Valid HTML 4.01 Transitional Valid CSS Valid SVG 1.0

Me, myself & IT

Executable Installers Considered Harmful

Motivation
Problems and Deficiencies
Mitigations
Mitigations for (end) users and (their) administrators
Mitigations for developers
Detect unsafe use of Temp directories
Example
Detect vulnerable executables
Example 1 (continued)
Example 2
Advantages of native installation packages

Motivation

Executable installers as well as self-extracting executable archives (SFXs, typically seen on Microsoft® Windows® only) are braindead insanely stupid in concept and dangerous in practise!
They should be considered harmful and treated as unwanted programs malware!

Problems and Deficiencies

Executable installers exhibit the following problems and deficiencies which result in trivial to exploit weaknesses and vulnerabilities. Note: see the security advisories JVNTA#91240916 and JVN#91151862, published by JPCERT/CC, for (recent) examples, and the security alert published by IPA, for a second opinion.

Mitigations

Mitigations for (end) users and (their) administrators

Mitigations for developers

Detect unsafe use of Temp directories

Perform the following 6 steps to detect installers vulnerable to tampering in of with the Temp directories.
  1. Log on with the user account created during Windows Setup.

  2. Add the NTFS ACL entry (D;OIIO;WP;;;WD) meaning deny execution of files in this directory for everyone, inheritable to all files in all subdirectories to the Temp directory %TMP%\ alias %USERPROFILE%\AppData\Local\Temp\ of your user account and to the system’s Temp directory %SystemRoot%\Temp\ as well.

  3. Execute any installer to test; it is vulnerable, at least to denial of service, if it fails with Win32 error 5 alias ERROR_ACCESS_DENIED for a file from one of the Temp directories: the file inherited the NTFS ACL from the parent Temp directory which allows full access for the file’s owner.
    In standard installations of Windows the unprivileged user can tamper with those files; if an installer runs elevated, this vulnerability typically results in escalation of privilege.

    Note: according to numbers published by Microsoft in their Security Intelligence Reports, about ½ to ¾ of all (some 600 million) Windows NT installations engaged in their malware telemetry reported only a single active user account.

  4. Set the environment variable TMP to a value like %USERPROFILE%\AppData\Local\Temp\..\Temp\..\Temp\..\Temp\..\Temp\..\Temp\..\Temp\..\Temp\..\Temp\..\Temp\..\Temp\..\Temp\..\Temp\..\Temp\..\Temp\..\Temp\..\Temp\..\Temp\..\Temp\..\Temp\..\Temp\..\Temp\..\Temp\..\Temp\..\Temp\..\Temp\..\Temp\..\Temp\..\Temp or NUL:, an inaccessible or invalid path, …

  5. Execute any installer to test; if it fails it is vulnerable at least to denial of service.

  6. Fix the vulnerable installers and retest them!

Example

Perform the following 7 steps to demonstrate an example of unsafe use of the Temp directory.
  1. Download the executable installers Firefox Setup 72.0.exe or Firefox Setup 72.0.exe and Thunderbird Setup 68.4.1.exe or Thunderbird Setup 68.4.1.exe and save them in your Downloads directory.

    Note: the installers for the 64-bit versions of Mozilla Firefox and Mozilla Thunderbird are 32-bit executables!

  2. Start the Command Processor and run the following (block of) command lines to determine build date and version of the self-extractors from their embedded digital signature and application manifest:

    CHDIR /D "%USERPROFILE%\Downloads"
    SIGNTOOL.EXE Verify /PA /V "Firefox Setup 72.0.exe" "Thunderbird Setup 68.4.1.exe"
    FINDSTR.EXE /C:"</description>" /E "Firefox Setup 72.0.exe" "Thunderbird Setup 68.4.1.exe"
    Verifying: Firefox Setup 72.0.exe
    Hash of file (sha1): 211D855ABF1E417EDC09484E1AE1CCDC5C414576
    
    Signing Certificate Chain:
        Issued to: DigiCert Assured ID Root CA
        Issued by: DigiCert Assured ID Root CA
        Expires:   Mon Nov 10 01:00:00 2031
        SHA1 hash: 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
    
            Issued to: DigiCert SHA2 Assured ID Code Signing CA
            Issued by: DigiCert Assured ID Root CA
            Expires:   Sun Oct 22 13:00:00 2028
            SHA1 hash: 92C1588E85AF2201CE7915E8538B492F605B80C6
    
                Issued to: Mozilla Corporation
                Issued by: DigiCert SHA2 Assured ID Code Signing CA
                Expires:   Thu Jun 04 13:00:00 2020
                SHA1 hash: 74B2E146A82F2B71F8EB4B13EBBB6F951757D8C2
    
    The signature is timestamped: Fri Jan 03 19:30:07 2020
    Timestamp Verified by:
        Issued to: DigiCert Assured ID Root CA
        Issued by: DigiCert Assured ID Root CA
        Expires:   Mon Nov 10 01:00:00 2031
        SHA1 hash: 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
    
            Issued to: DigiCert Assured ID CA-1
            Issued by: DigiCert Assured ID Root CA
            Expires:   Wed Nov 10 01:00:00 2021
            SHA1 hash: 19A09B5A36F4DD99727DF783C17A51231A56C117
    
                Issued to: DigiCert Timestamp Responder
                Issued by: DigiCert Assured ID CA-1
                Expires:   Tue Oct 22 01:00:00 2024
                SHA1 hash: 614D271D9102E30169822487FDE5DE00A352B01D
    
    Successfully verified: Firefox Setup 72.0.exe
    
    Verifying: Thunderbird Setup 68.4.1.exe
    Hash of file (sha1): 8E952BD4116F5A0CFC42F80FC76F903EF5593E14
    
    Signing Certificate Chain:
        Issued to: DigiCert Assured ID Root CA
        Issued by: DigiCert Assured ID Root CA
        Expires:   Mon Nov 10 01:00:00 2031
        SHA1 hash: 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
    
            Issued to: DigiCert SHA2 Assured ID Code Signing CA
            Issued by: DigiCert Assured ID Root CA
            Expires:   Sun Oct 22 13:00:00 2028
            SHA1 hash: 92C1588E85AF2201CE7915E8538B492F605B80C6
    
                Issued to: Mozilla Corporation
                Issued by: DigiCert SHA2 Assured ID Code Signing CA
                Expires:   Thu Jun 04 13:00:00 2020
                SHA1 hash: 74B2E146A82F2B71F8EB4B13EBBB6F951757D8C2
    
    The signature is timestamped: Thu Jan 09 01:02:31 2020
    Timestamp Verified by:
        Issued to: DigiCert Assured ID Root CA
        Issued by: DigiCert Assured ID Root CA
        Expires:   Mon Nov 10 01:00:00 2031
        SHA1 hash: 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
    
            Issued to: DigiCert Assured ID CA-1
            Issued by: DigiCert Assured ID Root CA
            Expires:   Wed Nov 10 01:00:00 2021
            SHA1 hash: 19A09B5A36F4DD99727DF783C17A51231A56C117
    
                Issued to: DigiCert Timestamp Responder
                Issued by: DigiCert Assured ID CA-1
                Expires:   Tue Oct 22 01:00:00 2024
                SHA1 hash: 614D271D9102E30169822487FDE5DE00A352B01D
    
    Successfully verified: Thunderbird Setup 68.4.1.exe
    
    Number of files successfully Verified: 1
    Number of warnings: 0
    Number of errors: 0
    
    Firefox Setup 72.0.exe:<description>7-Zip Self-extracting Archive v18.05</description>
    Thunderbird Setup 68.4.1.exe:<description>7-Zip Self-extracting Archive v18.05</description>
    Note: if you don’t have SignTool.exe installed, perform a right-click on the files Mozilla Firefox 72.0.exe and Mozilla Thunderbird 68.4.1.exe in Windows Explorer to display their context menu, then click Properties and switch to the Digital Signatures tab to view their digital signatures.

    Note: despite that Windows 7 supports digital signatures using SHA-2 since many years (update 2949927 was published October 14, 2014, update 3033929 was published March 10, 2015, and security update 3123479 was published January 12, 2016), although Microsoft advises third parties to switch to digital signatures using SHA-2 also since many years and abandoned digital signatures using only SHA-1 in 2019, Mozilla but doesn’t follow best practise and demonstrates ongoing ignorance with digital signatures using only SHA-1.

    Ouch¹: Mozilla builds their crap with the superseded, unsupported and possibly vulnerable version 18.05 of 7-Zip, released April 30, 2018; as per their digital signature, Mozilla Firefox 72.0.exe was built January 3, 2020, and Mozilla Thunderbird 68.4.1.exe was built January 6, 2020, when 7-Zip 19.00, released February 21, 2019, was but the current version!

  3. Run the following (block of) command lines to modify the NTFS ACL of your Temp directory to deny execution of files beyond it, change its path temporarily and execute both self-extractors:

    ICACLS.EXE "%TMP%" /Deny *S-1-1-0:(IO)(OI)(X)
    ".\Firefox Setup 72.0.exe"
    SET TMP=NUL:
    ".\Thunderbird Setup 68.4.1.exe"
    SET TMP=%TEMP%
    processed file: C:\Users\Stefan\AppData\Local\Temp
    Successfully processed 1 files; Failed processing 0 files
    [Screen shot of self-extractor progress dialog box on Windows 7] [Screen shot of self-extractor error message box 'Access denied' on Windows 7] [Screen shot of self-extractor error message box 'File not found' on Windows 7] [Screen shot of self-extractor progress dialog box on Windows 7]
    Note: don’t close both error message boxes yet!

    Note: if you are a user of Mozilla’s crap, submit not just bug reports for the vulnerabilities as well as the use of deprecated cryptography and unsupported third party code, but also for the missing pathname in both error message boxes!

  4. Run the following (block of) command lines to list the directories and files extracted to your Temp directory as well as their permissions:

    FOR /D %? IN ("%TMP%\7zS*") DO @(
    DIR "%~?" /A
    ICACLS.EXE "%~?"
    ICACLS.EXE "%~?\setup.exe")
     Volume in drive C: has no label.
     Volume Serial Number is 1957-0427
    
     Directory of C:\Users\Stefan\AppData\Local\Temp\7zS8AEFD15E
    
    01/09/2020   8:07 PM <DIR>             .
    01/09/2020   8:07 PM <DIR>             ..
    01/03/2020   7:26 PM <DIR>             core
    01/03/2020   7:26 PM           758,344 setup.exe
                   1 File(s)        758,344 bytes
                   3 Dir(s)     987,654,321 bytes free
    
    C:\Users\Stefan\AppData\Local\Temp\7zS8AEFD15E Everyone:(I)(OI)(IO)(DENY)(S,X)
                                                   NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
                                                   BUILTIN\Administrators:(I)(OI)(CI)(F)
                                                   AMNESIAC\Stefan:(I)(OI)(CI)(F)
    
    Successfully processed 1 files; Failed processing 0 files
    
    C:\Users\Stefan\AppData\Local\Temp\7zS8AEFD15E\setup.exe Everyone:(I)(OI)(IO)(DENY)(S,X)
                                                             NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
                                                             BUILTIN\Administrators:(I)(OI)(CI)(F)
                                                             AMNESIAC\Stefan:(I)(OI)(CI)(F)
    
    Successfully processed 1 files; Failed processing 0 files
    Ouch²: the self-extractor fails to create (sub)directories and extracted files with proper permissions, it is vulnerable to a denial of service!

    Ouch³: the self-extractor also fails to verify that the value of the environment variable TMP is the pathname of an existing directory (really: that the Win32 function GetTempPath() returns the pathname of an existing directory) and that creation of its own (sub)directory %TMP%\7zS‹random›\ as well as creation of the extracted files and directories succeeds (really: that the Win32 functions CreateFile() and CreateDirectory()! return success), it is vulnerable to a second denial of service!

    Note: the CWE lists the demonstrated weaknesses as CWE-377: Insecure Temporary File, CWE-378: Creation of Temporary File With Insecure Permissions, CWE-379: Creation of Temporary File in Directory with Incorrect Permissions and CWE-67: Improper Handling of Windows Device Names.

    Note: such beginner’s errors are an epic failure!

  5. Run the following (block of) command lines to copy the extracted setup.exe to your Downloads directory, determine its version from the embedded application manifest, and execute it there:

    FOR /D %? IN ("%TMP%\7zS*") DO @COPY "%~?\setup.exe"
    FINDSTR.EXE /C:"<?xml version=" setup.exe
    .\setup.exe
    [Screen shot of error message box 'This version of Firefox requires Microsoft Windows 7 or newer' on Windows 7]
            1 File(s) copied.
    […]<description>Nullsoft Install System v3.01</description>[…]

    Ouch⁴: Mozilla builds their crap with the superseded, unsupported and possibly vulnerable version 3.01 of the Nullsoft Install System, released December 11, 2016; the current version available when the executable installers were built was but 3.05, released December 15, 2019!

    Ouch⁵: setup.exe is actually running on Microsoft Windows 7, but likes to play games with its unsuspecting users!

    Note: don’t close this error message box yet!

  6. Run the following (block of) command lines to determine the cause for the bogus error message:

    FOR /D %? IN ("%TMP%\ns*.tmp") DO @(
    DIR "%~?" /A
    ICACLS.EXE "%~?" /T)
     Volume in drive C: has no label.
     Volume Serial Number is 1957-0427
    
     Directory of C:\Users\Stefan\AppData\Local\Temp\nsa3931.tmp
    
    01/09/2020   8:09 PM <DIR>             .
    01/09/2020   8:09 PM <DIR>             ..
    01/09/2020   8:09 PM            11.776 System.dll
                   1 File(s)         11,776 bytes
                   2 Dir(s)     987,654,321 bytes free
    
    C:\Users\Stefan\AppData\Local\Temp\nsa3931.tmp Everyone:(I)(OI)(IO)(DENY)(S,X)
                                                   NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
                                                   BUILTIN\Administrators:(I)(OI)(CI)(F)
                                                   AMNESIAC\Stefan:(I)(OI)(CI)(F)
    
    C:\Users\Stefan\AppData\Local\Temp\nsa3931.tmp\System.dll Everyone:(I)(DENY)(S,X)
                                                              NT AUTHORITY\SYSTEM:(I)(F)
                                                              BUILTIN\Administrators:(I)(F)
                                                              AMNESIAC\Stefan:(I)(F)
    
    Successfully processed 2 files; Failed processing 0 files
    Ouch⁶: setup.exe too (ab)uses the Temp directory to create a subdirectory and extract executable files, but fails to create them with proper permissions!
  7. Finally close all error message boxes and run the following command line to restore the previous NTFS ACL of your Temp directory:

    ICACLS.EXE "%TMP%" /Remove:d *S-1-1-0
    processed file: C:\Users\Stefan\AppData\Local\Temp
    Successfully processed 1 files; Failed processing 0 files

Detect vulnerable executables

Perform the following 9 steps to detect executables vulnerable to DLL hijacking, using only tools available in every installation of Windows Vista and newer versions of Windows NT.
  1. Create an UAC-enabled protected administrator test account (or use the user account created during Windows Setup).

  2. Create an empty file %SystemRoot%\Debug\SAFER.log, grant your test account at least append data permission to it, then remove the permissions for all other accounts.

  3. Create the following Registry entries to enable Software Restriction Policies, without restrictions, with advanced logging, for all users, for all executable files and DLLs:

    REGEDIT4
    
    ; Copyright © 2005-2021, Stefan Kanthak <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
    "AuthentiCodeEnabled"=dword:00000000
    "DefaultLevel"=dword:00040000                 ; 'Unrestricted'
    ;"ExecutableTypes"=multi:
    "Levels"=dword:00071000                       ; Enable all security levels
    "LogFileName"="C:\\Windows\\Debug\\SAFER.log"
    "PolicyScope"=dword:00000000                  ; Apply to 'Users' and 'Administrators'
    "TransparentEnabled"=dword:00000002           ; Apply to executable files and DLLs
    Note: Win32 applications and DLLs are subject to Software Restriction Policies independent of their file extension!
  4. Logoff, then logon with your test account.

  5. Create an empty directory (or use the existing directory %USERPROFILE%\Downloads\).

  6. Start the Command Processor in the chosen (empty) directory and run the following command line to create hardlinks to all system DLLs found in the search path in it:

    FOR %! IN ("%PATH:;=" "%") DO FOR %? IN ("%~!\*.ACM"
                                             "%~!\*.AX"
                                             "%~!\*.CPL"
                                             "%~!\*.DLL"
                                             "%~!\*.DRV"
                                             "%~!\*.OCX"
                                             "%~!\*.IEC"
                                             "%~!\*.IME"
                                             "%~!\*.TSP") DO IF NOT EXIST "%~nx?" MKLINK /H "%~nx?" "%~?"
    Note: the Command Processor and its builtin MkLink command need to be run either impersonating TrustedInstaller or with the privileges SeBackupPrivilege and SeRestorePrivilege enabled!
  7. Copy your executables into this directory and execute them per double-click.

  8. Determine the DLLs your executables loaded from their application directory by running the following command line in the still open command prompt:

    "%SystemRoot%\System32\Find.exe" /I "%CD%\" "%SystemRoot%\Debug\SAFER.log"
  9. Fix the vulnerable executables and retest them!

Example 1 (continued)

Execute setup.exe extracted from the executable installer of Mozilla Firefox in the now prepared Downloads directory.

On Windows 7 this appends at least the following text lines to %SystemRoot%\Debug\SAFER.log, indicating the vulnerability:

EXPLORER.EXE (PID = 1848) identified C:\Users\Stefan\Downloads\setup.exe as Unrestricted using default rule, Guid = {11015445-d282-4f86-96a2-9e485f593302}
setup.exe (PID = 4596) identified \??\C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\COMCTL32.dll as Unrestricted using path rule, Guid = {191cd7fa-f240-4a17-8986-94d480a6c8ca}
setup.exe (PID = 4596) identified \??\C:\Windows\system32\apphelp.dll as Unrestricted using path rule, Guid = {191cd7fa-f240-4a17-8986-94d480a6c8ca}
setup.exe (PID = 4596) identified \??\C:\Windows\AppPatch\AcGenral.DLL as Unrestricted using path rule, Guid = {191cd7fa-f240-4a17-8986-94d480a6c8ca}
setup.exe (PID = 4596) identified \??\C:\Users\Stefan\Downloads\UxTheme.dll as Unrestricted using path rule, Guid = {4fcf2556-cf02-4356-ad71-f82ca93ccd0b}
setup.exe (PID = 4596) identified \??\C:\Users\Stefan\Downloads\WINMM.dll as Unrestricted using path rule, Guid = {4fcf2556-cf02-4356-ad71-f82ca93ccd0b}
setup.exe (PID = 4596) identified \??\C:\Users\Stefan\Downloads\samcli.dll as Unrestricted using path rule, Guid = {4fcf2556-cf02-4356-ad71-f82ca93ccd0b}
setup.exe (PID = 4596) identified \??\C:\Users\Stefan\Downloads\MSACM32.dll as Unrestricted using path rule, Guid = {4fcf2556-cf02-4356-ad71-f82ca93ccd0b}
setup.exe (PID = 4596) identified \??\C:\Users\Stefan\Downloads\VERSION.dll as Unrestricted using path rule, Guid = {4fcf2556-cf02-4356-ad71-f82ca93ccd0b}
setup.exe (PID = 4596) identified \??\C:\Users\Stefan\Downloads\sfc.dll as Unrestricted using path rule, Guid = {4fcf2556-cf02-4356-ad71-f82ca93ccd0b}
setup.exe (PID = 4596) identified \??\C:\Users\Stefan\Downloads\sfc_os.dll as Unrestricted using path rule, Guid = {4fcf2556-cf02-4356-ad71-f82ca93ccd0b}
setup.exe (PID = 4596) identified \??\C:\Users\Stefan\Downloads\dwmapi.dll as Unrestricted using path rule, Guid = {4fcf2556-cf02-4356-ad71-f82ca93ccd0b}
setup.exe (PID = 4596) identified \??\C:\Users\Stefan\Downloads\MPR.dll as Unrestricted using path rule, Guid = {4fcf2556-cf02-4356-ad71-f82ca93ccd0b}
setup.exe (PID = 4596) identified \??\C:\Windows\system32\IMM32.DLL as Unrestricted using path rule, Guid = {191cd7fa-f240-4a17-8986-94d480a6c8ca}
setup.exe (PID = 4596) identified \??\C:\Windows\system32\UXTHEME.dll as Unrestricted using path rule, Guid = {191cd7fa-f240-4a17-8986-94d480a6c8ca}
setup.exe (PID = 4596) identified \??\C:\Windows\system32\USERENV.dll as Unrestricted using path rule, Guid = {191cd7fa-f240-4a17-8986-94d480a6c8ca}
setup.exe (PID = 4596) identified \??\C:\Windows\system32\SETUPAPI.dll as Unrestricted using path rule, Guid = {191cd7fa-f240-4a17-8986-94d480a6c8ca}
setup.exe (PID = 4596) identified \??\C:\Windows\system32\PROPSYS.dll as Unrestricted using path rule, Guid = {191cd7fa-f240-4a17-8986-94d480a6c8ca}
setup.exe (PID = 4596) identified \??\C:\Windows\system32\CRYPTBASE.dll as Unrestricted using path rule, Guid = {191cd7fa-f240-4a17-8986-94d480a6c8ca}
setup.exe (PID = 4596) identified \??\C:\Windows\system32\OLEACC.dll as Unrestricted using path rule, Guid = {191cd7fa-f240-4a17-8986-94d480a6c8ca}
setup.exe (PID = 4596) identified \??\C:\Windows\system32\CLBCATQ.dll as Unrestricted using path rule, Guid = {191cd7fa-f240-4a17-8986-94d480a6c8ca}
setup.exe (PID = 4596) identified \??\C:\Windows\system32\SHFOLDER.dll as Unrestricted using path rule, Guid = {191cd7fa-f240-4a17-8986-94d480a6c8ca}
setup.exe (PID = 4596) identified \??\C:\Windows\system32\ntmarta.dll as Unrestricted using path rule, Guid = {191cd7fa-f240-4a17-8986-94d480a6c8ca}
setup.exe (PID = 4596) identified \??\C:\Windows\System32\shdocvw.dll as Unrestricted using path rule, Guid = {191cd7fa-f240-4a17-8986-94d480a6c8ca}
setup.exe (PID = 4596) identified \??\C:\Windows\system32\shell32.dll as Unrestricted using path rule, Guid = {191cd7fa-f240-4a17-8986-94d480a6c8ca}
setup.exe (PID = 4596) identified \??\C:\Windows\system32\ole32.dll as Unrestricted using path rule, Guid = {191cd7fa-f240-4a17-8986-94d480a6c8ca}

Example 2

Download the executable installers 7z1602.exe and 7z1602-x64.exe, save them in the prepared directory %USERPROFILE%\Downloads\ and execute them just until they display their first dialog box which prompts for the target directory: Note: on all supported versions of Windows NT, UXTheme.dll is loaded from the program’s application directory %USERPROFILE%\Downloads\ instead from Windows’ system directory %SystemRoot%\System32\ alias %SystemRoot%\SysWoW64\ respectively, resulting in an LCE vulnerability.
Note: on Windows Vista and newer versions of Windows NT, 7z1602.exe and 7z1602-x64.exe request administrative privileges via their embedded application manifest, resulting in an additional EoP vulnerability!

Advantages of native installation packages

In contrast to executable installers, native installation packages for the operating system’s package manager exhibit the following advantages. The point is: well-known package formats allow you to inspect things, binary executables generally don’t.
In more detail:
  1. It’s not a vulnerability, but a weakness and (design) bug in the first place: there is no need to execute (potentially malicious) programs from (potentially) untrusted sources or with questionable (unknown or even malicious) contents to install software.
    This weakness turns into a vulnerability, if

  2. Binary executables are generally opaque: you can’t tell what they actually do unless you have their source (and built them yourself in a trusted environment), or until you reverse engineer them completely.
    In case of installers, you need the sources of the installer (plus its unpacker), the sources of the creator and the sources of the script used to build the final binary executable.

  3. The format of these packages is well-known and documented, they can be unpacked and their contents as well as their instructions/scripts read and inspected.
    The tools to create/build, edit/modify, unpack and even rebuild them are typically part of the OS’s package manager or provided as part of the OS’s SDK.

Always use the target platforms native package or archive formats to distribute your software or files!
The problem are the morons who build binary executables to install software (or just unpack some files) and hand these binary executables to unsuspecting and unskilled users, expecting them to actually execute them.
This really nasty behaviour of almost all developers/companies out there trained users to execute almost anything they get their hands on.
The solution for this is simple:

Contact

If you miss anything here, have additions, comments, corrections, criticism or questions, want to give feedback, hints or tipps, report broken links, bugs, deficiencies, errors, inaccuracies, misrepresentations, omissions, shortcomings, vulnerabilities or weaknesses, …: don’t hesitate to contact me and feel free to ask, comment, criticise, flame, notify or report!

Use the X.509 certificate to send S/MIME encrypted mail.

Note: email in weird format and without a proper sender name is likely to be discarded!

I dislike HTML (and even weirder formats too) in email, I prefer to receive plain text.
I also expect to see your full (real) name as sender, not your nickname.
I abhor top posts and expect inline quotes in replies.

Terms and Conditions

By using this site, you signify your agreement to these terms and conditions. If you do not agree to these terms and conditions, do not use this site!

Data Protection Declaration

This web page records no (personal) data and stores no cookies in the web browser.

The web service is operated and provided by

Telekom Deutschland GmbH
Business Center
D-64306 Darmstadt
Germany
<‍hosting‍@‍telekom‍.‍de‍>
+49 800 5252033

The web service provider stores a session cookie in the web browser and records every visit of this web site with the following data in an access log on their server(s):


Copyright © 1995–2021 • Stefan Kanthak • <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>