Eraser 5.86

Status
Not open for further replies.

Carver

Member
Joel said:
That's the problem. It's hard to check the authenticity of the code. I can't think of any way to ensure that the download you got is from us.

Joel
I guess it is System backup and try, a Hex Editor or something to check check sum (I know nothing of these utilitys BTW)
 

hqdub

New Member
I don't run Vista x64 (I want to though). Garrett does so you'd have to PM him to get a fix (and/or potion! [lame reference to asterix and obelix ])

Who is Garrett please? i can't find him in the member list?
 

Blewby

Member
hqdub said:
I don't run Vista x64 (I want to though). Garrett does so you'd have to PM him to get a fix (and/or potion! [lame reference to asterix and obelix ])

Who is Garrett please? i can't find him in the member list?

You will see him...his user name is ADMIN.
I did however PM him as you and I have identicle problems.
 

Overwriter

Active Member
Joel said:
That's the problem. It's hard to check the authenticity of the code. I can't think of any way to ensure that the download you got is from us.

Joel


You can hash the exe and post the value here on the Eraser website.
 

Joel

Active Member
And what if the user downloads it from MajorGeeks for example? the hash "is not posted" - because their copy isn't from us (we checked their download, but we didn't ask them to put it up)
 

Overwriter

Active Member
A user can download Eraser from any source, it really doesn’t matter where they get it from as long as the hash is the same as posted here on the Eraser website.
 

Joel

Active Member
My point is that they won't know that they have downloaded from an unofficial source. The unofficial source will not post the hash, and to most users there is no reason for them to come to the Eraser website to verify the hash

That is, until their computer has become dead.

Joel
 

Overwriter

Active Member
Hi Joel, :)

I understand what you are getting at but I do believe that there should be a hash made available for users to double check.

I know some / most normal users won’t bother to check, but there is only so much you can do to help those types of people. I would suspect that most users interested in Eraser are the sort of people who are interested in computer security anyway and would probably like to be able to check they have the genuine Eraser release !

I cannot see any harm in publishing a hash value for every Eraser release from now on. At least we can claim to have done everything reasonably possible to protect the Eraser users. In fact a GnuPG signature from the Eraser developers would go along way to add a warm fuzzy glow of confidence to every download ! :lol:
 

Joel

Active Member
Ahwell, I'd publish the hashes for the official download in the future.

The release binaries are already signed with Authenticode.

Joel
 

Joel

Active Member
Status
Not open for further replies.
Top