%expand%
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<SCRIPT language="JavaScript">
<!--
var str=location.href; 
if (str.indexOf('blogspot.com') > 0) {
  var newStr = str.replace('http://altroot.blogspot.com','').replace('http://www.blogger.com/blog-preview.g','');
  window.location='http://www.documentroot.com'+newStr;
}
//-->
</SCRIPT>


<title>Viruses: Damned If You Do</title>
%set(body,%html-clean({<div style="clear:both;"></div>You'd better run antivirus software, or you could get arrested and have your daughter taken away from you.  At least, that's the lesson that was learned by <a href="http://news.zdnet.co.uk/0,39020330,39115422,00.htm">Julian Green, who was arrested for possession of child pornography</a>, and had his daughter taken into custody.  He was released after it was discovered that a trojan horse (a breed of virus) was actually responsible for downloading all the pornography on his machine.
<br />
<br />The lesson to be learned here is that our government must not have the power to arrest and convict someone solely on the basis of computer evidence.
<br />
<br />On an unrelated note, if a company runs antivirus software that unpacks ZIP/GZ files, it's trivial to DOS their mailserver.  ZIP/GZ files contain patterns and length multipliers.  It's possible to craft a 1K file that uncompresses to 1000 MB.   Mailing variants of highly compressed archive files in a very light mailbomb would be able to cripple even the largest corporate mailservers equipped with antivirus sofware.  In testing, <a href="http://www.linuxpipeline.com/showArticle.jhtml?articleId=17301418">AER/sec</a> discovered that this vulnerability exists in most major antivirus utilities. Exploiting the behavior of underlying software to multiply the intensity of an attack is a typical tool used by DOS hackers.
<br /><div style="clear:both; padding-bottom:0.25em"></div>}))
<meta name="description" content="%html-quote(%left(%body%,100)...)">

<meta name="author" content="erik aronesty">
<meta name="copyright" content="(c) 2001-2004 Erik Aronesty/DocumentRoot.com.  Right to copy, without attribution, is given freely to anyone for any reason.">
<meta name="language" content="english">
<meta name="icbm" content="40.713575, -073.961339">
<!-- maybe it should be 40:42:48.870N, 73:57:40.820W  -->
<style>
body	{background:white;margin: 0px;font-family: Verdana, Arial, sans-serif;color: black;}
.blogtitle	{font-family: Lucida Console, Verdana, Arial, sans-serif;color: white;font-size:36px;margin:2px;}
.blogmini	{font-family: Verdana, Arial, sans-serif;color: white;font-size:8px;margin:1px;}
.blogcopy	{font-family: Verdana, Arial, sans-serif;color: black;font-size:10px;margin:1px;}
.links	{font-family: Verdana, Arial, sans-serif;color: black;font-size:11px;}
A	{color:#0069c3;}
A:hover	{color:red;}
A.byline {color:black;text-decoration:none}
.date	{font-family: Verdana, Arial, sans-serif;color: black;font-size:14px;font-weight:bold;}
.posts	{font-family: Verdana, Arial, sans-serif;color: black;font-size:12px;}
.byline	{font-family: Verdana, Arial, sans-serif;color: #000000;font-size:11px;}
.title	{font-family: Verdana, Arial, sans-serif;color: #000000;font-size:13px;}
</style>
<meta name='google-adsense-platform-account' content='ca-host-pub-1556223355139109'/>
<meta name='google-adsense-platform-domain' content='blogspot.com'/>

<!-- data-ad-client=ca-pub-6848512682142613 -->
<!-- --><style type="text/css">@import url(//www.blogger.com/static/v1/v-css/navbar/3334278262-classic.css);
div.b-mobile {display:none;}
</style>

</head>

<body bgcolor="White" marginwidth="0" marginheight="0"><script type="text/javascript">
    function setAttributeOnload(object, attribute, val) {
      if(window.addEventListener) {
        window.addEventListener('load',
          function(){ object[attribute] = val; }, false);
      } else {
        window.attachEvent('onload', function(){ object[attribute] = val; });
      }
    }
  </script>
<div id="navbar-iframe-container"></div>
<script type="text/javascript" src="https://apis.google.com/js/platform.js"></script>
<script type="text/javascript">
      gapi.load("gapi.iframes:gapi.iframes.style.bubble", function() {
        if (gapi.iframes && gapi.iframes.getContext) {
          gapi.iframes.getContext().openChild({
              url: 'https://www.blogger.com/navbar/3570590?origin\x3dhttps://altroot.blogspot.com',
              where: document.getElementById("navbar-iframe-container"),
              id: "navbar-iframe"
          });
        }
      });
    </script>

<table width="100%" bgcolor="black" cellspacing="0" cellpadding="1">
<tr height="10">
  <td bgcolor="#999999" style="border-left:1px solid black;border-top:1px solid black;">&nbsp;</td>
  <td bgcolor="#999999" width=150 style="border-top:1px solid black;border-right:1px solid black;">&nbsp;</td>
</tr>

<tr height="80">
  <td align="right" style="border-left:1px solid black;border-top:1px solid black;border-bottom:1px solid black;" bgcolor="#CC3333" class="blogtitle">Bracing against the wind
  <td bgcolor="#CC3333" width=150 style="border-right:1px solid black;border-top:1px solid black;border-bottom:1px solid black;">&nbsp;</td>
</tr>

<tr height="10">
  <td align="right" bgcolor="#999999" class="blogmini" style="border-bottom:1px solid black;border-left:1px solid black;"><font color="#FFFFFF" size=1><a class=blogmini href="/">www.documentroot.com</a>
  <td bgcolor="#999999" width=150 style="border-bottom:1px solid black;border-right:1px solid black;">&nbsp;</td>
</tr>
</font></tr>
</table>

<table width="100%" border="0" cellspacing="10" cellpadding="5">
<tr>

<td valign="top" width="128">

  <div class="links">

<FORM method=GET action="http://www.google.com/search">
<input type=hidden name=sitesearch value="www.documentroot.com">
<input type=hidden name=domains value="www.documentroot.com">
Search this site:<br><INPUT TYPE=text name=q size=10 maxlength=255 value=""><INPUT type=submit name=btnG VALUE="Go">
</FORM>

     <p style="background-color:#DDDDDD; text-align: center; text-align: center;;">
       <a href="http://www.documentroot.com/arc/" class="links"><b>View Archive</b></a>
     </p>
    <p><a href="http://www.documentroot.com/signup.html" class="links">Free Blog Commenter &amp; Counter</a>
    <p><a href="http://www.memebot.com/?ref=docroot" class="links">Memebot: Free Website Hosting</a>
    <p><a href="http://www.approvalvoting.com/" class="links">Americans for Approval Voting</a>
    <p>2002 WTC Pics: <a href="/wtccommute">Aug&nbsp;12</a> <a href="/wtccross">Aug&nbsp;16</a> <a href="/wtc2">Aug&nbsp;30</a> <a href="/wtc3">Sep&nbsp;11</a> <a href="/wtc4">Sep&nbsp;23</a> <a href="/wtc5">Oct&nbsp;24</a>
    <p><a href="http://www.bitk.in/" class="links">Shop with Bitcoin At Amazon</a>
    <p><a href="http://www.yvetteyasui.com/">Yvette's Weblog</a>
    <P><a href="http://www.documentroot.com/2008/01/list-of-sites-managed.html">All sites by me</a>
    <p><a href="http://fusion.google.com/add?feedurl=http%3A//www.documentroot.com/rss.xml"><img src="https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_twdxtDlANpSDgk6jtdyPEut3Ak_9PNsyIwVJBmfv5a4AsvCp0P1Gan19luA9O9SxNd-P_5xoi1t0QbT8B9pO3D61Cask7tngKVrldAsAuTecfh7ZuyNA=s0-d" width="104" height="17" border="0" alt="Add to Google"></a></p>
    <p><a href="/rss.xml" class="links">RSS for this site</a>
	<p>
    Lo! In the east against the blazing shadow of a rising sun, there come four men striding in unison, each step a journey, against the terrible winds.

    <p><a href="//www.blogger.com">
    <img border="0" width=88 height=31 src="/img/bloggerbutton1.gif" border=0 alt="[Powered by Blogger]"></a>

  </div>

</td>

<!--This is where the actual content of your blog goes.
-->

<td valign="top">
  
    
      <p><div class="date">Wednesday, May 12, 2004</div>
    
    
     <div class="posts">	
       <p>
       <a name="108438763401184713" href="http://altroot.blogspot.com/2004/05/viruses-damned-if-you-do.html" style="text-decoration:none">
         <b class="title">
           
               
               Viruses: Damned If You Do</a>
           
         </b>
         <br>
       </a>
       <b class="byline"><a class="byline" href="http://altroot.blogspot.com/2004/05/viruses-damned-if-you-do.html">Posted 11:30 AM</a></b>
       <br><div style="clear:both;"></div>You'd better run antivirus software, or you could get arrested and have your daughter taken away from you.  At least, that's the lesson that was learned by <a href="http://news.zdnet.co.uk/0,39020330,39115422,00.htm">Julian Green, who was arrested for possession of child pornography</a>, and had his daughter taken into custody.  He was released after it was discovered that a trojan horse (a breed of virus) was actually responsible for downloading all the pornography on his machine.
<br />
<br />The lesson to be learned here is that our government must not have the power to arrest and convict someone solely on the basis of computer evidence.
<br />
<br />On an unrelated note, if a company runs antivirus software that unpacks ZIP/GZ files, it's trivial to DOS their mailserver.  ZIP/GZ files contain patterns and length multipliers.  It's possible to craft a 1K file that uncompresses to 1000 MB.   Mailing variants of highly compressed archive files in a very light mailbomb would be able to cripple even the largest corporate mailservers equipped with antivirus sofware.  In testing, <a href="http://www.linuxpipeline.com/showArticle.jhtml?articleId=17301418">AER/sec</a> discovered that this vulnerability exists in most major antivirus utilities. Exploiting the behavior of underlying software to multiply the intensity of an attack is a typical tool used by DOS hackers.
<br /><div style="clear:both; padding-bottom:0.25em"></div>
       <br><a href="http://www.documentroot.com/comment.html?b=1&i=108438763401184713&t=Viruses: Damned If You Do">[View/Post Comments]</a>
           
           <a rel=nofollow href="http://digg.com/submit?phase=2&url=http://altroot.blogspot.com/2004/05/viruses-damned-if-you-do.html&title=Viruses: Damned If You Do">[Digg]</a>
           <a rel=nofollow href="http://del.icio.us/post?url=http://altroot.blogspot.com/2004/05/viruses-damned-if-you-do.html&title=Viruses: Damned If You Do">[Del.icio.us]</a>
           <a ref=nofollow href="http://www.stumbleupon.com/submit?url=http://altroot.blogspot.com/2004/05/viruses-damned-if-you-do.html&title=Viruses: Damned If You Do">[Stumble]</a>
           
    </div>
    

    
      <blockquote><hr></blockquote>
    
    
  
	
	


<form method="post" action="http://www.feedburner.com/fb/a/emailverify" target="popupwindow" onsubmit="window.open('http://www.feedburner.com', 'popupwindow', 'scrollbars=yes,width=550,height=520');return true">
<input type="hidden" value="http://feeds.feedburner.com/~e?ffid=827166" name="url"/>
<input type="hidden" value="Bracing against the wind" name="title"/>
  <p>
  <div align="center" class="posts">
    <a style="font-size:12px;font-weight:bold" href="./">Home</a> | 
    Email me when this weblog updates: <input type="text" name="email" value="" size="20" maxlength="100" /> <input type="submit" name="Submit" value="join" />
|
    <a style="font-size:12px;font-weight:bold" href="/arc">View Archive</a> 
<br />
    <SMALL class=blogcopy><P>
    (C) 2002 Erik Aronesty/DocumentRoot.Com.  Right to copy, without attribution, is given freely to anyone for any reason.
    </SMALL>

  </div>

  </form>
</td>
<td width=120 valign=top>
<script type="text/javascript"><!--
google_ad_client = "pub-6848512682142613";
google_ad_host = "pub-1556223355139109";
google_ad_host_channel="00000";
google_ad_width = 120;
google_ad_height = 600;
google_ad_format = "120x600_as";
google_ad_type = "text_image";
google_ad_channel ="";
google_color_border = "999999";
google_color_bg = "FFFFFF";
google_color_link = "CC3333";
google_color_text = "000000";
google_color_url = "0069C3";
//--></script>
<script type="text/javascript" src="//pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
</td>
</tr>
</table>
</div>

<hr>

<p align=center>

<font size=1>

<a href="http://blogshares.com/blogs.php?blog=http%3A%2F%2Fwww.documentroot.com%2F&user=15668"><img src="https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_ugaYS0mia4TK_qwDgVvhC--NnpI-vZs-RGJJ8k4lL5wPTWuxa5RPifAfJwLbIaEnbyIUEYWsnqc01ESOO7davZCKzUdwhdo5U3qqDSJPw=s0-d" alt="Listed on BlogShares" width="117" height="23"></a>
|
Bloghop:
<A HREF="http://www.bloghop.com/ratemyblog.htm?rate=rate1&rid=26262"><img src="https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_s1MS6rAP9jByluLMSsAo7-bUhvOcYlUMQOewT2nKtkPlglKrJNsKhU78Rcl6BMbPXK6h99z9YwlWDAePuhp9mApFPdygUWhJdyrGfAInaPSFoc2yc=s0-d" width="9" height="9" border="0" hspace="0" vspace="0" alt="the best"></A>
<A HREF="http://www.bloghop.com/ratemyblog.htm?rate=rate2&rid=26262"><img src="https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_shnXZ3vAK0y1kgyYF5YCEU6S2T3EVqJdP21QL52EuDaYJ3Rm34D5z7SNZVQeDeAikMHQSPMDSS5PFe-7Y8bHNXq6ZLYQc2WcBnYrrSyeTvQT4fJOo=s0-d" width="9" height="9" border="0" hspace="0" vspace="0" alt="pretty good"></A>
|
<a href="http://www.blogarama.com/" title=\"Blogarama - The Blog Directory\" >Blogarama</a>
|
<a href="http://www.technorati.com/profile/simultaneous/420956/77ce602874b8a13d4e87ea53d1cf902b">Technorati</a>
|
<a href="http://www.blogwise.com/bloginfo.php?uid=20790">Blogwise</a>
</font>
</body>
</html>