this post was submitted on 15 Sep 2024
23 points (78.0% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54746 readers
222 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 

UPX is open source and works on linux , windows and mac (ie. cross platform) I would like to know why the torrenting space isn't using it already / having a mature discussion about it.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 16 points 2 months ago (7 children)

Sorry, I meant antivirus. (Corpo IT calls it endpoint, since it's, well, the endpoint.)

[–] [email protected] 2 points 2 months ago (5 children)

. Malware is enough of a problem that there’s no way I’d want to start downloading crap that’s been UPXed since that’s going to make it impossible to determine if it’s legitimate or not by (most) endpoint tools, or they’ll just see UPX and go ‘bad shit!’ on everything.

You had clearly misunderstood what this tool is. Its tool for better compression of executables which could be used in data sensitive (Like , most people would agree with me that some times decrypting on our own local device could be better since it could be more predictable than waiting for seeders , because there are very less seeders)

[–] [email protected] 17 points 2 months ago* (last edited 2 months ago) (1 children)

Politely, but no.

It's a compression tool that is also used to mask malware, and you're proposing to expand it's use in a use case that's ALREADY coated in enough malware to give you herpes just by walking past your average tracker.

It's a bad idea from a security perspective, and it's not going to outperform a LZMA-based compression tool using a large dictionary (7zip, etc.) which also isn't fucking with binaries in a way that makes detecting and preventing malicious software more complicated for the average user, who typically knows absolutely zero about what's going on.

[–] [email protected] 3 points 2 months ago

I had actually agreed with you , here was my initial comment , though I just wanted to look into upx github page more

okay now I understand what you mean.
Basically the same threat model follows if you want to unpack a upx
and it also states
- We will *NOT* add any sort of protection and/or encryption.
    This only gives people a false feeling of security because
    all "protectors" can be broken by definition.

What would you recommend instead ? .
But also if you are extracting that file , you are basically running it , but the main issue is that antivirus can't read it

new response:


But on  https://upx.github.io/ , its given as

>secure: as UPX is documented Open Source since many years any relevant Security/Antivirus software is able to peek inside UPX compressed apps to verify them

I am really sorry mate but please read about upx once because I don't know why but you just seem so defensive to this change.
load more comments (3 replies)
load more comments (4 replies)