freedos-devel — FreeDOS debugging questions and other developer topics

Re: [Freedos-devel] Wayback

[<je...@sh...>]

Hi All,

Since this happened Thursday and is still ongoing, I guess it is old news.

But, I only found out today when I needed to (hopefully) go find some on the Wayback Machine.

Apparently, the Internet Archive was hacked and gave up about 31 million user names and password. 

It also has been undergoing a (D)DOS attack. 

Their services are still offline.

For fun, I checked my password manager. I did make an account with them about 12 years back. But since the early 90’s, I have always used unique passwords. The real funny thing is I don’t even have the domain I used for the email address anymore. 

:-)

Jerome

_______________________________________________
Freedos-devel mailing list
Fre...@li...
https://lists.sourceforge.net/lists/listinfo/freedos-devel

> On Oct 12, 2024, at 7:59 AM, Jerome Shidel via Freedos-devel <fre...@li...> wrote:
> 
> Hi All,
> 
> Since this happened Thursday and is still ongoing, I guess it is old news.
> 
> But, I only found out today when I needed to (hopefully) go find some on the Wayback Machine.
> 
> Apparently, the Internet Archive was hacked and gave up about 31 million user names and password. 
> 
> It also has been undergoing a (D)DOS attack. 
> 
> Their services are still offline.
> 
> For fun, I checked my password manager. I did make an account with them about 12 years back. But since the early 90’s, I have always used unique passwords. The real funny thing is I don’t even have the domain I used for the email address anymore. 
> 
> :-)
> 
> Jerome
> 
> _______________________________________________
> Freedos-devel mailing list
> Fre...@li...
> https://lists.sourceforge.net/lists/listinfo/freedos-devel

[Freedos-devel] Wayback

[<je...@sh...>]

Hi All,

Since this happened Thursday and is still ongoing, I guess it is old news.

But, I only found out today when I needed to (hopefully) go find some on the Wayback Machine.

Apparently, the Internet Archive was hacked and gave up about 31 million user names and password. 

It also has been undergoing a (D)DOS attack. 

Their services are still offline.

For fun, I checked my password manager. I did make an account with them about 12 years back. But since the early 90’s, I have always used unique passwords. The real funny thing is I don’t even have the domain I used for the email address anymore. 

:-)

Jerome

Re: [Freedos-devel] Please make the curl package smaller

[Richard S. <rs...@gm...>]

Hoping it's legal for dev team to spread SSL over the web.  The NSA didn't
want it exported at one time.  Lynx web browser runs more internet
compatible with SSL.  It may be the same packages as Curl.  If on dial-up
Networking may want want to change your router's MTU speed , to avoid
packet loss.

On Mon, Oct 7, 2024 at 3:40 PM Eric Auer via Freedos-devel <
fre...@li...> wrote:

>
> Hi! As Jim said things get overlooked in "PS", a new thread:
>
> Has somebody looked into removing that SECOND
> copy of the openssl sources from our CURL zip yet?
>
> I also propose to drop all those test cases, which can
> only be used by "make test", from our CURL zip. People
> wanting to go THAT much into details can download the
> original OPENSSL sources instead. Test cases are big.
>
> Our current CURL FreeDOS package is 35 megabytes :-o :-o
>
> Main  reason: It contains sources of TWO openssl versions.
>
> Thanks! Eric
>
>
>
> _______________________________________________
> Freedos-devel mailing list
> Fre...@li...
> https://lists.sourceforge.net/lists/listinfo/freedos-devel
>

[Freedos-devel] Please make the curl package smaller

[Eric A. <e....@jp...>]

Hi! As Jim said things get overlooked in "PS", a new thread:

Has somebody looked into removing that SECOND
copy of the openssl sources from our CURL zip yet?

I also propose to drop all those test cases, which can
only be used by "make test", from our CURL zip. People
wanting to go THAT much into details can download the
original OPENSSL sources instead. Test cases are big.

Our current CURL FreeDOS package is 35 megabytes :-o :-o

Main  reason: It contains sources of TWO openssl versions.

Thanks! Eric

Re: [Freedos-devel] i found an amazing public domain program

[Kirn G. <seg...@gm...>]

Do you have an actual description for it? Give us some sort of
justification to download and run this software. The days of "hey, just run
this random program from the Internet!" are long gone; this isn't the '90s
anymore.

I must be suspicious as this seems like the sort of thing that a threat
actor would do. Your name on your email is fairly generic; the domain
you're emailing from doesn't seem to host anything useful on the web side,
WHOIS is private.

--
Kirn Gill II
Mobile: +1 813-300-2330 <+18133002330>
VoIP: +1 813-704-0420 <+18137040420>
Email: seg...@gm...
LinkedIn: http://www.linkedin.com/pub/kirn-gill/32/49a/9a6


On Thu, Oct 3, 2024 at 9:04 AM Victoria Crenshaw via Freedos-devel <
fre...@li...> wrote:

> it is called USE!UMB
>
> https://4ch.mooo.com/4/USEUMBS22.ZIP
>
> here is the link of it on my server
>
> my server accepts http so u can download it directly
>
> p.s.  this is my own server i share files on. dont worry about the domain
> xD
>
>
>
> _______________________________________________
> Freedos-devel mailing list
> Fre...@li...
> https://lists.sourceforge.net/lists/listinfo/freedos-devel
>

[Freedos-devel] i found an amazing public domain program

[Victoria C. <sp...@jo...>]

it is called USE!UMB

https://4ch.mooo.com/4/USEUMBS22.ZIP

here is the link of it on my server

my server accepts http so u can download it directly

p.s.  this is my own server i share files on. dont worry about the domain xD

[Freedos-devel] Adding "PS" to emails

[Jim H. <jh...@fr...>]

On Thu, Oct 3, 2024, 2:47 AM Eric Auer via Freedos-devel <
fre...@li...> wrote:

>
> [..]
> PS: Has somebody looked into removing that SECOND
> copy of the openssl sources from our CURL zip yet?
>


Please do not add unrelated "PS" notes to the bottom of other emails. The
person who might be able to answer a question about curl may not read the
discussion about malware detection.

Re: [Freedos-devel] Confirming I see malware inside FreeDOS official 1.3 release

[Eric A. <e....@jp...>]

Hi Paul,

> Second.. the detected files are not DOS files...
> but part of the source of doszip, being tools to
> compile on Windows.

DOSZIP should neither ship with Windows tools
nor with compiler binaries. And I bet it does
not include the sources of the compilers either.

So while we are not sure whether those files
are a risk, they certainly are a waste of space.

Regards, Eric

PS: Has somebody looked into removing that SECOND
copy of the openssl sources from our CURL zip yet?

Re: [Freedos-devel] Confirming I see malware inside FreeDOS official 1.3 release

[Paul D. <duf...@zo...>]

Well... to summarize my idea on the malware detection... I tend to think it is not reallay malware.
First, the detection are almost all heuristics... that is suspicious behaviours... but not really confirmed malware.
Second.. the detected files are not DOS files... but part of the source of doszip, being tools to compile on Windows.
So... I would be hesitant to run them on Windows.... moreover if I have no good reason to do so... but I cannot say
that I am convinced something is wrong with them.
I was finding weird that the tools contact Microsoft website... but I tend to believe it might be to validate XML schemas.

Still... having some people to take a closer look does not look a bad thing to me.

Re: [Freedos-devel] Confirming I see malware inside FreeDOS official 1.3 release

[Paul D. <duf...@zo...>]

Well... one of the thing I was trying to understand... is what are those exe files?
The answer seems to be linked that Nidud, that make doszip commander, make their
own assembler and linker:
https://github.com/nidud
https://github.com/nidud/asmc/tree/master/bin

Re: [Freedos-devel] Confirming I see malware inside FreeDOS official 1.3 release

[Paul D. <duf...@zo...>]

Or the very easy way: (Warning: Files suspected to contain malware!)
https://gitlab.com/FreeDOS/apps/doszip/-/tree/FreeDOS-v1.3/SOURCE/DOSZIP/bin?ref_type=tags

Re: [Freedos-devel] Confirming I see malware inside FreeDOS official 1.3 release

[Paul D. <duf...@zo...>]

Got it relatively easily:

git clone https://gitlab.com/FreeDOS/apps/doszip.git

cd doszip

git checkout 2.55

[paul@betakard doszip]$ ls -lh SOURCE/DOSZIP/

total 4,0K

drwxr-xr-x 1 paul paul  150  2 oct 19:58 bin

drwxr-xr-x 1 paul paul  970  2 oct 19:58 include

drwxr-xr-x 1 paul paul   82  2 oct 19:58 lib

-rw-r--r-- 1 paul paul 2,0K  2 oct 19:58 readme.md

drwxr-xr-x 1 paul paul   88  2 oct 19:58 source

[paul@betakard doszip]$

[paul@betakard doszip]$ ls -lh SOURCE/DOSZIP/bin

total 888K

-rw-r--r-- 1 paul paul 303K  2 oct 19:58 asmc.exe

-rw-r--r-- 1 paul paul   12  2 oct 19:58 build.bat

-rw-r--r-- 1 paul paul  87K  2 oct 19:58 dzrc.exe

-rw-r--r-- 1 paul paul 3,0K  2 oct 19:58 fcmp.exe

-rw-r--r-- 1 paul paul 9,5K  2 oct 19:58 iddc.exe

-rw-r--r-- 1 paul paul 137K  2 oct 19:58 libw.exe

-rw-r--r-- 1 paul paul 301K  2 oct 19:58 linkw.exe

-rw-r--r-- 1 paul paul  965  2 oct 19:58 linkw.lnk

-rw-r--r-- 1 paul paul  26K  2 oct 19:58 make.exe

[paul@betakard doszip]$



git checkout master

git checkout FreeDOS-v1.3

[paul@betakard doszip]$ ls -lh SOURCE/DOSZIP/bin

total 888K

-rw-r--r-- 1 paul paul 303K  2 oct 20:07 asmc.exe

-rw-r--r-- 1 paul paul   12  2 oct 20:07 build.bat

-rw-r--r-- 1 paul paul  87K  2 oct 20:07 dzrc.exe

-rw-r--r-- 1 paul paul 3,0K  2 oct 20:07 fcmp.exe

-rw-r--r-- 1 paul paul 9,5K  2 oct 20:07 iddc.exe

-rw-r--r-- 1 paul paul 137K  2 oct 20:07 libw.exe

-rw-r--r-- 1 paul paul 301K  2 oct 20:07 linkw.exe

-rw-r--r-- 1 paul paul  965  2 oct 20:07 linkw.lnk

-rw-r--r-- 1 paul paul  26K  2 oct 20:07 make.exe

[paul@betakard doszip]$

Re: [Freedos-devel] Confirming I see malware inside FreeDOS official 1.3 release

[Paul D. <duf...@zo...>]

Initial release on Gitlab v.2.6.3 seems to have removed the suspicious files:
https://gitlab.com/FreeDOS/apps/doszip/-/commit/ef67f6fefcc4302d4b64c6bb41a60d2a0c03630c
so the suspicious exe files not seems to be part of Gitlab...

I don't see the suspicious files on:
https://github.com/nidud/doszip/tree/v2.65/dos/src
or
https://github.com/nidud/doszip/tree/v2.66/dos/src

Again, https://www.ibiblio.org/pub/micro/pc-stuff/freedos/files/repositories/1.3/pkg-html/doszip.html
list 2.66 as the version...

[paul@betakard bin]$ sha1sum make.exe
7b3d1902e80d5df9e7038dce869b803b2cf6793c  make.exe
[paul@betakard bin]$ md5sum make.exe
87d9cda0a64d6108812acc4dc2e5ba7d  make.exe
I don't find the hashes on Internet...

[paul@betakard DOSZIP]$ md5sum SOURCES.ZIP 
cd2c1eb692f48aa7d606db99ef101482  SOURCES.ZIP
[paul@betakard DOSZIP]$ sha1sum SOURCES.ZIP 
57217a7d5e956bea154d4cc6582516e186aa5c7b  SOURCES.ZIP
Cannot find the hashes...

Not sure what to think now... :-|

Re: [Freedos-devel] Confirming I see malware inside FreeDOS official 1.3 release

[Eric A. <e....@jp...>]

Hi Paul,

even if one can argue about whether those might be false positives
given that many modern viruses fail to work in DOS, I definitely
do not like the fact that multiple files got flagged by multiple
antivirus tools and that all files are part of the DOSZIP package!

> -rw-r--r-- 1 paul paul 303K 12 fév  2017 asmc.exe
> -rw-r--r-- 1 paul paul   12 12 fév  2017 build.bat
> -rw-r--r-- 1 paul paul  87K 12 fév  2017 dzrc.exe
> -rw-r--r-- 1 paul paul 3,0K 12 fév  2017 fcmp.exe
> -rw-r--r-- 1 paul paul 9,5K 12 fév  2017 iddc.exe
> -rw-r--r-- 1 paul paul 137K 12 fév  2017 libw.exe
> -rw-r--r-- 1 paul paul 301K 12 fév  2017 linkw.exe
> -rw-r--r-- 1 paul paul  965 12 fév  2017 linkw.lnk
> -rw-r--r-- 1 paul paul  26K 12 fév  2017 make.exe
> 
> Most files here have a few (about 4 to 5) detections on virustotal.

I guess the tiny build.bat and linkw.lnk did not get any detections?

> make.exe have 9/69: https://www.virustotal.com/gui/file/2af3a455bcab37663f2fdef1c5a7a55959121b2d7969138b082f0885929aa1c2

After triggering a re-analysis after the original 2 year old one,
three vendors still flag the file: Palo Alto Networks as generic
ML, VBA32 as BScope.Trojan.Wacatac and Trellis ENS as Artemis
"87D9CDA0A64D".

File metadata says the file is from 2016, "drops 1 file"
and contacts www.microsoft.com and various IPs, including
some suspicious ones related to Lucyk Mouse APT27.

Heuristics complain that it spawns processes, which is not
unusual for MAKE, checks and sets env vars and juggles files.

On Windows, the file accesses software.exe, sysmain.sdb,
sortdefault.nls, plenty of DLLs, conhost and condrv stuff.
It "drops" a "file" to CONDRV. Sounds vaguely acceptable.

What does not sound good is the list of registry keys used.
Also, MAKE sort of spawns itself and software.exe etc.

Another question is WHY the SOURCES zip inside the DOSZIP
package contains a bunch of compiler EXEs, if I understand
your method of unzipping everything recursively correctly?

Regards, Eric

Re: [Freedos-devel] Confirming I see malware inside FreeDOS official 1.3 release

[Paul D. <duf...@zo...>]

Version does not seems to corresponds at first glance to a known version of doszip.
https://www.ibiblio.org/pub/micro/pc-stuff/freedos/files/repositories/1.3/pkg-html/doszip.html
shows version 2.66...
https://www.ibiblio.org/pub/micro/pc-stuff/freedos/files/util/file/doszip/old/
goes from 2.5 to 3.18

[paul@betakard bin]$ file ./*
./asmc.exe:  PE32 executable (console) Intel 80386, for MS Windows, 7 sections
./build.bat: ASCII text, with CRLF line terminators
./dzrc.exe:  PE32 executable (console) Intel 80386, for MS Windows, 5 sections
./fcmp.exe:  PE32 executable (console) Intel 80386, for MS Windows, 3 sections
./iddc.exe:  PE32 executable (console) Intel 80386, for MS Windows, 3 sections
./libw.exe:  PE32 executable (console) Intel 80386, for MS Windows, 3 sections
./linkw.exe: PE32 executable (console) Intel 80386, for MS Windows, 3 sections
./linkw.lnk: ASCII text
./make.exe:  PE32 executable (console) Intel 80386, for MS Windows, 5 sections
[paul@betakard bin]$ 

Re: [Freedos-devel] Re: Confirming I see malware inside FreeDOS official 1.3 release

[Wilhelm S. <wil...@ma...>]

<html>
 <head>
  <meta name="viewport" content="width=device-width">
  <meta http-equiv="Content-Type" content="text/vnd.ui.insecure+html;charset=utf-8">
 </head>
 <body style="overflow-wrap:break-word; word-break: break-word;"><div class="mail_android_message" style="line-height: 1; padding: 0.5em"><div>
 if you have a win machine goto&nbsp;https://www.nirsoft.net/utils/index.html and try to download some of the tools. anywhere there is a password-zipped file with all tools. download them or, if you find the password zipped file and enter the password your virus checker will have the job of its life! pling, pling, pling, pling!
</div><div>
 But they all do what you can read about them when there is no virus checker!
</div><div ><br></div><div >Willi<br><br>--<br>Gesendet mit der <a href="http://mail.com">mail.com</a> Mail App</div></div><div class="mail_android_quote" style="line-height: 1; padding: 0.3em"><html><body>Am 03.10.24, 00:16 schrieb Jim Hall via Freedos-devel &lt;fre...@li...&gt;:</body></html><blockquote class="gmail_quote" style="margin: 0.8ex 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">

  On Wed, Oct 2, 2024 at 4:51 PM Paul Dufresne via Freedos-devel
  <br>
   &lt;fre...@li...&gt; wrote:
  <br>
   &gt;
  <br>
   &gt; Following <a href="https://gitlab.com/FreeDOS/issue-reporting/-/issues/57">https://gitlab.com/FreeDOS/issue-reporting/-/issues/57</a>
  <br>
   &gt;
  <br>
   &gt; I downloaded <a href="https://www.ibiblio.org/pub/micro/pc-stuff/freedos/files/distributions/1.3/official/FD13-LiveCD.zip">https://www.ibiblio.org/pub/micro/pc-stuff/freedos/files/distributions/1.3/official/FD13-LiveCD.zip</a>
  <br>
   &gt;
  <br>
   &gt; Extracted it, extracted the iso in it, extracted packages/apps/doszip in it, extracted SOURCE/SOURCES.ZIP... and now get something like:/home/paul/Téléchargements/virus/packages/apps/virus/SOURCE/DOSZIP/bin (I created the virus directory!)
  <br>
   &gt; [paul@betakard bin]$ ls -lh
  <br>
   &gt; total 888K
  <br>
   &gt; -rw-r--r-- 1 paul paul 303K 12 fév 2017 asmc.exe
  <br>
   &gt; -rw-r--r-- 1 paul paul 12 12 fév 2017 build.bat
  <br>
   &gt; -rw-r--r-- 1 paul paul 87K 12 fév 2017 dzrc.exe
  <br>
   &gt; -rw-r--r-- 1 paul paul 3,0K 12 fév 2017 fcmp.exe
  <br>
   &gt; -rw-r--r-- 1 paul paul 9,5K 12 fév 2017 iddc.exe
  <br>
   &gt; -rw-r--r-- 1 paul paul 137K 12 fév 2017 libw.exe
  <br>
   &gt; -rw-r--r-- 1 paul paul 301K 12 fév 2017 linkw.exe
  <br>
   &gt; -rw-r--r-- 1 paul paul 965 12 fév 2017 linkw.lnk
  <br>
   &gt; -rw-r--r-- 1 paul paul 26K 12 fév 2017 make.exe
  <br>
   &gt;
  <br>
   &gt; Most files here have a few (about 4 to 5) detections on virustotal.
  <br>
   &gt; make.exe have 9/69: <a href="https://www.virustotal.com/gui/file/2af3a455bcab37663f2fdef1c5a7a55959121b2d7969138b082f0885929aa1c2">https://www.virustotal.com/gui/file/2af3a455bcab37663f2fdef1c5a7a55959121b2d7969138b082f0885929aa1c2</a>
  <br>
   &gt;
  <br>
   &gt; I did not investigated more than that... but seems suspicious to me.
  <br>
   &gt;
  <br>
  <br>
   That "9/69" means that it tested with 69 security vendors, and 9 had
  <br>
   some kind of flag.
  <br>
  <br>
   If you look at what is specifically being flagged in this report, one
  <br>
   is "Win32:Malware-gen" which a person from Avast describes this way:
  <br>
   "Generic threats are files that appear suspicious to AVG but do not
  <br>
   match any known threat"[1]. In other words, it's a generic ("gen")
  <br>
   detection on something the AV software *thinks* might be suspicious.
  <br>
  <br>
   Another is "Generic.ml" which is the same issue: a generic detection
  <br>
   on something that's not known to be a problem, but the software thinks
  <br>
   might be.
  <br>
  <br>
   Another is "Malware.Heuristic.1004" which is not actually a virus.
  <br>
   Instead, a "heuristic" is when the AV software has to make a guess
  <br>
   based on other behaviors it has seen. But it's just a guess.
  <br>
  <br>
  <br>
   Note that plain DOS programs often get misidentified as Windows
  <br>
   malware because the programs are accessing the low level features of
  <br>
   the CPU or DOS. That's something very common in DOS, but not allowed
  <br>
   in Windows.
  <br>
  <br>
  <br>
  <br>
   [1]<a href="https://support.avg.com/answers?id=9060N000000LnS4QAK">https://support.avg.com/answers?id=9060N000000LnS4QAK</a>
  <br>
  <br>
  <br>
   _______________________________________________
  <br>
   Freedos-devel mailing list
  <br>
   Fre...@li...
  <br><a href="https://lists.sourceforge.net/lists/listinfo/freedos-devel">https://lists.sourceforge.net/lists/listinfo/freedos-devel</a>
  <br>
 </blockquote></div></body>
</html>

Re: [Freedos-devel] Confirming I see malware inside FreeDOS official 1.3 release

[Kirn G. II <seg...@gm...>]

Run the Linux "file" tool on the executables, if they don't say PE for Windows in addition to DOS MZ, then they aren't Win32 and any suggestions of a Win32 virus are inherently bullshit.

By eliminating the impossible, whatever remains, no matter how improbable, must be the truth.

Sent from my T-Mobile 5G Device
Get Outlook for Android<https://aka.ms/AAb9ysg>
________________________________
From: Paul Dufresne via Freedos-devel <fre...@li...>
Sent: Wednesday, October 2, 2024 4:50:50 PM
To: freedos-devel <fre...@li...>
Cc: Paul Dufresne <duf...@zo...>
Subject: [Freedos-devel] Confirming I see malware inside FreeDOS official 1.3 release

Following https://gitlab.com/FreeDOS/issue-reporting/-/issues/57

I downloaded https://www.ibiblio.org/pub/micro/pc-stuff/freedos/files/distributions/1.3/official/FD13-LiveCD.zip

Extracted it, extracted the iso in it, extracted packages/apps/doszip in it, extracted SOURCE/SOURCES.ZIP... and now get something like:/home/paul/Téléchargements/virus/packages/apps/virus/SOURCE/DOSZIP/bin (I created the virus directory!)
[paul@betakard bin]$ ls -lh
total 888K
-rw-r--r-- 1 paul paul 303K 12 fév  2017 asmc.exe
-rw-r--r-- 1 paul paul   12 12 fév  2017 build.bat
-rw-r--r-- 1 paul paul  87K 12 fév  2017 dzrc.exe
-rw-r--r-- 1 paul paul 3,0K 12 fév  2017 fcmp.exe
-rw-r--r-- 1 paul paul 9,5K 12 fév  2017 iddc.exe
-rw-r--r-- 1 paul paul 137K 12 fév  2017 libw.exe
-rw-r--r-- 1 paul paul 301K 12 fév  2017 linkw.exe
-rw-r--r-- 1 paul paul  965 12 fév  2017 linkw.lnk
-rw-r--r-- 1 paul paul  26K 12 fév  2017 make.exe

Most files here have a few (about 4 to 5) detections on virustotal.
make.exe have 9/69: https://www.virustotal.com/gui/file/2af3a455bcab37663f2fdef1c5a7a55959121b2d7969138b082f0885929aa1c2

I did not investigated more than that... but seems suspicious to me.




_______________________________________________
Freedos-devel mailing list
Fre...@li...
https://lists.sourceforge.net/lists/listinfo/freedos-devel

Re: [Freedos-devel] Confirming I see malware inside FreeDOS official 1.3 release

[Jim H. <jh...@fr...>]

On Wed, Oct 2, 2024 at 4:51 PM Paul Dufresne via Freedos-devel
<fre...@li...> wrote:
>
> Following https://gitlab.com/FreeDOS/issue-reporting/-/issues/57
>
> I downloaded https://www.ibiblio.org/pub/micro/pc-stuff/freedos/files/distributions/1.3/official/FD13-LiveCD.zip
>
> Extracted it, extracted the iso in it, extracted packages/apps/doszip in it, extracted SOURCE/SOURCES.ZIP... and now get something like:/home/paul/Téléchargements/virus/packages/apps/virus/SOURCE/DOSZIP/bin (I created the virus directory!)
> [paul@betakard bin]$ ls -lh
> total 888K
> -rw-r--r-- 1 paul paul 303K 12 fév  2017 asmc.exe
> -rw-r--r-- 1 paul paul   12 12 fév  2017 build.bat
> -rw-r--r-- 1 paul paul  87K 12 fév  2017 dzrc.exe
> -rw-r--r-- 1 paul paul 3,0K 12 fév  2017 fcmp.exe
> -rw-r--r-- 1 paul paul 9,5K 12 fév  2017 iddc.exe
> -rw-r--r-- 1 paul paul 137K 12 fév  2017 libw.exe
> -rw-r--r-- 1 paul paul 301K 12 fév  2017 linkw.exe
> -rw-r--r-- 1 paul paul  965 12 fév  2017 linkw.lnk
> -rw-r--r-- 1 paul paul  26K 12 fév  2017 make.exe
>
> Most files here have a few (about 4 to 5) detections on virustotal.
> make.exe have 9/69: https://www.virustotal.com/gui/file/2af3a455bcab37663f2fdef1c5a7a55959121b2d7969138b082f0885929aa1c2
>
> I did not investigated more than that... but seems suspicious to me.
>

That "9/69" means that it tested with 69 security vendors, and 9 had
some kind of flag.

If you look at what is specifically being flagged in this report, one
is "Win32:Malware-gen" which a person from Avast describes this way:
"Generic threats are files that appear suspicious to AVG but do not
match any known threat"[1]. In other words, it's a generic ("gen")
detection on something the AV software *thinks* might be suspicious.

Another is "Generic.ml" which is the same issue: a generic detection
on something that's not known to be a problem, but the software thinks
might be.

Another is "Malware.Heuristic.1004" which is not actually a virus.
Instead, a "heuristic" is when the AV software has to make a guess
based on other behaviors it has seen. But it's just a guess.


Note that plain DOS programs often get misidentified as Windows
malware because the programs are accessing the low level features of
the CPU or DOS. That's something very common in DOS, but not allowed
in Windows.



[1]https://support.avg.com/answers?id=9060N000000LnS4QAK

[Freedos-devel] Confirming I see malware inside FreeDOS official 1.3 release

[Paul D. <duf...@zo...>]

Following https://gitlab.com/FreeDOS/issue-reporting/-/issues/57

I downloaded https://www.ibiblio.org/pub/micro/pc-stuff/freedos/files/distributions/1.3/official/FD13-LiveCD.zip

Extracted it, extracted the iso in it, extracted packages/apps/doszip in it, extracted SOURCE/SOURCES.ZIP... and now get something like:/home/paul/Téléchargements/virus/packages/apps/virus/SOURCE/DOSZIP/bin (I created the virus directory!)
[paul@betakard bin]$ ls -lh
total 888K
-rw-r--r-- 1 paul paul 303K 12 fév  2017 asmc.exe
-rw-r--r-- 1 paul paul   12 12 fév  2017 build.bat
-rw-r--r-- 1 paul paul  87K 12 fév  2017 dzrc.exe
-rw-r--r-- 1 paul paul 3,0K 12 fév  2017 fcmp.exe
-rw-r--r-- 1 paul paul 9,5K 12 fév  2017 iddc.exe
-rw-r--r-- 1 paul paul 137K 12 fév  2017 libw.exe
-rw-r--r-- 1 paul paul 301K 12 fév  2017 linkw.exe
-rw-r--r-- 1 paul paul  965 12 fév  2017 linkw.lnk
-rw-r--r-- 1 paul paul  26K 12 fév  2017 make.exe

Most files here have a few (about 4 to 5) detections on virustotal.
make.exe have 9/69: https://www.virustotal.com/gui/file/2af3a455bcab37663f2fdef1c5a7a55959121b2d7969138b082f0885929aa1c2

I did not investigated more than that... but seems suspicious to me.

Re: [Freedos-devel] Re: broken c::\Freedos\Links removing lame link is cruel

[Wilhelm S. <wil...@ma...>]

<html>
 <head>
  <meta name="viewport" content="width=device-width">
  <meta http-equiv="Content-Type" content="text/vnd.ui.insecure+html;charset=utf-8">
 </head>
 <body style="overflow-wrap:break-word; word-break: break-word;"><div class="mail_android_message" style="line-height: 1; padding: 0.5em"><div>
 Hi Paul,
</div><div>
 first, hope you got a file from me.
</div><div ><br></div><div>
 I reported the problems one day before you and noticed that some links did not work because of a wrong path, some ran into help, so most were useless for me.
</div><div>
 Well, I think if you start with these links, you should create a link to almost all important commands or add an overlong "set path" file. But this seems to be not intended.
</div><div ><br></div><div >Willi<br><br>--<br>Gesendet mit der <a href="http://mail.com">mail.com</a> Mail App</div></div><div class="mail_android_quote" style="line-height: 1; padding: 0.3em"><html><body>Am 02.10.24, 21:55 schrieb Paul Dufresne via Freedos-devel &lt;fre...@li...&gt;:</body></html><blockquote class="gmail_quote" style="margin: 0.8ex 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">

  Jérome said:
  <br>
   &gt;You sort of can.
  <br><a href="https://gitlab.com/groups/FreeDOS/-/activity">https://gitlab.com/groups/FreeDOS/-/activity</a>
  <br>
   Ah good... fit the need... thanks!
  <br>
  <br>
   I am coming back from a walk... and while I was coming home, I became less conciliant about removing lame link.
  <br>
   I said few people probably use lame... but for people that do. they are likely to call it often, with many different options:
  <br><a href="https://svn.code.sf.net/p/lame/svn/trunk/lame/USAGE">https://svn.code.sf.net/p/lame/svn/trunk/lame/USAGE</a>
  <br>
   So, often they may have a bunch of files to convert from one audio format to MP3... and I think removing the link is
  <br>
   "cruel" for them. They should probably do their own batch files... but they might very well not really know how to do it.
  <br>
  <br>
  <br>
   _______________________________________________
  <br>
   Freedos-devel mailing list
  <br>
   Fre...@li...
  <br><a href="https://lists.sourceforge.net/lists/listinfo/freedos-devel">https://lists.sourceforge.net/lists/listinfo/freedos-devel</a>
  <br>
 </blockquote></div></body>
</html>

Re: [Freedos-devel] broken c::\Freedos\Links removing lame link is cruel

[Paul D. <duf...@zo...>]

Jérome said:
>You sort of can.
https://gitlab.com/groups/FreeDOS/-/activity
Ah good... fit the need... thanks!

I am coming back from a walk... and while I was coming home, I became less conciliant about removing lame link.
I said few people probably use lame... but for people that do. they are likely to call it often, with many different options:
https://svn.code.sf.net/p/lame/svn/trunk/lame/USAGE
So, often they may have a bunch of files to convert from one audio format to MP3... and I think removing the link is
"cruel" for them. They should probably do their own batch files... but they might very well not really know how to do it.

Re: [Freedos-devel] GeoWorks

[Fritz M. <fri...@ma...>]

<html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div>I just tested wbat after a very long time. It does not only support A-Z but also arrow up/down left/right, mouse, can create OK buttons etc, even a X close button, so it</div>

<div>is not SO out of date.</div>

<div>&nbsp;</div>

<div>If you want to test it, you can try my absolutely outdated games CD (I noticed that a lot of things do no longer work, especial not all CD drivers work, FD kernel/himem etc is from 2005 so don&#39;t be to hard with this CD. The idea was to save the game results on a diskette and to load it for the next game.</div>

<div>https://www.bootablecd.de/indexeng.html - click on installation disk and the first bootCD game, in virtualbox it worked for me with VIDE ATAPI - US keyboard, no sound driver - Sokoban - Sokoban clone - START - or read manual etc. If a Windows user does not understand this he should never think about DOS.</div>

<div>&nbsp;</div>

<div>Willi</div>

<div>&nbsp;
<div>&nbsp;
<div name="quote" style="margin:10px 5px 5px 10px; padding: 10px 0 10px 10px; border-left:2px solid #C3D9E5; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<div style="margin:0 0 10px 0;"><b>Sent:</b>&nbsp;Wednesday, October 02, 2024 at 7:34 PM<br/>
<b>From:</b>&nbsp;&quot;Liam Proven via Freedos-devel&quot; &lt;fre...@li...&gt;<br/>
<b>To:</b>&nbsp;&quot;Bret Johnson&quot; &lt;bre...@ju...&gt;<br/>
<b>Cc:</b>&nbsp;&quot;Liam Proven&quot; &lt;lp...@gm...&gt;, fre...@li...<br/>
<b>Subject:</b>&nbsp;Re: [Freedos-devel] GeoWorks</div>

<div name="quoted-content">On Wed, 2 Oct 2024 at 18:06, Bret Johnson &lt;bre...@ju...&gt; wrote:<br/>
&gt;<br/>
&gt; Attached is a screen shot of what I used a long time ago for a menu program. It is both similar to what the solution using V8 Power Tools is and what I think you are wanting. It is a combination of a (complicated) batch file along with a few utilities, some provided by DOS and some of my own.<br/>
<br/>
Thanks very much for this!<br/>
<br/>
Yes, it&#39;s the kind of thing I experimented with doing at the end of<br/>
the 1980s and start of the 1990s, using Norton Utilities tools and<br/>
others. The snag was that I couldn&#39;t deploy it on customers&#39; machines,<br/>
because I couldn&#39;t rely on them having NU or whatever -- and<br/>
businesses were often Not Happy about you putting shareware and so on<br/>
onto production kit.<br/>
<br/>
(For comparison think of VirtualBox and the Extension Pack today. VBox<br/>
is FOSS and free even for production use. The ExtPack is not and could<br/>
result in a bill for &#36;thousands. NB: don&#39;t confuse the VBox Extension<br/>
Pack with the VBox Guest Additions, which are also free and FOSS.)<br/>
<br/>
I would like to make this look good and at least somewhat<br/>
professional. Confronting a Windows user with DOS is going to cause<br/>
culture shock anyway, but a numbered batch file and a &quot;TYPE A NUMBER&quot;<br/>
prompt would be even worse, and I suspect that to 21st century users<br/>
it would look very amateurish and give a bad impression.<br/>
<br/>
This is not a criticism of your work!<br/>
<br/>
FreeDOS is not MS-DOS or PC-DOS, but I think that many people many not<br/>
realise just how far DOS got in the 1990s... And in some ways FreeDOS<br/>
hasn&#39;t caught up, even now.<br/>
<br/>
--<br/>
Liam Proven ~ Profile: <a href="https://about.me/liamproven" target="_blank">https://about.me/liamproven</a><br/>
Email: lp...@ci... ~ gMail/gTalk/FB: lp...@gm...<br/>
Twitter/LinkedIn: lproven ~ Skype: liamproven<br/>
IoM: (+44) 7624 227612: UK: (+44) 7939-087884<br/>
Czech [+ WhatsApp/Telegram/Signal]: (+420) 702-829-053<br/>
<br/>
<br/>
_______________________________________________<br/>
Freedos-devel mailing list<br/>
Fre...@li...<br/>
<a href="https://lists.sourceforge.net/lists/listinfo/freedos-devel" target="_blank">https://lists.sourceforge.net/lists/listinfo/freedos-devel</a></div>
</div>
</div>
</div></div></body></html>

Re: [Freedos-devel] GeoWorks

[Liam P. <lp...@gm...>]

On Wed, 2 Oct 2024 at 18:06, Bret Johnson <bre...@ju...> wrote:
>
> Attached is a screen shot of what I used a long time ago for a menu program.  It is both similar to what the solution using V8 Power Tools is and what I think you are wanting.  It is a combination of a (complicated) batch file along with a few utilities, some provided by DOS and some of my own.

Thanks very much for this!

Yes, it's the kind of thing I experimented with doing at the end of
the 1980s and start of the 1990s, using Norton Utilities tools and
others. The snag was that I couldn't deploy it on customers' machines,
because I couldn't rely on them having NU or whatever -- and
businesses were often Not Happy about you putting shareware and so on
onto production kit.

(For comparison think of VirtualBox and the Extension Pack today. VBox
is FOSS and free even for production use. The ExtPack is not and could
result in a bill for $thousands. NB: don't confuse the VBox Extension
Pack with the VBox Guest Additions, which are also free and FOSS.)

I would like to make this look good and at least somewhat
professional. Confronting a Windows user with DOS is going to cause
culture shock anyway, but a numbered batch file and a "TYPE A NUMBER"
prompt would be even worse, and I suspect that to 21st century users
it would look very amateurish and give a bad impression.

This is not a criticism of your work!

FreeDOS is not MS-DOS or PC-DOS, but I think that many people many not
realise just how far DOS got in the 1990s... And in some ways FreeDOS
hasn't caught up, even now.

-- 
Liam Proven ~ Profile: https://about.me/liamproven
Email: lp...@ci... ~ gMail/gTalk/FB: lp...@gm...
Twitter/LinkedIn: lproven ~ Skype: liamproven
IoM: (+44) 7624 227612: UK: (+44) 7939-087884
Czech [+ WhatsApp/Telegram/Signal]: (+420) 702-829-053

Re: [Freedos-devel] broken c::\Freedos\Links and monitoring Gitlab changes

[Paul D. <duf...@zo...>]

Now... trying to see your changes to the project to see the changes you made, I kind of for the first
time realizing that I cannot see the commits for the full project on Gitlab... I have to move to an individual
program to see the changes. I find this... not ideal.

---- Le mer., 02 oct. 2024 06:39:35 -0400 Jerome Shidel via Freedos-devel  a écrit ----
 > > 
 > > But I thought I would go through all the links in C:\FreeDOS\Links to see which one seems to not work (return to DOS prompt doing nothing):
 > > Gopherus, lame, rcal,
 > > why tcedit.dst file is in links?
 > > utf8tocp
 > 
 > I’ve already updated the packages for Gopherus, Lame and UTF8TOCP.  So, just rcal needs fixed. 

Just did it for rcal:
https://gitlab.com/FreeDOS/util/rcal/-/commit/13e9761c4f9d70d21c759f00fd373c86526ae540

For Gopherus, I don't see your change:
https://gitlab.com/FreeDOS/net/gopherus/-/commits/master

For Lame, I was surprised of the choice to just remove the link... but also that the commit is mixed
with CI (continuous integration) changes:
https://gitlab.com/FreeDOS/sound/lame/-/commit/0283fb824b86f6c081d45361e648ae9686e85f1c
I guess I agree to remove the link as lame does not seems a used often program for most users.

For UTF8TOCP, I am surprised your change failed:
https://gitlab.com/FreeDOS/util/utf8tocp/-/pipelines/1477322373
The change itself:
https://gitlab.com/FreeDOS/util/utf8tocp/-/commit/90aecb8ea343eb39cf00a8acf9c2b471611afd95
The only surprised for me was I guess the change of timestamps.

 > I just did a fresh install of T2410. I don’t see a tcedit.dst file under links.
I'll check more carefully when it appears... maybe it need to install with sources... maybe a program wrote it.

Thanks for the explanations on how the installer change links at install time.
But it was a mistake for me to say the installer... I was more thinking that when you build the package, you
could probably issue a warning like you already do for other things, when a program use a broken link.
Really an enhancement request... Maybe I should just open a enhancement ticket for ... builder I guess.

Re: [Freedos-devel] GeoWorks

[Liam P. <lp...@gm...>]

On Wed, 2 Oct 2024 at 13:59, Fritz Mueller via Freedos-devel
<fre...@li...> wrote:
>
> I am not sure if I understand you correct. You want a very very simple start menu for several programs - maybe without colours?
> What about this very simple solution? It is only a batch file with checking errorlevels.  Simply type "A - Z". No mouse support.
> The blue colour is only because config.sys uses the setting: "menucolor=15,1". It is not really needed.
> The second version requires a small tool "wbat" from Horst Schaeffer and is a little bit more complex.
> I saw something like wbat anywhere in the FD download section, but forgot the name.

Sure, yes, that is what I did when configuring MS-DOS 3.3 for
customers in 1988 or 1989. :-)

But DOS moved on and matured, and soon it became possible to do much
more mature, professional-looking menus, firstly with 3rd party tools
and then by DR or MS-DOS 5, with built-in tools.

While I liked using DOS and would be happy to use some DOS even now, I
would want late-era DOS, not 1980s style. :-D

-- 
Liam Proven ~ Profile: https://about.me/liamproven
Email: lp...@ci... ~ gMail/gTalk/FB: lp...@gm...
Twitter/LinkedIn: lproven ~ Skype: liamproven
IoM: (+44) 7624 227612: UK: (+44) 7939-087884
Czech [+ WhatsApp/Telegram/Signal]: (+420) 702-829-053