Bug#863868: USB Memory Stick: Issues with win32diskimager

To: Cyril Brulebois <kibi@debian.org>, 863868@bugs.debian.org
Cc: Varanka Risto <risto.varanka@aalto.fi>
Subject: Bug#863868: USB Memory Stick: Issues with win32diskimager
From: Steve McIntyre <steve@einval.com>
Date: Fri, 2 Jun 2017 17:08:37 +0100
Message-id: <[🔎] 20170602160837.GV5653@einval.com>
Reply-to: Steve McIntyre <steve@einval.com>, 863868@bugs.debian.org
In-reply-to: <[🔎] 20170602044533.GL21821@mraw.org>
References: <[🔎] bfd8699db2f84c29a875856995066e53@aalto.fi> <[🔎] 20170602044533.GL21821@mraw.org>

On Fri, Jun 02, 2017 at 06:45:33AM +0200, Cyril Brulebois wrote:
>Hi,
>
>and thanks for your report.
>
>Varanka Risto <risto.varanka@aalto.fi> (2017-06-01):
>> Package: installation-guide
>> Severity: important
>> Tags: security
>> 
>> The online installation guide for Debian Stable at
>> https://www.debian.org/releases/stable/i386/ch04s03.html.en recommends
>> the use of the win32diskimager utility for writing images to USB in
>> section "4.3.1. Preparing a USB stick using a hybrid CD or DVD image".
>> This software currently has issues, might compromise the security of
>> Debian users and probably should not be recommended by Debian:
>> 
>> 1) User comments on the main page
>> https://sourceforge.net/projects/win32diskimager/ report that the
>> current version 1.0.0 contains malware, or tries to install crapware
>> as part of the installation process. (If possible this should be
>> investigated and if indeed the project is compromised, Debian users
>> should be notified.)
>
>ISTR sf.net tends to do that for Windows binaries, and this might not be
>specific to win32diskimager.
>
>> 2) Some user comments also state the tool does not work on Windows 10
>> while others claim it does. I installed this on a Windows 10 system
>> and the software turned out not to function properly, indicating that
>> 1) might also be the case, and of course majorly impacting Debian
>> installation experience. Details below.
>> 
>> Navigate to Files->Archive and click on
>> win32diskimager-1.0.0-install.exe. On the following page download
>> starts automatically. Install the tool, run it and provide
>> administrator credentials. Try to select the file to write: the opened
>> file browser does not display almost any directories, and when an .img
>> file is copied to the directories available, it does not show up in
>> the file browser.
>> 
>> I suggest to replace the recommended tool for the time being and to
>> investigate the trustworthiness of the utility.
>
>Any recommendations for alternative software?

My own recommendation now would be Rufus, in dd mode.

-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
"We're the technical experts.  We were hired so that management could
 ignore our recommendations and tell us how to do our jobs."  -- Mike Andrews

Reply to:

Follow-Ups:
- Re: Bug#863868: USB Memory Stick: Issues with win32diskimager
  - From: Brian Potkin <claremont102@gmail.com>
- Bug#863868: USB Memory Stick: Issues with win32diskimager
  - From: Brian Potkin <claremont102@gmail.com>

References:
- Bug#863868: USB Memory Stick: Issues with win32diskimager
  - From: Varanka Risto <risto.varanka@aalto.fi>
- Bug#863868: USB Memory Stick: Issues with win32diskimager
  - From: Cyril Brulebois <kibi@debian.org>

Prev by Date: Re: Installation guide is not updated in some languages
Next by Date: Re: Last chance for d-i changes in stretch
Previous by thread: Bug#863868: USB Memory Stick: Issues with win32diskimager
Next by thread: Re: Bug#863868: USB Memory Stick: Issues with win32diskimager
Index(es):
- Date
- Thread