[ale] palm41.dll weirdness

Robert Reese ale at sixit.com
Thu Sep 23 23:41:42 EDT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

*********** REPLY SEPARATOR  ***********
On 9/22/2004 at 6:08 AM Geoffrey wrote:

>> Simple, really.  I run Windows and own(ed) a Palm Pilot.  This isn't the
>> first time I've encountered this DLL (Dynamic Link Library).  ;c)
>
>But you're making the assumption that this file is the real thing.  Not 
>a good thing to do.

It wasn't an assumption.

 
>> Actually, I don't remember.  I think I was formulating a response when
>the
>> strings reply came back.  Anyway, it doesn't matter much and here's why:
>> Dynamic Link Libraries don't belong on Linux boxes, right?  So they
>> obviously aren't self-executable by reckoning of the operating system.
>
>Wrong, any file that has the executable bit set is executable in a Unix 
>environment.

Good to know.  Perhaps, then, the first question that should have been
asked was if the executable bit was set.  If not, what good would it do if
it were a virus or a worm?


>  It does not matter what the file name is.  You're assuming 
>it's a dll by way of the name.

It wasn't an assumption.


>> Further, if you were to
>> write a virus for *nix machines, would you use a naming convention that
>> followed the Windows file extension of .dll?  Nor likely would any *nix
>> virus writer I would think. ;c)
>
>Possibly, in order to cause folks to make that same assumption you've 
>made, that it's a 'safe' file in a Unix environment.

It wasn't an assumption.  It was, and is, a file I've had experience with
previously.

Additionally, unless he or she's an idiot a virus writer wouldn't put such
a well-known windows extension on a virus as it is bound to be noticed by
most *nix folks.  Rather, they would use a well-known file extension for
unix, if they used one at all.


Oh, by the way.... I did in fact look at the strings output before
finalizing my response.  ;c)

Cheers,
Robert~

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3
Comment: No one has the right to NOT be offended!

iQA/AwUBQVD0TLw8BOWncaQMEQJ3pwCg30yEzOhzUZGe/SY+cFvHvZG0G0AAoLBP
b6y6Cs2grZvyoVFAL6bP9s0b
=WIUl
-----END PGP SIGNATURE-----


Type: DH/DSS 4096/1024 AES-256
Key ID: 0xA771A40C
Fingerprint: CAE2 81CA A7CD 6681 341C  E3A9 BC3C 04E5 A771 A40C

More information about the Ale mailing list