Jump to content
Gibsonm

3.025 is up

Recommended Posts

There's a problem with SBProPE3_025.part1.exe, both in the torrent and the individual download. The torrent won't verify some pieces contained in that file, and the SHA1 of SBProPE3_025.part1.exe as downloaded from the site doesn't match.

Share this post


Link to post
Share on other sites
There's a problem with SBProPE3_025.part1.exe, both in the torrent and the individual download. The torrent won't verify some pieces contained in that file, and the SHA1 of SBProPE3_025.part1.exe as downloaded from the site doesn't match.

Confirmed. Looks like we screwed up the initial file distribution.

Fixing now, reporting back once the problem is solved.

Share this post


Link to post
Share on other sites

Ok... the actual direct download links are ok, they will be up again ASAP.

Only the torrent was screwed up, sorry for that, it is being recreated as we speak.

Share this post


Link to post
Share on other sites

OK, the torrent has been corrected and is UP again.

If you downloaded the torrent before 19:30 UTC January 26, 2015, please re-download it! As the torrent name did not change, make sure to clear your browser caches.

Of course, the checksum files have been updated as well.

Sorry for the screwup.

Share this post


Link to post
Share on other sites
If you downloaded the torrent before 19:30 UTC January 26, 2015, please re-download it! As the torrent name did not change, make sure to clear your browser caches.

Of course, the checksum files have been updated as well.

Sorry for the screwup.

Thanks. Wondered why it had stalled.

No idea how to clear the cache so I'll go back and do it the old way and just download the parts.

Share this post


Link to post
Share on other sites

Hmm, I d/l'd via the torrent file this evening (post the warning about the wrong files) but when I try to run the part1.exe, I get a message saying the version of the file is not compatible with the version of windows I'm running...

I will try re-downloading part 1 from the conventional d/l links and report.

Share this post


Link to post
Share on other sites

Some othe users have virus warning too:

program named: "TR/Dropper.Gen7" is that part of SB or is there something fishy?

Share this post


Link to post
Share on other sites
Some othe users have virus warning too:

program named: "TR/Dropper.Gen7" is that part of SB or is there something fishy?

Nothing fishy, it's just that self-extracting installers are often tagged by AV software as some sort of TR/Dropper Trojan. It's typically something that can be safely ignored if you have confidence in the download source. The best thing to do is report any false positives to your AV software maker and hope they white list the app.

Share this post


Link to post
Share on other sites
Nothing fishy, it's just that self-extracting installers are often tagged by AV software as some sort of TR/Dropper Trojan. It's typically something that can be safely ignored if you have confidence in the download source.

Everything that you wrote is correct, and yes, it's a false positive in our case here. But of course here's the catch - how do you know that a download source is trustworthy?

Of course we're scanning our computers and have anti virus programs, but even then we can only be as good as the scanners are.

Share this post


Link to post
Share on other sites

Using VirusTotal on suspicious files isn't a bad idea, but as they don't accept files bigger than 128 megabytes it wouldn't help in this case. Anyway, Microsoft Security Essentials didn't seem to care about the installer, for better or worse.

Share this post


Link to post
Share on other sites
...how do you know that a download source is trustworthy?

A couple of updates ago the hashes were posted (I think by dunc). At least that lets you verify the files after they have been downloaded, but before installation.

Edit: Ah! After actually visiting the downloads page, I see that the MD5 and SHA1 hashes are there. So, thank you once again! :)

Share this post


Link to post
Share on other sites

If the release included a virus which was packed into the installer with everything else before they calculated the hash, it wouldn't help at all. The hash is just to verify that what you ended up with is what they uploaded, and that it didn't get corrupted or modified along the way. If someone had access to their servers they could change the files and the hash and it'd still agree even if they changed the contents to be nothing but

. :D

Share this post


Link to post
Share on other sites
If the release included a virus which was packed into the installer with everything else before they calculated the hash, it wouldn't help at all. [...] If someone had access to their servers they could change the files and the hash and it'd still agree even if they changed the contents to be nothing but
. :D

Sure. And if Spetznaz broke into my house and sabotaged my computer they could modify the SHA1SUM algorithm to give the correct hash for a corrupted file. :debile2:

I know, I'm being silly. But I'll take my chances with the hashes. :)

Edit: Seriously though, the hashes could be signed with a PGP key. But then everyone would have to figure out how to use PGP, and that's not the easiest thing to do.

Share this post


Link to post
Share on other sites

The installer executable (not the SFX extractor mind, but the actual installer inside it) should be digitally signed by eSim, as should be the actual ProPE executable, so any tinkering on them one should result in Windows picking it up (and, depending on your local security settings, lead to the program failing to start). So you could just use 7zip or something to manually extract the 'real' installer out of the SFX archive, check its digital certificate, and then install it..

Of course this wouldn't help if the trojan/virus/etc would already be in the installer by the time it was signed..

Share this post


Link to post
Share on other sites

1. Right click on SBProPE3_025.part1.exe > Open with (your archive program) > Extract setup.exe to desktop (or wherever)

2. Right click on setup.exe > properties

3. Goto "Digital Signatures" tab > Press "Details" button

4. Press "View Certificate" button

5. "General" tab > Press "Install Certificate"

6. Another program should run that lets you import certificates > don't change the default settings and follow the prompts.

7. Your computer should now be able to recognize files signed with this eSim Games Certificate as a non-threat... at least until 2016.

I wonder how much business has been lost because of false positives. To some degree, it becomes a security risk itself because if it occurs too frequently, people get used to seeing it and risks becoming just another button to push.

I think what is happening - the self-extracting exe is set to run the setup.exe automatically when the extraction is complete. All the other elements are the same as previous releases. It's this pattern that is suspicious, not the content.

__________________

Share this post


Link to post
Share on other sites

I suppose the question is whether the added convenience of not having to unpack the setup files first is worth the false virus warnings.

Share this post


Link to post
Share on other sites

But in exchange, you will get back the "where do I extract to?" questions.

I've made quite a few installers in the past and the main lesson I learned: the number of buttons the enduser has to push has a direct correlation to the number of problems you have to deal with.

Another option is to contact the AV companies and have it added to their exception lists.

Share this post


Link to post
Share on other sites

Thanks for the h̶o̶t̶f̶i̶x̶ f̶u̶l̶l̶ ̶b̶l̶o̶w̶n̶ ̶u̶p̶d̶a̶t̶e̶ quick but not too quick update-like EXE/hot fix with added content (or whatever 3.025 will be called henceforth!) :luxhello: I'm enjoying it now.

Edited by Lt DeFault
Terminology edit. Again. And future-proofed.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...