VX wins one, AV takes fatal losses!
Robert Green
In Article<MPG.fd9c575f...@news.srv.ualberta.ca>,
<gwe...@gpu.srv.ualberta.ca> writes:
> While I don't generally recommend that people use computer
magazine reviews as
> guides, it certainly seems that PC World NZ has got the point
about
> InVircible. It's nice to see a magazine reviewer that managed to
avoid the
> hype and sales pitches, and do a good review.
George, did you actually read this article?
Personally, I could barely get past the opening, in which the
author in effect curses his own ineptness in getting the program
installed. Now, I know from personal experience that InVircible's
installation is a very simple procedure. In my customer base, even
users with virtually no prior computing experience are able to
handle it easily. So, it was rather hard to take seriously after
that. And, in fact, it turned out to be one more put-up slam job,
notable only in being more incompetently handled than most.
I wonder how Virus Bulletin feels about his revelation that
their tester was unable to perform the child-simple process of
removing a FORM infection with IVINIT?
Bob
Pierre Vandevenne
>installation is a very simple procedure. In my customer base, even
>users with virtually no prior computing experience are able to
>handle it easily. So, it was rather hard to take seriously after
Do you mean it doesn't auto-deploy on the network ?
---
Pierre Vandevenne, MD - http://www.datarescue.com/ida.htm
IDA Pro 3.75 -the- disassembler
Graham Cluley
Bob Green writes:
> Now, I know from personal experience that InVircible's
> even users with virtually no prior computing experience are
> able to handle it easily.
Customer base? Maybe I've misinterpreted what you've said here, but do
you sell InVircible?
--
Graham Cluley, gcl...@uk.drsolomon.com Dr Solomon's AntiVirus (DSAV)
UK Support: sup...@uk.drsolomon.com UK Tel: +44 (0)1296 318700
US Support: sup...@us.drsolomon.com US Tel: 781 273 7400
CompuServe: GO DRSOLOMON Web: http://www.drsolomon.com
Check out alt.comp.virus.pictures!! http://members.aol.com/altcompvir
Bruce P. Burrell
"Graham Cluley" <san...@cix.co.uk> wrote:
> Bob Green writes:
>> Now, I know from personal experience that InVircible's
>> installation is a very simple procedure. In my customer base,
>> even users with virtually no prior computing experience are
>> able to handle it easily.
> Customer base? Maybe I've misinterpreted what you've said here, but do
> you sell InVircible?
Hey, Bob is allowed to have customers, isn't he? I believe he recommends
AV software to them, but that doesn't make him a vendor. Just an advocate.
-BPB
Graham Cluley
Bruce Burrell writes:
> "Graham Cluley" <san...@cix.co.uk> wrote:
> > Bob Green writes:
> >> Now, I know from personal experience that InVircible's
> >> installation is a very simple procedure. In my customer base,
> >> even users with virtually no prior computing experience are
> >> able to handle it easily.
>
> > Customer base? Maybe I've misinterpreted what you've said
> > here, but do you sell InVircible?
>
> Hey, Bob is allowed to have customers, isn't he?
Of course. Haven't got any problem with that at all.
> I believe he recommends AV software to them,
Yes, that's what I thought. But the reference to 'customer base'
confused me, so I thought I'd ask for clarification.
> but that doesn't make him a vendor. Just an advocate.
I don't have a problem with Bob being a vendor and/or an advocate of
InVircible. I'm just curious.
Robert Green
san...@cix.co.uk ("Graham Cluley") wrote:
>Bob Green writes:
>> Now, I know from personal experience that InVircible's
>> installation is a very simple procedure. In my customer base,
>> even users with virtually no prior computing experience are
>> able to handle it easily.
>
>Customer base? Maybe I've misinterpreted what you've said here, but do
>you sell InVircible?
Graham, my company sells turnkey systems for smaller county and
municipal governments. So I support lots of small LANs. InVircible is
installed on a few of those. No, I don't sell it.
Bob
Robert Green
pie...@datarescue.com (Pierre Vandevenne) wrote:
>In <NEWTNews.896670...@avana.net.avana.net>, Robert Green <rgr...@avana.net> writes:
>
>>installation is a very simple procedure. In my customer base, even
>>users with virtually no prior computing experience are able to
>>handle it easily. So, it was rather hard to take seriously after
>
>Do you mean it doesn't auto-deploy on the network ?
A utility is included for that, yes. But there isn't much point
employing it on a 5 or 10 user LAN, so we install manually.
Bob
Graham Cluley
Bob Green writes:
> san...@cix.co.uk ("Graham Cluley") wrote:
>
> >Bob Green writes:
> >> Now, I know from personal experience that InVircible's
> >> even users with virtually no prior computing experience are
> >> able to handle it easily.
> >
> >here, but do you sell InVircible?
>
> Graham, my company sells turnkey systems for smaller county
> and municipal governments. So I support lots of small LANs.
> InVircible is installed on a few of those. No, I don't sell
> it.
No problem. Please excuse me for misinterpreting. I'll shut up now.
Robert Green
"Bruce P. Burrell" <b...@ren.us.itd.umich.edu> wrote:
>"Graham Cluley" <san...@cix.co.uk> wrote:
>> Bob Green writes:
>>> Now, I know from personal experience that InVircible's
>>> installation is a very simple procedure. In my customer base,
>>> even users with virtually no prior computing experience are
>>> able to handle it easily.
>
>> Customer base? Maybe I've misinterpreted what you've said here, but do
>> you sell InVircible?
>
> Hey, Bob is allowed to have customers, isn't he? I believe he recommends
>AV software to them, but that doesn't make him a vendor. Just an advocate.
I recommend other products, as well. AVP for a demand scanner, DSAV,
if the users prefer to have on-access scanning. I would like to see
our users go with a combinational generic/known-virus approach, but
its hard to convince people that they need to license two AV products,
even with prices as low as they are these days.
Anyway, most of the AV used in our environment came free and
pre-installed from the hardware vendor. Hard to explain to folks how
something fresh out of the box is a year out of date and ought to be
replaced with something they have to pay good money for.
Bob
Robert Green
gwe...@gpu.srv.ualberta.ca (George Wenzel) wrote:
>In article <6ku1us$ev5$1...@news3.Belgium.EU.net>, pie...@datarescue.com says...
>Robert Green's article hasn't reached my server, so I'm replying through
>Pierre's post.
>So, Robert, are you indeed an Invircible reseller (and therefore biased in
>your statements about Invircible)?
Haw! You oughta sue your ISP. Check out the little discussion among
Graham, Bruce and I. If the posts ever show up!
Bob
Robert Green
gwe...@gpu.srv.ualberta.ca (George Wenzel) wrote:
>In article <NEWTNews.896670...@avana.net.avana.net>,
>rgr...@avana.net says...
>>George, did you actually read this article?
>
>Yes, I did.
>
>>Personally, I could barely get past the opening, in which the
>>author in effect curses his own ineptness in getting the program
>>installed.
>
>No, that's not really what the reviewer did. The reviewer said that the
>installation was difficult and confusing; that is an honest opinion on the
>part of the reviewer.
Yeah, right.
>>I wonder how Virus Bulletin feels about his revelation that
>>their tester was unable to perform the child-simple process of
>>removing a FORM infection with IVINIT?
>
>Um; Virus Bulletin wasn't the one doing this review. It was PC-World New
>Zealand.
I think you better read it again, George.
Bob
Robert Green
gwe...@gpu.srv.ualberta.ca (George Wenzel) wrote:
>In article <DEwc1.1060$iY6.4...@news.itd.umich.edu>,
>b...@ren.us.itd.umich.edu says...
>> Hey, Bob is allowed to have customers, isn't he? I believe he recommends
>>AV software to them, but that doesn't make him a vendor. Just an advocate.
>
>Perhaps, but I'd sure like to have it cleared up. It also sounded to me like
>he was a vendor of InVircible.
Sorry, George, you're outa luck on this one.
Bob
Grant Scurrah
Hi George
George Wenzel wrote in message ...
>In article <6ko8od$sp$1...@news.usit.net>, swap.t...@juno.raid.x.com
says...
>>http://www.idg.co.nz/magazine/pcworld/may98/invircib.htm
>>read and laugh with me folks, KRiLE used invircible as it's bitch.
>>HEHE...
>
>While I don't generally recommend that people use computer magazine reviews
as
>guides, it certainly seems that PC World NZ has got the point about
>InVircible. It's nice to see a magazine reviewer that managed to avoid the
>hype and sales pitches, and do a good review.
>
Whatever your reservations are for not liking computer magazine
reviews, all of them would apply to this review.
The intent of the article was malicious, it contains many blatant lies,
and the ability and objectivity of the reviewer is highly questionable.
He didn't like being told he was wrong, nor does the Editor like it when
he is told he his biased when writing about AV products. I guess we
are paying the price of getting off side with them.
As PCWorld's "Technical Guy" I would have thought that Juha
would at least display some some open-mindedness and objectivity.
Alas I was mistaken.
>I really like their summary:
>----
>InVircible 7.01f
>Pros: None significant
None that he would put on paper.
>
>Cons: Average user will find interface difficult and confusing, poor
>documentation, and low virus detection rate
Juha Saarineen = very much an average user.
Had he known how to press F1 for help, or find the HELP button
to click he would have found up to date information.
Using IVZ as a scanner is not the brightest action he could take,
but it did add to his overall intent - savage the product.
>I'd certainly like to hear Zvi's opinion about the article as well.
George I ask that you read our rebutal (which wasn't printed by
PC World in the June edition) and tell me what you think
(in your unbiased way).
http://www.virusdefence.co.nz/pcworld/pcworld.htm
Also you may also comment on:
1. PCWorld highlighting 'viruses' under the name of the virus writer
(Justin-KRiLE)
2. Ensuring that Justin promptly received a copy of our rebutal
3. And ditto for the address of the original PC world article
A sister paper of PCWorld in 1995 wrote the following when doing a
review of Norton's AV:
Windows 95 Software
"By now I was getting lonely- I missed my hard drive.
"So I turned to an old faithful, dug out my copy of InVircible and rescued
the system. Bear in mind that InVircible wasn't even installed- I recovered
the PC from the installation routine alone, which established that the
master boot record was infected, that 2KB of DOS memory was missing and that
the partition sector was stealthed.
"My recommendation right now is to stick with InVircible because it is still
the best protection around."
New Zealand Computer Buyer, October 1995
Those were the days when their technical people knew about
viruses!
Grant Scurrah
Not speaking for
Virus Defence Bureau
Auckland
Email: gr...@virusdefence.co.nz
WWW: http://www.virusdefence.co.nz
Tarkan Yetiser
In article <MPG.fdce3137...@news.srv.ualberta.ca>,
gwe...@gpu.srv.ualberta.ca says...
> In article <3572e7fa...@news.mindspring.com>, rgr...@avana.net says...
> >Graham, my company sells turnkey systems for smaller county and
> >municipal governments. So I support lots of small LANs. InVircible is
> >installed on a few of those. No, I don't sell it.
>
> installed it on these LANS and you support those LANs. You support a product
> that you don't sell? Seems kind of odd to me.
The man said he had found this program to do the job when he needed to
deal with boot sector viruses. Why does he have to prove anything else
to you or anyone else.
--
Regards
Tarkan Yetiser
VDSARG
tyetiser AT vdsarg.com
http://www.vdsarg.com
Often it is the people rather than the technology itself who
pose the greater challenge to solving an otherwise technical problem.
-John Lakos
Robert Green
gwe...@gpu.srv.ualberta.ca (George Wenzel) wrote:
>In article <3572e7fa...@news.mindspring.com>, rgr...@avana.net says...
>>Graham, my company sells turnkey systems for smaller county and
>>municipal governments. So I support lots of small LANs. InVircible is
>>installed on a few of those. No, I don't sell it.
>
>This seems rather coincidental; you don't sell Invircible, yet you have
>installed it on these LANS and you support those LANs. You support a product
>that you don't sell? Seems kind of odd to me.
George, when you are a little more mature, graduate from university,
and go out to make a living in the real world, you will begin to
understand the concept of customer support.
>If I purchased some software from one company, I'd probably be somewhat upset
>if they started trying to provide support for another company's products,
>because I'd be suspicious that they didn't know what they were doing.
I am trying very hard not to be angry with you. It would help, if you
stopped implying that I am a lair.
Ask me in a civil way, and I will be glad to explain to you how these
situations ought to be handled.
Bob
Robert Green
gwe...@gpu.srv.ualberta.ca (George Wenzel) wrote:
>In article <35733671...@news.mindspring.com>, rgr...@avana.net says...
>>Haw! You oughta sue your ISP.
>
>Um, why?
>
>>Check out the little discussion among
>>Graham, Bruce and I. If the posts ever show up!
>
>Well, the post did show up. Certainly not a reason for suing my ISP (I don't
>pay for Internet access, so suing them for lack of service would probably be
>kind of silly). UseNet, as you may or may not know, is sometimes sporadic in
>its newsfeeds. It's a distributed network, and it is normal for posts to show
>up in one place at one time and later at another place.
>
>Either way, the post showed up a few hours after I posted that follow-up.
Delivered by goose, no doubt :-).
Pierre Vandevenne
In <3573dc78...@news.mindspring.com>, "Robert Green" <rgr...@avana.net> writes:
>gwe...@gpu.srv.ualberta.ca (George Wenzel) wrote:
>>This seems rather coincidental; you don't sell Invircible, yet you have
>>installed it on these LANS and you support those LANs. You support a product
>>that you don't sell? Seems kind of odd to me.
>
>George, when you are a little more mature, graduate from university,
Hmmm, don't think this has to do with maturity...
>and go out to make a living in the real world, you will begin to
>understand the concept of customer support.
In George's field of studies, it is quite possible that customer support will
have a different meaning.
>I am trying very hard not to be angry with you. It would help, if you
>stopped implying that I am a lair.
A lair ? Come on, you were the one who started talking about the goose. ;-)
Kurt Wismer
Graham Cluley (san...@cix.co.uk) wrote:
: Bob Green writes:
: > Now, I know from personal experience that InVircible's
: > installation is a very simple procedure. In my customer base,
: > even users with virtually no prior computing experience are
: > able to handle it easily.
: Customer base? Maybe I've misinterpreted what you've said here, but do
: you sell InVircible?
as i recall, rob works in a sort of support/consultancy sort of capacity,
and one of the av programs he's suggested for the users for which he is
responsible for supporting is invircible...
correct me if i'm wrong, rob...
--
"do as i say not as i do because
the shit so deep you can't run away
i beg to differ on the contrary
i agree with every word that you say"
Juha Saarinen
Hello Grant,
Grant Scurrah wrote in message <6l014i$44l$1...@newsource.ihug.co.nz>...
>Hi George
>
>George Wenzel wrote in message ...
>>In article <6ko8od$sp$1...@news.usit.net>, swap.t...@juno.raid.x.com
>says...
>>>http://www.idg.co.nz/magazine/pcworld/may98/invircib.htm
>>>read and laugh with me folks, KRiLE used invircible as it's bitch.
>>>HEHE...
>>
>>While I don't generally recommend that people use computer magazine
reviews
>as
>>guides, it certainly seems that PC World NZ has got the point about
>>InVircible. It's nice to see a magazine reviewer that managed to avoid
the
>>hype and sales pitches, and do a good review.
>>
>
>Whatever your reservations are for not liking computer magazine
>reviews, all of them would apply to this review.
You need to read George's message again, I think.
>The intent of the article was malicious, it contains many blatant lies,
>and the ability and objectivity of the reviewer is highly questionable.
Prove any of the above if you can. So far, you haven't been able to show
anything wrong with the review, and you have had plenty of opportunities
during and after.
>He didn't like being told he was wrong, nor does the Editor like it when
>he is told he his biased when writing about AV products. I guess we
>are paying the price of getting off side with them.
No, Grant, it's you who are upset because the product you distribute,
InVircible, didn't get the review you had hoped for. You were given every
opportunity to show off InVircible in a good light, but somehow you didn't
quite manage that. I think you should look at yourself, the service you
claim to provide, and your manners and ethics in general, and try to assess
whether or not they are up to scratch.
All the test results in the review are repeatable. Are any of your claims
and statements provable?
>As PCWorld's "Technical Guy" I would have thought that Juha
>would at least display some some open-mindedness and objectivity.
>Alas I was mistaken.
I'm sorry, but you weren't. InVircible got the best possible review it could
get.
>>I really like their summary:
>>----
>>InVircible 7.01f
>>Pros: None significant
>None that he would put on paper.
The review is on http://www.idg.co.nz/magazine/pcworld/may98/invircib.htm
Read it for yourself.
>>Cons: Average user will find interface difficult and confusing, poor
>>documentation, and low virus detection rate
>Juha Saarineen = very much an average user.
>Had he known how to press F1 for help, or find the HELP button
>to click he would have found up to date information.
From the InVircible manual:
"A new type of viruses could be the application specific macro viruses. It
is yet unsure whether the Winword macro viruses are the first of a kind or
will remain an episode in computer's [sic] virology."
Did you write that Grant?
>Using IVZ as a scanner is not the brightest action he could take,
>but it did add to his overall intent - savage the product.
No, the intent was to give InVircible a fair review, and that is what it
got. Sorry you're not happy with it, but perhaps you could concentrate your
energy on asking NetZ to improve its product?
As for IVZ, would that happen to be the same program that you and the manual
referred and still refer to as a "scanner" and which you said hasn't been
updated in over thirty months?
>>I'd certainly like to hear Zvi's opinion about the article as well.
>
>George I ask that you read our rebutal (which wasn't printed by
>PC World in the June edition) and tell me what you think
>(in your unbiased way).
>http://www.virusdefence.co.nz/pcworld/pcworld.htm
I think the whole world should read it! It's most amusing, but don't forget
to go to http://www.idg.co.nz/magazine/pcworld/may98/invircib.htm for the
truth.
>Also you may also comment on:
>
>1. PCWorld highlighting 'viruses' under the name of the virus writer
>(Justin-KRiLE)
Grant, I have noticed that you find writing a tough task, but can you show
us the exact quote where the above is supposed to have happened? Can you?
>2. Ensuring that Justin promptly received a copy of our rebutal
Ah... now who is Justin? Did you send him your "rebutal" whatever that is? I
hope he was able to make sense of it.
>3. And ditto for the address of the original PC world article
Yeah, you comment on that George! If you understand what Grant means, that
is.
>A sister paper of PCWorld in 1995 wrote the following when doing a
>review of Norton's AV:
>
>Windows 95 Software
>"By now I was getting lonely- I missed my hard drive.
>"So I turned to an old faithful, dug out my copy of InVircible and rescued
>the system. Bear in mind that InVircible wasn't even installed- I recovered
>the PC from the installation routine alone, which established that the
>master boot record was infected, that 2KB of DOS memory was missing and
that
>the partition sector was stealthed.
>"My recommendation right now is to stick with InVircible because it is
still
>the best protection around."
>New Zealand Computer Buyer, October 1995
>
>
>Those were the days when their technical people knew about
>viruses!
>
>Grant Scurrah
>Not speaking for
>Virus Defence Bureau
>Auckland
>Email: gr...@virusdefence.co.nz
>WWW: http://www.virusdefence.co.nz
For the benefit of this newsgroup, Grant Scurrah is the General Manager of
Second Sight Limited, trading as the Virus Defence Bureau, the New Zealand
distributors of InVircible. It would be most remarkable if Grant didn't
speak on behalf of the organisation he works for, but perhaps he's just
taking some time off to post some objective thoughts on anti-virus stuff in
general.
-- Juha
Robert Green
cr...@torfree.net (Kurt Wismer) wrote:
>Graham Cluley (san...@cix.co.uk) wrote:
>: Bob Green writes:
>: > Now, I know from personal experience that InVircible's
>: > installation is a very simple procedure. In my customer base,
>: > even users with virtually no prior computing experience are
>: > able to handle it easily.
>
>: Customer base? Maybe I've misinterpreted what you've said here, but do
>: you sell InVircible?
>
>as i recall, rob works in a sort of support/consultancy sort of capacity,
>and one of the av programs he's suggested for the users for which he is
>responsible for supporting is invircible...
>
>correct me if i'm wrong, rob...
That's pretty accurate, kurt.
As I told Graham, I don't sell it, but I do recommend it on occasion
and will support it, if the users license it. I also will and do
support McAfee, NAV, etc, whatever they have. One site has TBAV, for
that matter. I have also recommended AVP and DSAV, but I think no one
has purchased those yet.
Thank you for helping to clarify.
Regards,
Bob
Robert Green
gwe...@gpu.srv.ualberta.ca (George Wenzel) wrote:
>Either way, it doesn't seem that you'll be convinced, no matter what, that it
>is possible for InVircible to receive an unbiased, competent, and NEGATIVE
>review.
This particular review was biased. Give me a couple of days, until I
get back from a pending trip, and I'll prove it to you.
Bob
Robert Green
<ni...@virusbtn.com> writes:
>In article <NEWTNews.896670...@avana.net.avana.net>,
>rgr...@avana.net says...
>>author in effect curses his own ineptness in getting the program
>>installed. Now, I know from personal experience that InVircible's
>>installation is a very simple procedure. In my customer base, even
>Juha did not "curse his own ineptness"--he admitted to having a small problem:
Zvi has gone into detail now about the reviewer's problems with the
installation. No need to belabor it here.
>You mean, you do not like the results of a review that actually presses the
>product against some of its marketing claims, but the reviews that are written
>after a hack journo watches a canned demonstration by an IV reseller are OK?
See the thread (called "Old message, but answer to Robert Green
anyway", its current) with exchanges between Pierre and I. I gave my
2 cents on testing IV there, even mentioned your name.
I take it that the reviewer was acting on your advice when he reported
the results of IVZ against 15,000 (or whatever) viruses, but given the
module responsible for detecting file viruses, IVB, he only tested
with one? He mentioned testing it against the wild list, but never
made clear why he didn't. Are you the one who can explain why not? I
don't want to accuse you of trying to conceal something, but this
decision needs justification.
>I wonder how Virus Bulletin feels about his revelation that
>their tester was unable to perform the child-simple process of
>removing a FORM infection with IVINIT?
>This is where Bob's lack of reading comprehension abilities gets him in
>trouble. You see, the PCW review did not say I could not disinfect Form.A with
>IVINIT. Do they run adult remedial reading classes in your area Bob? I'd
>suggest that you investigate them. [Yes, I was the "VB staff" referred to in
>the PCW review.]
>What was reported is what happened. According to the printed review:
> Virus Bulletin staff observed that during the Form.A infection, IVINIT
> reported '2KB DOS memory missing!' but also said, 'The hard disk is
> infected with a boot infector!' a clear virus indication for a change.
> However, on acknowledging the message, IVINIT said 'No Virus activity
> in memory!' and exited. The VB tester was unable to do anything as
> Windows 95 started up with Form.A was [sic] active and infectious.
> This is a major bug in IVINIT.
>You see, I did not fail to disinfect Form.A--IV failed to give me the chance to
>do anything with it!
Your description of IVINIT's behavior with FORM is correct. I
mistakenly thought that passage was a carry-over having to do with the
menu options.
Quoting the review:
>:Baboon made IVINIT flash a '1KB of Dos memory missing!' warning, but
>:confusingly, also 'No virus activity detected in memory'. The
>:default option was to Quit and continue booting. This left the
>:system with an active, infective virus.
The actions menu at that point gives 3 options: Update, Restore, and
Quit. So I thought that you had mistakenly chosen Quit again.
>Unfortunately, Bob's statement is a bit more misleading than that. The next
>sentence of the review goes on to say:
> Using ResQDisk restored the boot sector, but an average user wouldn't
> know to use it in this situation.
Fine, but I was only considering IVINIT, as the term "child-simple"
makes clear.
>So Bob, it seems a public aopolgy is to be expected from you. Posted in this
>forum please...
Back form to ask, Nick. Now you'll never know if I really mean it :-).
In general an honest mistake, which is what this was, is rectified by
acknowledgement alone, but, since my tone was a bit derisive, then I
apologise. Even spelling it the English way just for you.
Speaking of mistakes and acknowledgements, now its my turn...
Some time ago I received an e-mail from your assistant editor, Megan
Skinner, inquiring about a remark of mine on this newsgroup to the
effect that the VB AntiCMOS analysis, which can be read on your web
site, contained errors. I was asked for details, and I took the
trouble to provide them to Ms. Skinner, who had said that the analysis
would be corrected if it was "grossly incorrect," which it is.
Months have gone by. I have never received a reply, and the botched
analysis is still there (or was until very recently, I can't confirm
more than that, since the VB server isn't responding to me today).
So Nick, it seems some thanks to me for my effort to help you are
to be expected. Privately will be fine. And, for God's sake, do
something about that analysis. Not an earth-shaking matter, I know,
but VB is supposed to be definitive, and it just looks bad.
Bob
Juha Saarinen
Robert Green comments on the PC World NZ review of InVircible
(http://www.idg.co.nz/magazine/pcworld/may98/invircib.htm)
>
>>>author in effect curses his own ineptness in getting the program
>>>installed. Now, I know from personal experience that InVircible's
>>>installation is a very simple procedure. In my customer base, even
>
>>Juha did not "curse his own ineptness"--he admitted to having a small
problem:
>
>Zvi has gone into detail now about the reviewer's problems with the
>installation. No need to belabor it here.
But there is, Robert. Where did Zvi Netiv go into detail about the problems
with installation? There is nothing on my nntp server, nor can I find
anything on DejaNews. Did he send you an email? Or do you mean what Grant
Scurrah, the NZ InVircible rep wrote?
I anywhichcase, InVircible wasn't problematic to install, so I had no reason
to curse my own ineptness. Why did you make that up? Another thing that I
find remarkable is that on the one hand, you say your customer base of
InVircible users has no problems installing the software, but on the other
(in a separate message) you say you install InVircible for some of your
customers. Surely they're able to do it themselves?
>I take it that the reviewer was acting on your advice when he reported
>the results of IVZ against 15,000 (or whatever) viruses,
Robert, read the review at
http://www.idg.co.nz/magazine/pcworld/may98/invircib.htm or go to
www.virusbtn.com for the details on the test sets used. The numbers are
given there. The local SSL rep was kept in the loop throughout the review,
and problems encountered were reported to him. I expected some effort
towards problem resolving from him, but instead was accused of not being
"open-minded" and having a "scanner mentality" whatever that is. I have the
extensive email correspondence with the SSL rep saved, and IDG has copies of
it too. If I were an InVircible customer, I wouldn't be happy with the sort
of tech support I received.
>but given the
>module responsible for detecting file viruses, IVB, he only tested
>with one?
Again, Robert, you should have read the review before you posted. What
you've written above is incorrect.
>He mentioned testing it against the wild list, but never
>made clear why he didn't.
Read the review Robert and tell me where I said I tested IVB against the
Wild List. Why do you make things up like this?
>Are you the one who can explain why not? I
>don't want to accuse you of trying to conceal something, but this
>decision needs justification.
No, it doesn't since no such decision was made. I would like to know how you
justify making things up like the above though.
-- Juha
Pierre Vandevenne
>something about that analysis. Not an earth-shaking matter, I know,
>but VB is supposed to be definitive, and it just looks bad.
BTW, Robert, do you analyse viruses ?
Robert Green
pie...@datarescue.com (Pierre Vandevenne) wrote:
>In <357aec58...@news.mindspring.com>, "Robert Green" <rgr...@avana.net> writes:
>
>
>>something about that analysis. Not an earth-shaking matter, I know,
>>but VB is supposed to be definitive, and it just looks bad.
>
>BTW, Robert, do you analyse viruses ?
Occasionally. Ones that interest me. I did AntiCMOS a couple years
ago, that's why I know about the errors in the VB analysis.
Our fat thread: my last response to you is just laying there. I'm
geting bored. Entertain me. :-)
Bob
Pierre Vandevenne
>>BTW, Robert, do you analyse viruses ?
>Occasionally. Ones that interest me. I did AntiCMOS a couple years
>ago, that's why I know about the errors in the VB analysis.
Oh, OK. I was wondering. I also analyse some of them when I have the time.
But I haven't found the perfect virus information database yet. I am not
suprised by mistakes, anywhere.
>Our fat thread: my last response to you is just laying there. I'm
>geting bored. Entertain me. :-)
How can you get bored when Zvi just came out of his lair ? ;-)
Fascinating post isn't it ?
About our conversation, I did not really like the "gang" theme and
thought it might be the right moment to let it die.
Robert Green
pie...@datarescue.com (Pierre Vandevenne) wrote:
>In <357c1b7a...@news.mindspring.com>, "Robert Green" <rgr...@avana.net> writes:
>
>>>BTW, Robert, do you analyse viruses ?
>
>>Occasionally. Ones that interest me. I did AntiCMOS a couple years
>>ago, that's why I know about the errors in the VB analysis.
>
>Oh, OK. I was wondering. I also analyse some of them when I have the time.
>But I haven't found the perfect virus information database yet. I am not
>suprised by mistakes, anywhere.
Neither am I. But in this case, its not just a database with short
descriptions, but a reprint of VB analysis orignally appearing in the
magazine. That's different.
>>Our fat thread: my last response to you is just laying there. I'm
>>geting bored. Entertain me. :-)
>
>How can you get bored when Zvi just came out of his lair ? ;-)
>Fascinating post isn't it ?
I enjoyed it, yes.
>About our conversation, I did not really like the "gang" theme and
>thought it might be the right moment to let it die.
As you wish. The gang theme doesn't appear there, though. That was
from a post replying to George.
Bob
Robert Green
"Juha Saarinen" <nos...@to.me> writes:
>Robert Green comments on the PC World NZ review of InVircible
>(http://www.idg.co.nz/magazine/pcworld/may98/invircib.htm)
>>>>author in effect curses his own ineptness in getting the program
>>>>installed. Now, I know from personal experience that
InVircible's
>>>>installation is a very simple procedure. In my customer base,
even
>>>Juha did not "curse his own ineptness"--he admitted to having a
small
>>>problem:
>>Zvi has gone into detail now about the reviewer's problems with
>>the installation. No need to belabor it here.
>But there is, Robert. Where did Zvi Netiv go into detail about the
problems
>with installation? There is nothing on my nntp server, nor can I
find
>anything on DejaNews. Did he send you an email? Or do you mean what
Grant
>Scurrah, the NZ InVircible rep wrote?
No, I mean Zvi's rebuttal posted to this newsgroup.
>I anywhichcase, InVircible wasn't problematic to install, so I had
no reason
I'm glad to know that you concede the point. That "Incomplete
installation" thing was all your fault, then? Are you going to
retract this and all the other issues you got wrong publicly,
in the NZ PC World magazine?
>to curse my own ineptness. Why did you make that up? Another thing
that I
I made up your ineptness? What about that slapstick episode with the
Da'Boy's virus? Hilarious. I could never be that funny.
>find remarkable is that on the one hand, you say your customer base
of
>InVircible users has no problems installing the software, but on
the other
>(in a separate message) you say you install InVircible for some of
your
>customers. Surely they're able to do it themselves?
If I'm on site I'll do it myself. That's called customer service.
>>I take it that the reviewer was acting on your advice when he
>>reported the results of IVZ against 15,000 (or whatever) viruses,
>Robert, read the review at
>http://www.idg.co.nz/magazine/pcworld/may98/invircib.htm or go to
>www.virusbtn.com for the details on the test sets used. The numbers
are
>given there.
That's why I wrote "(or whatever)" isn't it? I couldn't remember.
852 is no less an absurd undertaking that 15,000 would be.
>The local SSL rep was kept in the loop throughout the review,
>and problems encountered were reported to him. I expected some
effort
>towards problem resolving from him, but instead was accused of not
being
>"open-minded" and having a "scanner mentality" whatever that is. I
have the
>extensive email correspondence with the SSL rep saved, and IDG has
copies of
>it too.
Just curious, was there any back channel communication between you
and the author of Krile? If so, do you have that correspondence
available?
> If I were an InVircible customer, I wouldn't be happy with
the sort
>of tech support I received.
What were you doing talking to the local rep? Didn't you have the
self-sufficency to evaluate the product on your own?
>>but given the
>>module responsible for detecting file viruses, IVB, he only tested
>>with one?
>Again, Robert, you should have read the review before you posted.
What
>you've written above is incorrect.
I have read it, Juha, and you only mentioned one virus for testing
IVB. Interesting choice of a virus, I should add. Can you tell us
just how you came to select Krile?
>>He mentioned testing it against the wild list, but never
>>made clear why he didn't.
>Read the review Robert and tell me where I said I tested IVB
>against the Wild List. Why do you make things up like this?
But you _didn't_ test it against the wild list, which is what I was
saying. You talked about doing it, but you didn't. You are obviously
misreading me on purpose here.
Quoting from the review:
>:"Without testing each and every virus on the Wild List its hard
>:to say what the chances are."
"Chances" here being the probablilities of IVB successfully
cleaning viruses from files. Over the range of known file
viruses that are removable, that would be about 98%, BTW.
Note, Juha, that you admit here that there is important information
that will not be made available, because you declined to perform
tests which you clearly indicate would be of value.
If Nick tested IVZ with 800 odd viruses, why couldn't he test IVB
with at least just the ITW file infectors, which is a much smaller
group?
>>Are you the one who can explain why not? I
>>don't want to accuse you of trying to conceal something, but this
>>decision needs justification.
>No, it doesn't since no such decision was made. I would like to
know how you
>justify making things up like the above though.
Yes, a decision was made. A decision to withold from your readers
the results of InVircible's performance with an objectively chosen
set of test viruses, such as the ITW or the VB set.
Here is what that would show: tested on ITWs IV would post results
similar to the better scanner products. Tested on the VB test set,
it would probably do better than the scanners. I am talking about
in-file and in-memory detection and file disinfection.
But those results would have undermined your project, would even
have forced you to abandon it. Is that not correct?
Bob
Pierre Vandevenne
>Just curious, was there any back channel communication between you
>and the author of Krile? If so, do you have that correspondence
>available?
Robert, so far you have mostly avoided the usual IV rep odd behaviours : I
think it would be good if you could continue in that direction. Let me point
out for example that while Mr Saarinen found a few positive points in his
IV review, you have yet to admit a single slight defect in the program.
This 100% attitude is very peculiar ( I have yet to find perfection in a piece
of software, including our own ), yet no one has had the inelegance to
attack you for that.
Is it possible to stay away from that kind of attacks ?
>What were you doing talking to the local rep? Didn't you have the
>self-sufficency to evaluate the product on your own?
Once again an ad hominem attack against Mr Saarinen. According to Mr
Netiv himself, the local rep wasn't competent enough to answer Mr Saarinen's
question. That was obviously not a question of self sufficiency on the part
of the reviewer.
---
Robert Green
pie...@datarescue.com (Pierre Vandevenne) wrote:
>In <NEWTNews.897366...@avana.net.avana.net>, Robert Green <rgr...@avana.net> writes:
>
>>Just curious, was there any back channel communication between you
>>and the author of Krile? If so, do you have that correspondence
>>available?
>
>Robert, so far you have mostly avoided the usual IV rep
I'm not an IV rep, as you know perfectly well.
> odd behaviours : I
>think it would be good if you could continue in that direction. Let me point
>out for example that while Mr Saarinen found a few positive points in his
>IV review, you have yet to admit a single slight defect in the program.
You don't read my posts then.
>This 100% attitude is very peculiar ( I have yet to find perfection in a piece
>of software, including our own ), yet no one has had the inelegance to
>attack you for that.
I have no such attitude. Wasn't I just telling you about my preference
for a combined generic/known-virus approach?
>Is it possible to stay away from that kind of attacks ?
What kind of attacks? Its a fair and honest question. Choosing a test
sample from a virus writer who he must have known is consistenly
engaged here in a tiresome project to promote himself and his virus,
and who persistenly attacks InVircible on this newsgroup, is an act
that inevitably leads to suspicion. At best he has gotten himself into
an unwilling, implicit cooperative alliance with a virus writer,
helping him promote his creation.
You see, Pierre, he could easily have chosen another. The attack on
the integrity databases is not unknown, whether InVircible or some
other product using integrity methods.
>>What were you doing talking to the local rep? Didn't you have the
>>self-sufficency to evaluate the product on your own?
>
>Once again an ad hominem attack against Mr Saarinen. According to Mr
>Netiv himself, the local rep wasn't competent enough to answer Mr Saarinen's
>question. That was obviously not a question of self sufficiency on the part
>of the reviewer.
Reviewers should maintain complete independence, not being swayed one
way or the other by dealings with vendors or vendor reps. I doesn't
matter that reviewers customarily operate otherwise: that's why they
are not generally taken seriously, after all. But it seems an
exception is being made for Juha.
Reviewers should also make a good faith effort to provide a balanced
view of the product's performance. In this case that means, if he is
going to test IVZ, which is not a part of the product's normal daily
protection strategy, he should also test IVB, which is, with a
representitive group of virus samples. Instead, he used only one, and
it was a controversial choice.
But, of course, George has given the views of the, uh, club, saying
that it is only necessary to show one single example. I guess that
tactic is filed right behind the one that says let's use the "updates"
ridicule to suppress any useful discussion of this product.
Bob
Pierre Vandevenne
>I'm not an IV rep, as you know perfectly well.
I have no opinion on that. I'll take your word for it, but your word isn't
synonymous with "I know perfectly well" (and my word isn't better)
>I have no such attitude. Wasn't I just telling you about my preference
>for a combined generic/known-virus approach?
As described in the IV manual ;-)
>>Is it possible to stay away from that kind of attacks ?
>What kind of attacks? Its a fair and honest question. Choosing a test
Ad hominem attacks. You weren't very polite towards Mr Saarinen.
>You see, Pierre, he could easily have chosen another. The attack on
He could, but you see, when a journalist starts a review, he isn't necessarily
a specialist. That's why he starts collecting documentation. By reading
newsgroups for example. I imagine Krile was discussed at the time Mr Saarinen
looked at the newsgroup. It could have appeared as an ideal test as Mr Netiv
claimed publically that IV had no problems with Krile.
Once again a contradiction here : you may accuse Mr Saarinen to have chosen
Krile on purpose to show how bad Invircible is, but then Mr Netiv obviously
was lying when he claimed that Invircible had no problem with it.
If, on the other hand, we take the premise that Mr Netiv wasn't lying then, in
this well... in this uchronia, Mr Saarinen's choice was advantageous to
Invircible.
Mr Netiv took a very strong and positive position about Krile in this newsgroup,
drawing everyone's attention, including Mr Saarinen's, to this particular virus.
It is only natural to check Mr Netiv's claims when you write a review.
>>>What were you doing talking to the local rep? Didn't you have the
>>>self-sufficency to evaluate the product on your own?
>>
>>Once again an ad hominem attack against Mr Saarinen. According to Mr
>>Netiv himself, the local rep wasn't competent enough to answer Mr Saarinen's
>>question. That was obviously not a question of self sufficiency on the part
>>of the reviewer.
>
>Reviewers should maintain complete independence, not being swayed one
Yes, they should, but according to Mr Netiv himself, the problem was more
a problem of competence at the distributor's level. I don't think Mr Saarinen
was swayed one way or the other : it seems he only had contact with IV
distributor.
>Reviewers should also make a good faith effort to provide a balanced
>view of the product's performance. In this case that means, if he is
And I have no doubt that, if Mr Saarinen had contacted you instead of
contacting his local tech support, he would probably have had a better
support. But you also have to take into account the fact that competent
local technical support is important.
>But, of course, George has given the views of the, uh, club, saying
>that it is only necessary to show one single example. I guess that
Once absolute claims are made, yes, one single counter example invalidates
the theory. That's often how it goes in Science.
>tactic is filed right behind the one that says let's use the "updates"
>ridicule to suppress any useful discussion of this product.
We are not discussing the product, I think publications such as Virus Bulletin
are better equipped and more objective than we are in that endeavour. We are
discussing the absurd claims made by one a-v producer, which can be
demonstrated to be false rather easily.
Robert Green
pie...@datarescue.com (Pierre Vandevenne) wrote:
>In <357d51c8...@news.mindspring.com>, "Robert Green" <rgr...@avana.net> writes:
>
>>I'm not an IV rep, as you know perfectly well.
>
>I have no opinion on that. I'll take your word for it, but your word isn't
>synonymous with "I know perfectly well" (and my word isn't better)
>
>>I have no such attitude. Wasn't I just telling you about my preference
>>for a combined generic/known-virus approach?
>
>As described in the IV manual ;-)
Nice. And in my own thinking, as well.
>>>Is it possible to stay away from that kind of attacks ?
>>What kind of attacks? Its a fair and honest question. Choosing a test
>
>Ad hominem attacks. You weren't very polite towards Mr Saarinen.
After he accused me several times of lying. I'm not Saint Bob.
If Juha wants to tone things down, I'll go along.
>>You see, Pierre, he could easily have chosen another. The attack on
>He could, but you see, when a journalist starts a review, he isn't necessarily
>a specialist. That's why he starts collecting documentation. By reading
>newsgroups for example. I imagine Krile was discussed at the time Mr Saarinen
>looked at the newsgroup. It could have appeared as an ideal test as Mr Netiv
>claimed publically that IV had no problems with Krile.
>Once again a contradiction here : you may accuse Mr Saarinen to have chosen
>Krile on purpose to show how bad Invircible is, but then Mr Netiv obviously
>was lying when he claimed that Invircible had no problem with it.
I'm glad you raised this point, its another balance issue. IVB detects
Krile (but does not remove it) up 'til the last one. The directed
attack was added only _after_ Zvi pointed out that IVB would detect
it. In fact, the first mention I remember of Krile was when a user
posted a copy of an IVB report after he became infected with it. Zvi
was completely correct when he said that.
Also, if he's been reading the group, he should have known that the
newest version of Krile, called CREED by its creator, was first
detected by InVircible, the IVX module, when some users posted about
it here just before AVP released the 5/15 update that incorporated it.
(Faster response than we saw on Dodgy, huh?)
Following advice that was posted, at least three users were able to
identify and and then replace the CREED-infected files with IVX. (Also
note that the 100% man began to recommend AVP as soon as he knew that
it did the job for this one - because its easier for the user,
although the files still have to be replaced).
>If, on the other hand, we take the premise that Mr Netiv wasn't lying then, in
>this well... in this uchronia, Mr Saarinen's choice was advantageous to
>Invircible.
Nice new word. What is the definition of uchronia? (its not in the
little dictionary I have here at the office). Sounds like a disease
:-).
The choice of a virus implementing the integrity database attack is
just fine, so long as it is balanced by testing with an objectively
chosen set of test samples. I just think there could have been a
better choice, given the current state of things.
>Mr Netiv took a very strong and positive position about Krile in this newsgroup,
>drawing everyone's attention, including Mr Saarinen's, to this particular virus.
What, Zvi promoted Krile? He did not. He answered some taunts from the
author (through posts from others, I believe, and if the rest of us
followed his policy of not communicating with this clown, he would
probably finally go away), who clearly needs no help promoting himself
and his virus, witness you and I discussing it here.
>It is only natural to check Mr Netiv's claims when you write a review.
As I've shown, he didn't actually do that. He used the virus
specifically to further his purpose of writing a negative review.
He avoided objective testing specifically to prevent his project from
collapsing.
>And I have no doubt that, if Mr Saarinen had contacted you instead of
>contacting his local tech support, he would probably have had a better
>support. But you also have to take into account the fact that competent
>local technical support is important.
I have no experience with Virus Defense or SSL, so I can't comment on
the quality of the local support, except to say that they are backed
by Zvi, and support from Zvi is in my experience prompt and effective
in all cases. I will also point out that tech support exists for
paying customers.
>>But, of course, George has given the views of the, uh, club, saying
>>that it is only necessary to show one single example. I guess that
>Once absolute claims are made, yes, one single counter example invalidates
>the theory. That's often how it goes in Science.
Please clarify for me, Pierre? We're reviewing marketing claims here,
whatever they may actually be, and the product itself is irrelevant?
Therefore, fair and objective tesing of the product is irrelevant and
Juha shouldn't be criticized because he didn't do that?
>>tactic is filed right behind the one that says let's use the "updates"
>>ridicule to suppress any useful discussion of this product.
>We are not discussing the product, I think publications such as Virus Bulletin
Uh, Virus Bulletin was involved in this review. Nick did the tests,
remember. I go back to my question that hasn't been answered yet:
were Juha's technical decisions based on VB's advice or did he arrive
at them on his own?
>are better equipped and more objective
We can discuss objectivity when my question is answered.
> than we are in that endeavour. We are
>discussing the absurd claims made by one a-v producer, which can be
>demonstrated to be false rather easily.
I'm discussing the product. I am always more comfortable with concrete
issues that can be settled objectively, in this case with test
results, and with each new post on the matter, it becomes more and
more obvious that everyone else knows as well as I do what such tests
would show.
Bob
Pierre Vandevenne
>If Juha wants to tone things down, I'll go along.
Great.
>I'm glad you raised this point, its another balance issue. IVB detects
OK
>posted a copy of an IVB report after he became infected with it. Zvi
>was completely correct when he said that.
Then what was the problem with the test. Are reviewers supposed to be
masters in sub-variants ?
>(Faster response than we saw on Dodgy, huh?)
I had a question for Eugene this afternoon. He answered within 10 minutes.
The fact that I wrote a dodgy solution myself has nothing to do with the
speed of the support : I am quite moody at times and like to do things on
my own, even when other solutions are available.
>>If, on the other hand, we take the premise that Mr Netiv wasn't lying then, in
>>this well... in this uchronia, Mr Saarinen's choice was advantageous to
>>Invircible.
>Nice new word. What is the definition of uchronia? (its not in the
>little dictionary I have here at the office). Sounds like a disease
>:-).
It is not a new word. You may want to upgrade your dictionary :-)
Or search usenet. I am not a native speaker, don't forget that. I am
severely disadvantaged in the conversation.
>
>>Mr Netiv took a very strong and positive position about Krile in this newsgroup,
>>drawing everyone's attention, including Mr Saarinen's, to this particular virus.
>
>What, Zvi promoted Krile? He did not. He answered some taunts from the
I did not say that. I said he was very noisy about it.
>>It is only natural to check Mr Netiv's claims when you write a review.
>As I've shown, he didn't actually do that. He used the virus
>specifically to further his purpose of writing a negative review.
>He avoided objective testing specifically to prevent his project from
>collapsing.
Once again a conspiracy theory. Why would he do that ? Is he on the
payroll of another anti-virus producer or what ?
>I have no experience with Virus Defense or SSL, so I can't comment on
>the quality of the local support, except to say that they are backed
Oh, I certainly don't ask you to comment : as a matter of fact, Mr Netiv
already did.
>by Zvi, and support from Zvi is in my experience prompt and effective
>in all cases. I will also point out that tech support exists for
I am sure Mr Netiv helps his paying customers when he can. That has never
really been a point as far as I am concerned.
>Please clarify for me, Pierre? We're reviewing marketing claims here,
>whatever they may actually be, and the product itself is irrelevant?
No, the product itself isn't irrelevant. But assuming it is effective, it doesn't
live up to its claims. I still maintain that, for example, its integrity checking
mechanism is extremely poorly implemented and is extremely easy to bypass.
The fact that Invircible has 0.1% of the market or something similar
(well, I am willing to be contradicted with hard facts on that one, I will
accept any proven figure ) simply makes it a no issue as virtually very few
people are trying to even bypass it.
>Uh, Virus Bulletin was involved in this review. Nick did the tests,
>remember. I go back to my question that hasn't been answered yet:
>were Juha's technical decisions based on VB's advice or did he arrive
>at them on his own?
Does it change anything ?
Is VB objective and competent or is it not ? (seems other A-V vendors don't
complain)
>>are better equipped and more objective
>We can discuss objectivity when my question is answered.
Now that is a strange twist : how could the objectivity of VB, a magazine
published since several years, depend on one answer to your questions ?
Does that mean that if VB makes a bad Invircible review they are not
objective whereas a good review would prove their objectivity ?
>I'm discussing the product. I am always more comfortable with concrete
I don't want to discuss the product because if I do discuss it in details, I
am accused of being unethical.
Remember : I said IV integrity checking was lame. I was treated as a liar
and as someone speaking in the void. I demonstrated partially what I claimed
(because total demonstration would have been an immediate help to virus
writers). Then we heard nothing more about it.
It is a bit like a boxing match you see. Boxer One goes around boxer two
yelling insults. Boxer Two knocks Boxer One down. Then Boxer two claims
boxing is unethical.
I refuse to box with my hands tied in my back and I refuse to do something
that isn't my job since there are people around competent to do that.
Robert Green
gwe...@gpu.srv.ualberta.ca (George Wenzel) wrote:
>In article <357d51c8...@news.mindspring.com>, rgr...@avana.net says...
>>What kind of attacks? Its a fair and honest question. Choosing a test
>>sample from a virus writer who he must have known is consistenly
>>engaged here in a tiresome project to promote himself and his virus,
>>and who persistenly attacks InVircible on this newsgroup, is an act
>>that inevitably leads to suspicion.
>
>Perhaps, but because Zvi himself has stated that IV has no problems with
>Krile, and Krile's author has stated that IV has problems with Krile.
There is more than one Krile, George. You have to look at the time
line. I just went over this in a reply to Pierre. When Zvi said that
IVB detected Krile, he was correct. Also, IVX does detect it, getting
100% correlation on all Krile variants including Creed, the latest
one.
>Seeing as Zvi markets IV as a solution to all viruses, it would seem that
>using a counterexample (a virus where IV is not a solution) would show that
>Zvi's claims about his product are false.
Zvi doesn't market IV as a solution to _all_ viruses. Even so, the
business with Krile proves nothing, because IVX detects all variants,
as does IVB, if run from a clean boot, using the off-line backup of
the integrity database, if necessary.
>>At best he has gotten himself into
>>an unwilling, implicit cooperative alliance with a virus writer,
>>helping him promote his creation.
>
>Sorry, Robert, but just because a reviewer uses a particular virus in a
>particular review does not mean he has allied with the virus writer. If that
>were so, no reviewer could ethically review ANY anti-virus product using ANY
>viruses whatsoever.
Not really. There is a context here, George, involving Krile, that
does not exist for other viruses.
>Saying there is an alliance simply because Krile was chosen in the review is
>just a little bit too much of a stretch.
I said "unwilling, implicit". You can't deny that Dustin is using this
situation gleefully.
>>You see, Pierre, he could easily have chosen another.
>
>Yes, but that's not the point. IV is purported to be a solution for all
>viruses. By choosing a virus where IV is not a solution, the claims about IV
>become baseless.
I said he could have chosen another using the same attack. But it
proves nothing, especially when not balanced with further objective
testing, and there wasn't any.
>>Reviewers should maintain complete independence, not being swayed one
>>way or the other by dealings with vendors or vendor reps.
>
>Obviously the dealings with Mr. Scurrah did not sway Juha's opinion, now did
>they?
We don't know, actually. Maybe Mr Scurrah said something that offended
him.
>>I doesn't
>>matter that reviewers customarily operate otherwise: that's why they
>>are not generally taken seriously, after all.
>
>They generally aren't taken seriously unless they happen to write good things
>about InVircible, in which case their independence is completely unquestioned.
Magazine reviews in the anti-virus area are considered, shall we say,
light reading. NetZ could point to competent, objective testing,
except for the inconvenient fact that the product is never tested that
way.
>>But it seems an exception is being made for Juha.
>The same exception was made for Paul Williams and PCLAN, too.
Paul William's tests were limited, but were serious, competent, and
provided some valuable information about the product for users.
I have never read the other one.
NetZ is allowed to market its product, George. And its allowed to use
whatever tools are at hand.
>>Reviewers should also make a good faith effort to provide a balanced
>>view of the product's performance.
>
>Personally, I think that Juha's evaluation of IV was quite balanced. Juha
>gave IV a fair shake, and the review was negative. Big deal. Products get
>negative reviews all the time.
Right. Big deal. Still, it can hardly be called balanced. IVB was only
tested with one virus, yet it is the product's file-infector detecting
module. IVZ was tested with the whole VB test set of 850, yet IVZ is
not used in the daily defense strategy of the IV suite.
Readers not familiar with the product will be very much swayed by
this, getting a very false impression of the product. He should have
balanced his presentation.
>Of course, when InVircible gets a negative review, Zvi threatens legal action.
>
>>But, of course, George has given the views of the, uh, club,
>
>If you're referring to the karate club, my views are my own in these matters.
>The U of A Karate Club has absolutely no opinion on this matter.
I was making a joke to Pierre, that's not your club :-). I wouldn't
want to get on the bad side of a karate club, would I? :-(
>>saying
>>that it is only necessary to show one single example. I guess that
>>tactic
>
>The "tactic" as you call it is simple: If a program that claims "effective
>protection against all types of computer viruses" can be shown to NOT be
>effective protection against a certain type of virus, then it can be logically
>followed that the claim is false. It's called proof by counterexample.
But it provides, can be shown unequivocally to provide, effective
protection against all types of computer viruses, excepting some
unusual ones like batch file viruses. A single example doesn't counter
this fact. All Krile accomplishes is to point out, not the first time,
that integrity databases can be vulnerable. You can never have 100%
security of the integrity database except on a write-protected floppy,
and IV provides for that. _All_ AV programs are subject to directed
attacks and have vulnerabilities. Pointing out that this is true for a
single product does not stand up as an "evaluation" or as "proof" of
anything but what I have said.
>>is filed right behind the one that says let's use the "updates"
>>ridicule to suppress any useful discussion of this product.
>
>The "updates" criticism is also a simple one: A product that is sold on the
>basis of never needing updates, but is regularly updated anyhow, is a product
>that contradicts itself.
Its a purely semantic controversy, completely inconsequential.
>Why is it that when people criticize IV, you claim that they suppress "useful
>discussion" of it? Criticism IS useful discussion, IMHO.
My problem is that it is not _the product_ that gets criticized. The
product is not so easy to criticize, when you get right down to it. I
don't mean its perfect, just that it is in fact an effective
anti-virus program, and is a better solution than known-virus scanners
in some respects. But this gets lost in all the controversy.
Bob
Robert Green
pie...@datarescue.com (Pierre Vandevenne) wrote:
>In <357d7611...@news.mindspring.com>, "Robert Green" <rgr...@avana.net> writes:
>Then what was the problem with the test. Are reviewers supposed to be
>masters in sub-variants ?
No. I made no complaint about the test itself, just the particular
choice of the virus and the lack of any further testing.
>>(Faster response than we saw on Dodgy, huh?)
>
>I had a question for Eugene this afternoon. He answered within 10 minutes.
>The fact that I wrote a dodgy solution myself has nothing to do with the
>speed of the support : I am quite moody at times and like to do things on
>my own, even when other solutions are available.
AVP detected CREED 3 days after it came out, I think. I don't license
bad products :-).
>>>If, on the other hand, we take the premise that Mr Netiv wasn't lying then, in
>>>this well... in this uchronia, Mr Saarinen's choice was advantageous to
>>>Invircible.
>
>>Nice new word. What is the definition of uchronia? (its not in the
>>little dictionary I have here at the office). Sounds like a disease
>>:-).
>
>It is not a new word. You may want to upgrade your dictionary :-)
>Or search usenet. I am not a native speaker, don't forget that. I am
>severely disadvantaged in the conversation.
I'm actually interested in that word, so I hope you didn't
misunderstand me. You are not very disadvantaged, I think. If I had to
do this in one of the two languages I studied in school, I would be
helpless, not to mention incoherent. Your English is excellent.
>Once again a conspiracy theory. Why would he do that ? Is he on the
>payroll of another anti-virus producer or what ?
No. I simply believe that he did not want to risk good results. I'll
lsiten to what he says, though.
>>Please clarify for me, Pierre? We're reviewing marketing claims here,
>>whatever they may actually be, and the product itself is irrelevant?
>
>No, the product itself isn't irrelevant. But assuming it is effective, it doesn't
>live up to its claims. I still maintain that, for example, its integrity checking
>mechanism is extremely poorly implemented and is extremely easy to bypass.
Then it would fall on its face in an objective test, wouldn't it?
>>Uh, Virus Bulletin was involved in this review. Nick did the tests,
>>remember. I go back to my question that hasn't been answered yet:
>>were Juha's technical decisions based on VB's advice or did he arrive
>>at them on his own?
>
>Does it change anything ?
>Is VB objective and competent or is it not ? (seems other A-V vendors don't
>complain)
>
>>>are better equipped and more objective
>>We can discuss objectivity when my question is answered.
>
>Now that is a strange twist : how could the objectivity of VB, a magazine
>published since several years, depend on one answer to your questions ?
>Does that mean that if VB makes a bad Invircible review they are not
>objective whereas a good review would prove their objectivity ?
I'm not questioning VB's objectivty. But its important to know some
things. In a post to you which you refuse to acknowledge, I mentioned
remembering reading something by Nick on the testing of generic
products. I don't recall the details of what he said, but I think he
was against testing generics like IV with the same virus samples used
for known-virus scanners.
I just want to know if VB has a theory of testing generics, what is it
exactly, and was Mr Saarinen influenced by it.
That's harmless enough, isn't it?
Bob
Tarkan Yetiser
In article <6lk4n2$dls$1...@news3.Belgium.EU.net>, pie...@datarescue.com
says...
> In <357d7611...@news.mindspring.com>, "Robert Green" <rgr...@avana.net> writes:
>
> >>If, on the other hand, we take the premise that Mr Netiv wasn't lying then, in
> >>this well... in this uchronia, Mr Saarinen's choice was advantageous to
> >>Invircible.
>
> >Nice new word. What is the definition of uchronia? (its not in the
> >little dictionary I have here at the office). Sounds like a disease
> >:-).
>
> Or search usenet. I am not a native speaker, don't forget that. I am
> severely disadvantaged in the conversation.
Here you go Bob:
Uchronia
"Uchronie, n.f. ... Utopie appliquee a l'histoire; l'histoire
refaite logiquement telle qu'elle aurait pu etre."
Nouveau Larousse Illustre
(1913)
<<Uchronia, n. ... Utopia applied to history; history refashioned as
it logically could have been.>>
The term "uchronie", or "uchronia", was apparently first used by
Charles Renouvier in an anonymous article in Revue Philosophique et
Religieuse in 1857, and later in the title of his 1876 book, UCHRONIE
(L'UTOPIE DANS L'HISTOIRE), ESQUISSE HISTORIQUE APOCRYPHE DU DEVELOPMENT
DE LA CIVILISATION EUROPEENNE TEL QU'IL N'A PAS ETE, TEL QU'IL AURAIT PU
ETRE (Bureau de la Critique Philosophique 1876; Alcan 1901; Artheme 1919;
Fayard 1988), which translates as UCHRONIA (UTOPIA IN HISTORY), AN
APOCRYPHAL SKETCH OF THE DEVELOPMENT OF EUROPEAN CIVILIZATION NOT AS IT
WAS BUT AS IT MIGHT HAVE BEEN. "Uchronie" is still the preferred term in
French for alternate history literature.
Juha Saarinen
Robert Green comments on the PC World NZ review of InVircible
>>>I'm not an IV rep, as you know perfectly well.
Well, you have declared a commercial interest in InVircible, in this very
newsgroup. You don't appear to be a neutral observer, as it seems you
believe InVircible is completely without flaws.
>After he accused me several times of lying. I'm not Saint Bob.
>If Juha wants to tone things down, I'll go along.
You're most certainly no saint, Robert. You also have a short memory --
you're the one that attacked me, accusing me of a "put-up job" and being
biased. You call that being "toned down"?
>I'm glad you raised this point, its another balance issue. IVB detects
>Krile (but does not remove it) up 'til the last one. The directed
>attack was added only _after_ Zvi pointed out that IVB would detect
>it. In fact, the first mention I remember of Krile was when a user
>posted a copy of an IVB report after he became infected with it. Zvi
>was completely correct when he said that.
>
>Also, if he's been reading the group, he should have known that the
>newest version of Krile, called CREED by its creator, was first
>detected by InVircible, the IVX module, when some users posted about
>it here just before AVP released the 5/15 update that incorporated it.
>(Faster response than we saw on Dodgy, huh?)
I wrote that IVB detects KRiLE, but can't remove it. Zvi confirmed my test
results, so I don't see what the problem is.
As for CREED, I believe it was written long after the review was published.
What's your point?
>Following advice that was posted, at least three users were able to
>identify and and then replace the CREED-infected files with IVX. (Also
>note that the 100% man began to recommend AVP as soon as he knew that
>it did the job for this one - because its easier for the user,
>although the files still have to be replaced).
I wouldn't replace CREED-infected files with IVX, but each to their own....
>The choice of a virus implementing the integrity database attack is
>just fine, so long as it is balanced by testing with an objectively
>chosen set of test samples. I just think there could have been a
>better choice, given the current state of things.
Like what? KRiLE was a completely random choice. Since I was told that
InVircible "Finds and repairs ALL viruses known and unknown" using KRiLE is
a perfectly valid test of that claim. (Yes, I have that claim in writing
here.)
>As I've shown, he didn't actually do that. He used the virus
>specifically to further his purpose of writing a negative review.
>He avoided objective testing specifically to prevent his project from
>collapsing.
You're making things up again, Robert.... read the review and you'll find
the truth. What you state above is incorrect.
>I have no experience with Virus Defense or SSL, so I can't comment on
>the quality of the local support, except to say that they are backed
>by Zvi, and support from Zvi is in my experience prompt and effective
>in all cases. I will also point out that tech support exists for
>paying customers.
Sounds like you're a well-acquainted with Zvi ...
>Please clarify for me, Pierre? We're reviewing marketing claims here,
>whatever they may actually be, and the product itself is irrelevant?
>Therefore, fair and objective tesing of the product is irrelevant and
>Juha shouldn't be criticized because he didn't do that?
You mean I didn't hide the fact that IVB can't restore KRiLE-infected files?
I should be criticised for that?
>Uh, Virus Bulletin was involved in this review. Nick did the tests,
>remember. I go back to my question that hasn't been answered yet:
>were Juha's technical decisions based on VB's advice or did he arrive
>at them on his own?
Technical decisions?
>We can discuss objectivity when my question is answered.
Robert, why do I get the feeling you were not quite objective when you wrote
that?
Again, if you wish to discuss the review objectively, please read it,
refrain from the silly ad hominem attacks that appear to characterize the IV
crowd, and most importantly of all, stick to what I wrote.
-- Juha
Robert Green
ta...@vds.net (Tarkan Yetiser) wrote:
>In article <6lk4n2$dls$1...@news3.Belgium.EU.net>, pie...@datarescue.com
>says...
>> In <357d7611...@news.mindspring.com>, "Robert Green" <rgr...@avana.net> writes:
>>
>> >>If, on the other hand, we take the premise that Mr Netiv wasn't lying then, in
>> >>this well... in this uchronia, Mr Saarinen's choice was advantageous to
>> >>Invircible.
>>
>> >Nice new word. What is the definition of uchronia? (its not in the
>> >little dictionary I have here at the office). Sounds like a disease
>> >:-).
>>
>> It is not a new word. You may want to upgrade your dictionary :-)
>> Or search usenet. I am not a native speaker, don't forget that. I am
>> severely disadvantaged in the conversation.
I think Pierre misunderstood me here. The word is new to me and the
interest is genuine.
>Here you go Bob:
>
>Uchronia
> "Uchronie, n.f. ... Utopie appliquee a l'histoire; l'histoire
>refaite logiquement telle qu'elle aurait pu etre."
> Nouveau Larousse Illustre
>(1913)
> <<Uchronia, n. ... Utopia applied to history; history refashioned as
>it logically could have been.>>
> The term "uchronie", or "uchronia", was apparently first used by
>Charles Renouvier in an anonymous article in Revue Philosophique et
>Religieuse in 1857, and later in the title of his 1876 book, UCHRONIE
>(L'UTOPIE DANS L'HISTOIRE), ESQUISSE HISTORIQUE APOCRYPHE DU DEVELOPMENT
>DE LA CIVILISATION EUROPEENNE TEL QU'IL N'A PAS ETE, TEL QU'IL AURAIT PU
>ETRE (Bureau de la Critique Philosophique 1876; Alcan 1901; Artheme 1919;
>Fayard 1988), which translates as UCHRONIA (UTOPIA IN HISTORY), AN
>APOCRYPHAL SKETCH OF THE DEVELOPMENT OF EUROPEAN CIVILIZATION NOT AS IT
>WAS BUT AS IT MIGHT HAVE BEEN. "Uchronie" is still the preferred term in
>French for alternate history literature.
Thanks, Tarkan, especially for the translated part :-).
Bob
Robert Green
"Juha Saarinen" <nos...@to.me> wrote:
>Robert Green comments on the PC World NZ review of InVircible
>(http://www.idg.co.nz/pcworld/magazine/may98/invircib.htm) :
>
>
>>>>I'm not an IV rep, as you know perfectly well.
>
>
>Well, you have declared a commercial interest in InVircible, in this very
>newsgroup. You don't appear to be a neutral observer, as it seems you
>believe InVircible is completely without flaws.
No, Juha, I have said that I recommend it to customers. I also have
pointed out other AV that I recommend. It depends on what the customer
wants. My company does not sell AV software. I support InVircible on
sites where it is installed. I much more frequently support McAfee,
though, as it is the commonest AV in use by my customers.
As for "without flaws", you are just repeating what you see others
write. I don't think any product is without flaws. You can read my
posts on Dejanews if you are interested in how I feel about InVircible
amd other AV products.
>>After he accused me several times of lying. I'm not Saint Bob.
>>If Juha wants to tone things down, I'll go along.
>
>
>You're most certainly no saint, Robert. You also have a short memory --
>you're the one that attacked me, accusing me of a "put-up job" and being
>biased. You call that being "toned down"?
I call that an honest opinion, fact-based.
>>I'm glad you raised this point, its another balance issue. IVB detects
>>Krile (but does not remove it) up 'til the last one. The directed
>>attack was added only _after_ Zvi pointed out that IVB would detect
>>it. In fact, the first mention I remember of Krile was when a user
>>posted a copy of an IVB report after he became infected with it. Zvi
>>was completely correct when he said that.
>>
>>Also, if he's been reading the group, he should have known that the
>>newest version of Krile, called CREED by its creator, was first
>>detected by InVircible, the IVX module, when some users posted about
>>it here just before AVP released the 5/15 update that incorporated it.
>>(Faster response than we saw on Dodgy, huh?)
>
>
>I wrote that IVB detects KRiLE, but can't remove it. Zvi confirmed my test
>results, so I don't see what the problem is.
You've wandered out of context. Go back and read the post I was
replying to.
>As for CREED, I believe it was written long after the review was published.
>What's your point?
Fine. I don't really know just when your review was published. I chose
CREED, because there is a clear public record involving it and IV.
>>Following advice that was posted, at least three users were able to
>>identify and and then replace the CREED-infected files with IVX. (Also
>>note that the 100% man began to recommend AVP as soon as he knew that
>>it did the job for this one - because its easier for the user,
>>although the files still have to be replaced).
>
>I wouldn't replace CREED-infected files with IVX, but each to their own....
Sure, that's awkward, I should have said "identify the infected files
with IVX and then replace them."
On the other hand, the scanner vendors normally don't act as fast as
AVP did with CREED (the point of the parenthesis about Dodgy, which
gained a foothold in the wild, because the vendors didn't react
quickly enough). What would you do, if your system was infected, you
knew it to a near certainty, but no AV product could yet identify the
virus for you? Would you fastidiously decline to use IVX then :-).
And CREED, BTW, is just another version of Krile. IVX reacts to it and
the Kriles in similar fashion, so it is illustrative.
>>The choice of a virus implementing the integrity database attack is
>>just fine, so long as it is balanced by testing with an objectively
>>chosen set of test samples. I just think there could have been a
>>better choice, given the current state of things.
>Like what? KRiLE was a completely random choice.
You just "randomly" chose a virus currently very controversial in
a.c.v., which implements product-specific attacks on not just one but
two generic anti-virus products, one of which you were reviewing in a
very negative way, and whose author consistently slams those products
and taunts anyone who mentions them in a positive way?
Do you actually not understand why I have a problem with this?
> Since I was told that
>InVircible "Finds and repairs ALL viruses known and unknown" using KRiLE is
>a perfectly valid test of that claim. (Yes, I have that claim in writing
>here.)
You read it on the local rep's web site, I believe. It would be better
If they didn't make such a statement, but its just marketing excess
and no big deal.
If you wanted to show a virus IVB could not remove, there are hundreds
to chose from, called overwriters. There is another very small group,
including Krile and One_Half, that are not removable by IVB due to the
way they infect the files, though some scanners can remove them.
Its not a big deal, Juha. Of course, it is perfectly fair for you to
test any claim that exists, but you failed your readers by not going
to the next step and providing a realistic appraisal of IVB's removal
capabilities. That would have required the further testing I
mentioned before. Testing which you failed to do.
>>As I've shown, he didn't actually do that. He used the virus
>>specifically to further his purpose of writing a negative review.
>>He avoided objective testing specifically to prevent his project from
>>collapsing.
>You're making things up again, Robert.... read the review and you'll find
>the truth. What you state above is incorrect.
That's my considered opinion. The evidence is abundant. Zvi has
already documented the fact that your test with DaBoy's was tampered,
for example.
Here's another: your claim of "false alerts" with IVB.
Quoting the article:
>:False alerts galore
>:Software upgrades had IVB/IVB32 putting up copious amounts of false
>:alerts as it detected the now files. Messages like 'Winword.exe: modified,
>:increased by xxxxx bytes. Probably a new version pop up',
>:leaving it to you to decide if it's a virus or not. Sometimes the 'probably' doesn't
>:appear so users could easily end up with non-functional systems due to mistaken
>:restoration attempts of legitimate files.
Have you ever stopped to consider how an integrity product should
handle the report of legitimate file changes? I can tell you from two
years of personal experience running IVB on my own system, that
InVricible's capabilities in this area are powerful and very useful.
I use IVB's audit reports to manage my file system, keep them in a
binder so I have a history of changes. And I don't get "false alerts"
on changed files, either. The helpful prompt, "Probably a new
version," is quite valuable, as it helps to eliminate ambiguity.
I failed to get this prompt only on one occasion that I can recall in
all my use of the product, and that was when I changed a couple of
little utility programs of mine by compressing them with LZE. Yet,
since I _knew_ that I had just compressed them, the fact that I got a
change alert was hardly a problem, just an accurate report by IVB.
False alerts? To echo you, why did you make that up?
More from the article:
>:A good on-access scanner from would have
>:prevented the infections, and saved huge amounts of time.
>:For day-to-day protection against file viruses, Invircible simply
>:doesn't cut it.
Preventing infections? Let's go back to Dodgy, mentioned earlier.
Again, a choice based on the availablity of a public record and
because I don't have to write it again :-). The following three
paragraphs are borrowed from a recent post of mine:
But consider this. Look at the August '97 VB prevalence list. You will
find the Dodgy virus, never before listed there or in Well's list, is
for that month the most-reported non-macro virus at VB. So August was
the month when the scanners caught up with Dodgy and began to deal
with the already large population in the wild.
In fact, Dodgy became entrenched so well that it is now consistently
at about #10 on the prevalence list each month. IVINIT, or any other
generic product, would have easily found and removed that virus on the
day it was written. If generics were the method of choice for the
majority of users, that virus would likely have been prevented from
succeeding ITW.
But scanners are the method of choice, which guarantees that the virus
problem will be solved only by the evolution of operating systems, if
at all. With scanners, every new virus can have its day in the
limelight.
Too bad your readers will never know this, wouldn't you say. You were
too busy tampering your phony DaBoy's test to be able to provide your
readers with some useful thoughts on the subject of InVircible and its
ability to detect and remove viruses.
>>I have no experience with Virus Defense or SSL, so I can't comment on
>>the quality of the local support, except to say that they are backed
>>by Zvi, and support from Zvi is in my experience prompt and effective
>>in all cases. I will also point out that tech support exists for
>>paying customers.
>
>
>Sounds like you're a well-acquainted with Zvi ...
I'm his customer, and Zvi makes a point of maintaining good relations
with his customers. My opinion, he gets an A+ in the support category.
>>Please clarify for me, Pierre? We're reviewing marketing claims here,
>>whatever they may actually be, and the product itself is irrelevant?
>>Therefore, fair and objective tesing of the product is irrelevant and
>>Juha shouldn't be criticized because he didn't do that?
>
>You mean I didn't hide the fact that IVB can't restore KRiLE-infected files?
>I should be criticised for that?
Of course not. Its pretty irrelevant, though. What you hid from your
readers was any sense of just what IVB's disinfection performance
actually is.
>>Uh, Virus Bulletin was involved in this review. Nick did the tests,
>>remember. I go back to my question that hasn't been answered yet:
>>were Juha's technical decisions based on VB's advice or did he arrive
>>at them on his own?
>
>Technical decisions?
Whether or not to perform certain types of tests amounts to a
technical decision.
>>We can discuss objectivity when my question is answered.
>
>Robert, why do I get the feeling you were not quite objective when you wrote
>that?
Where does my objectivity fail in that? I'm only trying to find out
why you didn't perform additional tests that might have led to a
change in the conclusions of your review. Seems like you'd be the
one wanting to clear the air.
>Again, if you wish to discuss the review objectively, please read it,
>refrain from the silly ad hominem attacks that appear to characterize the IV
>crowd, and most importantly of all, stick to what I wrote.
I have read it. Calling your review biased and inept on the grounds of
evidence within the review itself is not an ad hominem attack.
I'm sticking to what you wrote. That's the problem.
Bob
Robert Green
gwe...@gpu.srv.ualberta.ca (George Wenzel) wrote:
Hi, George
>In article <357d9f72...@news.mindspring.com>, rgr...@avana.net says...
>Zvi didn't just say that IVB detected Krile. He said that it had "no
>problems" with it, implying removal as well.
Matter of opinion, maybe, but I don't consider lack of removal for
this or that specific virus to constitute a problem. I prefer to
replace, anyway.
>>Also, IVX does detect it, getting
>>100% correlation on all Krile variants including Creed, the latest
>>one.
>
>And, once this program has said that the virus is present, does it actually
>remove the virus? Or is another program necessary (a scanner, perhaps)?
I went on to say either here or in a different post that AVP detects
the virus as of its 5/15 update, and that as soon as it did, I changed
my recommendation form IVX to AVP, because its easier. AVP does not
remove it (yet) as far as I know.
The utility of IVX is for situations such as the one that came up for
several users that week. When it started, the AVP update was not yet
available, at least from Central Command, so IVX was the only way I
knew how to do it. For someone infected by a new virus, not yet
detected by the scanners, IVX can be very valuable, as was proved.
IVX does not remove viruses, it only detects them and, optionally,
will delete the infected files.
>>Zvi doesn't market IV as a solution to _all_ viruses.
>
>Yes, he does. See www.invircible.com.
It says "efective protection against all types of computer viruses."
We can forgive him for failing to mention batch file viruses. I think
most all AV vendors make the same claim in effect. "Effective
protection" isn't exactly snake oil, now is it?
>>We don't know, actually. Maybe Mr Scurrah said something that offended
>>him.
>
>In that case, it only shows that the NZ dealers for InVircible are either
>misinformed, unable to deal with reviewers, or just plain incompetent.
Nothing of the kind, I imagine.
>If Mr. Scurrah did say things to offend Juha, then perhaps Zvi should look for
>another distributor in NZ.
>
>>>They generally aren't taken seriously unless they happen to write good things
>>>about InVircible, in which case their independence is completely unquestioned.
>>
>>Magazine reviews in the anti-virus area are considered, shall we say,
>>light reading.
>
>Very true, but I find it odd that Zvi is viciously attacking Juha's article,
>yet the PCLAN article is quoted on InVircible's web page, as is Williams'
>"study".
>
>>NetZ could point to competent, objective testing,
>>except for the inconvenient fact that the product is never tested that
>>way.
>
>Huh? There are competent, objective tests of IV. I believe that Virus
>Bulletin tested it a while back. I did one as well.
Did you publish it? I've never seen it, but would like to.
The VB thing you're referring to was just a review, not a full-blown
test.
I meant a formal, controlled test. For example, using the 850 virus VB
test set that is mentioned in the review and was used to test IVZ, but
nothing else. I would like to see a test of that set's file infectors
with IVB. I think it would be illuminating.
>>Paul William's tests were limited, but were serious, competent, and
>>provided some valuable information about the product for users.
>
>Williams' tests were either done incompetently or the results were doctored.
>Any review that places MSAV over F-Prot has some serious problems.
That was just a result of the sample set used. I said it was limited.
>>NetZ is allowed to market its product, George. And its allowed to use
>>whatever tools are at hand.
>
>There is a difference between clever marketing and snake-oil tactics. Zvi
"Effective protection," you mean? That's capable of proof, you know.
That's why I keep talking about testing the product objectively.
Snake-oil tactics, its not.
>markets his product using snake-oil tactics; he makes outrageous claims in
>order to make some sales. When somebody points out that his snake-oil remedy
>is really just tap water, he threatens them with lawsuits and calls them
>incompetent liars.
Show me. Your first effort to do that failed.
>Marketing is one thing. Swindling is another.
Strong language, isn't it?
>>Readers not familiar with the product will be very much swayed by
>>this, getting a very false impression of the product.
>
>Some would say that readers would get a very helpful impression of the
>product.
That review is not defensible. Give it up.
>>But it provides, can be shown unequivocally to provide, effective
>>protection against all types of computer viruses, excepting some
>>unusual ones like batch file viruses.
>
>Of course, define "effective protection". InVircible has been shown to be
>very poor at recovering files (I believe that Chris Stubbs showed that many
>files claimed by IV to have been restored were restored to a non-functional
>state). While it may be effective as a detector, its removal capabilities are
>questionable.
It will provide byte-perfect recovery far more often than any scanner
can do. I've done some tests myself, you know. Even published a little
one here recently, but it was only meant to be an example of what I
believe could be done in testing generics vs known-virus products.
In that littlle test I showed about the same as Chris for one of the
ten viruses I used, and I did it before he did. IVB recovered the
other 9 perfectly. AVP got 7, I think, being the best scanner for that
little group. Chris just selected out some viruses to make a point,
but all it proves is that for any AV product there will always be a
few exception viruses, that don't get handled correctly. I have never
said that IV was immune from that, and I don't believe Zvi ever has.
At least, I've never been witness to it.
>>>The "updates" criticism is also a simple one: A product that is sold on the
>>>basis of never needing updates, but is regularly updated anyhow, is a product
>>>that contradicts itself.
>>
>>Its a purely semantic controversy, completely inconsequential.
>
>No, it's not. Updates or upgrades, users of InVircible have to PAY in order
>to renew their license. Having to pay regularly to renew the licence kind of
>takes away a lot of the "no updates" benefit, don't you think?
No. Over the long haul the cost of licensing IV is in line with the
industry. At least for some users, there will a saving of costs in not
having to maintain the scanner database updates. However, I have said
over and over in this update debate that it isn't the issue it used to
be, because vendors have provided better ways to update on line.
Yet, the statement is accurate, and NetZ should not be reproached for
making it.
>Sure, scanners have to be updated and people have to pay for the updates.
>When InVircible is upgraded, people have to pay for the upgrades through
>licensing fees. InVircible, in this way, costs the same amount as other AV
>products - regular payments are necessary to keep the program current.
>
>>My problem is that it is not _the product_ that gets criticized.
>
>Well, you're right in a sense. It's the marketing of the product that gets
>most of the criticism. As well, Zvi and his distributors often get criticized
>because of their distinct lack of PR skills. The fact that they threaten
>lawsuits when faced with a negative review doesn't help either.
So far, you are criticizing a claim of "effective protection." Why not
test the claim objectively?
You might attempt - just as an experiment - to empathize a little with
the position Zvi gets put in all the time. Don't blame him for
fighting back.
>>The
>>product is not so easy to criticize, when you get right down to it. I
>>don't mean its perfect, just that it is in fact an effective
>>anti-virus program,
>
>It is effective in some ways, and not-so-effective in others. The fact that
>Zvi tries to market his product as the be-all and end-all of AV is the reason
>that he gets so much criticism.
Repeat, show me.
>There are quite a few generic AV products out there; the reason the others
>don't get the same kind of criticism is because they are marketed for what
>they are - a generic anti-virus product which makes an excellent accompaniment
>to a scanner.
I see no real problem with aggresive marketing. What about NAI's ads
with the punk guy with the pierced tounge? Just think, he might be
the spokesman for DSAVTK soon :-).
>>and is a better solution than known-virus scanners
>>in some respects. But this gets lost in all the controversy.
>
>Very true, but there are many more respects where using a scanner is a better
>choice. Most scanners are cheaper, for one thing. They also are easier to
>understand for most end users, and they are able to protect systems from
>infections in advance. Generics have their place, but very few people believe
>they should be a total replacement for known-virus scanning.
I don't make the total replacement argument. Zvi does, and its at
least worthy of debate, not ridicule. My personal system is protected
with a combination of InVircible and AVP. And as I was just saying to
Pierre, I don't license bad products willingly.
Bob
Robert Green
gwe...@gpu.srv.ualberta.ca (George Wenzel) wrote:
>In article <357ea7bb...@news.mindspring.com>, rgr...@avana.net says...
>>You read it on the local rep's web site, I believe. It would be better
>>If they didn't make such a statement, but its just marketing excess
>>and no big deal.
>
>I think that because it is marketing excess is the exact reason that it's a
>big deal. The InVircible reps aren't just excessively marketing the program;
>they're LYING about it in order to boost sales. The "finds and repairs all
>viruses" claim has been debunked in the past, and it has just been debunked
>again. Yet, IV's distributors continue to use the claim despite the knowledge
>that it is false.
>
>Snake-oil marketing is what it is, and that's why it's such a big deal.
I just posted another for you, George. Read it, and then tell me if
you're willing to repeat what you're saying here.
Bob
Patrick Noyens
On Mon, 08 Jun 98 21:29:30 PDT, Robert Green <rgr...@avana.net> wrote:
:>"Chances" here being the probablilities of IVB successfully
:>cleaning viruses from files. Over the range of known file
:>viruses that are removable, that would be about 98%, BTW.
Where did you get this "can remove 98% from the today's known file
viruses", Rob ?
The first (and only) place where I have seen this "98 % claiming"
before was when Mr. Netiv was advertizing for Invircible (those crazy
markenoids;-)
Without any backup, I just can't take this 98%, Rob, not even from
you. The problem is that I can't test it myself even if I would like
to, because the shareware version doesn't support "repairing".
IVB /R gives "the specified operation requires licensing IV".
Rob, can you name some viruses and specify the conditions ("active in
memory", "clean boot",...) where Invircible, from your own experience,
was able to repair the infections ?
Can it handle things like Hare, Zhengxi, Bomber or even
HLLP.Hooters.4676 and Idea.6126 ?
Just wondering...
-Patrick-
-----------------------------------------------------------------------------------------------------
E-mail: patrick.noyens@#ping.be (remove the # from #ping)
PGP-key available on request or on key servers :
1024/E8EB3F19 1994/05/22 Patrick Noyens <patrick.noyens@#ping.be>
Key fingerprint = 01 31 60 FF C2 0F D4 A7 D2 83 64 FE 3E 3F 83 79
Robert Green
patrick...@DELETE-THIS.ping.be (Patrick Noyens) wrote:
Hi, Patrick,
enjoyable to hear from you, as always.
>On Mon, 08 Jun 98 21:29:30 PDT, Robert Green <rgr...@avana.net> wrote:
>
>:>"Chances" here being the probablilities of IVB successfully
>:>cleaning viruses from files. Over the range of known file
>:>viruses that are removable, that would be about 98%, BTW.
>Where did you get this "can remove 98% from the today's known file
>viruses", Rob ?
Hey, there's a debate going on here. You have to allow me to be
expansive :-).
It's good you came along just now, because I'm in need of an ally on
this business of testing InVircible in an honest, objective way. I
keep talking about it, everybody ignores me.
If you'll pitch in, maybe they'll listen. Maybe George will stop with
the snake-oil business, then showing as evidence "effective protection
against all types of viruses," and get on board himself.
Say, do you use an AV that doesn't offer "effective protection"? I
doubt it, knowing you. :-)
>Without any backup, I just can't take this 98%, Rob, not even from
>you. The problem is that I can't test it myself even if I would like
>to, because the shareware version doesn't support "repairing".
>IVB /R gives "the specified operation requires licensing IV".
I wouldn't ask you to take it. My contribution to this thread is
entirely that we should have some testing done. Then, if any want to
quibble about marketing issues, they will either have some evidence or
not. "Effective protection" is what NetZ claims, and that will be the
standard.
You could always license the product, BTW. Its not expensive. You may
be as pleased with it as I am.
>Rob, can you name some viruses and specify the conditions ("active in
>memory", "clean boot",...) where Invircible, from your own experience,
>was able to repair the infections ?
Sure, I published a little test here not long ago - just as a
demonstration, it doesn't really prove anything. See Dejanews.
Regards,
Bob
Zvi Netiv
"Robert Green" <rgr...@avana.net> wrote:
> >Zvi didn't just say that IVB detected Krile. He said that it had "no
> >problems" with it, implying removal as well.
> Matter of opinion, maybe, but I don't consider lack of removal for
> this or that specific virus to constitute a problem. I prefer to
> replace, anyway.
> >>Also, IVX does detect it, getting
> >>100% correlation on all Krile variants including Creed, the latest
> >>one.
> >And, once this program has said that the virus is present, does it actually
> >remove the virus? Or is another program necessary (a scanner, perhaps)?
> I went on to say either here or in a different post that AVP detects
> the virus as of its 5/15 update, and that as soon as it did, I changed
> my recommendation form IVX to AVP, because its easier. AVP does not
> remove it (yet) as far as I know.
Maybe you aren't aware of it, but the May 30 upload of InVircible contains a
fully enabled IVX, including file renaming, even unregistered. You can now
recommend IVX in all instances. :)
I suppose the Wenzel Klan may now celebrate another IV update. :-)
> The utility of IVX is for situations such as the one that came up for
> several users that week. When it started, the AVP update was not yet
> available, at least from Central Command, so IVX was the only way I
> knew how to do it. For someone infected by a new virus, not yet
> detected by the scanners, IVX can be very valuable, as was proved.
> IVX does not remove viruses, it only detects them and, optionally,
> will delete the infected files.
IVX has an option (now enabled in sentry mode too) to rename selected files,
changing the extension name from EXE to IVE, COM to IVC etc. Quite effective
to rapidly get back in control when a new virus hits, or when in doubt
whether your scanner already detects this or that virus.
If you prefer replacing infected files rather than restoring them, then IVX
could be your tool of choice, and if restoring (what's restorable) is
acceptable to you, then IVB (registered) and IVX (free) are a good match.
Lets you stay independent of scanner signatures updates.
Regards, Zvi
---------------------------------------------------------------------
NetZ Computing Ltd. Israel Developer & Producer of InVircible & ResQ
Voice +972 3 938 6868, +972 52 494 017 (cellular) Fax +972 3 938 6869
E-mail: ne...@actcom.co.il Z...@InVircible.com CIS:100274,2523
http://InVircible.com http://www.NetZComp.com http://www.ResQ.co.il
---------------------------------------------------------------------
Juha Saarinen
Robert Green comments on the PC World NZ review of InVircible
>>Well, you have declared a commercial interest in InVircible, in this very
>>newsgroup. You don't appear to be a neutral observer, as it seems you
>>believe InVircible is completely without flaws.
>
>No, Juha, I have said that I recommend it to customers. I also have
>pointed out other AV that I recommend. It depends on what the customer
>wants. My company does not sell AV software. I support InVircible on
>sites where it is installed. I much more frequently support McAfee,
>though, as it is the commonest AV in use by my customers.
You also said you install it for your customers, after you said I cursed my
own ineptness for failing to install the program. It seems that you
recommend IV, install IV and support IV. Do you do all this for free? If
not, you do have a declared commercial interest in IV, ie. you make money on
it.
>As for "without flaws", you are just repeating what you see others
>write. I don't think any product is without flaws. You can read my
>posts on Dejanews if you are interested in how I feel about InVircible
>amd other AV products.
So you rush to the defence of other AV products as well?
>>You're most certainly no saint, Robert. You also have a short memory --
>>you're the one that attacked me, accusing me of a "put-up job" and being
>>biased. You call that being "toned down"?
>
>I call that an honest opinion, fact-based.
Show us the facts then.
>>I wrote that IVB detects KRiLE, but can't remove it. Zvi confirmed my test
>>results, so I don't see what the problem is.
>
>You've wandered out of context. Go back and read the post I was
>replying to.
No, I haven't. KRiLE was used to test the claim that IV can restore files
infected by any virus; you think that that was wrong by me, but you can't
tell me why. That is what we're talking about.
>Fine. I don't really know just when your review was published. I chose
>CREED, because there is a clear public record involving it and IV.
Even the URL has "May98" in it, and the copy for the review was filed in
April. When was CREED written/released?
>>I wouldn't replace CREED-infected files with IVX, but each to their
own....
>
>Sure, that's awkward, I should have said "identify the infected files
>with IVX and then replace them."
;-)
>On the other hand, the scanner vendors normally don't act as fast as
>AVP did with CREED (the point of the parenthesis about Dodgy, which
>gained a foothold in the wild, because the vendors didn't react
>quickly enough). What would you do, if your system was infected, you
>knew it to a near certainty, but no AV product could yet identify the
>virus for you? Would you fastidiously decline to use IVX then :-).
This is a good point, which brings us to the crux of the matter. At the time
when I tested IV with KRiLE, two AV programs that I had here, AVP
(www.avp.com) and VET (www.cybec.com.au) detected it with their on-access
scanners. They prevented the systems from becoming infected in the first
place. If you read the Second Sight marketing stuff, it says that InVircible
"Responds efficiently and in real time to virus attack. [sic]". With IV on
the system, KRiLE had free rein to infect system files, necessitating a
restoration of these from back-ups. IVB detected that the infected files had
grown in size, but couldn't restore them.
I took the view that it is better to prevent the infection in the first
place, especially if the AV program cannot restore the infected files. It
saves valuable time for users, and I don't really see how anyone can argue
against that.
>And CREED, BTW, is just another version of Krile. IVX reacts to it and
>the Kriles in similar fashion, so it is illustrative.
But CREED didn't exist when I wrote the review, as far as I know. What's the
point you're trying to illustrate? That I should have tested with viruses
that didn't exist? Is that how I was biased?
>You just "randomly" chose a virus currently very controversial in
>a.c.v., which implements product-specific attacks on not just one but
>two generic anti-virus products, one of which you were reviewing in a
>very negative way, and whose author consistently slams those products
>and taunts anyone who mentions them in a positive way?
Yep, KRiLE was chosen at random. KRiLE controversial in a.c.v.? I suggest
you go back and check the archives for the timeframe in question (Feb-March
this year). RAiD's slanging matches with Martin Overton and Zvi are nothing
to do with me, so don't insinuate that.
>Do you actually not understand why I have a problem with this?
Yes. You're a fan of IV, and don't like my review because it wasn't entirely
positive towards it. That's fair enough, but it doesn't make me biased or
unfair.
>You read it on the local rep's web site, I believe. It would be better
>If they didn't make such a statement, but its just marketing excess
>and no big deal.
It's from the manual, and it is repeated at the Web site. The sales rep said
the same in emails and if you ask him face-to-face he'll say it again. I
agree that it would be better not to make such statements, but since they
do, I am entitled to find out whether or not it is correct. You can't argue
against that, surely? I promise you, if any other vendor would make such
sweeping statements, they had better substantiate them with independently
verified evidence....
>If you wanted to show a virus IVB could not remove, there are hundreds
>to chose from, called overwriters. There is another very small group,
>including Krile and One_Half, that are not removable by IVB due to the
>way they infect the files, though some scanners can remove them.
That reinforces the point I made above, that it is better to prevent the
infection in the first place, rather than taking a chance on whether or not
InVircible can remove it. How can you argue against that...?
>Its not a big deal, Juha. Of course, it is perfectly fair for you to
>test any claim that exists, but you failed your readers by not going
>to the next step and providing a realistic appraisal of IVB's removal
>capabilities. That would have required the further testing I
>mentioned before. Testing which you failed to do.
In other words, I should have infected the test system thousands of times,
checked whether IVB notices the infection, then find out which files it
detects as infected, then see if it missed any files, then try restoration
of the files, then check if the restoration was succesful with a
binary-level comparison, and finally wipe the hd and reinstall for the next
virus. This would have been illustrative only of what a waste of time IVB is
as a first line of defence against viruses. That is why I wrote in the end
"why bother with all this?" when an up-to-date scanner could have prevented
the infections in the first place. If InVircible is to become a credible
anti-virus utility, it needs to incorporate an on-access component for boot
and file viruses. It already has these for Word macro viruses, which further
reinforces my point.
However, if you wish to conduct some testing of IVB's detection/restoration
capabilities with a large test set, as used for scanner testing, be my
guest. I look forward to seeing the results.
>>You're making things up again, Robert.... read the review and you'll find
>>the truth. What you state above is incorrect.
>
>That's my considered opinion. The evidence is abundant. Zvi has
>already documented the fact that your test with DaBoy's was tampered,
>for example.
Zvi has admitted that he was wrong there. He didn't have the boot images
from test machine, and nor did the infection happen as he described. Why do
you persist making these things up? Because of your "considered opinion" and
the non-existent "abundant evidence"? If you say the Da'Boys test was
"tampered" you had bloody well better prove it or apologise to me!
>Here's another: your claim of "false alerts" with IVB.
>
>Quoting the article:
>
>>:False alerts galore
>
>>:Software upgrades had IVB/IVB32 putting up copious amounts of false
>>:alerts as it detected the now files. Messages like 'Winword.exe:
modified,
>>:increased by xxxxx bytes. Probably a new version pop up',
>>:leaving it to you to decide if it's a virus or not. Sometimes the
'probably' doesn't
>>:appear so users could easily end up with non-functional systems due to
mistaken
>>:restoration attempts of legitimate files.
>
>Have you ever stopped to consider how an integrity product should
>handle the report of legitimate file changes? I can tell you from two
>years of personal experience running IVB on my own system, that
>InVricible's capabilities in this area are powerful and very useful.
Don't make me laugh... the above example illustrates perfectly the problem
with integrity checkers. How are "InVricible's capabilities in this area"
"powerful and very useful"? It can't even tell if the files are infected
with a virus or not!
>I use IVB's audit reports to manage my file system, keep them in a
>binder so I have a history of changes. And I don't get "false alerts"
>on changed files, either. The helpful prompt, "Probably a new
>version," is quite valuable, as it helps to eliminate ambiguity.
That prompt doesn't appear every time... and what about all the changed
files you risk missing if you update the sigs automatically? Is that
"valuable" and "helpful"?
>I failed to get this prompt only on one occasion that I can recall in
>all my use of the product, and that was when I changed a couple of
>little utility programs of mine by compressing them with LZE. Yet,
>since I _knew_ that I had just compressed them, the fact that I got a
>change alert was hardly a problem, just an accurate report by IVB.
>
>False alerts? To echo you, why did you make that up?
Nope, it wasn't made up at all. That is exactly how it happens. Try it for
yourself. IV false alerts on software upgrades.
>More from the article:
>
>>:A good on-access scanner from would have
>>:prevented the infections, and saved huge amounts of time.
>>:For day-to-day protection against file viruses, Invircible simply
>>:doesn't cut it.
>
>Preventing infections? Let's go back to Dodgy, mentioned earlier.
>Again, a choice based on the availablity of a public record and
>because I don't have to write it again :-). The following three
>paragraphs are borrowed from a recent post of mine:
>
>But consider this. Look at the August '97 VB prevalence list. You will
>find the Dodgy virus, never before listed there or in Well's list, is
>for that month the most-reported non-macro virus at VB. So August was
>the month when the scanners caught up with Dodgy and began to deal
>with the already large population in the wild.
>
>In fact, Dodgy became entrenched so well that it is now consistently
>at about #10 on the prevalence list each month. IVINIT, or any other
>generic product, would have easily found and removed that virus on the
>day it was written. If generics were the method of choice for the
>majority of users, that virus would likely have been prevented from
>succeeding ITW.
>
>But scanners are the method of choice, which guarantees that the virus
>problem will be solved only by the evolution of operating systems, if
>at all. With scanners, every new virus can have its day in the
>limelight.
InVircible, a generic product, couldn't detect Word97 specific macro
viruses. Allow me to quote Zvi from his 1996 manual, a paragraph that makes
sense to me:
"Therefore, a more defensible AV strategy combines generic capture and
restoration methods with known virus scanners."
>Too bad your readers will never know this, wouldn't you say. You were
>too busy tampering your phony DaBoy's test to be able to provide your
>readers with some useful thoughts on the subject of InVircible and its
>ability to detect and remove viruses.
You owe me an apology... your Lord and Master has admitted to being wrong
about the Da'Boys test...
InVircible got the best possible review it could have had, considering the
merits of the program. If you don't like that, tough.
>>Sounds like you're a well-acquainted with Zvi ...
>
>I'm his customer, and Zvi makes a point of maintaining good relations
>with his customers. My opinion, he gets an A+ in the support category.
See Zvi's message, in which he suggests Grant Scurrah teach me a lesson and
let me ruin my drive. How would you grade that report, Robert?
AAAAAAA+++++???
>>You mean I didn't hide the fact that IVB can't restore KRiLE-infected
files?
>>I should be criticised for that?
>
>Of course not. Its pretty irrelevant, though. What you hid from your
>readers was any sense of just what IVB's disinfection performance
>actually is.
I made the it clear to the readers the purpose of the test. It was to see if
IV could indeed detect and remove infections caused by any viruses, as
claimed. Nothing was hidden, and it's disingenuous of you to suggest
otherwise.
>>Technical decisions?
>
>Whether or not to perform certain types of tests amounts to a
>technical decision.
Yes, it does, and if you read the review, it's all outlined there.
>>Robert, why do I get the feeling you were not quite objective when you
wrote
>>that?
>
>Where does my objectivity fail in that? I'm only trying to find out
>why you didn't perform additional tests that might have led to a
>change in the conclusions of your review. Seems like you'd be the
>one wanting to clear the air.
The air is clear here Robert... I can see for miles in fact. Beautiful sunny
day in my objective opinion.
I expect an apology from you forthwith for the tampering accusations.
>I have read it. Calling your review biased and inept on the grounds of
>evidence within the review itself is not an ad hominem attack.
>I'm sticking to what you wrote. That's the problem.
There is no evidence of bias, Robert. Zvi has admitted he's wrong. This will
be a problem for you, won't it?
-- Juha
Randy Abrams
RAiD wrote in message <6lp2v2$ebd$1...@news.usit.net>...
>In article <MPG.fe9b9ed3...@news.srv.ualberta.ca>,
> gwe...@gpu.srv.ualberta.ca (George Wenzel) wrote:
>
>>Zvi, I find the mere allusion that I may be part of the KKK to be
>>offensive and libelous.
>
>
>I too find it offensive, as I do not like the KKK one tiny little bit. (I
>don't like racists).
>
Then why do you attack the entire human RACE with your viruses ??? People
who write viruses and intentionally release them into the wild do not come
across as much better than racists. Ask anyone who has lost valuable time
and data to a virus.
If you don't like being equated with scum, why not clean up your act? It's
not too late.
Regards,
Randy Abrams
"The opinions/views/comments on this post are mine and do not reflect any
views or policies of Microsoft."
Zvi Netiv
gwe...@gpu.srv.ualberta.ca (George Wenzel) wrote:
> >I suppose the Wenzel Klan
> Now he's saying I'm a member of the KKK (otherwise he would have
> spelled clan with a "c". I wonder what Zvi's ISP will think of this libelous
> statement.
I din't suggest that you are a member of the KKK, although I wouldn't be
surprised the least if you indeed are. You have posted quite a few not so
veiled racist remarks to my account. You were even warned for such post by
the University of Alberta, remember?
Would the VandeWenzel gang (or twins, as you usually post in pairs) suit you
better?
Pierre Vandevenne
>Would the VandeWenzel gang (or twins, as you usually post in pairs) suit you
>better?
For further information about Mental Health Services at the University of Michigan Health System or to
schedule an appointment with Adult Psychiatry Services, please call (313) 764-9190.
Paranoid Disorder is also called Delusional Disorder because the one major symptom is a persistent delusion. Mental
health experts have identified some of the more common delusions, which include delusions of persecution, jealousy and
self-importance. Persecution delusions are the most common and are characterized by feelings that you are being spied
upon, conspired against, cheated, and even drugged or poisoned. Delusional jealousy is the feeling, without just cause,
that your loved one is unfaithful. People with this delusion will often confront their loved ones with imagined evidence of
infidelity. Sometimes, the person will even physically attack his or her loved one. Delusions of self-importance, also
called delusions of grandeur, are typically feelings that one has some great, but unrecognized ability of talent. These
individuals believe they are important, even exalted beings, and sometimes the delusion has a religious aspect. Delusional
disorders generally develop in middle or later adult life. The disorder can be of short or long duration. But even in cases
where the delusion goes on for a long time, the person's concern with the delusion waxes and wanes. Paranoid disorders
rarely impair the person's daily functioning or intellectual and occupational abilities. However, the person's marital and
social relationships are typically damaged, partly because those close to them are often targets of the delusions.
or
Paranoia is a suspiciousness or mistrust that is highly exaggerated or totally unwarranted.
Delusions of persecution, or grandeur, can develop over months or years, becoming
highly intricate and organized. Usually they center on a major theme, such as financial
matters, a job situation, or an unfaithful spouse. Aside from the delusion, the person may
appear perfectly normal.
There are different degrees of paranoia, from mild to very extreme. The condition may
arise from emotional problems in childhood, excessive stress, or a variety of physical
conditions, including glandular disorders and illness associated with aging, such as
strokes and Alzheimer's (Alls-hi-merz) disease. Ordinarily, paranoia is not an isolated
condition, but arises along with other problems.
Fortunately, paranoia usually levels off at some point without continually getting worse.
Treatment can be difficult and may involve medication as well as psychological
approaches.
Bruce P. Burrell
Pierre Vandevenne <pie...@datarescue.com> wrote:
> In <35805d7b...@news2.new-york.net>, ne...@actcom.co.il (Zvi Netiv) writes:
>>Would the VandeWenzel gang (or twins, as you usually post in pairs) suit you
>>better?
> For further information about Mental Health Services at the University of
> Michigan Health System or to schedule an appointment with Adult Psychiatry
> Services, please call (313) 764-9190.
[snip]
Hey! Why are you dragging U-M into this?
-BPB
Bruce P. Burrell
Sigh. At my age I ought to know better....
Juha Saarinen <nos...@to.me> wrote:
> Robert Green comments on the PC World NZ review of InVircible
> (http://www.idg.co.nz/magazinepcworld/may98/invircib.htm) :
>>>Well, you have declared a commercial interest in InVircible, in this very
>>>newsgroup. You don't appear to be a neutral observer, as it seems you
>>>believe InVircible is completely without flaws.
>>
>>No, Juha, I have said that I recommend it to customers. I also have
>>pointed out other AV that I recommend. It depends on what the customer
>>wants. My company does not sell AV software. I support InVircible on
>>sites where it is installed. I much more frequently support McAfee,
>>though, as it is the commonest AV in use by my customers.
> You also said you install it for your customers, after you said I cursed my
> own ineptness for failing to install the program. It seems that you
> recommend IV, install IV and support IV. Do you do all this for free? If
> not, you do have a declared commercial interest in IV, ie. you make money on
> it
This seems to be a common sticking point, so let me interject here.
1. I'm a computer support person for the University of Michigan.
2. I recognize that the educational realm and the commercial one are
separate entities, but...
3. Just because one supports a product doesn't make them have a commercial
interest in it. Geez! My salary is the same whether I answer a
FileMaker question or an Excel one -- and so far as I know, Microsoft
hasn't bought Claris.
4. I often recommend AV products that I am familiar with and that I think
are worthy; so far I haven't received a penny in compensation for this,
nor would I accept it if offered. [The DSS socks were because I won the
Limerick contest, so get off my case! ;-)]
Bottom line: if my customer asks me a question, I try to answer it.
Sometimes I can give them the full solution; sometimes I have to say "Contact
the vendor." Same when someone says "What AV should I use?" If Bob
recommends what he thinks is the best product for the situation -- and he
makes no additional money by doing so -- then it doesn't look like a
'commercial interest' to me. After all, if his customer ends up not liking
his recommendation, he actually stands to lose a client; looks like it's in
his best interests to give his honest opinion of what to select.
[I concede that a disreputable person might be able to recommend an
inferior product so that s/he could increase his or her time on site to
maintain it, and thereby charge more for services. But that's a different
issue, and one that I trust does not apply here.]
[snip]
> I took the view that it is better to prevent the infection in the first
> place, especially if the AV program cannot restore the infected files. It
> saves valuable time for users, and I don't really see how anyone can argue
> against that.
I don't think anyone does. Instead, we argue about what "in the first
place" means. Is that 'when the virus first appears on any computer ITW', or
'when the AV in use knows how to deal with it?' Those two things are very
different, and one's answer to the question is in large measure based on what
probabilities one assigns to the expected length of time between these two
events.
[snip]
>>You just "randomly" chose a virus currently very controversial in
>>a.c.v., which implements product-specific attacks on not just one but
>>two generic anti-virus products, one of which you were reviewing in a
>>very negative way, and whose author consistently slams those products
>>and taunts anyone who mentions them in a positive way?
> Yep, KRiLE was chosen at random.
So you took 20,000 viruses, plus or minus, dipped in, and Krile was what
you pulled out? That would be how I would define 'KRiLE was chosen at
random.'
Not saying this isn't what happened; I only say that the probability of
getting any particular virus is roughly 0.00005 You can make that a bit
bigger if you want to include all variants, of course. ;-)
[snip]
>>Do you actually not understand why I have a problem with this?
> Yes. You're a fan of IV, and don't like my review because it wasn't entirely
> positive towards it. That's fair enough, but it doesn't make me biased or
> unfair.
By my definition of 'random' above, I'd say that either your test virus was
a particularly unfortunate one for the product tested (given that your results
with it are accurate -- I haven't checked), or that it's statistically
insignificant. Depends on what one is trying to show:
If one wants to show that Product X can't do <whatever>, one can:
1. Find a counterexample.
2. Take a statistically significant sample and show that when testing the
hypothesis H1: "Product X can do <whatever>", one fails to reject the
null hypothesis (that Product X really can't, instead).
The first test is fine for debunking a particular claim, like "Our product
handles absolutely everything; no exceptions." All one needs is one
counterexample to do this. But it isn't any good, w/o further testing, for
showing that a product is bad overall.
The second test could be good for showing that a product is (statistically,
e.g., probably) good overall, or for demonstrating with concrete examples that
it is not. Hence it might be an appropriate test for claims like "Handles
most viruses" or the like. But even if one gets negative results, it doesn't
address the issue of claims like "Best product available!" For that, one
needs side-by-side tests, and that's tough to do with scanners vs. generics.
>>You read it on the local rep's web site, I believe. It would be better
>>If they didn't make such a statement, but its just marketing excess
>>and no big deal.
I take a dim view of marketing excess. From anyone. Has nothing to do
with the AV field. Just how big a deal it is depends on the individual, I
think. For instance, I bet marketroids would have a different take on it than
Mother Theresa types. But I'm not either. :-)
> It's from the manual, and it is repeated at the Web site. The sales rep said
> the same in emails and if you ask him face-to-face he'll say it again. I
> agree that it would be better not to make such statements, but since they
> do, I am entitled to find out whether or not it is correct. You can't argue
> against that, surely?
I agree that it's valid to test verifiable claims. The results of such
tests don't *necessarily* speak to the overall quality of the product being
tested, though.
> I promise you, if any other vendor would make such sweeping statements, they
> had better substantiate them with independently verified evidence....
Hmmm. I could point you to some web sites that might interest you....
It's very interesting, for instance, to see how many companies offer "the
leading AV product."
[snip]
>>False alerts? To echo you, why did you make that up?
> Nope, it wasn't made up at all. That is exactly how it happens. Try it for
> yourself. IV false alerts on software upgrades.
Unfortunately, here is disagreement about just what 'false alert' means.
As one trained in mathematics, I take a narrow view on this: If it says it is
when it isn't, that's a false alarm. If it says it isn't when it is, that's a
false alarm too.
It's sad that some folks use weasel words here, but so it goes. But that's
only my opinion that they are weasel words, since until we agree on what
exactly a false alarm IS, we can hardly agree on whether Product X false
alarms or not.
[snip]
As I said, I should know better. Hope I've remained dispassionate and
relatively neutral here; as ever, I'm not qualified to criticize or praise
products I haven't tested myself, so I've tried to keep my comments from
relating to a specific product, except where stated explicitly. [Note that I
refrained from saying "Kept the comments generic". Ooops; seems to have
slipped out anyhow! ;-)]
-BPB
Bruce P. Burrell
Robert Green <rgr...@avana.net> wrote (to Patrick Noyens):
> Say, do you use an AV that doesn't offer "effective protection"? I
> doubt it, knowing you. :-)
Some folks do, though:
1. MSAV has been shown ineffective right from the start (c.f. Radai), and
only one review I can think of could possibly be interpreted as giving
it favorable marks.
2. A certain virus writer claims that his virus is actually an AV product.
Anyone using it, however, CERTAINLY doesn't get something that offers
"effective protection". Unless perhaps it's protection by generating
Shareware registrations.
Then again, nobody with half an intellect considers that an AV
program....
-BPB
Zvi Netiv
pie...@datarescue.com (Pierre Vandevenne) wrote:
> ne...@actcom.co.il (Zvi Netiv) writes:
> >Would the VandeWenzel gang (or twins, as you usually post in pairs) suit you
> >better?
[snip]
> Paranoia is a suspiciousness or mistrust that is highly exaggerated or totally unwarranted. ... Aside from the delusion, the person may appear perfectly normal.
What is this, you Curriculum Vita?
> Pierre Vandevenne, MD - http://www.datarescue.com/ida.htm
> IDA Pro 3.75 -the- disassembler
Okay, you convinced us that you have an MD degree, so had Josef Mengele too
- although he wasn't exactly in the AV business, just in "delousing" - a
product to sell, and a Pablovian conditioning with buttons to push.
Whom do you think is after you?
Zvi Netiv
gwe...@gpu.srv.ualberta.ca (George Wenzel) wrote:
> Oh, and by-the-way, Zvi, if I did indeed send "racist" remarks to you via e-
> mail, I would be in violation of the university's Conditions of Use agreement:
I would think that accusing people of swindling would be in violation of the
university's Conditions of Use agreement just as well.
Zvi Netiv
gwe...@gpu.srv.ualberta.ca (George Wenzel) wrote:
> ne...@actcom.co.il says...
> >You have posted quite a few not so
> >veiled racist remarks to my account.
> No, I have not. You are making further unfounded allegations about me. I
> have not ever made racist remarks "to your account", whatever that means.
> The post that Zvi complained to the University about was the following:
> ---begin post---
> Subject: Re: VESSELING KLAUS BRUNNSTEIN
> From: gwe...@gpu.srv.ualberta.ca (George Wenzel)
> Date: 1996/09/25
> Message-ID: <MPG.cb2f0551...@news.srv.ualberta.ca>
> Newsgroups: alt.comp.virus
Wrong. I am referring to a warning that the UoA administration issued to you
and copied me on, warning you from further posting racist remarks and
abusing the express modems pool of the University of Alberta.
As all recidivists, you learned nothing. Is this why you chose criminology
and plan a career in law enforcement? Seems that "enforcement" is what makes
you tick, George. Karate also fits nicely in the picture.
Maybe your VandeWenzel MD twin can help alleviating your inferiority
complex, although he isn't exactly in psychiatry. As I understand, he is a
doctor peddling others' AV software, using his MD to appear more
respectable. :) Talking about swindling ...
Pierre Vandevenne
In <358135c3...@news2.new-york.net>, ne...@actcom.co.il (Zvi Netiv) writes:
>pie...@datarescue.com (Pierre Vandevenne) wrote:
>> Paranoia is a suspiciousness or mistrust
>What is this, you Curriculum Vita?
Let the public be the judge.
>Okay, you convinced us that you have an MD degree,
That isn't a proof BTW. I am surprised a cut and paste can convince you
of anything.
>so had Josef Mengele too
Hooooooo. :-O
---
Pierre Vandevenne
>Maybe your VandeWenzel MD twin can help alleviating your inferiority
>complex, although he isn't exactly in psychiatry. As I understand, he is a
>doctor peddling others' AV software, using his MD to appear more
>respectable. :) Talking about swindling ...
Doesn't mean I am respectable, just means I lost some time at the
university.
Have a nice week-end, Zvi.
Marcel
Pierre Vandevenne wrote in message <6lre59$6av$1...@news3.Belgium.EU.net>...
>In <358135c3...@news2.new-york.net>, ne...@actcom.co.il (Zvi Netiv)
writes:
>
>>pie...@datarescue.com (Pierre Vandevenne) wrote:
>
>>> Paranoia is a suspiciousness or mistrust
>
>>What is this, you Curriculum Vita?
>
>Let the public be the judge.
>
>>Okay, you convinced us that you have an MD degree,
>
>That isn't a proof BTW. I am surprised a cut and paste can convince you
>of anything.
>
>>so had Josef Mengele too
>
>Hooooooo. :-O
>
It's really becoming nasty now, please quit gentlemen, and let's keep things
a bit professional !
And have a nice weekend, I'm off celebrating because tomorrow Holland plays
Belgium nad we all know who's gonna win. I will make a prediction : 3-1 for
Holland. And Pierre should buy me a "pintje" if I'm right....
Marcel
Supporting someone's AV software and used to support someone elses,
so I do know a bit or two about this shit.....
I speak entirely for myself, NOT for my employer or anyone else !
Some people cannot handle the truth so that's why this tag is
absolutely anonymous.
Graham Cluley
Marcel writes:
> And have a nice weekend, I'm off celebrating because tomorrow
> Holland plays Belgium nad we all know who's gonna win. I will
> make a prediction : 3-1 for Holland. And Pierre should buy me
> a "pintje" if I'm right....
Darnit.. I drew Belgium in the office sweepstake. Does this mean the
Belgians are rubbish? (I don't know much about footie)
--
Graham Cluley, gcl...@uk.drsolomon.com Dr Solomon's AntiVirus (DSAV)
UK Support: sup...@uk.drsolomon.com UK Tel: +44 (0)1296 318700
US Support: sup...@us.drsolomon.com US Tel: 781 273 7400
CompuServe: GO DRSOLOMON Web: http://www.drsolomon.com
Pierre Vandevenne
>Belgium nad we all know who's gonna win. I will make a prediction : 3-1 for
>Holland. And Pierre should buy me a "pintje" if I'm right....
No problem. We beat you the last time didn't we ? Education requires that we
loose. And anyway, after what the Aussies did to the British Rugby team...
defeat will never be the same again :-)
Wagdogs
>Whom do you think is after you?
"Who" is correct here Zvi.
I'm one of the saps that purchased your product Invircible over a year ago. I
removed it within 3 days. What a waste of $99.95 (at that time at least).
I can't believe I fell for its claims without doing any research.
Ah well, live and learn.
Pierre Vandevenne
In <358135c3...@news2.new-york.net>, ne...@actcom.co.il (Zvi Netiv) writes:
>pie...@datarescue.com (Pierre Vandevenne) wrote:
>> Pierre Vandevenne, MD - http://www.datarescue.com/ida.htm
>> IDA Pro 3.75 -the- disassembler
>Okay, you convinced us that you have an MD degree, so had Josef Mengele too
>- although he wasn't exactly in the AV business, just in "delousing" - a
>product to sell, and a Pablovian conditioning with buttons to push.
I have received a few e-mails from regular here about this "metaphor" or
"analogy" used by Mr Netiv's. Basically these e-mails were telling me "This
is too much, contact his ISP","sue him", whatever. After all, Mr Netiv usually
threatens to sue for much less than this...
I am however a free speech advocate and my only reaction will be this public
message : if Mr Netiv feels that using such metaphors can help defend
his product, his company or his personal image, he is free to use them as
he see fit now and in the future.
David Berghorst
pie...@datarescue.com (Pierre Vandevenne) wrote:
Good to see, and more or less what I would have expected.
However, I fail to see where there is much satisfaction to be had
from jousting with Zvi. Given his history, you know his problems
make any debate turn ugly. Quickly it becomes like baiting a
one-eyed dog, only capable of going in circles while snapping and
snarling. I hate to be the one to say it but...... This just
plain don't seen very sporting! This goes for you too George!
;-)
David
Bill Clark
Pierre Vandevenne wrote:
> I am however a free speech advocate and my only reaction will be this public
> message : if Mr Netiv feels that using such metaphors can help defend
> his product, his company or his personal image, he is free to use them as
> he see fit now and in the future.
Touche!
-bc-
User friendly software:
That which makes friends of those trying to use it...
Robert Green
Juha Saarinen wrote:
>Robert Green comments on the PC World NZ review of InVircible
>(http://www.idg.co.nz/magazinepcworld/may98/invircib.htm) :
>>As for "without flaws", you are just repeating what you see others
>>write. I don't think any product is without flaws.
>So you rush to the defence of other AV products as well?
Sure, I'm known to do that now and then.
>>>You're most certainly no saint, Robert. You also have a short memory --
>>>you're the one that attacked me, accusing me of a "put-up job" and being
>>>biased. You call that being "toned down"?
>>I call that an honest opinion, fact-based.
>Show us the facts then.
I've been doing that. So has Zvi. You don't appear to be comfortable
answersing to specifics. Patience, though, I have more for you. :-)
>No, I haven't. KRiLE was used to test the claim that IV can restore files
>infected by any virus; you think that that was wrong by me, but you can't
>tell me why. That is what we're talking about.
Knock it off. I already told you I have no problem with testing
claims. Its the specific choice of test virus and what it might
show about a pre-existing bias on your part.
Also, it is time to start wondering just what claims you are talking
about, since you now claiming ones that can be shown not to exist.
>>On the other hand, the scanner vendors normally don't act as fast as
>>AVP did with CREED (the point of the parenthesis about Dodgy, which
>>gained a foothold in the wild, because the vendors didn't react
>>quickly enough). What would you do, if your system was infected, you
>>knew it to a near certainty, but no AV product could yet identify the
>>virus for you? Would you fastidiously decline to use IVX then :-).
>This is a good point, which brings us to the crux of the matter. At the time
>when I tested IV with KRiLE, two AV programs that I had here, AVP
>(www.avp.com) and VET (www.cybec.com.au) detected it with their on-access
>scanners. They prevented the systems from becoming infected in the first
>place.
[aside: I paid $29.95 for an AVP license and that didn't include the
on-access scanner? I had just assumed that they didn't offer one.]
OK. Let's say A does not remove Slimy.1313, but B does. Is A,
therefore, useless? But then another shows that A removes
SulphurFumes.666, but B does not. Are both then useless? Or might this
be just a pissing contest which proves absolutely nothing?
>If you read the Second Sight marketing stuff, it says that InVircible
>"Responds efficiently and in real time to virus attack. [sic]". With IV on
>the system, KRiLE had free rein to infect system files, necessitating a
>restoration of these from back-ups. IVB detected that the infected files had
>grown in size, but couldn't restore them.
Do you actually think you refuted that particular claim, which is
accurate, IMO, by testing with one virus? Would you like to know of
viruses which IVB detects/removes and your scanners do not? How many
do you want? But, as I said, this is pointless.
BTW, why do follow the virus author's captialization convention every
time you write "KRiLE"?
This test of yours is good for exactly one thing. It is fine to
disprove an absolute claim that a product detects and removes _all_
viruses. Just laughter works as well. But, your supporters on this
thread have under-mined you on this point just as you have now
undermined yourself. When asked to show such a claim from NetZ
Computing, Ltd, they could not. I was directed to www.invircible.com.
What I found was "Provides effective against all types of viruses,"
which is something very different.
And the claim you mention in the above quoted paragraph is soimething
very different. Someone else has given you a lesson here about
"statistically significant" sample sets. And that's what you should
have tested with in order to support your conclusions.
>I took the view that it is better to prevent the infection in the first
>place, especially if the AV program cannot restore the infected files. It
>saves valuable time for users, and I don't really see how anyone can argue
>against that.
If a user feels a great urgency about protection from file viruses,
then use of an on-access scanner for that would be one approach (I
personally prefer not to use on-access scanning for file viruses). The
idea can even be improved on by augmenting the on-access protection
with integrity-based protection such as IVB.
There are three additional benefits from the integrity approach,
assuming IVB is the product used: detection of viruses the scanner
misses (the generic and known-virus methods used in cooperation
tend to compensate each others' weaknesses), the availability of
a very superior disinfection method when viruses are detected (and
even though I prefer replacement to disinfection, there can be
instances when disinfection is desirable), and the IVB audit reports,
which users find valuable in managing file systems.
>>You just "randomly" chose a virus currently very controversial in
>>a.c.v., which implements product-specific attacks on not just one but
>>two generic anti-virus products, one of which you were reviewing in a
>>very negative way, and whose author consistently slams those products
>>and taunts anyone who mentions them in a positive way?
>Yep, KRiLE was chosen at random. KRiLE controversial in a.c.v.? I suggest
>you go back and check the archives for the timeframe in question (Feb-March this
>year). RAiD's slanging matches with Martin Overton and Zvi are nothing to do with
>me, so don't insinuate that.
You even the write the virus author's name per his convention. Why
accord him such respect?
It does have to do with you. I have written elsewhere that with this
choice you entered into an "unwilling, implicit cooperative alliance"
with the virus writer, because you are aiding in his project of
self-promotion, which takes place here on a.c.v., even if
unintentioanlly. (Have you looked at his signature block lately?)The
attacks on Martin's and Zvi's products are also part of that project.
That is my problem with the Krile choice, not that you selected out a
sample to show one instance of a virus not removed by IVB.
>Do you actually not understand why I have a problem with this?
>Yes. You're a fan of IV, and don't like my review because it wasn't entirely
>positive towards it. That's fair enough, but it doesn't make me biased or
>unfair.
Hint: "I wanted to disprove the NZ rep's statement that InVircible
removes all viruses, so I needed a specific virus it couldn't remove.
I read about Krile on a.c.v. (or where ever you heard about it), so I
decided to use it, since it fit the bill."
That would pretty well have defused this issue. But that you first
denied testing IVB with only one virus and are now continuing to claim
that an obviously specific choice was random simply insures that the
issue remains open. To counter a specific claim required a specific
kind of virus, so the choice could not have been "random."
>You read it on the local rep's web site, I believe. It would be better
>If they didn't make such a statement, but its just marketing excess
>and no big deal.
>It's from the manual, and it is repeated at the Web site.
Bad assumption on your part. You see, I licensed InVircible in 1996,
when that manual was current. Its open right here next to me :-).
I find: "The InVircible software is user-friendly, intuitive, and will
provide long-lasting virus protection."
I find: "...expert system that insures that most of virus attacks will
be detected and removed from your PC-class DOS system."
I find: :"Since most virus attacks are uncomplicated solo attacks on
your system, InVircible's basic features will give you excellent
on-going protection."
Etc.
I DO NOT find: "Invircible detects and removes all viruses."
If you are familiar with the history of attacks on the InVircible
product, you will know that they are based largely on explaining away
any need to objectively test the product. Bringing up this "all
viruses" stuff is one of the strategies for that. Some have gone even
further than you, claiming InVircible can be tested by hypothetical
viruses.
And, since you've been curious about what my interest in this matter
may be, we are at the crux of it: I simply want this product to
praised or blamed in an honest and objective fashion.
>>If you wanted to show a virus IVB could not remove, there are hundreds
>>to chose from, called overwriters. There is another very small group,
>>including Krile and One_Half, that are not removable by IVB due to the
>>way they infect the files, though some scanners can remove them.
>That reinforces the point I made above, that it is better to prevent the
>infection in the first place, rather than taking a chance on whether or not
>InVircible can remove it. How can you argue against that...?
Are you so naive that you believe that on-access scanning will always
prevent infection?
Whether or not to use on-access scanning is not a trivial decision.
Whether or no to augment one AV approach with another is likewise not
a trivial decision. These things can debated about by reasonable
people.
>>Its not a big deal, Juha. Of course, it is perfectly fair for you to
>>test any claim that exists, but you failed your readers by not going
>>to the next step and providing a realistic appraisal of IVB's removal
>>capabilities. That would have required the further testing I
>>mentioned before. Testing which you failed to do.
>In other words, I should have infected the test system thousands of times,
>checked whether IVB notices the infection, then find out which files it
>detects as infected, then see if it missed any files, then try restoration
>of the files, then check if the restoration was succesful with a
>binary-level comparison, and finally wipe the hd and reinstall for the next
>virus. This would have been illustrative only of what a waste of time IVB is
>as a first line of defence against viruses.
Testing of generics is more involved than just running a scanner
against a test collection, of course, but its not nearly as difficult
as all that. VB, which performed your other tests, is perfectly
capable of it. Its "illustrative" of the fact that anti-virus testing
should be done by pros.
And, to answer your question, yes, you should have had it done. A
balanced and informative review could not be written short of doing
that, as was proved. You would have had very different things to say
about the disinfection of viruses, for example, if you had had the
information that such a test would have provided.
> That is why I wrote in the end
>"why bother with all this?" when an up-to-date scanner could have prevented
>the infections in the first place.
You mean "this product is too hard to test, so don't use it"?
Your scanners could detect the _one_ virus you employed, which proves
less than nothing.
>If InVircible is to become a credible
>anti-virus utility, it needs to incorporate an on-access component for boot
>and file viruses.
InVircible is already credible. It is easy to show that it is superior
to scanners, whether on-access or demand, in dealing with boot viruses
on an IDE/EIDE system. I argue that case now and then in this
newsgroup :-).
File virus infections are, in fact, rare. That's why I say that the
decision to use on-access scanning for that is not trivial. Is the
risk worth the costs in system overhead, etc.
But, a user may reasonably chose to do that. In which case he will
need a scanner. Hopefuly, this same user will understand the
limitations of know-virus scanners and accomodate for that.
>It already has these for Word macro viruses, which further
>reinforces my point.
Macro plus boot infections are the overwhelming majority of all
infections. InVircible doesn't need on-access protection for boot
viruses, it has another approach just as effective. For those with
exposure to macro viruses, on access protection makes a lot of
sense.
>However, if you wish to conduct some testing of IVB's detection/restoration
>capabilities with a large test set, as used for scanner testing, be my
>guest. I look forward to seeing the results.
I have done it with a _small_ test set. But I'm not a pro, and that's
what the project really needs.
>>You're making things up again, Robert.... read the review and you'll find
>>the truth. What you state above is incorrect.
>
>That's my considered opinion. The evidence is abundant. Zvi has
>already documented the fact that your test with DaBoy's was tampered,
>for example.
>Zvi has admitted that he was wrong there. He didn't have the boot images
>from test machine, and nor did the infection happen as he described. Why do
He didn't need the boot images, and he has not said he was wrong about
his conclusions: there is ample evidence which can derived from the
review. Are you now saying that didn't use a dropper?
>you persist making these things up? Because of your "considered opinion" and
>the non-existent "abundant evidence"? If you say the Da'Boys test was
>"tampered" you had bloody well better prove it or apologise to me!
If that's what you want.
BTW, when I went to the review to copy out the relevant section, I
noticed another mistake. You say that InVircible handles Monkey "by
a separate utility, available at the Web site."
Actually, InVircible handles Monkey via IVINIT, as it does other BSVs,
and the program you mention, XMONKEY, not actually a part of
InVircible, is provided as a freeware service for non-InVircible users
who have lost access to their hard drives by trying inappropriate
methods to remove the virus, such as FDISK /mumble.
But by the context your statement appears in, it is made to seem that
Monkey can be handled in no other way. This seems to have been
included by you in the review as a criticsm of InVicible as unable to
handle Monkey without an external program. Yet, that is false, and
this is one more example among many of bias on your part.
From the review:
>:I also infected a Compaq Deskpro with the common virus Da'Boys.
>:Due to Compaq's non-standard disk partitioning it wrote itself to
>:the boot sector of the diagnostics partition, rendering it
>:unbootable.
DaBoys infects via its interrupt 13 handler, which intercepts only
reads to CHS 0,0,1 and CHS 0,1,1 of any drive. Prior to infection
it compares the word at offset 48h of these sectors with the value
78BBh, and only infects if equal. This test is intended to limit
infection to boot sectors of the DOS 5/6 type.
Why? Because the virus is designed so that it retains a portion of
the boot sector's IPL code sufficient to accomplish a boot, so that
the virus then does not need to save a copy of the original boot
sector. But the viral overlay is designed specifically to fit the
DOS 5/6 boot sector. For some other type, it would only corrupt the
IPL by overwriting some part of it, making the diskette or partition
unbootable.
"Unbootable." Remember that word? It appears in the quote from your
review, given above. As later clarified, you meant by pressing F10
during POST.
From this it is clear that you used a dropper which wrote the virus
to the Compaq diagnostics partition boot sector without performing
the version type test which the virus on its own devices performs.
Yet, you say that the virus "wrote itself" there. You did _not_ say,
"I used a virus dropper to corrupt the boot sector of my computer's
diagnostics partition, so that it would not boot." Then you could not
have written that you infected this computer with a "common" virus.
You used a dropper not known in the wild.
So, when compared to your description, what we really see is a
contived, artifical situation. That's why I wrote "tampering."
I will accept it, if you say it was not intentional, but I will not
apologize. It is Zvi who deserves an apolgy. From you. As do your
readers, who have not have been well served by this review.
What you were left with was a corrupted boot sector not backed up by
the virus. So it could then only be approached not as an infection but
a pure case of data corruption, while having any certainty of being
able to repair it. Zvi has already explained some ways it could have
been repaired, and I will not repeat them here.
>IVINIT didn't notice this infection,
Sure, it checks the boot sector of the _active_ partition.
>but ResQDisk said,
>'Could be a virus!' when coaxed to look at the diagnostics boot
>sector, where the text string 'DA'BOYS' was clearly visible.
It was right wasn't it :-).
>The manual suggested procedure for restoring the boot sector didn't
>work. When I tried it, a message saying: 'This function only
>supported in RESQPRO!' popped up. RESQPRO is a separate utility,
>priced at $US299, according to the Invircible Web site. I asked
ResQPro is not a "separate utility," its a suite of professional data
recovery products.
>Invircible's distributor about this, and was told 'both ResQDisk and
>ResQPro can recover from this'. The distributor suggested 'changing
>the partition parameters', which didn't work either.
No doubt. But given the situation as I have just analyzed it, its not
surprising the distributor gave wrong advice, through lack of
information.
>Nope, it wasn't made up at all. That is exactly how it happens.
>Try it for yourself. IV false alerts on software upgrades.
You are making yourself look ridiculous, dismissing an entire category
of anti-virus protection.
>>More from the article:
>>>:A good on-access scanner from would have
>>>:prevented the infections, and saved huge amounts of time.
>>>:For day-to-day protection against file viruses, Invircible simply
>>>:doesn't cut it.
>>Preventing infections? Let's go back to Dodgy, mentioned earlier.
>>Again, a choice based on the availablity of a public record and
>>because I don't have to write it again :-). The following three
>>paragraphs are borrowed from a recent post of mine:
>>But consider this. Look at the August '97 VB prevalence list. You will
>>find the Dodgy virus, never before listed there or in Well's list, is
>>for that month the most-reported non-macro virus at VB. So August was
>>the month when the scanners caught up with Dodgy and began to deal
>>with the already large population in the wild.
>>In fact, Dodgy became entrenched so well that it is now consistently
>>at about #10 on the prevalence list each month. IVINIT, or any other
>>generic product, would have easily found and removed that virus on the
>>day it was written. If generics were the method of choice for the
>>majority of users, that virus would likely have been prevented from
>>succeeding ITW.
>>But scanners are the method of choice, which guarantees that the virus
>>problem will be solved only by the evolution of operating systems, if
>>at all. With scanners, every new virus can have its day in the
>>limelight.
>Allow me to quote Zvi from his 1996 manual, a paragraph that makes sense to me:
>"Therefore, a more defensible AV strategy combines generic capture and
>restoration methods with known virus scanners."
When faced with facts, you run to Zvi for an answer. Hilarious!
BTW, I agree 100% with that statement. Why didn't you take it up in
the review?
>>Too bad your readers will never know this, wouldn't you say. You were
>>too busy tampering your phony DaBoy's test to be able to provide your
>>readers with some useful thoughts on the subject of InVircible and its
>>ability to detect and remove viruses.
>You owe me an apology... your Lord and Master has admitted to being
>wrong about the Da'Boys test...
You mean my anti-virus vendor? He said he made a mistake about having
your boot images. He also said he didn't need them and showed why. I
just showed why again.
>InVircible got the best possible review it could have had, considering the
>merits of the program. If you don't like that, tough.
You didn't show the merits of the program, which is why you and I are
having this exchange.
>>Sounds like you're a well-acquainted with Zvi ...
>>I'm his customer, and Zvi makes a point of maintaining good relations
>>with his customers. My opinion, he gets an A+ in the support category.
>See Zvi's message, in which he suggests Grant Scurrah teach me a
>lesson and let me ruin my drive. How would you grade that report,
>Robert? AAAAAAA+++++???
Just curious, but how did you finally recover your diagnsotics
partition?
>>>You mean I didn't hide the fact that IVB can't restore KRiLE-infected
>>>files? I should be criticised for that?
>>Of course not. Its pretty irrelevant, though. What you hid from your
>>readers was any sense of just what IVB's disinfection performance
>>actually is.
>I made the it clear to the readers the purpose of the test. It was to
>see if IV could indeed detect and remove infections caused by any
>viruses, as claimed. Nothing was hidden, and it's disingenuous of you
>to suggest otherwise.
The "claims" talk is collapsing around you, now that you've brought up
others, only proving that NetZ does in fact NOT make ridiculous
claims.
Do you claim that your readers have a useful, accurate sense of the
InVirible product, based on reading your review?
>>Technical decisions?
>
>Whether or not to perform certain types of tests amounts to a
>technical decision.
>Yes, it does, and if you read the review, it's all outlined there.
What's outlined is that you tested IVZ, a module not used in the daily
virus protection strategy, with the entire VB test set, and tested
IVB, which is the actual file virus detecting module of the product,
with only one virus.
>>>Robert, why do I get the feeling you were not quite objective when you
>>>wrote that?
>
>>Where does my objectivity fail in that? I'm only trying to find out
>>why you didn't perform additional tests that might have led to a
>>change in the conclusions of your review. Seems like you'd be the
>>one wanting to clear the air.
>The air is clear here Robert... I can see for miles in fact. Beautiful sunny
>day in my objective opinion.
>I expect an apology from you forthwith for the tampering accusations.
Ha!
>I have read it. Calling your review biased and inept on the grounds of
>evidence within the review itself is not an ad hominem attack.
>I'm sticking to what you wrote. That's the problem.
>There is no evidence of bias, Robert. Zvi has admitted he's wrong.
>This will be a problem for you, won't it?
Still clinging to that boot images thing? Sounds desperate to me.
>-- Juha
One last thing. You claimed that InVircible "restored infections" to
files previously cleaned by scanners. This needs clarification. What
viruses were involved. What scanners. Do you still have the copy of
IVB.RPT from the session when this ocurred? Please include it along
with any other relevant information in your reply to this article.
Rerun the test if necessary.
If you cannot provide evidence proving this happened, then in lieu of
the evidence, an apology to NetZ Computing and Virus Defense Agency
would be appropriate.
Bob
Robert Green
gwe...@gpu.srv.ualberta.ca (George Wenzel) wrote:
>In article <357ebc3b...@news.mindspring.com>, rgr...@avana.net says...
>>Matter of opinion, maybe, but I don't consider lack of removal for
>>this or that specific virus to constitute a problem. I prefer to
>>replace, anyway.
>
>Yes, but most people prefer to simply repair files. While it is certainly not
>as guaranteed a cleaning method as replacement, it is considerably easier,
>especially when backups are not available.
You should be a great of fan IVB, then. :-) Its disinfection
capabilities are impressive.
>>For someone infected by a new virus, not yet
>>detected by the scanners, IVX can be very valuable, as was proved.
>
>Yes, as can any other generic anti-virus product. This is where generics work
>their best - when a virus is not yet detected by the scanner in use. They are
>not (despite Zvi's opinion to the contrary) effective enough to totally
>replace scanners.
Actually, I don't know another product providing anything quite like
IVX. Doesn't mean there isn't one, of course. In general, a generic
product needs to be pre-installed in order to detect viruses.
>>It says "efective protection against all types of computer viruses."
>>We can forgive him for failing to mention batch file viruses. I think
>>most all AV vendors make the same claim in effect. "Effective
>>protection" isn't exactly snake oil, now is it?
>
>Well, Zvi has made statements in the past saying that his program never false
We move from www.invircible.com back to the past, then? Just when I
was starting to warm up to the present :-). The real past, or one
of Pierre's "uchronias"?
>alarms, and that it detects and removes all viruses, past, present, and
>future. These claims are false, as shown by the PC World review. Snake-oil,
>IMHO.
>>>Huh? There are competent, objective tests of IV. I believe that Virus
>>>Bulletin tested it a while back. I did one as well.
>>
>>Did you publish it? I've never seen it, but would like to.
>
>It was published electronically in comp.virus a few years ago. Granted, it is
>out-of-date now, but it does indicate that Zvi has made claims about his
>program which have been shown to be false. You can take a look at it at:
>
>http://x12.dejanews.com/getdoc.xp?AN=156515210&CONTEXT=897598736.974585919&hit
>num=0
I will.
>>>Williams' tests were either done incompetently or the results were doctored.
>>>Any review that places MSAV over F-Prot has some serious problems.
>>That was just a result of the sample set used. I said it was limited.
>
>In that case, your complaints about the sample set used for Juha's test would
>seem to apply to Williams' test as well, don't you think?
Krile isn't a sample set. Its one virus. I think Williams used 25. 100
would not have been an unreasonable number for the purposes of Juha's
review. It would have taken Nick a lot longer to do than just running
IVZ on the VB test collection, but it was surely doable.
>>>There is a difference between clever marketing and snake-oil tactics. Zvi
>>
>>"Effective protection," you mean? That's capable of proof, you know.
>
>Effective protection is one thing. Saying the product never needs updates
>(which is false, because it does), saying it never false alarms (but it does),
>and saying it detects and removes all viruses (also false) are completely
>different stories.
>
>>That's why I keep talking about testing the product objectively.
>>Snake-oil tactics, its not.
>
>Well, that's your opinion. Mine differs. I guess we'll have to agree to
>disagree.
>
>>>markets his product using snake-oil tactics; he makes outrageous claims in
>>>order to make some sales. When somebody points out that his snake-oil remedy
>>>is really just tap water, he threatens them with lawsuits and calls them
>>>incompetent liars.
>
>>Show me. Your first effort to do that failed.
>
>Take a look at my review in the URL above. In it I detail some of Zvi's
>claims, and how I debunked them. As far as the threats of lawsuits and shouts
>of "incompetency!", you can take a look through Dejanews at Zvi's old posts.
>Hell, he and Grant Scurrah have threatened to sue PC World. You don't need
>proof of that.
But I have a problem with the "old posts" thing. That's usenet debate,
which can get rough. If snake-oil tactics are being used, then they
have to be used at the point where the customer encounters the
product. That means the web site from which it is downloaded. And
there are no unsupportable claims to be found there, even though you
said there were.
>>>Marketing is one thing. Swindling is another.
>>Strong language, isn't it?
>
>It's my opinion, and I'll use what language I see fit. I believe that Zvi
>swindles his customers. I believe he makes unsupportable claims about his
>product, and then insults and tries to discredit anybody that criticizes his
>product or his claims.
This is drifting into personal disagreements between you and Zvi, and
I will stay away from that.
[snip]
>>That review is not defensible. Give it up.
>
>Juha has defended it quite well. There is a difference between a full and
>complete review of an anti-virus product (which isn't really feasable with a
>generic product because of the sheer volume of time needed to test each virus)
>and a review that seeks to show that the claims about a product are false.
The "sheer volume of time needed to test each virus" is probably no
more than half an hour for a professional. Of course, to test all
known viruses, that comes out to 5 man-years :-), but there is no need
to go anywhere near that far. To reject testing on the basis that its
too difficult or time-consuming is a disservice to users, who have no
realistic way to make judgements about a generic product other than to
take someone's word for or against it.
To test the actual claims that are made for Invircible by NetZ,
"effective protection," in other words, requires a test involving a
statistically significant sample set (I am echoing BPB from another
post). How large is that set? I think 100 will do, the bigger question
is how to chose the specific samples. The evidence of such a test will
show something quite different from what Juha wrote.
>Is IV a useful product? That's something that each consumer will have to
>decide. Are the claims about it false? I think that Juha's review adequately
>showed that.
>
>My review (see above) did the same thing two years ago.
I have no problem with debunking an "all viruses" claim. Bit if that's
all you are doing, you need to say so. The review reached far more
general conclusions than that. To support those conclusions, more
testing was needed.
>>It will provide byte-perfect recovery far more often than any scanner
>>can do.
>
>Perhaps, but whatever it can do is nowhere near what Zvi claims it can do.
>
>>I have never
>>said that IV was immune from that, and I don't believe Zvi ever has.
>>At least, I've never been witness to it.
>
>You haven't looked closely enough. Zvi has often said that his product
>handles all viruses. What "handles" means is anybody's guess.
>
>>>No, it's not. Updates or upgrades, users of InVircible have to PAY in order
>>>to renew their license. Having to pay regularly to renew the licence kind of
>>>takes away a lot of the "no updates" benefit, don't you think?
>>
>>No. Over the long haul the cost of licensing IV is in line with the
>>industry.
>
>You just proved my point. If the cost of IV is in line with the rest of the
>industry, then why do the IV salespeople point to the "never needs updates"
>benefit when they try to sell the program? It certainly isn't a cost benefit,
>since IV costs the same as a typical scanner, right?
Licensing is only the initial cost, though. There are is also the cost
of maintaining the product, administering the AV policy, etc. Some
users may find a cost benefit in not having to manage periodic
updates. It is a potential benefit to the user, and a salesperson
would be remiss in _not_ bringing it up. The potential customer can
decide if its a useful benefit in the particular case.
>>So far, you are criticizing a claim of "effective protection." Why not
>>test the claim objectively?
>
>No, that is not the only claim that I am criticizing. See my review, in which
>I debunked two of Zvi's other claims about InVircible. The point is not that
>InVircible provides protection; the point is that it does not provide the
>level of protection that it is claimed to have.
>Nobody has said that InVircible doesn't provide a certain level of protection.
>Personally, I think that it probably would work just fine as a backup to a
>scanner-based AV. I don't think that it can be used on its own, however.
Either a comprehensive generic AV defense, which is what InVircible
is, can stand on its own, or, if you say it can't, then known-virus
scanning can't stand on its own, either. Too many weaknesses. So while
I would say that it _can_ stand on its own, I personally prefer the
idea of a combined approach.
>>You might attempt - just as an experiment - to empathize a little with
>>the position Zvi gets put in all the time. Don't blame him for
>>fighting back.
>
>Zvi puts himself into that position by making indefensible claims about his
>product. If he didn't make the claims, he wouldn't get into the situation in
>the first place.
>
>>>It is effective in some ways, and not-so-effective in others. The fact that
>>>Zvi tries to market his product as the be-all and end-all of AV is the reason
>>>that he gets so much criticism.
>>
>>Repeat, show me.
>
>Well, this one is from Zvi's NZ distributor (admittedly, it wasn't written by
>Zvi, but regardless Zvi is still responsible for the actions of his
>distributors; they act on his behalf):
>
>"Immediate detection of ALL viruses" (from http://www.virusdefence.co.nz/)
>
>Also on the Virus Defence site is a paper written by Zvi where he criticizes
>scanner-based anti-viruses. His main criticisms:
>
>-Scanners cost money to update (but then, IV costs money to renew its
>license).
>-Scanners are always behind because they cannot detect new viruses (Zvi
>obviously didn't know about heuristics). Also, he neglected to state that most
>infections that occur are by old, known viruses.
I have recently been discussing a _real_ case where heuristics didn't
help, though, and in my opinion its not an atypical one. Its in this
thread in a reply to Juha Saarinen.
>>I see no real problem with aggresive marketing.
>
>Well, I do. There is a difference between aggressive marketing and using
>deception to sell a product. Zvi uses deception regularly. Of course, other
>products do as well, but when McAfee or NAV gets a bad review, they don't go
>after the reviewer with lawsuits.
>
>>What about NAI's ad with the punk guy with the pierced tounge?
>
>I haven't seen those ads, so I can't really comment on them. I have, however,
>seen (and been a victim of) Zvi's actions toward critics of his product.
>
>>I don't make the total replacement argument. Zvi does, and its at
>>least worthy of debate, not ridicule.
>
>Well, I would disagree. There are simply too many problems with InVircible,
>IMHO, to make it a viable scanner replacement. I believe that generic
>products do have their place, but they work best as _part_ of an anti-virus
>strategy.
Wouldn't you prefer the evidence of tests to back up your "too many
problems" assertion?
Bob
Robert Green
> Sigh. At my age I ought to know better....
Tell me about it....:-)
[snip]
>>>You read it on the local rep's web site, I believe. It would be better
>>>If they didn't make such a statement, but its just marketing excess
>>>and no big deal.
> I take a dim view of marketing excess. From anyone. Has nothing to do
>with the AV field. Just how big a deal it is depends on the individual, I
>think. For instance, I bet marketroids would have a different take on it than
>Mother Theresa types. But I'm not either. :-)
Well, if you're bewteen those two, I guess I'm between you and the
marketroids. We may just be tempermentally out of phase, and I am
the more jaded and expect less, which means that on other kinds of
issues my view will out-dim yours :-). It does bother me, though,
when we have NAI and 60 Minutes telling us that pierced-tounged
weirdos with computers might just break into the Pentagon's network
and start WW3, but I also think its funny. Meanwhile, somebody's
getting rich, and I'm eating bologna sandwiches, but, as I said,
my expectations are not high, and luckily, my needs are simple ;-).
Last year I was working down on the coast, about the time
Michaelangelo day rolled around, and in the motel I saw a news
broadcast from a Jacksonville station that contained a "you're
computer's gonna die tommorrow" piece. They set it up in a computer
store, with a sales guy as AV expert. They stood him up in front of a
big rack of yellow boxes - my eyes aren't that good, but it could have
been NAV - and fed him his line: what should concerned users do about
this imminent danger? The poor guy goes, "Ahem," and then blurts,
"they should turn off their computers!" In a world of excess, here we
had a marketing _deficit_! You woulda loved this guy, Bruce :-).
>> It's from the manual, and it is repeated at the Web site. The sales rep said
>> the same in emails and if you ask him face-to-face he'll say it again. I
>> agree that it would be better not to make such statements, but since they
>> do, I am entitled to find out whether or not it is correct. You can't argue
>> against that, surely?
> I agree that it's valid to test verifiable claims. The results of such
>tests don't *necessarily* speak to the overall quality of the product being
>tested, though.
Sure, no problem with this, as long as all facts are on the table.
Essentially, this is a local issue: its the NZ distributor who
apparently made an "all viruses" claim, and Mr Saarinen was writing
for an NZ publication. Note that NetZ Computing Ltd (ie, Zvi himself)
does not make such a claim, "Effective protection against all types of
viruses" being as close as it comes. Hardly immodest, since the claim
is implicit in the act of even introducing an AV product (unless it is
a specifically limited one, ie, BSV protection only). The truth of
this claim can be debated, but it needs the "statistically significant
sample" of 2 (above) to be settled.
> [Note that I
>refrained from saying "Kept the comments generic". Ooops; seems to have
>slipped out anyhow! ;-)]
;-)
> -BPB
Bob
Kurt Wismer
Robert Green (rgr...@avana.net) wrote:
[snip]
: Bad assumption on your part. You see, I licensed InVircible in 1996,
: when that manual was current. Its open right here next to me :-).
[snip]
: I DO NOT find: "Invircible detects and removes all viruses."
that hasn't been in the manual for a lot longer than 2 years... in fact
those particular words may never have been in the manual (though there
were some choice 'suggestive' phrases once apon a time, but that's kinda
ancient history really)...
: If you are familiar with the history of attacks on the InVircible
: product, you will know that they are based largely on explaining away
: any need to objectively test the product.
that's your pov... i think a lot of problems have arisen from people
reacting from their own pov's (on both sides)(my pov on the history of
attacks on and from iv)...
i know i've been guilty of the same ... i try not to but it's not easy when
i'm accused of being a deranged obsessive-compulsive moron...
: And, since you've been curious about what my interest in this matter
: may be, we are at the crux of it: I simply want this product to
: praised or blamed in an honest and objective fashion.
praise: it DOES detect viruses...
blame: it DOES have (or did have) a false recovery problem, and it is not
the complete solution it's author has occasionally mistakenly billed it
as (to paraphrase dmitry mostovoy 'there ain't no damn panacea, already!')...
and that's really all i can say about the current state of affairs with iv...
does that seem more objective?
--
"do as i say not as i do because
the shit so deep you can't run away
i beg to differ on the contrary
i agree with every word that you say"
Graham Cluley
Grant Scurrah of the Virus Defence Bureau writes:
> George I ask that you read our rebutal (which wasn't printed by
> PC World in the June edition) and tell me what you think
> (in your unbiased way).
> http://www.virusdefence.co.nz/pcworld/pcworld.htm
Hi Grant
The rebuttal to the PC World review of InVircible appears to have
disappeared/withdrawn from your website. Is there anywhere else I can
read it?
--
Graham Cluley, gcl...@uk.drsolomon.com Dr Solomon's AntiVirus (DSAV)
UK Support: sup...@uk.drsolomon.com UK Tel: +44 (0)1296 318700
US Support: sup...@us.drsolomon.com US Tel: 781 273 7400
CompuServe: GO DRSOLOMON Web: http://www.drsolomon.com
Check out alt.comp.virus.pictures!! http://members.aol.com/altcompvir