Eraser 5.86

Status
Not open for further replies.
Joel said:
That's the problem. It's hard to check the authenticity of the code. I can't think of any way to ensure that the download you got is from us.

Joel
I guess it is System backup and try, a Hex Editor or something to check check sum (I know nothing of these utilitys BTW)
 
I don't run Vista x64 (I want to though). Garrett does so you'd have to PM him to get a fix (and/or potion! [lame reference to asterix and obelix ])

Who is Garrett please? i can't find him in the member list?
 
hqdub said:
I don't run Vista x64 (I want to though). Garrett does so you'd have to PM him to get a fix (and/or potion! [lame reference to asterix and obelix ])

Who is Garrett please? i can't find him in the member list?

You will see him...his user name is ADMIN.
I did however PM him as you and I have identicle problems.
 
Joel said:
That's the problem. It's hard to check the authenticity of the code. I can't think of any way to ensure that the download you got is from us.

Joel


You can hash the exe and post the value here on the Eraser website.
 
And what if the user downloads it from MajorGeeks for example? the hash "is not posted" - because their copy isn't from us (we checked their download, but we didn't ask them to put it up)
 
A user can download Eraser from any source, it really doesn’t matter where they get it from as long as the hash is the same as posted here on the Eraser website.
 
My point is that they won't know that they have downloaded from an unofficial source. The unofficial source will not post the hash, and to most users there is no reason for them to come to the Eraser website to verify the hash

That is, until their computer has become dead.

Joel
 
Hi Joel, :)

I understand what you are getting at but I do believe that there should be a hash made available for users to double check.

I know some / most normal users won’t bother to check, but there is only so much you can do to help those types of people. I would suspect that most users interested in Eraser are the sort of people who are interested in computer security anyway and would probably like to be able to check they have the genuine Eraser release !

I cannot see any harm in publishing a hash value for every Eraser release from now on. At least we can claim to have done everything reasonably possible to protect the Eraser users. In fact a GnuPG signature from the Eraser developers would go along way to add a warm fuzzy glow of confidence to every download ! :lol:
 
Ahwell, I'd publish the hashes for the official download in the future.

The release binaries are already signed with Authenticode.

Joel
 
Status
Not open for further replies.
Back
Top