Is UNLZEXE still considered "malware"?

You can discuss anything about fan-made Commander Keen games here.
Post Reply
User avatar
Posts: 282
Joined: Sat Mar 14, 2015 14:41
Location: Quillax Ship

Is UNLZEXE still considered "malware"?

Post by Quillax »

I remember from 2019 to early 2020 my antivirus software disliked UNLZEXE and would delete it if detected. In that same time frame Opera would refuse to download any zipfile that contains UNLZEXE. In the middle of 2020, however, I download UNLZEXE in a Windows 10 computer with Opera and it wasn't detected as "malware". Does this mean that modern computers and browsers now consider UNLZEXE as safe?

I know some of us (including me) have been using a newer version of CKPatch that undoes the LZEXE-compression of the Keen executable files, although such feature seemed to exist since 2003. I have read one of the text files that came with it and it stated that the decompression isn't as reliable as UNLZEXE and UNP, however. I read that UNLZEXE and UNP should be used as backups in case CKPATCH's decompression somehow fails.
Quillax Ship - Where you can download all of my cool, keen mods and super-marvelous fangames!
User avatar
Vorticon Elite
Posts: 1367
Joined: Fri Jan 01, 2016 23:34
Location: The Outpost

Re: Is UNLZEXE still considered "malware"?

Post by Nisaba »

let me put it this way. The man-in-the-middle nature of antivirus also causes a very large attack surface and therefore make your system even more vulnerable. This wouldn't necessarily be a problem if AV makers made secure software, but for the most part they don't. AV don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. Antivirus software is so ingrained with Windows users, and synonymous with the concept of "good security," that this leads to the fault believes that AV will save you from a well-executed phishing attack, or if a database that contains your details is breached. in terms of security the nature of AV's is to react. In other words AV's are always a step behind. Always were, always will be.
All this isn't to say that you shouldn't use antivirus software, but you should certainly be aware that using antivirus software doesn't necessarily make your computer any more secure.
Foray in the Forest progress:
92% Programming || 95% GFX || 92% Levels || 98% Creatures || 90% Story || 94% Music || 95% SFX || 96% Extras

Other projects:
- Play Commander Keen on a GameBoy
- The Lynx Nyx
User avatar
Vorticon Elite
Posts: 749
Joined: Mon Aug 25, 2008 9:30
Location: Germany

Re: Is UNLZEXE still considered "malware"?

Post by K1n9_Duk3 »

The very nature of UNLZEXE is that it takes a program in EXE format (more precisely: an EXE file that has been compressed with LZEXE) and then modifies the program (removing the LZEXE compression) and saves the modified file under the same name as the original file, effectively replacing the file.

A virus behaves kind of similar to this. DOS viruses infect files by injecting some of their own code into other executables and replacing the original file with the modified/infected one. Every time you run an infected program, the virus gets loaded into memory and starts injecting itself into as many other programs as possible.

Most modern anti-virus software uses heuristics in addition to a database of known viruses. Heuristics means the AV program is trying to guess what the code can do if executed and flags any files it deems suspicious as possible malware. This obviously leads to some false positives, but I guess somebody thought it was better to show a warning for what is actually a harmless program rather than allowing something that *is* infected with a new variation/mutation of a virus to pass the anti-virus check unscathed.

A few years ago, I was using Sophos anti-virus and it kept claiming that some of the programs that I wrote for myself were malware. In some cases, I could change some of the compiler settings (with no changes to the actual program code), re-compile it and the program was no longer considered malware. That goes to show how bad some heuristics can be.

Just to be clear, it's not impossible that the some versions of UNLZEXE you downloaded in the past have been infected with some sort of malware. But if modern tools don't find anything suspicious, it was probably just a false positive and the heuristics algorithms have improved since then.
Hail to the K1n9, baby!
Post Reply