Winboard Forum

by **Dann Corbit** » 29 Jun 2004, 01:56

Geschrieben von:/Posted by: Dann Corbit at 29 June 2004 02:56:19:
Als Antwort auf:/In reply to: Re: I decided to ask Leo to remove movei from his site geschrieben von:/posted by: Dann Corbit at 29 June 2004 02:06:08:

Added a check to validate_piece_placement():

char *validate_piece_placement(char *s)
{
int i = 0;
char *mess = "";
while (legality[i].c) {
int count = counts(s, legality[i].c);
if (count < legality[i].min_allowed || count > legality[i].max_allowed) {
mess = legality[i].message;
return mess;
}
i++;
}
int white_pieces = counts(s, 'P') + counts(s, 'B') + counts(s, 'N') + counts(s, 'R') + counts(s, 'Q') + counts(s, 'K');
if (white_pieces > 16) return "ERROR: Count of white chessmen > 16";
int black_pieces = counts(s, 'p') + counts(s, 'b') + counts(s, 'n') + counts(s, 'r') + counts(s, 'q') + counts(s, 'k');
if (black_pieces > 16) return "ERROR: Count of black chessmen > 16";
}

my ftp site {remove http:// unless you like error messages}

by **Dan Honeycutt** » 29 Jun 2004, 02:10

Geschrieben von:/Posted by: Dan Honeycutt at 29 June 2004 03:10:09:
Als Antwort auf:/In reply to: Re: I decided to ask Leo to remove movei from his site geschrieben von:/posted by: Dieter Bürßner at 29 June 2004 01:59:04:

I can add that attacking the king by a knight and another piece at distance 1 also should not be accepted and it includes the case of attacking the king by a knight and a pawn.
Uri, you should make a list, and post it here. The above, and the 3 directions are case, I don't check in Yace (it shouldn't hurt Yace either), but I think it could be worthwhile, to at least give a warning. I check (now ...) the other mentioned things. King not to move in check, exactly 2 Ks of opposite color, number of pieces per side 2) n1 += count[WR]-2; //rooks
Regards,
Dieter

if (count[WQ] > 1) n1 += count[WQ]-1; //queens
if (n1 > 8) {
printf("Max 8 pawns plus promoted pieces");
return (error_value);
}

check if castling can be possible, check if ep is possible. But for example I would not find a pos with 32 pieces, and white has two Bs of the same color suspicious. Also, there are chess variants, where positions occure, that could not occure from the standard start position. So, one probably should not be too picky(?).
I agree with not being too picky. If it won't cause the program to choke, let it be.
Dan H.

by **Dan Honeycutt** » 29 Jun 2004, 02:19

Geschrieben von:/Posted by: Dan Honeycutt at 29 June 2004 03:19:29:
Als Antwort auf:/In reply to: Re: I decided to ask Leo to remove movei from his site geschrieben von:/posted by: Dann Corbit at 29 June 2004 02:56:19:

Added a check to validate_piece_placement():

char *validate_piece_placement(char *s)
{
int i = 0;
char *mess = "";
while (legality[i].c) {
int count = counts(s, legality[i].c);
if (count < legality[i].min_allowed || count > legality[i].max_allowed) {
mess = legality[i].message;
return mess;
}
i++;
}
int white_pieces = counts(s, 'P') + counts(s, 'B') + counts(s, 'N') + counts(s, 'R') + counts(s, 'Q') + counts(s, 'K');
if (white_pieces > 16) return "ERROR: Count of white chessmen > 16";
int black_pieces = counts(s, 'p') + counts(s, 'b') + counts(s, 'n') + counts(s, 'r') + counts(s, 'q') + counts(s, 'k');
if (black_pieces > 16) return "ERROR: Count of black chessmen > 16";
}

see my reply to Dieter for, I think, a simpler approach to piece counts. Also:
switch (*castling_availability) {
case 'K':
castle |= 1;
break;
case 'Q':
castle |= 2;
etc so "KK" does not end up giving "Q".
Dan H.

by **Dieter Bürßner** » 29 Jun 2004, 02:32

Geschrieben von:/Posted by: Dieter Bürßner at 29 June 2004 03:32:54:
Als Antwort auf:/In reply to: Re: I decided to ask Leo to remove movei from his site geschrieben von:/posted by: Dann Corbit at 29 June 2004 02:56:19:

Added a check to validate_piece_placement():

>char           *validate_piece_placement(char *s)
>{
>    int             i = 0;
>    char           *mess = "";
>    while (legality[i].c) {
>        int             count = counts(s, legality[i].c);
>        if (count < legality[i].min_allowed || count > legality[i].max_allowed) {
>            mess = legality[i].message;
>            return mess;
>        }
>        i++;
>    }
>    int white_pieces = counts(s, 'P') +  counts(s, 'B') +  counts(s, 'N') +  counts(s, 'R') +  counts(s, 'Q') +  counts(s, 'K');
>    if (white_pieces > 16) return "ERROR: Count of white chessmen > 16";
>    int black_pieces = counts(s, 'p') +  counts(s, 'b') +  counts(s, 'n') +  counts(s, 'r') +  counts(s, 'q') +  counts(s, 'k');
>    if (black_pieces > 16) return "ERROR: Count of black chessmen > 16";
>}
>
What will your function return, when everything is ok? Perhaps you wanted to have a return mess at the end? return type of const char * would be better. The caller must not change the returned value (it could be in read only memory). Sounds pedantic? Sure! I wanted to be pedantic :-)

I think, one can easily code small bugs. If we code for fun, and do not code really safty critical apps, we should not be too worried (but it is of course good to be aware of problems, and in general it is obviously good to avoid crashes and buffer overruns).
Regards,
Dieter

Dieter

by **Dieter Bürßner** » 29 Jun 2004, 02:39

Geschrieben von:/Posted by: Dieter Bürßner at 29 June 2004 03:39:40:
Als Antwort auf:/In reply to: Re: I decided to ask Leo to remove movei from his site geschrieben von:/posted by: Dan Honeycutt at 29 June 2004 03:10:09:

another way to check the 16, 9, & 10 limits:
n1 = count[WP]; //white pawns
if (count[WB] > 2) n1 += count[WB]-2; //bishops
if (count[WR] > 2) n1 += count[WR]-2; //rooks
if (count[WQ] > 1) n1 += count[WQ]-1; //queens
if (n1 > 8) {
printf("Max 8 pawns plus promoted pieces");
return (error_value);
}

Perhaps, one also wants to confirm that count[WP] if (count[WN] > 2) n1 += count[WN]-2; //(excess) knights
Thanks. THis is actually much more elegant and even much more general than what I am doing. (But it wouldn't really matter for my engine, 1 K and

by **Dan Honeycutt** » 29 Jun 2004, 04:03

Geschrieben von:/Posted by: Dan Honeycutt at 29 June 2004 05:03:54:
Als Antwort auf:/In reply to: Re: I decided to ask Leo to remove movei from his site geschrieben von:/posted by: Dieter Bürßner at 29 June 2004 03:39:40:

another way to check the 16, 9, & 10 limits:
n1 = count[WP]; //white pawns
if (count[WB] > 2) n1 += count[WB]-2; //bishops
if (count[WR] > 2) n1 += count[WR]-2; //rooks
if (count[WQ] > 1) n1 += count[WQ]-1; //queens
if (n1 > 8) {
printf("Max 8 pawns plus promoted pieces");
return (error_value);
}
Perhaps, one also wants to confirm that count[WP] > if (count[WN] > 2) n1 += count[WN]-2; //(excess) knights
Thanks. THis is actually much more elegant and even much more general than what I am doing. (But it wouldn't really matter for my engine, 1 K and Regards,
Dieter

by **Cesar Contreras** » 29 Jun 2004, 07:01

Geschrieben von:/Posted by: Cesar Contreras at 29 June 2004 08:01:20:
Als Antwort auf:/In reply to: I decided to ask Leo to remove movei from his site geschrieben von:/posted by: Uri Blass at 28 June 2004 21:42:56:

It is time that chess programmers stop supporting viruses and somebody needs to do the first step.

I only see this ways to hack:
1.- A modified (trojan) winboard or arena or anything similar. But if hackers modified winboard they already have the control so it's useless to hack using your engine.
2.- A modified chess server who sends commands with bad code attached to the FEN position (buffer overrun) in conjunction with a client without verifications.
3.- Downloading FEN positions with bad code attached, again, using buffer overrun, and again with a not too secure client.
So as i can see, the real security problem are not crashes, but buffer overrun holes that IMHO are very dificult to explode (on chess engines).
It's not to complicated to avoid buffer overrun in winboard engines, ie. using fgets() function instead of gets(), in order to indicate buffer max length.
I think it's much more unsecure to download the latest new and untested chess engine (we all do) that can be a trojan or have a virus .

by **Volker Boehm** » 29 Jun 2004, 09:51

Geschrieben von:/Posted by: Volker Boehm at 29 June 2004 10:51:58:
Als Antwort auf:/In reply to: Re: I decided to ask Leo to remove movei from his site geschrieben von:/posted by: Anastasios Milikas at 28. June 2004 23:42:

So we have to remove the 99.9% of all Windows programs because they all crash occasionaly!

Thus 0,1% of all Windows Programs are "Hello World" Programs?
Greetings Volker

by **Andreas Herrmann** » 29 Jun 2004, 12:10

Geschrieben von:/Posted by: Andreas Herrmann at 29 June 2004 13:10:16:
Als Antwort auf:/In reply to: I decided to ask Leo to remove movei from his site geschrieben von:/posted by: Uri Blass at 28 June 2004 21:42:56:

Movei can crash if you give it an illegal FEN or long games of more than 1000 moves.
After Dann Corbit's post that it is not acceptable I decided to ask Leo to remove it from his site.
I suggest also other programmers that their program suffers from the same problem to do the same and stop do their program freeware(I believe that most of the chess programs suffer from the same problem).
It is time that chess programmers stop supporting viruses and somebody needs to do the first step.
I may release a new version but it will not be in the near future because
I expect fixing the problem of illegal FEN to not be an easy task and in the near future I care more about improving the strength of the program.
Uri

Hi Uri,
i think nearby all programs has bugs, especially non trivial ones like chess programs. I have perhaps hundreds or thousands of bugs in my chess engine, don't know.
To the FEN string check: I'm checking the following things inside my FEN parser (i hope it helps you):
- illegal character in FEN string
- number of "/" characters
- pawn in row 1 or 8
- too much pieces or empty fields in a row (eg. more than 8 between "/" characers)
- incomplete FEN string (missing row data, casteling rights, ep target ...)
- wrong character for side to move
- wrong character in casteling rights
- illegal ep target
- ep capture is not possible (gives just a warning)
- illegal move number (just a warning)
- illegal half move clock (just a warning)
- max. piece checks like the following ...
- total pieces

by **Peter Fendrich** » 29 Jun 2004, 14:45

Geschrieben von:/Posted by: Peter Fendrich at 29 June 2004 15:45:39:
Als Antwort auf:/In reply to: I decided to ask Leo to remove movei from his site geschrieben von:/posted by: Uri Blass at 28 June 2004 21:42:56:

Movei can crash if you give it an illegal FEN or long games of more than 1000 moves.
After Dann Corbit's post that it is not acceptable I decided to ask Leo to remove it from his site.
I suggest also other programmers that their program suffers from the same problem to do the same and stop do their program freeware(I believe that most of the chess programs suffer from the same problem).
It is time that chess programmers stop supporting viruses and somebody needs to do the first step.
I may release a new version but it will not be in the near future because
I expect fixing the problem of illegal FEN to not be an easy task and in the near future I care more about improving the strength of the program.
Uri

I don't understand what this is all about but it's obviously not about illegal FEN strings.
Who can gurantee bug-free code?
Why should freeware be of better quality than commercials?
/Peter

Terra

by **Dieter Bürßner** » 29 Jun 2004, 17:56

Geschrieben von:/Posted by: Dieter Bürßner at 29 June 2004 18:56:51:
Als Antwort auf:/In reply to: Re: I decided to ask Leo to remove movei from his site geschrieben von:/posted by: Dan Honeycutt at 29 June 2004 05:03:54:

another way to check the 16, 9, & 10 limits:
n1 = count[WP]; //white pawns
Perhaps, one also wants to confirm that count[WP] it confirms count[WP] 8 no matter what the other piece counts are.

You are right, of course, and I stand corrected. In German we would say "Ich saß auf der Leitung", but I cannot translate it idiomatically. (Literal: "I was sitting on the wire")
Regards,
Dieter

by **Dann Corbit** » 29 Jun 2004, 18:35

Geschrieben von:/Posted by: Dann Corbit at 29 June 2004 19:35:33:
Als Antwort auf:/In reply to: Re: I decided to ask Leo to remove movei from his site geschrieben von:/posted by: Peter Fendrich at 29 June 2004 15:45:39:

Movei can crash if you give it an illegal FEN or long games of more than 1000 moves.
After Dann Corbit's post that it is not acceptable I decided to ask Leo to remove it from his site.
I suggest also other programmers that their program suffers from the same problem to do the same and stop do their program freeware(I believe that most of the chess programs suffer from the same problem).
It is time that chess programmers stop supporting viruses and somebody needs to do the first step.
I may release a new version but it will not be in the near future because
I expect fixing the problem of illegal FEN to not be an easy task and in the near future I care more about improving the strength of the program.
Uri
I don't understand what this is all about but it's obviously not about illegal FEN strings.
Who can gurantee bug-free code?
Why should freeware be of better quality than commercials?

Nobody. But if you know of memory overwrite bugs in your program you are guilty of criminal negligence, in my view.
Every programmer should program in a responsible manner. I can sell a car without an emergency brake and not tell the potential buyer. After all, how often does one really need an emergency brake? But if in the one time in 1 million his family goes off the cliff into the ravine, it is my fault that it happened.
It is not difficult to code carefully and defensively. The routine I wrote that carefully examines the input took about an hour. In the grand scheme of writing a chess program, that is a tiny fraction of the real time that is needed. There are not many places that overwrites can occur. It does not take some stupendous effort to fix them.

my ftp site {remove http:// unless you like error messages}

by **Dann Corbit** » 29 Jun 2004, 18:37

Geschrieben von:/Posted by: Dann Corbit at 29 June 2004 19:37:33:
Als Antwort auf:/In reply to: Re: I decided to ask Leo to remove movei from his site geschrieben von:/posted by: Dieter Bürßner at 29 June 2004 03:32:54:

Added a check to validate_piece_placement():
What will your function return, when everything is ok? Perhaps you wanted to have a return mess at the end? return type of const char * would be better. The caller must not change the returned value (it could be in read only memory). Sounds pedantic? Sure! I wanted to be pedantic I think, one can easily code small bugs. If we code for fun, and do not code really safty critical apps, we should not be too worried (but it is of course good to be aware of problems, and in general it is obviously good to avoid crashes and buffer overruns).
Regards,
Dieter

>>char           *validate_piece_placement(char *s)
>>{
>>    int             i = 0;
>>    char           *mess = "";
>>    while (legality[i].c) {
>>        int             count = counts(s, legality[i].c);
>>        if (count < legality[i].min_allowed || count > legality[i].max_allowed) {
>>            mess = legality[i].message;
>>            return mess;
>>        }
>>        i++;
>>    }
>>    int white_pieces = counts(s, 'P') +  counts(s, 'B') +  counts(s, 'N') +  counts(s, 'R') +  counts(s, 'Q') +  counts(s, 'K');
>>    if (white_pieces > 16) return "ERROR: Count of white chessmen > 16";
>>    int black_pieces = counts(s, 'p') +  counts(s, 'b') +  counts(s, 'n') +  counts(s, 'r') +  counts(s, 'q') +  counts(s, 'k');
>>    if (black_pieces > 16) return "ERROR: Count of black chessmen > 16";
>>}
>>
Yes, it should return mess. Because I cannot compile with his code, none of it was tested.

my ftp site {remove http:// unless you like error messages}

by **Dan Honeycutt** » 29 Jun 2004, 18:53

Geschrieben von:/Posted by: Dan Honeycutt at 29 June 2004 19:53:58:
Als Antwort auf:/In reply to: Re: I decided to ask Leo to remove movei from his site geschrieben von:/posted by: Dieter Bürßner at 29 June 2004 18:56:51:

another way to check the 16, 9, & 10 limits:
n1 = count[WP]; //white pawns
Perhaps, one also wants to confirm that count[WP] >it confirms count[WP] 8 no matter what the other piece counts are.
You are right, of course, and I stand corrected. In German we would say "Ich saß auf der Leitung", but I cannot translate it idiomatically. (Literal: "I was sitting on the wire")
Regards,
Dieter

In English if we overlook the obvious or can't find something right in front of us, it's "If it had been a snake it would have bit me."
Best
Dan H.

by **Dann Corbit** » 29 Jun 2004, 19:01

Geschrieben von:/Posted by: Dann Corbit at 29 June 2004 20:01:24:
Als Antwort auf:/In reply to: Re: Not too much to worry (IMHO) geschrieben von:/posted by: Cesar Contreras at 29 June 2004 08:01:20:

It is time that chess programmers stop supporting viruses and somebody needs to do the first step.
I only see this ways to hack:
1.- A modified (trojan) winboard or arena or anything similar. But if hackers modified winboard they already have the control so it's useless to hack using your engine.
2.- A modified chess server who sends commands with bad code attached to the FEN position (buffer overrun) in conjunction with a client without verifications.
3.- Downloading FEN positions with bad code attached, again, using buffer overrun, and again with a not too secure client.
So as i can see, the real security problem are not crashes, but buffer overrun holes that IMHO are very dificult to explode (on chess engines).
It's not to complicated to avoid buffer overrun in winboard engines, ie. using fgets() function instead of gets(), in order to indicate buffer max length.
I think it's much more unsecure to download the latest new and untested chess engine (we all do) that can be a trojan or have a virus .

I agree completely. In the crash, there is only a microscopic possibility of damage. And with protected operating systems like NT, it becomes infinitesimal unless there is a carefully engineered (intentional) exploit.
This is a good assessment. This is a very good alternative to gets():
http://home.att.net/~jackklein/ctips01.html#safe_gets
It should also be used instead of scanf() and friends with "%s" format specifier, which is equivalent to gets().
Don't you have a virus scanner? Everything written to my disk is checked automatically, and my virus software is updated nightly over the internet.

my ftp site {remove http:// unless you like error messages}

by **Peter Fendrich** » 29 Jun 2004, 19:08

Geschrieben von:/Posted by: Peter Fendrich at 29 June 2004 20:08:43:
Als Antwort auf:/In reply to: Re: I decided to ask Leo to remove movei from his site geschrieben von:/posted by: Dann Corbit at 29 June 2004 19:35:33:

Movei can crash if you give it an illegal FEN or long games of more than 1000 moves.
After Dann Corbit's post that it is not acceptable I decided to ask Leo to remove it from his site.
I suggest also other programmers that their program suffers from the same problem to do the same and stop do their program freeware(I believe that most of the chess programs suffer from the same problem).
It is time that chess programmers stop supporting viruses and somebody needs to do the first step.
I may release a new version but it will not be in the near future because
I expect fixing the problem of illegal FEN to not be an easy task and in the near future I care more about improving the strength of the program.
Uri
I don't understand what this is all about but it's obviously not about illegal FEN strings.
Who can gurantee bug-free code?
Why should freeware be of better quality than commercials?
Nobody. But if you know of memory overwrite bugs in your program you are guilty of criminal negligence, in my view.
Every programmer should program in a responsible manner. I can sell a car without an emergency brake and not tell the potential buyer. After all, how often does one really need an emergency brake? But if in the one time in 1 million his family goes off the cliff into the ravine, it is my fault that it happened.
It is not difficult to code carefully and defensively. The routine I wrote that carefully examines the input took about an hour. In the grand scheme of writing a chess program, that is a tiny fraction of the real time that is needed. There are not many places that overwrites can occur. It does not take some stupendous effort to fix them.

Why suddenly all this emphasis on memory overwrite bugs, what makes them criminal?
Is it only memory bugs?
I probably lack some information...
I hope I'll never go off the cliff due to a Beowulf bug... :-)

Every pointer can cause this, right?
/Peter

Terra

by **Dann Corbit** » 29 Jun 2004, 19:17

Geschrieben von:/Posted by: Dann Corbit at 29 June 2004 20:17:01:
Als Antwort auf:/In reply to: Re: I decided to ask Leo to remove movei from his site geschrieben von:/posted by: Peter Fendrich at 29 June 2004 20:08:43:

Movei can crash if you give it an illegal FEN or long games of more than 1000 moves.
After Dann Corbit's post that it is not acceptable I decided to ask Leo to remove it from his site.
I suggest also other programmers that their program suffers from the same problem to do the same and stop do their program freeware(I believe that most of the chess programs suffer from the same problem).
It is time that chess programmers stop supporting viruses and somebody needs to do the first step.
I may release a new version but it will not be in the near future because
I expect fixing the problem of illegal FEN to not be an easy task and in the near future I care more about improving the strength of the program.
Uri
I don't understand what this is all about but it's obviously not about illegal FEN strings.
Who can gurantee bug-free code?
Why should freeware be of better quality than commercials?
Nobody. But if you know of memory overwrite bugs in your program you are guilty of criminal negligence, in my view.
Every programmer should program in a responsible manner. I can sell a car without an emergency brake and not tell the potential buyer. After all, how often does one really need an emergency brake? But if in the one time in 1 million his family goes off the cliff into the ravine, it is my fault that it happened.
It is not difficult to code carefully and defensively. The routine I wrote that carefully examines the input took about an hour. In the grand scheme of writing a chess program, that is a tiny fraction of the real time that is needed. There are not many places that overwrites can occur. It does not take some stupendous effort to fix them.
Why suddenly all this emphasis on memory overwrite bugs, what makes them criminal?
Is it only memory bugs?
I probably lack some information...
I hope I'll never go off the cliff due to a Beowulf bug...
Every pointer can cause this, right?

A dangling pointer or a bad pointer reference is likely to cause a crash, of course. However, interfaces to the outside world are where exploits come from. So any place where you receive data from an external source is a likely spot to examine for problems. And it is not hard to make a very dangerous program become a very safe one.
Even the most careful programming can still have disastrous bugs. The Arianne rocket disaster was Ada code, which is supposed to be the most robust of all programming systems. Defect free code is very, very difficult to achieve. However, most of the virus problems come from very trivial and easy to repair problems, such as using gets().

my ftp site {remove http:// unless you like error messages}

by **Dann Corbit** » 29 Jun 2004, 20:29

Geschrieben von:/Posted by: Dann Corbit at 29 June 2004 21:29:57:
Als Antwort auf:/In reply to: Re: I decided to ask Leo to remove movei from his site geschrieben von:/posted by: Matthias Gemuh at 28 June 2004 22:27:18:

Movei can crash if you give it an illegal FEN or long games of more than 1000 moves.
After Dann Corbit's post that it is not acceptable I decided to ask Leo to remove it from his site.
I suggest also other programmers that their program suffers from the same problem to do the same and stop do their program freeware(I believe that most of the chess programs suffer from the same problem).
It is time that chess programmers stop supporting viruses and somebody needs to do the first step.
I may release a new version but it will not be in the near future because
I expect fixing the problem of illegal FEN to not be an easy task and in the near future I care more about improving the strength of the program.
Uri
Hi Uri,
this sounds like an overreaction to me. My BigLion has obvious nuisances,
for example:
1) log files cannot be switched off.
2) resign, but no resign offer.
3) Zero hash size is changed to 1 MB Hash.
4) wrong FEN can lead to crash.
5) 1000 moves causes premature exit.
6) fixed time per move not supported, or buggy.
7) fixed depth search not implemented.
8) ... etc.
However, if someone tells me to stop offering it for download,
I will use words against him which will force any moderator to step in quickly.
Ignore Dann and leave Movei on Leo's homepage, for the sake of thousands of
Movei fans worldwide.

This attitude is the reason why billions of dollars of damage are done each year by virus and worm attacks. It is not a difficult effort to harden your program against simple attacks. It is irresponsible not to do it.
He did not say he was going to remove movei forever. He obviously wants to fix it. Every chess programmer should do exactly the same thing.

my ftp site {remove http:// unless you like error messages}

by **Cesar Contreras** » 30 Jun 2004, 05:26

Geschrieben von:/Posted by: Cesar Contreras at 30 June 2004 06:26:50:
Als Antwort auf:/In reply to: Re: Not too much to worry (IMHO) geschrieben von:/posted by: Dann Corbit at 29 June 2004 20:01:24:

Don't you have a virus scanner? Everything written to my disk is checked automatically, and my virus software is updated nightly over the internet.

Yes a do have an antivirus, and a firewall, but this it's useless with new threats. I mean that if i wanted to make some damage, i could make a special chess engine version, and announce it as a new 2400 ELO engine (to catch you), and add it code to erase your files on your documents folder and when you download it and execute it your antivirus it's not going to reconize anything, and you are going to lose your documents.
This it's just a sample, maybe you have a very secure environment, but the fact it's that most people would fall in the trap.

by **Dann Corbit** » 30 Jun 2004, 20:02

Geschrieben von:/Posted by: Dann Corbit at 30 June 2004 21:02:52:
Als Antwort auf:/In reply to: Re: Antivirus? geschrieben von:/posted by: Cesar Contreras at 30 June 2004 06:26:50:

Don't you have a virus scanner? Everything written to my disk is checked automatically, and my virus software is updated nightly over the internet.
Yes a do have an antivirus, and a firewall, but this it's useless with new threats. I mean that if i wanted to make some damage, i could make a special chess engine version, and announce it as a new 2400 ELO engine (to catch you), and add it code to erase your files on your documents folder and when you download it and execute it your antivirus it's not going to reconize anything, and you are going to lose your documents.
This it's just a sample, maybe you have a very secure environment, but the fact it's that most people would fall in the trap.

I suppose that might work. I don't load new chess engines unless I have the source code or they have been around for a while. I also run strings against the binaries to see what is lurking inside and also to see if the program is a clone.
Of course, a harmless engine could be posted and then switched later. And strings can be encrpyted.
Probably a malicious engine would cause great harm. But it would be restricted to a few thousand PCs I think

my ftp site {remove http:// unless you like error messages}

Winboard Forum

Who is online