this post was submitted on 15 Sep 2024
23 points (78.0% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54746 readers
222 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 

UPX is open source and works on linux , windows and mac (ie. cross platform) I would like to know why the torrenting space isn't using it already / having a mature discussion about it.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 17 points 2 months ago* (last edited 2 months ago) (1 children)

Politely, but no.

It's a compression tool that is also used to mask malware, and you're proposing to expand it's use in a use case that's ALREADY coated in enough malware to give you herpes just by walking past your average tracker.

It's a bad idea from a security perspective, and it's not going to outperform a LZMA-based compression tool using a large dictionary (7zip, etc.) which also isn't fucking with binaries in a way that makes detecting and preventing malicious software more complicated for the average user, who typically knows absolutely zero about what's going on.

[–] [email protected] 3 points 2 months ago

I had actually agreed with you , here was my initial comment , though I just wanted to look into upx github page more

okay now I understand what you mean.
Basically the same threat model follows if you want to unpack a upx
and it also states
- We will *NOT* add any sort of protection and/or encryption.
    This only gives people a false feeling of security because
    all "protectors" can be broken by definition.

What would you recommend instead ? .
But also if you are extracting that file , you are basically running it , but the main issue is that antivirus can't read it

new response:


But on  https://upx.github.io/ , its given as

>secure: as UPX is documented Open Source since many years any relevant Security/Antivirus software is able to peek inside UPX compressed apps to verify them

I am really sorry mate but please read about upx once because I don't know why but you just seem so defensive to this change.