Is UNLZEXE still considered "malware"?

You can discuss anything about fan-made Commander Keen games here.
Post Reply
User avatar
Quillax
Vortininja
Posts: 224
Joined: Sat Mar 14, 2015 14:41
Contact:

Is UNLZEXE still considered "malware"?

Post by Quillax »

I remember from 2019 to early 2020 my antivirus software disliked UNLZEXE and would delete it if detected. In that same time frame Opera would refuse to download any zipfile that contains UNLZEXE. In the middle of 2020, however, I download UNLZEXE in a Windows 10 computer with Opera and it wasn't detected as "malware". Does this mean that modern computers and browsers now consider UNLZEXE as safe?

I know some of us (including me) have been using a newer version of CKPatch that undoes the LZEXE-compression of the Keen executable files, although such feature seemed to exist since 2003. I have read one of the text files that came with it and it stated that the decompression isn't as reliable as UNLZEXE and UNP, however. I read that UNLZEXE and UNP should be used as backups in case CKPATCH's decompression somehow fails.
Quillax Ship - Where you can download all of my cool, keen mods and super-marvelous fangames!

User avatar
Nisaba
Vorticon Elite
Posts: 1235
Joined: Fri Jan 01, 2016 23:34
Location: The Outpost
Contact:

Re: Is UNLZEXE still considered "malware"?

Post by Nisaba »

let me put it this way. The man-in-the-middle nature of antivirus also causes a very large attack surface and therefore make your system even more vulnerable. This wouldn't necessarily be a problem if AV makers made secure software, but for the most part they don't. AV don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. Antivirus software is so ingrained with Windows users, and synonymous with the concept of "good security," that this leads to the fault believes that AV will save you from a well-executed phishing attack, or if a database that contains your details is breached. in terms of security the nature of AV's is to react. In other words AV's are always a step behind. Always were, always will be.
All this isn't to say that you shouldn't use antivirus software, but you should certainly be aware that using antivirus software doesn't necessarily make your computer any more secure.
"We have come to conquer you all and bring you lots of candy!" | about me | my current project: play Keen mods on a GameBoy |

User avatar
K1n9_Duk3
Vorticon Elite
Posts: 711
Joined: Mon Aug 25, 2008 9:30
Location: Germany
Contact:

Re: Is UNLZEXE still considered "malware"?

Post by K1n9_Duk3 »

The very nature of UNLZEXE is that it takes a program in EXE format (more precisely: an EXE file that has been compressed with LZEXE) and then modifies the program (removing the LZEXE compression) and saves the modified file under the same name as the original file, effectively replacing the file.

A virus behaves kind of similar to this. DOS viruses infect files by injecting some of their own code into other executables and replacing the original file with the modified/infected one. Every time you run an infected program, the virus gets loaded into memory and starts injecting itself into as many other programs as possible.

Most modern anti-virus software uses heuristics in addition to a database of known viruses. Heuristics means the AV program is trying to guess what the code can do if executed and flags any files it deems suspicious as possible malware. This obviously leads to some false positives, but I guess somebody thought it was better to show a warning for what is actually a harmless program rather than allowing something that *is* infected with a new variation/mutation of a virus to pass the anti-virus check unscathed.

A few years ago, I was using Sophos anti-virus and it kept claiming that some of the programs that I wrote for myself were malware. In some cases, I could change some of the compiler settings (with no changes to the actual program code), re-compile it and the program was no longer considered malware. That goes to show how bad some heuristics can be.

Just to be clear, it's not impossible that the some versions of UNLZEXE you downloaded in the past have been infected with some sort of malware. But if modern tools don't find anything suspicious, it was probably just a false positive and the heuristics algorithms have improved since then.
Hail to the K1n9, baby!
http://k1n9duk3.shikadi.net

Post Reply