About This Site

On this web site, we publish the latest information and news from our company, as well news, tips, and tricks about other Internet business topics which may interest our customers and web site users.

Want To Comment?

Please feel free to comment on this blog - but for longer discussions, please check out our discussion forum, EBookFriends.com - a discussion forum for eBook authors, publishers, and marketers.

Software - Free Trials

Create eBook Covers
Create eBook Covers

Create eBooks
Create eBooks

Blog Navigation

Calendar

September 2005
M T W T F S S
« Aug   Nov »
 1234
567891011
12131415161718
19202122232425
2627282930  

AddThis Feed Button

RSS



Add to My MSN



Subscribe in NewsGator Online

September 26, 2005

Version 5.03 of Activ E-Book Compiler BETA Release

Category: Company Announcements, eBook Marketing & Publishing — Answers 2000 @ 5:02 am

The beta release of version 5.03 of Activ E-Book Compiler is now available. For details Click here.

Version 5.03 adds a number of important security fixes, and we believe it is by far the best of the 5.0x beta series so far. That said, it is still a beta release, so bear that in mind if testing the software. (And as mentioned on the download page, please do not distribute eBooks made using the beta version).

One related topic that I thought would also be commenting on is the general security of installing eBooks or other files on your computer.

There are really two relationships which we need to consider:

  1. Does the eBook/file do what the author intended (or at least programmed - there’s no accounting for bugs)?
  2. Does the user of the eBook/file trust the author and distributor of the eBook/file?

The improvements in version 5.03 are really intended to address the first point.

As regards the second point, it is not really something that we are able to address. This is because the EXE files created by Activ E-Book Compiler are programs, and as such can do whatever the author/distributor wrote into them (particularly by using the scripting features and APIs in Activ E-Book Compiler) . This places a great deal of power in the hands of authors and distributors - and with great power, comes great responsibility.

A long time ago, we considered carefully this issue, and came to the conclusion that we wouldn’t attempt to artificially limit authors’ power, because we wanted to allow authors to produce better and more sophisticated products. Moreover, being EXE files, any attempt to artificially limit authors’ power would be doomed to failure - because they could either “patch” the EXEcutable (there are tools a sufficiently skilled person can use to patch any executable), or they could simply use another tool (such as a programming language like C++, Delphi or Visual Basic), to produce EXE programs to do whatever they wanted.

In case you are wondering why I am considering both the author and the distributor - the fact is that a sufficiently skilled distributor, with the right tools, could alter/patch an eBook EXE (or in fact any EXE) to do something other than the original author intended. While it may not be particularly likely (a malicious distributor would probably find it considerably easier to simply create their own malicious program rather than subvert somebody else’s existing program), it certainly isn’t impossible either.

In other words, all EXE files (whether made using our compiler or some other tool), always carry the possibility of security risks.

But the other side of the coin, not to be forgotten, is that the EXE format offers great power. A skilled author can develop products in EXE format that are simply not possible in other formats, for example:

  • Want to write an eBook that processes forms locally? You can do that with Activ E-Book Compiler.
  • Want to write an eBook that remembers information (like the user’s settings) in a file? You can do that with with Activ E-Book Compiler.
  • Want to write an eBook that allows users to pick the graphics they want, and save them to their hard-disk for later use? You can do that with with Activ E-Book Compiler.
  • Want to write an eBook that can launch external applications? You can do that with Activ E-Book Compiler
  • Want to write an eBook that can play full-screen videos? You can do that too with Activ E-Book Compiler (it doesn’t include a built-in feature for this last one, but you could use the Multimedia Extension to incorporate this function.

Changing subject slightly, does this mean users would be safe, as far as eBooks/content are concerned, if the files delivered in some other format? Unfortunately not necessarily…

The first thing to remember is that there would be a lot less content (and much of would offer much less) without the EXE format. Aside from eBooks, have you thought about all the programs, utilities, and so on we use in our every day work? What would you do without them?

Additionally many files that a non-technical user might think are purely "content" (as opposed to programs), can in fact contain executable content of one sort or another (often scripted content). Often, the viewing applications for these formats do contain restrictions, designed to prevent the content performing potentially malicious actions, but even then, "exploits" (which may allow such executable content to break free of these restrictions) have been found from time-to-time in many applications. Sometimes these exploits are the result of bugs in the viewing software, and sometimes as the result of simply tricking users to accept actions (for example in security warning dialog boxes) that they shouldn’t have.

For example:

  • This and this news report from 2001 describe a virus that apparently can travel in PDF files.
  • Another news report from 2004, describes an exploit for Java applets, which allows them to escape from their "sand boxed" (protected and restricted) environment, and potentially get access to other files on users’ PCs.
  • And another news report also from 2004, describes how malicious code was placed on various web servers, and was able to exploit a security flaw in the JavaScript implementation in certain versions of Internet Explorer, to install malicious code on some users’ PCs when they simply browsed those sites.
  • There has even been a virus which spread through Microsoft Word macros.

Now, the particular exploits that are described in those news stories have probably been fixed by now (you’d need to check with the vendors to be sure). And, if you use anti-virus software (such as Norton Internet Security) and keep it up to date, it would help protect you from known viruses. But, the stories also illustrate my point - there could be potential security vulnerabilities in many different file formats.

So, to sum up:

  • For authors:

    EXE files are programs, which as I said gives you a lot of power, but also a lot of responsibility.

  • For users:

    Remember EXE files are programs, and as such, if incorrectly or maliciously programmed (or modified by somebody after they were programmed), could do something you don’t want. You need to bear that in mind when deciding what to download or install on your computer. The other side of the coin is, that if you want an eBook or application with feature X, or do Y, then often EXE is the only choice - because the features you want may not be available in any other format.

    And although EXE files may hit your hot buttons as being a particular security issue, I think that you’d be unwise to simply assume that other file types are automatically safe. As already explained, all you need to be potentially at risk are:

    1. A file of any sort that can contain executable content of any sort (and I have no idea how to list all the file types this might apply to - because there are so many that it could potentially apply too)

      AND

    2. A bug in the viewing software that a malicious file can "exploit" (more likely, of course, if you don’t keep up to date with the latest patches and security advice from each application’s vendor).

    So, you’ll need to bear that in mind too, when deciding what to download or install on your computer.

    If you were to take this to its logical extreme, and if you were truly paranoid about security, you’d never install any files on your computer, and you’d disconnect from the Internet right now (because viruses and worms and malicious programs have all been known to spread via email, or in some cases by simply browsing websites using a browser with a security weakness)…. but then how would you get any work done?

    And my final advice? Take regular backups of any data that you can not afford to lose - and keep that at a separate geographic location away from your computer (preferably in a fire-proof safe). This will help protect you not only from computer security threats, but from most other disasters too.


   

• • •


 
CERTAIN CONTENT THAT APPEARS ON THIS SITE COMES FROM AMAZON SERVICES LLC. THIS CONTENT IS PROVIDED 'AS IS' AND IS SUBJECT TO CHANGE OR REMOVAL AT ANY TIME.
CERTAIN CONTENT THAT APPEARS ON THIS SITE,COMES FROM AMAZON EU S.à r.l. THIS CONTENT IS PROVIDED 'AS IS' AND IS SUBJECT TO CHANGE OR REMOVAL AT ANY TIME.

In Association With Amazon.com
Answers 2000 Limited is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.
In Association With Amazon.co.uk
Answers 2000 Limited is a participant in the Amazon EU Associates Programme, an affiliate advertising programme designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.co.uk.
As an Amazon Associate, our company earns from qualifying purchases. Amazon, the Amazon logo, Endless, and the Endless logo are trademarks of Amazon.com, Inc. or its affiliates.



Disclosure: Our company's websites' content (including this website's content) includes advertisements for our own company's websites, products, and services, and for other organization's websites, products, and services. In the case of links to other organization's websites, our company may receive a payment, (1) if you purchase products or services, or (2) if you sign-up for third party offers, after following links from this website. Unless specifically otherwise stated, information about other organization's products and services, is based on information provided by that organization, the product/service vendor, and/or publicly available information - and should not be taken to mean that we have used the product/service in question. Additionally, our company's websites contain some adverts which we are paid to display, but whose content is not selected by us, such as Google AdSense ads. For more detailed information, please see Advertising/Endorsements Disclosures

Our sites use cookies, some of which may already be set on your computer. Use of our site constitutes consent for this. For details, please see Privacy.

Click privacy for information about our company's privacy, data collection and data retention policies, and your rights.

Contact    About/Terms Of Use    Privacy

NOTE: With any business, it is up to the individual owner of said business to ensure the success of the business. You may make more or less than any sample figures or results that might be quoted on our web sites or other publications. All business involves risk, and many businesses do not succeed. Further, Answers 2000 Limited does NOT represent that any particular individual or business is typical, or that any results or experiences achieved by any particular individual/business is necessarily typical.

This web site is owned by, operated by,
and Copyright © 1998-2019 Answers 2000 Limited