As is my routine every couple of weeks, I ran Pest Patrol anti-spyware software, and was disturbed to find it came back saying that the file FLAC/COPYING.FDL was a security exploit known as "Virus Tutorial" or VTool/jul2. This has left me wondering if FLAC is to be trusted. Here's what PestPatrol's web site has to say about it: Exploit: A way of breaking into a system. An exploit takes advantage of a weakness in a system in order to hack it. Exploits are the root of the hacker culture. Hackers gain fame by discovering an exploit. Others gain fame by writing scripts for it. Legions of script-kiddies apply the exploit to millions of systems, whether it makes sense or not. Since people make the same mistakes over-and-over, exploits for very different systems start to look very much like each other. Most exploits can be classified under major categories: buffer overflow, directory climbing, defaults, Denial of Service. (see http://www3.ca.com/securityadvisor/pest/pest.aspx?id=12665 for the entire document about this) Can someone here explain what's going on? I do no e-mailing on that particular PC, and have it set to block all pop-ups. --Helen
On Sat, Dec 11, 2004 at 07:37:40PM -0500, Helen Glazer wrote:> As is my routine every couple of weeks, I ran Pest Patrol anti-spyware > software, and was disturbed to find it came back saying that the file > FLAC/COPYING.FDL was a security exploit known as "Virus Tutorial" or > VTool/jul2. This has left me wondering if FLAC is to be trusted.Well, since the file in question is just a text file, my guess is that this is a false positive, where it just happens to contain something similar to a known malware program. You don't say which FLAC package you downloaded, but there is a note on http://flac.sourceforge.net/download.html about some virus scanners having this problem with the FLAC 1.1.1 for Windows installer.> Can someone here explain what's going on? I do no e-mailing on that > particular PC, and have it set to block all pop-ups.Hope that reassures you; you can also compare the file with the original version published by the Free Software Foundation at http://www.gnu.org/licenses/fdl.txt or look up other copies on the net. -r
On Sat, Dec 11, 2004 at 08:47:07PM -0800, Ralph Giles wrote:> Hope that reassures you; you can also compare the file with the original > version published by the Free Software Foundation at > http://www.gnu.org/licenses/fdl.txt or look up other copies on the net.After I wrote that I realized the version on gnu.org is a newer revision of the license than the one included wuth FLAC. The identical text is at http://www.gnu.org/licenses/old-licenses/fdl-1.1.txt Josh: worth upgrading to 1.2? The changes look reasonable. -r