browse the forums without ads.

I didn't know that

Can I read that somewhere in the submission guidelines or elsewhere?

Successfully updated karma reason!

W32.Bugbear.B

W32.Bugbear.B is a new variant of W32.Bugbear Worm. Its a mass mailing worm
that attempts to email itself to all the email address found in your address
book and files with following extensions .ODS , .MMF, .NCH, .MBX, .EML,
.TBB, .DBX, INBOX and sends an email message with itself as attachment to
all the email addresses.

The email comes with attachment having double extensions.
The worm uses the 'Incorrect MIME Header Vulnerability' which can cause
IE to execute E-mail attachment on an unpatched systems to auto-execute
the worm when reading or previewing an infected message.

On execution it infects most of the popular and commonly used *.exe and
applications. It spreads on local drive as well as in network shared folders.
This worm also drops a backdoor and a Trojan.

Please update your copy using the update provided on 5th June.

If you receive any email with attachments having double extensions then just
DO NOT OPEN OR EXECUTE THE ATTACHMENT.
Delete those mails.

Successfully updated karma reason!

Well this presents an interesting problem. I'm due to release a new WindowBlinds skin tomorrow which needs to be installed using an executable installer. Does this mean I can't upload the skin now?

Successfully updated karma reason!

CerebroJD

Join Date 01/2003

I'm protected from Bugbear B. It wounds like a wicked one.

Successfully updated karma reason!

grayhaze: I would imagine that you can upload it all you want, but the admins will not approve it and simply delete it. I assume this because....

paxx wrote: "No executables of any sort please."

BTW, why the heck would you want an installer for a WB skin?
[Message Edited]

Successfully updated karma reason!

I've explained why I need to use an installer in another thread, but it amounts to making the installation and use of the skin as smooth as process as possible for the user. It uses a lot of hardcoded paths which need to be modified depending on the user's system configuration, and also includes a 'manual' which I would like made available from a program group on the start menu. Most manuals included with skins are never even seen because the average user doesn't know where to look for it.

Successfully updated karma reason!

Jafo

Join Date 03/2001

+1845

grayhaze....if it is a case of 'necessity' perhaps send it to myself directly by email for independent scrutiny....checking for clean bill of health before it makes it to the site's galleries.

It has always been a 'bad thing'[tm] to incorporate registry settings and hard-coding of paths, etc into a public distributable file which may have adverse impact on the running or stability of another's system.

This is one of the issues particularly with shell replacements that have the potential to seriously mangle or at least totally confuse the novice user, hence the famous cry...."Litestep screwed my system and I had to reinstall Windows".

Most people will balk at the thought of 'installing' a skin from an 'uncertain' source that modifies settings within the system while doing so...

Successfully updated karma reason!

As a matter of fact, he can upload it, and will even get online... Thats why he has the title 'journeyman'

I hope they let it online, and I think they will.
Journeyman: somebody who proved that we can trust him and only uploads quality skins... isn't that the meaning of it?

Successfully updated karma reason!

paxx

Join Date 03/2001

Lecrayon, no it's not in the guidelines. When we wrote the guidelines, it never came to us that anybody would be uploading executables. Perhaps we should add it.

BUt there is bound to be exceptions. For example regarding plugins. Some plugins are executables. Are we to reject the plugins? The DLL plugins aren't a problem, but the executable ones are.

So anyway. As a general rule we ask to avoid executables at all costs. But if you feel that your skins/theme really needs that executable absolutely, then email an admin so he can take a decisoin regarding that specific case.

Successfully updated karma reason!

paxx

Join Date 03/2001

But, to be honest, I really really really don't want to start having skins installers here. As Jafo said, installers can change registry settings and cause computers to start acting up. I'd rather avoid installers here, please.

Successfully updated karma reason!

Maybe I didn't quite explain myself properly Jafo. Although the installer looks at the setup of the user's system to determine paths to things like WindowBlinds and Notepad and so on, it doesn't actually alter any of those settings on the system itself. The installer uses those settings to create or modify the user's 'wbuser.ini' file in the WindowBlinds directory, so that application launcher buttons on the skin correctly launch the right application. Obviously the user could create their own 'wbuser.ini' file from scratch and place it in their WindowBlinds directory, but the inability of a '.wba' file to install a readily accessible manual means that the average user won't even know that they need to do so without stumbling across a text file in the skin installation folder.

I'm doing this to make things easier for the novice user, and to prevent a deluge of e-mails complaining that buttons aren't working on the skin. The addition of a 'grayhaze.com' program group containing links to the manual and various sites online will only help to solve any problems a user may have.

My intention with this release was also to start making skins which use a central 'Plugins' folder in the WindowBlinds directory, only updating plugins to a newer version when needed, and making the plugin update process a lot easier for those people who get fed up with having to copy a new plugin to every single skin folder that uses it.

All of these processes require something much more advanced, and more streamlined, than the basic 'renamed zip' installation that WindowBlinds currently offers.

I'd be happy to send a copy to you before I upload Paul, and I assure you that my Norton AntiVirus pounces on anything before it even sets foot on my computer.

Successfully updated karma reason!

I can understand your reservations about executables paxx, but I can see two potential solutions to the problem whereby uploading them wouldn't be an issue for the site.

Option one would be to run everything that gets uploaded through anti-virus software. As a large file download site this should really be something that happens already.

Option two would be to add a checkbox to the upload page which the user needs to click to certify that their upload is virus-free. This would cover the site legally for any potential problems as a result of a virus being spread through a file on the site.

Successfully updated karma reason!

Jafo

Join Date 03/2001

+1845

grayhaze....OK...don't upload it here as yet...email it to me... martinp@smart.net.au and I'll run it [install it] and also scan for potential dramas....I know I'm clean....whereas you cannot smell your own nose [as it were], if you're already infected you 'can' appear clean....

Successfully updated karma reason!

I'll send it to you sometime tomorrow evening (GMT), by which time it should hopefully be ready.

Successfully updated karma reason!

testing reply, deleting soon 2
[Message Edited]
[Message Edited]

Successfully updated karma reason!

Jafo

Join Date 03/2001

+1845

Thanks for that, Kevin....but in the meantime I'll have to confer with the 'powers that be' to determine the 'Stardock' stance regarding WB installation procedure preferences....in other words...whether Frogboy is OK with this alternative to a standard 'wba' file being available for DL here...

Successfully updated karma reason!

Thanks Paxx for the info

It is maybe sensible to insert this somewhere.

Successfully updated karma reason!

I wholeharedly agree on no executibales...When I was a youngster I had bad experience with a trojan horse and an executible...I had to throw the whole mess out the window..it got in my Flash bios on the mother board and at the time it was hard to locate and debug your bios with out having a PHD.

Successfully updated karma reason!