Microsoft: piracy is getting virusy

[David_B]

FromTheRafters wrote:
> 8.3 days

Now *that* sure took me back! http://en.wikipedia.org/wiki/8.3_filename

[Ant]

"FromTheRafters" wrote:

> I've read somewhere that one needs to edit the registry so as to allow
> creation of filenames with such characters.

Only if you're using the keyboard. I wrote a test program using the
CreateFileW function. The ending 'W' means a unicode string is
required for the filename so I could be sure I was using the correct
character.

> If so, I'm wondering if the
> same disallowance applies to such files extracted from archive files. I
> have only ever seen these where the name actually comes from within an
> archive file.

No, it doesn't. Any program can create a file with a unicode name
irrespective of registry settings. After all, the native Windows API
uses unicode exclusively. My test program gave the expected visual
result on XP but not on Win2k (in neither case was the registry value
set), so the older Explorer GUI did not recognise the RLO character.
However, my W2k is so heavily tweaked that it's possible something
else is preventing it from working!

[FromTheRafters]

Ant used his keyboard to write :
> "FromTheRafters" wrote:
>
>> I've read somewhere that one needs to edit the registry so as to allow
>> creation of filenames with such characters.
>
> Only if you're using the keyboard. I wrote a test program using the
> CreateFileW function. The ending 'W' means a unicode string is
> required for the filename so I could be sure I was using the correct
> character.
>
>> If so, I'm wondering if the
>> same disallowance applies to such files extracted from archive files. I
>> have only ever seen these where the name actually comes from within an
>> archive file.
>
> No, it doesn't. Any program can create a file with a unicode name
> irrespective of registry settings. After all, the native Windows API
> uses unicode exclusively. My test program gave the expected visual
> result on XP but not on Win2k (in neither case was the registry value
> set), so the older Explorer GUI did not recognise the RLO character.
> However, my W2k is so heavily tweaked that it's possible something
> else is preventing it from working!

Thanks Ant, now I don't have to wonder about that anymore. I have heard
(or read) Unicode characters being referred to as "wide" characters
which is likely what the "W" means in the CreateFileW function.

[Ant]

"FromTheRafters" wrote:

> Thanks Ant, now I don't have to wonder about that anymore. I have heard
> (or read) Unicode characters being referred to as "wide" characters
> which is likely what the "W" means in the CreateFileW function.

Yep, 'W' is wide, meaning unicode (why didn't they use 'U'?) and 'A'
is normal, meaning ANSI (how it looks depends on your language
settings). The suffixes apply to Win API functions that have strings
as parameters. Normally you omit them (e.g. use CreateFile) and the
correct version is substituted, depending on your compiler settings.

[David_B]

Ant wrote:
> "FromTheRafters" wrote:
>
>> Thanks Ant, now I don't have to wonder about that anymore. I have heard
>> (or read) Unicode characters being referred to as "wide" characters
>> which is likely what the "W" means in the CreateFileW function.
>
> Yep, 'W' is wide, meaning unicode (why didn't they use 'U'?) and 'A'
> is normal, meaning ANSI (how it looks depends on your language
> settings). The suffixes apply to Win API functions that have strings
> as parameters. Normally you omit them (e.g. use CreateFile) and the
> correct version is substituted, depending on your compiler settings.

Excuse me butting in Ant, but I'd very much like your opinion on what
was said about file names by a clever fellow when I was posting in the
Kaspersky forums.

To save reinventing the wheel, please look here: Message-ID:
<wfqdnX669MFX6BzNnZ2dnUVZ8tmdnZ2d@bt.com>

http://al.howardknight.net/msgid.cgi...2d%40bt.com%3E

Does the post made by Paul (aka p2U) make good sense to you?

Maybe you feel he was mistaken, perhaps.

My thanks in anticipation of your help. :-)

[Ant]

"David_B" wrote:

> Excuse me butting in Ant, but I'd very much like your opinion on what
> was said about file names by a clever fellow when I was posting in the
> Kaspersky forums.
>
> To save reinventing the wheel, please look here: Message-ID:
> <wfqdnX669MFX6BzNnZ2dnUVZ8tmdnZ2d@bt.com>
>
> http://al.howardknight.net/msgid.cgi...2d%40bt.com%3E
>
> Does the post made by Paul (aka p2U) make good sense to you?

He's talking about MalwareBytes detection of some files by name only
being a bad idea. While names can be an indication of malware, a
scanner ought to look deeper. Most malware uses randomly generated
names so it's pointless adding such a name to a list of bad actors.
However, it may be that a particular malware reliably uses the same
path and name which the scanner authors feel can be removed without
further inspection. I don't know if that's the case here. Obviously
such a method will cause problems if a legitimate application using
that name is installed.

[David_B]

Ant wrote:
> "David_B" wrote:
>
>> Excuse me butting in Ant, but I'd very much like your opinion on what
>> was said about file names by a clever fellow when I was posting in the
>> Kaspersky forums.
>>
>> To save reinventing the wheel, please look here: Message-ID:
>> <wfqdnX669MFX6BzNnZ2dnUVZ8tmdnZ2d@bt.com>
>>
>> http://al.howardknight.net/msgid.cgi...2d%40bt.com%3E
>>
>> Does the post made by Paul (aka p2U) make good sense to you?
>
> He's talking about MalwareBytes detection of some files by name only
> being a bad idea. While names can be an indication of malware, a
> scanner ought to look deeper. Most malware uses randomly generated
> names so it's pointless adding such a name to a list of bad actors.
> However, it may be that a particular malware reliably uses the same
> path and name which the scanner authors feel can be removed without
> further inspection. I don't know if that's the case here. Obviously
> such a method will cause problems if a legitimate application using
> that name is installed.

Many thanks for your comments, Ant.

Much appreciated! :-)