Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If the decompressor is included in the compressed file and it's malicious, the file can hardly be called known good.


But also I guess the logic of the decompressor could output different files in different occasions, for example, if it detects a victim, making it difficult to verify.


If it can "detect a victim", then the sandbox is faulty. The decompressor shouldn't see any system details. Only the input and output streams.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: