Public questions to Doren Rosenthal
Fridrik Skulason
As regular readers of this group may have noticed, I have not been arguing much
about the virus simulator in the past two weeks....been too busy with other things.
I do, however, have a few questions which I would like Mr. Doren Rosenthal to
answer. I want to establish exactly what his claims for this product are.
Part I: Questions related to the freely distributable virus simulator. Note
that the questions below specifically do not refer to the MtE supplement - that
is covered in part II below.
1) Do you claim that this product produces viruses ?
[ ] Yes
[ ] No
If you answer "Yes", please tell us what you mean by "virus".
If you answer "No", please explain the following clause from the
documentation: "The simulators all produce safe and controlled dummy test
virus samples..."
2) Do you claim that that this product is useful for testing whether
anti-virus products are being installed and used correctly ?
[ ] Yes
[ ] Only if the AV producer cooperates with you
[ ] No
If you answer "Yes", please explain how to use this product to test whether
F-PROT, FINDVIRU and AVP are being installed/used correctly.
If you answer "Only if..", please tell us why this is not mentioned in the
documentation. Also please tell us for which products installation and
correct usage can be tested, using this product.
If you answer "No", please explain the following clause from the documentation:
"...that enable users to verify that they have installed and are using their
virus detecting programs correctly..."
3) Do you claim that that this product is useful for demonstrating how
anti-virus programs work ?
[ ] Yes
[ ] Only if the AV producer cooperates with you
[ ] No
5) Do you claim that that this product is useful for demonstrating how
viruses work ?
[ ] Yes
[ ] No
6) Do you claim that that this product is useful for testing whether
a product actually detects viruses ?
[ ] Yes
[ ] Only if the AV producer cooperates with you
[ ] No
7) Do you claim that this product can be used to compare anti-virus
products - in particular regarding virus detection ability ?
[ ] Yes
[ ] Only if the AV producers cooperate with you
[ ] No
8) In the documentation for this package it says: "A virus detecting program
is validated when it reports the simulations." Please explain what you
mean by "validated".
Part II: Questions related to the MtE supplement.
9) Do you claim that that this product is useful for demonstrating how
viruses work ?
[ ] Yes
[ ] No
10) Do you export the program to Switzerland, knowing that your customers
are violating Swiss laws by importing viruses ?
[ ] Yes
[ ] No
Part III: General questions.
11) Do you consider it ethically acceptable to write viruses ?
[ ] Yes
[ ] No
12) Do you consider it ethically acceptable to sell viruses ?
[ ] Yes
[ ] No
13) Do you consider yourself a part of the Anti-virus community or
the virus-writing community ?
[ ] AV
[ ] Vx
[ ] Both
[ ] Neither
-frisk
--
Fridrik Skulason Frisk Software International phone: +354-5-617273
Author of F-PROT E-mail: fr...@complex.is fax: +354-5-617274
Doren Rosenthal
: I do, however, have a few questions which I would like Mr. Doren Rosenthal to
: answer. I want to establish exactly what his claims for this product are.
: Part I: Questions related to the freely distributable virus simulator. Note
: that the questions below specifically do not refer to the MtE supplement - that
: is covered in part II below.
: 1) Do you claim that this product produces viruses ?
No they are just something to set off AV products similar to the EICAR or
other string supplied by many AV products. Additionaly mine can be put in
the boot sector or memory.
: If you answer "No", please explain the following clause from the
: documentation: "The simulators all produce safe and controlled dummy test
: virus samples..."
Something like the EICAR string, but the strings were originaly based on
the same strings many AV products used to detect real viruses.
: 2) Do you claim that that this product is useful for testing whether
: anti-virus products are being installed and used correctly ?
: [ ] Yes
The MtE is a real virus. The suppliment "C" is a functional companion
virus. Some AV products report programs that overwrite the boot sector
and my program will do that. Some AV programs report when something goes
memory resident and my program puts a TSR in memory. Not all programs
that are TSRs are viruses, but if an AV product claims to report anything
that overwrites the boot sector or goes memory resident, my simulator can
exercise that ability.
: [ ] Only if the AV producer cooperates with you
This is the best answer. The shareware version requires cooperation of
the AV product just as the EICAR or other test string supplied for that
function.
: If you answer "Yes", please explain how to use this product to test whether
: F-PROT, FINDVIRU and AVP are being installed/used correctly.
For those products, the registered version which includes real viruses or
a menu of different AV products that were supported as with the
suppliment "B".
: If you answer "Only if..", please tell us why this is not mentioned in the
: documentation. Also please tell us for which products installation and
: correct usage can be tested, using this product.
All AV products are welcome to detect the simulations in the shareware
version. The registered version supplys real viruses. Catch tham if you can.
: If you answer "No", please explain the following clause from the documentation:
: "...that enable users to verify that they have installed and are using their
: virus detecting programs correctly..."
That is correct. All AV products that claim to detect the Dark Avenger
MtE mutation engine will have no problem demostrating that ability using
mine.
: 3) Do you claim that that this product is useful for demonstrating how
: anti-virus programs work ?
: [ ] Yes
In the case of the MtE, suppliment "C" and AV products included on the
menu of the suppliment "B" (at the time I released it).
: [ ] Only if the AV producer cooperates with you
The shareware version requires cooperation, but many AV products detected
the simulations (at the time I wrote it) even without cooperation.
: 5) Do you claim that that this product is useful for demonstrating how
: viruses work ?
: [ ] Yes
These are quite safe and have their limitation, but they realy do
overwrite a boot sector and users can boot their system and watch a
program load from the boot sector. Also it puts something in memory that
lets the user see that work.
In the case of the suppliment "B" it gives a good demonsration of how a
program can load off the boot sector and go into memory and give the user
something to detect there.
The suppliment "C" is a functional companion virus, and the MtE
suppliment is a functional polymorphic virus. They are limited to being
safe and controlled.
: 6) Do you claim that that this product is useful for testing whether
: a product actually detects viruses ?
Only in a limited way. If an AV product claims to detect changes made to
the boot sector of the floppy diskette or a TSR or the MTE engine or a
generic companion virus or an unauthorised boot sector (like Win95 tests
by CRC).
: 7) Do you claim that this product can be used to compare anti-virus
: products - in particular regarding virus detection ability ?
: [ ] No
Look and feel mostly. Also as a final check as with the MtE tests I did
for Computer Shopper.
: 8) In the documentation for this package it says: "A virus detecting program
: is validated when it reports the simulations." Please explain what you
: mean by "validated".
Same as if the product detects the string supplied by the AV product like
in the case of the EICAR.
: Part II: Questions related to the MtE supplement.
: 9) Do you claim that that this product is useful for demonstrating how
: viruses work ?
: [ ] Yes
Yes, but it has limitations. These are real polymorphic viruses, but the
tell you what they are doing so you give it permision and they only
infect the files I supply. As you know my viruses are designed to be safe
and give the user a chance to practice without using live ammo.
: 10) Do you export the program to Switzerland, knowing that your customers
: are violating Swiss laws by importing viruses ?
That's two questions. Well one question and one statement that is not
correct.
Yes I export anywhere in the world. No as far as I've been able to
learn (and I've checked it out) Swiss laws do not prohibit my viruses as
they only modify my files and I'm the copyright holder so they are mine
to do with as I wish. You should check the Swiss law out yourself if you
have a problem.
: Part III: General questions.
: 11) Do you consider it ethically acceptable to write viruses ?
:
If the virus serves a usefull function and has the users permision as
well as the permision of the copyright holder of any files it modifies
and everyone has full knowlege and concent.
: 12) Do you consider it ethically acceptable to sell viruses ?
I only sell the usefull viruses I have written. Actually I give them away
as a free bonus when users register my Virus Simulator.
I also maintain a very comprehensive virus collection as do most AV
product developers, but I don't offer those for sale. I feel it's worth
the $100 USD that Dr. Mark Ludwig requests for his collection and as I
find it difficult to get the samples I need from people like yourself, I
have no problem purchasing his. I spent far more than $100 maintaining my
own collection and got nothing but shit from anti-compedative people in
the AV biz. Mark is welcome to my $100 for his effort and the fine
collection he offers.
I also give my own viruses away to any AV developer free or anyone who
finds the $25 USD to be a hardship and even ship it at my expense.
: 13) Do you consider yourself a part of the Anti-virus community or
: the virus-writing community ?
Clearly I offer an anti-virus product. I have developed other AV technology
and even hold a US patent. See US Patent Number 5,359,659 Rosenthal, Method
for Securing Software Against Corruption by Computer Viruses.
I am not aligned with any camp in the AV community, but I feel I work
twards the same goals independantly. Mostly I have been hampered in my
efforts to produce new and inovative anti-virus products by the AV
comunity so I don't consider myself a member, but we do share similar goals.
I do not write, nor do I distribute malisious code. All my products are
designed to serve a legitimate, posative and usefull purpose.
Doren Rosenthal
do...@slonet.org
George Wenzel
>: Part I: Questions related to the freely distributable virus simulator. Note
>: that the questions below specifically do not refer to the MtE supplement -
> that
>: is covered in part II below.
<snip>
>: 2) Do you claim that that this product is useful for testing whether
>: anti-virus products are being installed and used correctly ?
>
>: [ ] Yes
>The MtE is a real virus. The suppliment "C" is a functional companion
Having trouble reading, Doren? He said that these are questions related to
the freely distributable virus simulator. Is your MtE 'virus' now part of
that program, or did you just not read carefully enough?
Regards,
George Wenzel
("`-''-/").___..--''"`-._ George Wenzel <gwe...@gpu.srv.ualberta.ca>
`6_ 6 ) `-. ( ).`-.__.`)Student of Wado Kai Karate
(_Y_.)' ._ ) `._ `.``-..-' U of A Karate Club
_..`--'_..-_/ /--'_.' ,' HTTP://www.ualberta.ca/~gwenzel/
(il),-'' (li),' ((!.-' PGP Public key available on request
George Wenzel
>: 12) Do you consider it ethically acceptable to sell viruses ?
>
>I only sell the usefull viruses I have written. Actually I give them away
>as a free bonus when users register my Virus Simulator.
This is like buying a potato for $2000 and getting a computer thrown in for
free, isn't it?
>
>I also maintain a very comprehensive virus collection as do most AV
>product developers, but I don't offer those for sale. I feel it's worth
>the $100 USD that Dr. Mark Ludwig requests for his collection and as I
>find it difficult to get the samples I need from people like yourself, I
>have no problem purchasing his. I spent far more than $100 maintaining my
>own collection and got nothing but shit from anti-compedative people in
Why do you say that people in the AV world who do not wish to give you their
viruses are being anti-competitive? The viruses are in their posession, and
there is nothing that requires them to give their collections to ANYBODY, not
even other AV developers. If they do give viruses to other AV people that
they trust, that's their choice. If they don't trust you, then perhaps that's
your fault, not theirs.
>I also give my own viruses away to any AV developer free or anyone who
>finds the $25 USD to be a hardship and even ship it at my expense.
Are you talking about your simulation here, or your virus collection? First
you say you don't offer your collection for sale, then you say you'll give
your viruses away free.
Regards,
George Wenzel
>
>: 13) Do you consider yourself a part of the Anti-virus community or
>: the virus-writing community ?
>
>Clearly I offer an anti-virus product. I have developed other AV technology
>and even hold a US patent. See US Patent Number 5,359,659 Rosenthal, Method
>for Securing Software Against Corruption by Computer Viruses.
>
>I am not aligned with any camp in the AV community, but I feel I work
>twards the same goals independantly. Mostly I have been hampered in my
>efforts to produce new and inovative anti-virus products by the AV
>comunity so I don't consider myself a member, but we do share similar goals.
>
>I do not write, nor do I distribute malisious code. All my products are
>designed to serve a legitimate, posative and usefull purpose.
>
>
>Doren Rosenthal
>do...@slonet.org
("`-''-/").___..--''"`-._ George Wenzel <gwe...@gpu.srv.ualberta.ca>
KALiPORNiA
>>
>>I am not aligned with any camp in the AV community, but I feel I work
>>twards the same goals independantly. Mostly I have been hampered in my
>>efforts to produce new and inovative anti-virus products by the AV
>>comunity so I don't consider myself a member, but we do share similar goals.
>>
>>I do not write, nor do I distribute malisious code. All my products are
Actually, I consider something that makes people think their AV doesn't work
VERY malicious!
Paul Kerrigan
Rosenthal) may have said something like:
>Fridrik Skulason (fr...@complex.is) wrote:
>: I do, however, have a few questions which I would like Mr. Doren Rosenthal to
>: answer. I want to establish exactly what his claims for this product are.
>: Part I: Questions related to the freely distributable virus simulator. Note
>: that the questions below specifically do not refer to the MtE supplement - that
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>: is covered in part II below.
[snip]
>The MtE is a real virus. The suppliment "C" is a functional companion
~~~
Apart from the fact that Mr. Skulason requested that you not refer to
the MtE in this section (which request you ignored a total of 6
times...), the MtE is, AFAIK, _not_ a virus, but a "mutation engine"
and could (unwisely, but possibly) be used in a non-viral product,
couldn't it ?
[snip]
>: 13) Do you consider yourself a part of the Anti-virus community or
>: the virus-writing community ?
>I do not write, nor do I distribute malisious code. All my products are
>designed to serve a legitimate, posative and usefull purpose.
I fail to see how the Simulator fulfils any of the above criteria to
any meaningfule extent. Ever heard of Mr. Kasparsky's (sp)
AVP-Encyclopaedia ? Demo's visual effects, gives descriptions without
actually interfering with you computer or purporting to test any a-v
products.
Your product is sold, if I can summarise your many historical
(hysterical? <g>) posts, to allow users to test their a-v products.
If this is, indeed the purpose, then it fails. How many a-v producers
have told you that they do not and will not detect your simulations ?
How then can it be a valid test ?
To put it in straightforward terms that _I_ understand:
1. Do you agree that A-V products' function is to detect viruses
which may infect a user's computer while _not_ falsely identifying
non-viruses as viruses ?
Y/N [ ]
2) Are your simulations, other than the MtE supplement, truly viruses
(as opposed to imitations which do not actually meet the criteria
for viruses which include replication etc.)
Y/N [ ]
3) Is your MtE supplement a virus ?
Y/N [ ]
I believe that the answers to the first two are self-evident as Y and
N respectively.
The third, while debated in this forum, I would say is Y, since I have
chosen to simplify the possible answers to Yes or No.
Obviously then, the only items which should be detected by any a-v
product are the MtE supplement ones.
Since you claim that the MtE supplement's virus(es) will only infect
your copyrighted, specific files, it is reasonable, imho, not to
detect them, as they are "intended" by to be there by the user. To
detect them would be wise, however, as they are apparently readily
subverted..... OTOH, detectng them gives credibility to a product, the
majority of which is, according the the above questions (1,2,3 above)
not relevant or useful.
To address, in advance, your probable reply that the simulations
should be detected in order, for example to validate the correct
operation / installation of the a-v packages:
a) What business of yours is that ? It's up to the a-v supplier to
provide any such tools, have they have done so, in a remarkable
way; a standard installation / operation file called
"EICAR-ANTIVIRUS-TEST-FILE"
Since this is _free_, easily available, and unmistakably *not* a
virus, you appear to object to it as competition (which, of course it
isn't; it is valid, being approved for it's intended purpose by both a
respected anti-virus body and the a-v suppliers who wish to use it as
an installation / operation test).
What is the basis of your objection ?
Nobody can tell you the specific author and you are unwilling to
accept the concept of groupwork.
Bah. Do you also refuse to acknowledge Word / WordPerfect etc. because
they don't identify everybody involved in the design, implementation
and enhancement of these products ?
b) If your simulations were to have any valid purpose when not actual
viruses, you would need, imho, documentation from the a-v
suppliers, whom you should list, stating that their product, if
properly installed, will/should detect your simulations. I very
much doubt that you'll get that from the major a-v vendors; they've
enough to do detecting real viruses without wasting time on a
multitude of non-viral files which (poorly) attempt to provide the
same feature as the a-v's own EICAR test file.
With best wishes,
pk
--
Paul Kerrigan | He said:"Smile & be happy, for things could be worse"..
pker...@iol.ie | So I smiled and was happy...and things _were_ worse !
PGP Key at |ftp.iol.ie/users/pkerrign/pgp-key
PGP Public Fingerprint:86 38 B4 DB 7D EB 08 EF F2 FC 51 9D 8A 68 FB 6A
Ståle Fagerland
>
> : 9) Do you claim that that this product is useful for demonstrating how
> : viruses work ?
>
> : [ ] Yes
>
> Yes, but it has limitations. These are real polymorphic viruses, but the
> tell you what they are doing so you give it permision and they only
> infect the files I supply. As you know my viruses are designed to be safe
> and give the user a chance to practice without using live ammo.
There are better ways of demonstrating this, without any viruses at
all. You could just as easily have generated a number of mte-encrypted
testfiles which didn't have any code for infecting other files. This
would be enough for demonstrating the MTE encryption.
As for demonstrating other aspects of how viruses work, there are other
demo-programs not using viruses at all.
>
> : 10) Do you export the program to Switzerland, knowing that your customers
> : are violating Swiss laws by importing viruses ?
>
> That's two questions. Well one question and one statement that is not
> correct.
>
> Yes I export anywhere in the world. No as far as I've been able to
> learn (and I've checked it out) Swiss laws do not prohibit my viruses as
> they only modify my files and I'm the copyright holder so they are mine
> to do with as I wish. You should check the Swiss law out yourself if you
> have a problem.
>
Actually I consider this question to be a bit of a strikeout. A
representative of the Swiss government's legal section has already
indicated, in this forum, that the Swiss don't have a problem with
this.
> : Part III: General questions.
>
> : 11) Do you consider it ethically acceptable to write viruses ?
> :
>
> If the virus serves a usefull function and has the users permision as
> well as the permision of the copyright holder of any files it modifies
> and everyone has full knowlege and concent.
On to the "good virus" thing again :). I've yet to see a "good virus
proof". But as for the rest, of course you're entitled to write whatever
you want without being called unethical, at least as long as you don't
release viruses to the wild or violate other people's rights.
Regards
StF
Iolo Davidson
sta...@login.eunet.no "Stle Fagerland" writes:
> Doren Rosenthal wrote:
> > : 10) Do you export the program to Switzerland, knowing that your
> > : customers are violating Swiss laws by importing viruses ?
> > Yes I export anywhere in the world. No as far as I've been able to
> > learn (and I've checked it out) Swiss laws do not prohibit my viruses as
> > they only modify my files and I'm the copyright holder so they are mine
> > to do with as I wish. You should check the Swiss law out yourself if you
> > have a problem.
>
> Actually I consider this question to be a bit of a strikeout. A
> representative of the Swiss government's legal section has already
> indicated, in this forum, that the Swiss don't have a problem with
> this.
Not so. The Swiss official confirmed that import of viruses was
against Swiss law. He went on to give a personal opinion that
*if* everything Rosenthal said about his own viruses was true, he
didn't *think* the Swiss prosecutor would prosecute. He made a
point of saying that this was his personal opinion and not an
official position.
Whatever the likelihood of prosecution, the fact remains that
importing viruses into Switzerland is a prima facie criminal
offence. You can sometimes talk a traffic cop out of giving you
a citation, but that does not make speeding legal. Rosenthal
leaves his Swiss customers in a dodgy position, at the mercy of
any prosecutor who wants to get his name in the papers, and
Rosenthal does not warn them of this danger but instead insists
that his "simulation" package is safe.
--
WE CAN'T BUT WE DO SUPPLY
PROVIDE YOU THE BEST DARN BAIT
WITH A DATE Burma-Shave
Doren Rosenthal
: In article <316015...@login.eunet.no>
: sta...@login.eunet.no "Stle Fagerland" writes:
: > Doren Rosenthal wrote:
: > > : 10) Do you export the program to Switzerland, knowing that your
: > > : customers are violating Swiss laws by importing viruses ?
: > > Yes I export anywhere in the world. No as far as I've been able to
: > > learn (and I've checked it out) Swiss laws do not prohibit my viruses as
: > > they only modify my files and I'm the copyright holder so they are mine
: > > to do with as I wish. You should check the Swiss law out yourself if you
: > > have a problem.
: >
: > Actually I consider this question to be a bit of a strikeout. A
: > representative of the Swiss government's legal section has already
: > indicated, in this forum, that the Swiss don't have a problem with
: > this.
: Not so. The Swiss official confirmed that import of viruses was
: against Swiss law. He went on to give a personal opinion that
: *if* everything Rosenthal said about his own viruses was true, he
: didn't *think* the Swiss prosecutor would prosecute. He made a
: point of saying that this was his personal opinion and not an
: official position.
That's as close to a posting as I've seen from anyone who could even read
the Swiss laws. That's why I contacted the government people here in the
US who facilitate the inport/export regulations bettween the US and other
countries. And they contacted the Swiss government who maintain embassies
here in the US. Rosenthal Engineering is a legitimate licensed bussiness
and I make every effort to conform to all the appropriate regulations.
Any government official is welcome to contact me directly at:
Rosenthal Engineering
P.O. Box 1650
San Luis Obispo, CA USA 93406
: Whatever the likelihood of prosecution, the fact remains that
: importing viruses into Switzerland is a prima facie criminal
: offence.
You're mistaken if you feel there's any problem importing/exporting my
Virus Simulator between any country in the world. You should check it out
yourself. I have and it's not a problem.
: You can sometimes talk a traffic cop out of giving you
: a citation, but that does not make speeding legal. Rosenthal
: leaves his Swiss customers in a dodgy position, at the mercy of
: any prosecutor who wants to get his name in the papers, and
: Rosenthal does not warn them of this danger but instead insists
: that his "simulation" package is safe.
I have contacted my government and through them the Swiss government and
they assure me there is not a problem. You are welcome to do the same.
So far the only ones who have a problem with it couldn't be bothered to
contact anyone to get an official position. Arn't associated with any
government, and arn't even Swiss.
It's not a problem for me. It's not a problem for my government. It's not
a problem for the Swiss government...... Just seems to be a problem for
the guys on this forum that have all the aswers without checking anything
out themselves. Them, I don't care about.
Doren Rosenthal
do...@slonet.org
Doren Rosenthal
: > : Part I: Questions related to the freely distributable virus simulator.
: > : Note that the questions below specifically do not refer to the MtE
: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: > : supplement - that is covered in part II below.
: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
: DOREN: CAN YOU READ?!?
Why yes. Mostly I have trouble spelling or copying things, but I read
english ok. Is that a satsfactory answer to your question? If not I'd be
happy to expand on it.
My Virus Simulator isn't a single program. It's one DOC file
and several executable programs. Some of the exectutable programs
generate other executable programs. Shareware users only get one part
and the DOC file of Virus Simulator. I've answered the questions as
well as I know how, but I suspect there just isn't any answers that will
satisfy everyone who finds problems with anything I've done, say, read,
write, sell, give away free, program, distribute, spell, patent, invent,
pilot, ship to Switzerland, develop and probably many other things I
haven't listed.
Mostly these people have never bothered to examine any of these things
themselves before forming an opinion, but that's ok.
I also drink beer or wine with dinner and eat meat and am sexualy active
(well my wife tells me I'm active but she dosn't have much to compare me
with) if anyone has problems with that.
Frisk, you asked the questions. Did I answer them to your satisfaction?
Would you like me to expand on anything? Is there any answer I could give
you that would satisfy you? Anything you feel has recieved a less than
complete or evasive answer?
I've answered your questions as best as I know how. I belive we will
never agree on some things, but the answers are as true and complete as
I know how to give.
Doren Rosenthal
do...@slonet.org
Iolo Davidson
do...@biggulp.callamer.com "Doren Rosenthal" writes:
> Iolo Davidson (io...@mist.demon.co.uk) wrote:
>
> : In article <316015...@login.eunet.no>
> : sta...@login.eunet.no "Stle Fagerland" writes:
>
> : > Doren Rosenthal wrote:
> : > > : 10) Do you export the program to Switzerland, knowing that your
> : > > : customers are violating Swiss laws by importing viruses ?
>
> : > > Yes I export anywhere in the world. No as far as I've been able to
> : > > learn (and I've checked it out) Swiss laws do not prohibit my viruses as
> : > > they only modify my files and I'm the copyright holder so they are mine
> : > > to do with as I wish. You should check the Swiss law out yourself if you
> : > > have a problem.
> : >
> : > Actually I consider this question to be a bit of a strikeout. A
> : > representative of the Swiss government's legal section has already
> : > indicated, in this forum, that the Swiss don't have a problem with
> : > this.
>
> : Not so. The Swiss official confirmed that import of viruses was
> : against Swiss law. He went on to give a personal opinion that
> : *if* everything Rosenthal said about his own viruses was true, he
> : didn't *think* the Swiss prosecutor would prosecute. He made a
> : point of saying that this was his personal opinion and not an
> : official position.
>
> That's as close to a posting as I've seen from anyone who could even read
> the Swiss laws. That's why I contacted the government people here in the
> US who facilitate the inport/export regulations bettween the US and other
> countries. And they contacted the Swiss government who maintain embassies
> here in the US. Rosenthal Engineering is a legitimate licensed bussiness
> and I make every effort to conform to all the appropriate regulations.
>
> Any government official is welcome to contact me directly at:
You have been contacted, in this group, by a Swiss official who
has confirmed that importing viruses into Switzerland is a crime
under Swiss law.
> : Whatever the likelihood of prosecution, the fact remains that
> : importing viruses into Switzerland is a prima facie criminal
> : offence.
>
> You're mistaken if you feel there's any problem importing/exporting my
> Virus Simulator between any country in the world. You should check it out
> yourself. I have and it's not a problem.
Breaking Swiss law isn't a problem for you, in the USA. It is
only a problem for your Swiss customers.
> : You can sometimes talk a traffic cop out of giving you
> : a citation, but that does not make speeding legal. Rosenthal
> : leaves his Swiss customers in a dodgy position, at the mercy of
> : any prosecutor who wants to get his name in the papers, and
> : Rosenthal does not warn them of this danger but instead insists
> : that his "simulation" package is safe.
>
> I have contacted my government and through them the Swiss government and
> they assure me there is not a problem. You are welcome to do the same.
The Swiss official posting in this group confirmed that it is a
violation of Swiss law.
> So far the only ones who have a problem with it couldn't be bothered to
> contact anyone to get an official position. Arn't associated with any
> government, and arn't even Swiss.
The Swiss official posting in this group confirmed that it is a
violation of Swiss law.
> It's not a problem for me. It's not a problem for my government. It's not
> a problem for the Swiss government......
It is a problem for your Swiss customers, but why would you care?
You get their money before they even find out that they have
broken their own laws.
> Just seems to be a problem for the guys on this
> forum that have all the aswers without checking anything
> out themselves.
The Swiss official posting in this group confirmed that it is a
violation of Swiss law.
> Them, I don't care about.
Nor do you care about your Swiss customers.
George Wenzel
>: Having trouble reading, Doren? He said that these are questions related to
>: the freely distributable virus simulator. Is your MtE 'virus' now part of
>
>are useing your AV product correctly with the shareware version of my
>Virus Simulator. It's best if the AV product cooperates to detect the
>samples (much like the EICAR or similar string) , but many AV products
>will detect the samples as suspecious for good reason.
What you said in the above paragraph isn't what you said in your original
post. Frisk explicitly asked you NOT to consider the MtE add-on in your
response, because it was covered later, but you didn't do this. You cited the
MtE virus 6 times in your reply, when it should not have been mentionned at
all.
>
>Some viruses mark the file date and time stamp (greater than 59 seconds
>or plus 100 years for example). Some AV products will detect this
>as suspecious and my Virus Simulator will set those off.
False alarm.
>
>Some AV products will detect changes to the boot sector, and my Virus
>Simulator will change the boot sector of the test diskette. My Virus
>Simulator sets them off.
False alarm.
>
>Some AV products will detect programs going memory resident. My Virus
>Simulator puts something in memory the size of a cow, and will set them
>off.
False alarm.
>
>Some AV products detect generic companion viruses, and will have no
>problem detecting my suppliment "C".
Once again, you ignore Frisk's request. There are problems regarding your MtE
virus, mostly ethical, which makes it difficult to make detection of it
mandatory. It's also a virus that will never propagate in the wild, which
also makes it a low priority for detection.
>
>The shareware version is only a small part of the my Virus Simulator. The
>DOC file describes the whole package which includes three very powerfull
>tools I call the suppliments. They are all included when the user
>registers the shareware version for $25 USD and I pay the air-mail
>shipping to anywhere in the world.
Yet again you ignore Frisk's request. Can't you realize that the questions
were related SPECIFICALLY to the shareware version of your program, not any of
the add-ons that come with the registered version?
>
>George I'm happy to answer any questions you may have about my Virus
>Simulator. I've offered you a free copy to examine and you've declined,
>so I can understand why you're confussed about these questions.
I'm not confused at all about the questions - your phrasing was poor, which
was bound to confuse others. I wanted to make it clear for them. I have
declined receiving a copy of your virus simulator because I don't believe that
it is useful, and you've attested well to its uselessness through your posts
in this forum.
>
>It's shareware George. If you find it usefull, your registration would be
>appreciated. If not, I thank you for trying it.
Sorry, but I decline the offer. I know I won't find it useful, so I won't
bother looking at it.
>
>I can't please everyone, but the program is very popular and generates
>considerable interest, main stream press (another magazine should be out
>soon) and high download counts on my www url. Not bad at all for a six
>year old anti-virus program.
Mainstream press tends to know nothing about the technical aspects of pretty
much anything, so they can't be relied upon for accurate information. Perhaps
your product is popular, but I certainly wouldn't call it an anti-virus
program, since it does absolutely nothing to combat viruses.
>If you don't want to try it, and you don't even want a free copy, and you
>won't even look at it, I'm not sure what else I can offer you George.
Your side of a debate is plenty, and I ask no more.
By the way, why are you addressing me by my first name? I know it's pedantic,
but that's something that only my closest friends are welcome to do. I avoid
calling you Doren, out of a mutual respect, and I would hope that you do the
same for me.
Regards,
George Wenzel
George Wenzel
>: >I only sell the usefull viruses I have written. Actually I give them away
>
>: free, isn't it?
>
>No George. It's shareware. I let people try a major part of the program
>free. The program is Virus Simulator. It cost $25 USD before I wrote the
>suppliments, and I added the suppliments over a few years one at a time
>without any increase in price at all.
I just don't like the idea of you saying they're free, when they have to pay
you in order to get them.
>
>It's called a registration bonus incentive, and is quite common with
>shareware writers. I do the same thing with some of my other shareware.
>For example my "Rosenthal UnInstall" includes the free bonus program
>"Rosenthal History" when they register.
You can call it a free bonus, but it really is included in the price. If it
were truly free, you wouldn't have to charge for them, now would you?
>
>Well George, that's why I don't have any problem paying Dr. Mark Ludwig
>for his collection. It's a very good collection, I need the information
>for the legitimate anti-virus efforts I'm engaged in, I feel his $100 USD
>is a fair price.
$100 for a CD full of programs that are essentially useless except for a few
people is a little steep, in my opinion.
>
>: >I also give my own viruses away to any AV developer free or anyone who
>: >finds the $25 USD to be a hardship and even ship it at my expense.
>
>: Are you talking about your simulation here, or your virus collection? First
>: you say you don't offer your collection for sale, then you say you'll give
>: your viruses away free.
>
>Well clearly when I say "MY" viruses, I'm talking about the viruses I
>claim to be the author of.
No, this is not clear. I refer to my virus collection as my viruses, but that
doesn't mean I wrote them. I can call my collection 'my own virus collection'
which means that I am in possession of it, not that I created it. You did not
say 'the viruses that I wrote' - you said 'my own viruses'. This wording is
confusing, and I wanted to make sure that I knew what you were talking about.
>I also maintain a virus collection as do most AV developers. That
>collection is also described in my Virus Simulator documentation (you
>could at least read the DOC file George) and is not publicaly available,
>or offered for sale.
Thank-you for clearing that up. I'm not going to read the DOC file for a
program that I'll never use, because that's a waste of my time. Perhaps if I
viewed your program as being useful, I'd read the instructions.
>
>I hope that's more clear George?
Yes. Thank-you. And kindly do not call me George, Mr. Rosenthal.
Doren Rosenthal
: In article <4jpd0r$4...@twizzler.callamer.com>
: do...@biggulp.callamer.com "Doren Rosenthal" writes:
: > Iolo Davidson (io...@mist.demon.co.uk) wrote:
: >
: > : In article <316015...@login.eunet.no>
: > : sta...@login.eunet.no "Stle Fagerland" writes:
: >
: > : > Doren Rosenthal wrote:
: > : > > : 10) Do you export the program to Switzerland, knowing that your
: > : > > : customers are violating Swiss laws by importing viruses ?
: >
: > : > > Yes I export anywhere in the world. No as far as I've been able to
: > : > > learn (and I've checked it out) Swiss laws do not prohibit my viruses as
: > : > > they only modify my files and I'm the copyright holder so they are mine
: > : > > to do with as I wish. You should check the Swiss law out yourself if you
: > : > > have a problem.
: > : >
: > : > Actually I consider this question to be a bit of a strikeout. A
: > : > representative of the Swiss government's legal section has already
: > : > indicated, in this forum, that the Swiss don't have a problem with
: > : > this.
: >
: > : Not so. The Swiss official confirmed that import of viruses was
: > : against Swiss law. He went on to give a personal opinion that
: > : *if* everything Rosenthal said about his own viruses was true, he
: > : didn't *think* the Swiss prosecutor would prosecute. He made a
: > : point of saying that this was his personal opinion and not an
: > : official position.
: >
: > That's as close to a posting as I've seen from anyone who could even read
: > the Swiss laws. That's why I contacted the government people here in the
: > US who facilitate the inport/export regulations bettween the US and other
: > countries. And they contacted the Swiss government who maintain embassies
: > here in the US. Rosenthal Engineering is a legitimate licensed bussiness
: > and I make every effort to conform to all the appropriate regulations.
: >
: > Any government official is welcome to contact me directly at:
Doren Rosenthal
Rosenthal Engineering
P.O. Box 1650
San Luis Obispo, CA USA 93406
e-mail do...@slonet.org
: You have been contacted, in this group, by a Swiss official who
: has confirmed that importing viruses into Switzerland is a crime
: under Swiss law.
No you are mistaken. When I told the Swiss person on this forum what I
was doing (I make no secret of it) and asked if there was any problem
with it and gave them my contact information, recall that was the last
anyone ever heard from them. I've not had a reply. I've not had a letter,
he's gone and guys....... I'm still here.
: > : Whatever the likelihood of prosecution, the fact remains that
: > : importing viruses into Switzerland is a prima facie criminal
: > : offence.
: >
: > You're mistaken if you feel there's any problem importing/exporting my
: > Virus Simulator between any country in the world. You should check it out
: > yourself. I have and it's not a problem.
: Breaking Swiss law isn't a problem for you, in the USA. It is
: only a problem for your Swiss customers.
Well the Swiss embassy didn't have a problem with it when my goverenment
contacted them. Not everyone who can yodel is a Swiss official, so the
place to start is arguing about it is not on the net. Contact the Swiss
government as I did. My government tells me their government has no
problem with it.
That's what I go by, and if it's a problem for you you should contact
them and they can write me or my government a letter. So far I've not had
any complaint from anyone besides you guys..... and you know how much I
value your informed opinion. You haven't seen my program and you never
read the Swiss law, and you never bothered to do anything but complain
and you're not even Swiss.
Anyone have a problem they want to report me to their or anyone in any
government, my address is clearly visable.
: > : You can sometimes talk a traffic cop out of giving you
: > : a citation, but that does not make speeding legal. Rosenthal
: > : leaves his Swiss customers in a dodgy position, at the mercy of
: > : any prosecutor who wants to get his name in the papers, and
: > : Rosenthal does not warn them of this danger but instead insists
: > : that his "simulation" package is safe.
: >
: > I have contacted my government and through them the Swiss government and
: > they assure me there is not a problem. You are welcome to do the same.
: The Swiss official posting in this group confirmed that it is a
: violation of Swiss law.
No he didn't. I'm still here and the Swiss government people who were
contacted by my US government people had no problem with it.
: > So far the only ones who have a problem with it couldn't be bothered to
: > contact anyone to get an official position. Arn't associated with any
: > government, and arn't even Swiss.
: The Swiss official posting in this group confirmed that it is a
: violation of Swiss law.
Not so and I asked him directly. Recall that's the last anyone ever heard
of him. I'm still here if he has any comments and wants to post his name
and address as I have. That way I'll have my government people contact
his government people. I'll do whatever these officials tell me is
correct and they tell me they don't have a problem with it.
: > It's not a problem for me. It's not a problem for my government. It's not
: > a problem for the Swiss government......
: It is a problem for your Swiss customers, but why would you care?
: You get their money before they even find out that they have
: broken their own laws.
I do care. That's why I instigated the inquiry braught at my own request.
I'm not ashamed of what I do and I do it quite openly and up front.
Well you're the only one who feels getting my Virus Simulator anti-virus
product is a problem for anyone. US government dosn't care (in fact they
were very helpfull and offered to back me up. I even get a special rate
on shipping it now).
The official Swiss response through my government said they don't have a
problem with it at all.
: > Just seems to be a problem for the guys on this
: > forum that have all the aswers without checking anything
: > out themselves.
: The Swiss official posting in this group confirmed that it is a
: violation of Swiss law.
No your mistaken. I asked him directly and he dissapeared. I'm still here
but if you have any questions involving Swiss laws you should contact
their Embassy. Or as I did, have your government contact their
government.
Iolo if this is a problem for you, you're welcome to follow up on it and
give any government official you want my name and address. I'm happy to
respond to them myself or through my government. I recive mail from all
over the world every day, but I don't get any complaints from any
governments or registered users of my Virus Simulator ever. Not in six
years. I just get complaints from the guys on this forum who mostly
never tried it.
Doren Rosenthal
do...@slonet.org
George Wenzel
>No you are mistaken. When I told the Swiss person on this forum what I
>was doing (I make no secret of it) and asked if there was any problem
>with it and gave them my contact information, recall that was the last
>anyone ever heard from them. I've not had a reply. I've not had a letter,
>he's gone and guys....... I'm still here.
Maybe so, but the fact remains that customers who import your simulator into
Switzerland ARE breaking Swiss law. Just because the law isn't enforced
doesn't mean it that what you are doing is O.K. The Swiss official gave a
personal opinion regarding your simulator, which certainly cannot be
considered an accurate legal opinion, as I do not believe that the Swiss
official was a lawyer.
And what about Italy, where the laws regarding viruses are even more strict?
>Well the Swiss embassy didn't have a problem with it when my goverenment
>contacted them. Not everyone who can yodel is a Swiss official, so the
>place to start is arguing about it is not on the net. Contact the Swiss
>government as I did. My government tells me their government has no
>problem with it.
Listen to what you're saying: The United States government is giving you an
interpretation of Swiss law. Even the Swiss embassy would be a poor choice
for information regarding this law. If you want to get a definitive opinion,
I'd suggest you contact a swiss lawyer that specializes in computer crime.
That way, you could get a definitive answer, and we could settle this debate
once and for all.
>
>That's what I go by, and if it's a problem for you you should contact
>them and they can write me or my government a letter. So far I've not had
>any complaint from anyone besides you guys..... and you know how much I
>value your informed opinion. You haven't seen my program and you never
>read the Swiss law, and you never bothered to do anything but complain
>and you're not even Swiss.
Why do we have to be Swiss when we see that you're breaking the law? You have
made statements that contradict each other. Here they are (paraphrased):
1) You claim that your MtE virus is a true virus.
2) You know that importing viruses into Switzerland is illegal
3) You claim that importing your MtE virus into Switzerland is legal.
If 1. and 2. are both true, then 3 cannot be true. Unless you admit that your
MtE virus isn't really a virus, or if you try to prove that importing viruses
into Switzerland is legal, the third statement will never be true.
One doesn't have to be Swiss to utilize this logic. Perhaps you have only got
complaints from people on this group, but that could be because the people on
this group are the only ones informed enough to give you an adequate, informed
opinion. And please don't say we're not informed because we won't try your
program, because your statements have given us more than enough information to
base a solid opinion on.
>: > I have contacted my government and through them the Swiss government and
>: > they assure me there is not a problem. You are welcome to do the same.
Why don't you contact a Swiss lawyer that specializes in computer crime
directly, so you can get an accurate interpretation of the law? If I want an
interpretation of what's illegal, I don't contact Parliament Hill or my local
MLA, I contact the local police department or a lawyer. Governments as a rule
don't have that much to do with the day-to-day running of the legal system
(which is a good thing in a democracy).
>
>: The Swiss official posting in this group confirmed that it is a
>: violation of Swiss law.
>
>No he didn't. I'm still here and the Swiss government people who were
>contacted by my US government people had no problem with it.
As I have said, the government people are a poor choice for a legal opinion.
Seek out a good lawyer for an interpretation of the laws.
>I just get complaints from the guys on this forum who mostly
>never tried it.
I've said before that trying your program isn't necessary because of your
detailed description of what your simulator does (and doesn't do). Perhaps
the reason that we're the only ones complaining is that we're the only ones
that know better?
Doren Rosenthal
Doren wrote:
: >Some viruses mark the file date and time stamp (greater than 59 seconds
: >or plus 100 years for example). Some AV products will detect this
: >as suspecious and my Virus Simulator will set those off.
Police officer George Wenzel wrote:
: False alarm.
No officer Wenzel. Some AV product are designed to report this. It's a
design feature they document and offer as a feature.
: >Some AV products will detect changes to the boot sector, and my Virus
: >Simulator will change the boot sector of the test diskette. My Virus
: >Simulator sets them off.
Police officer George Wenzel wrote:
: False alarm.
No officer Wenzel. Many AV products claim this feature. The learn the
boot sector for example, and then report changes as suspecious activity.
It's quite common for integraty checkers to report chnages in the boot
sector. My Virus Simulator will overwrite the boot sector of the floppy
test floppy diskette. Both the shareware version and the suppliment "B"
will overwrite the boot sector of the test floppy diskette. You can
confirm that my program does that by simply booting the system off the
test diskette and you will see my message appear on the screen.
Officer Wenzel if you don't want to examine my program for yourself,
perhaps someone else can confirm this fact for you.
AV products that report changes made to the boot sector of the floppy
diskette will report that my program changed the boot sector of the
floppy diskette...... Officer Wenzel that is hardly a false alarm.
Doren wrote:
: >Some AV products will detect programs going memory resident. My Virus
: >Simulator puts something in memory the size of a cow, and will set them
: >off.
Police Officer George Wenzel wrote:
: False alarm.
No Officer Wenzel. There are a number of anti-virus products that report
this activity. Not all anti-virus products are scanners. Some are
activity monitors like the old Flu-Shot or the AV product Xtree used to
market here in the US made by ELIRSM. Products that are designed to
report this activity will detect my Virus Simulator doing it. They are
doing their job, both the AV product and mine.
Doren wrote:
: >Some AV products detect generic companion viruses, and will have no
: >problem detecting my suppliment "C".
Police officer George Wenzel wrote:
: Once again, you ignore Frisk's request. There are problems regarding your MtE
: virus, mostly ethical, which makes it difficult to make detection of it
: mandatory. It's also a virus that will never propagate in the wild, which
: also makes it a low priority for detection.
Hold on officer Wenzel! I know you've not seen and you refuse to even
look at the suppliment "C", and it's had to convince you of anything you
can't see with your own eyes, but the suppliment "C" isn't an MtE virus
at all. It's a companion virus officer. It's part of my Virus Simulator
package but it's not the same as the MtE suppliment.
I know you don't trust anything I tell you officer, and you won't look at
it yourself, but again you're mistaken. Please officer won't you at least
read the DOC file. Could you ask someone else to help you read it.
Here's how a companion virus works officer Wendel......
Oh just forget it. I'm sure you know all about it and don't need any help
from me.
: >The shareware version is only a small part of the my Virus Simulator. The
: >DOC file describes the whole package which includes three very powerfull
: >tools I call the suppliments. They are all included when the user
: >registers the shareware version for $25 USD and I pay the air-mail
: >shipping to anywhere in the world.
: >George I'm happy to answer any questions you may have about my Virus
: >Simulator. I've offered you a free copy to examine and you've declined,
: >so I can understand why you're confussed about these questions.
: I'm not confused at all about the questions - your phrasing was poor, which
: was bound to confuse others. I wanted to make it clear for them. I have
: declined receiving a copy of your virus simulator because I don't believe that
: it is useful, and you've attested well to its uselessness through your
: posts in this forum.
: >
: >It's shareware George. If you find it usefull, your registration would be
: >appreciated. If not, I thank you for trying it.
: Sorry, but I decline the offer. I know I won't find it useful, so I won't
: bother looking at it.
: >If you don't want to try it, and you don't even want a free copy, and you
: >won't even look at it, I'm not sure what else I can offer you George.
: Your side of a debate is plenty, and I ask no more.
: By the way, why are you addressing me by my first name? I know it's pedantic,
: but that's something that only my closest friends are welcome to do. I avoid
: calling you Doren, out of a mutual respect, and I would hope that you do the
: same for me.
Sorry police officer Wenzel. You indicated your law enforcement backround
in a previous post and I mean no dissrespect so I'd be happy to address
you by your more formal title. No need to address me as Mr. Doren
Rosenthal though, just plain "Doren" is fine.
I guess it's just my laid back California informality. Here in San Luis
Obispo I call the police comissioner, sargent and mayor by their first
names too. I meant no dissrespect officer Wenzel.
By the way. What law enforcement agancy are you with officer?
Doren Rosenthal
do...@slonet.org
Gene Wirchenko
>Bruce Burrell (b...@stimpy.us.itd.umich.edu) wrote:
>: Doren Rosenthal (do...@biggulp.callamer.com) wrote:
>: > Fridrik Skulason (fr...@complex.is) wrote:
>: > : Part I: Questions related to the freely distributable virus simulator.
>: > : Note that the questions below specifically do not refer to the MtE
>: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>: > : supplement - that is covered in part II below.
>: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>: DOREN: CAN YOU READ?!?
>Why yes. Mostly I have trouble spelling or copying things, but I read
>english ok. Is that a satsfactory answer to your question? If not I'd be
>happy to expand on it.
Next question (which was implied by "DOREN: CAN YOU READ?!?):
Can you follow directions?
[snip]
>Doren Rosenthal
>do...@slonet.org
^^
More and more, I am coming to think that there should be a "w"
between these two letters.
Sincerely,
Gene Wirchenko
C Pronunciation Guide:
y=x++; "wye equals ex plus plus semicolon"
x=x++; "ex equals ex doublecross semicolon"
Iolo Davidson
do...@biggulp.callamer.com "Doren Rosenthal" writes:
> : You have been contacted, in this group, by a Swiss official who
> : has confirmed that importing viruses into Switzerland is a crime
> : under Swiss law.
>
> No you are mistaken. When I told the Swiss person on this forum what I
> was doing (I make no secret of it) and asked if there was any problem
> with it and gave them my contact information, recall that was the last
> anyone ever heard from them. I've not had a reply. I've not had a letter,
> he's gone and guys....... I'm still here.
The Swiss official (Claudio G. Frigerio) *did* post a reply in
this group to your query (which you made in a followup to a post
of mine). The message id was:
Suggest that you better have a look for it, since otherwise you
are simply talking through your hat.
> : > : Whatever the likelihood of prosecution, the fact remains that
> : > : importing viruses into Switzerland is a prima facie criminal
> : > : offence.
> : >
> : > You're mistaken if you feel there's any problem importing/exporting my
> : > Virus Simulator between any country in the world. You should check it out
> : > yourself. I have and it's not a problem.
>
> : Breaking Swiss law isn't a problem for you, in the USA. It is
> : only a problem for your Swiss customers.
>
> Well the Swiss embassy didn't have a problem with it when my goverenment
> contacted them. Not everyone who can yodel is a Swiss official, so the
> place to start is arguing about it is not on the net. Contact the Swiss
> government as I did. My government tells me their government has no
> problem with it.
You government is wrong then (not for the first time, either) or
perhaps you explained things with your usual clarity, giving
entirely the wrong idea about what you proposed to import to
Switzerland.
> That's what I go by, and if it's a problem for you you should contact
> them and they can write me or my government a letter. So far I've not had
> any complaint from anyone besides you guys....
You have had a reply in this group from a Swiss official. I've
seen it, and so have others. Dr. Solomon had an exchange with
the same official about the Swiss law and how it effected AV
researchers.
> and you know how much I
> value your informed opinion. You haven't seen my program and you never
> read the Swiss law, and you never bothered to do anything but complain
> and you're not even Swiss.
I evidentally don't have to be Swiss or examine your program or
read Swiss legislation in the original Swiss to be better
informed than you on this topic. You can't even be bothered to
take note of responses to your own posts.
> Anyone have a problem they want to report me to their or anyone in any
> government, my address is clearly visable.
>
> : > : You can sometimes talk a traffic cop out of giving you
> : > : a citation, but that does not make speeding legal. Rosenthal
> : > : leaves his Swiss customers in a dodgy position, at the mercy of
> : > : any prosecutor who wants to get his name in the papers, and
> : > : Rosenthal does not warn them of this danger but instead insists
> : > : that his "simulation" package is safe.
> : >
> : > I have contacted my government and through them the Swiss government and
> : > they assure me there is not a problem. You are welcome to do the same.
>
> : The Swiss official posting in this group confirmed that it is a
> : violation of Swiss law.
>
> No he didn't.
Yes, he did. The fact that you ignored it won't make it go away.
> : > So far the only ones who have a problem with it couldn't be bothered to
> : > contact anyone to get an official position. Arn't associated with any
> : > government, and arn't even Swiss.
>
> : The Swiss official posting in this group confirmed that it is a
> : violation of Swiss law.
>
> Not so and I asked him directly.
And he answered you in <1996Feb23....@gw2.admin.ch>.
> Recall that's the last anyone ever heard of him.
No, he answered you, and you apparently ignored it.
> Well you're the only one who feels getting my Virus Simulator anti-virus
> product is a problem for anyone.
Not so. It is a prima-facie offence under Swiss law to import a
computer virus to Switzerland. The shareware version of your
product is not a problem, but the MTE virus supplement in your
registered version contains two live computer viruses.
> US government dosn't care (in fact they were very helpfull
> and offered to back me up. I even get a special rate
> on shipping it now).
I expect you mislead them about the fact that you were shipping
live computer viruses.
> : > Just seems to be a problem for the guys on this
> : > forum that have all the aswers without checking anything
> : > out themselves.
>
> : The Swiss official posting in this group confirmed that it is a
> : violation of Swiss law.
>
> No your mistaken. I asked him directly and he dissapeared.
He *answered* you, in <1996Feb23....@gw2.admin.ch>. He
also had an earlier exchange with Dr. Solomon about the details
of the Swiss law.
George Wenzel
>> If the virus serves a usefull function and has the users permision as
>> well as the permision of the copyright holder of any files it modifies
>> and everyone has full knowlege and concent.
>
>proof". But as for the rest, of course you're entitled to write whatever
>you want without being called unethical, at least as long as you don't
>release viruses to the wild or violate other people's rights.
I'm considering writing a position paper on why a good virus will never exist.
It'll have to be put off until the end of the month once exams (JOY!) are
over though.
Does anybody care to post reasons for why a 'good' virus could exist so that I
have more points to refute in my paper?
Doren Rosenthal
: >"Public questions for Doren Rosenthal"
I don't assume you agree with my answers Frisk, but did I complete the
answers to your questions to your satisfaction? Is there anything you would
like me to explain in more detail or expand on? Anything I could clarify
more for you? Any questions or comments you have on any of my answers
Frisk? Any answers you might have some sort of difficulty with?
Please feel free to ask any additional questions you might have. I'm
always happy to cooperate and answer as best I can.
Thank you for your interest.
Doren Rosenthal
do...@slonet.org
Bruce Burrell
[snip]
> Well George, that's why I don't have any problem paying Dr. Mark Ludwig
> for his collection. It's a very good collection, I need the information
> for the legitimate anti-virus efforts I'm engaged in, I feel his $100 USD
> is a fair price.
Please tell us why you've bestowed a Ph.D. on Mr. Ludwig. You've
probably confused him with George Smith.
More important, tell us how you are qualified to judge the quality of
Ludwig's CD. All I see you doing is hawking a misrepresented product,
blathering about a flawed test of F-PROT, and participating in some
mindless banter about elephants. I see no evidence of:
1. Helping others to remove viruses
2. Providing technical information about what a particular virus does
3. Suggesting strategies that help to safeguard the computer of the
common user
4. In general, helping others at all
I suspect you'll disagree with me on (4), since you probably consider
it "helpful" to recommend Ludwig's CD or to go on about how your
simulator "helps test for proper installation of AV products", which it
doesn't. But how about providing some timely, safe, helpful answers for
the folks who have a virus problem? It might build you some shred of
credibility.
-BPB
Bruce Burrell
> Bruce Burrell (b...@stimpy.us.itd.umich.edu) wrote:
> : Doren Rosenthal (do...@biggulp.callamer.com) wrote:
> : > Fridrik Skulason (fr...@complex.is) wrote:
>
> : > : Note that the questions below specifically do not refer to the MtE
> : > : supplement - that is covered in part II below.
> : ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> : DOREN: CAN YOU READ?!?
>
> Why yes. Mostly I have trouble spelling or copying things, but I read
> english ok. Is that a satsfactory answer to your question?
No, it isn't. You've snipped out the part where I pointed out that
you've answered six times with references to MtE for a question posed to
you that explicitly requested that you do otherwise.
Perhaps I should have said "CAN YOU UNDERSTAND A STRAIGHTFORWARD
REQUEST?", but you've given ample evidence that the answer is either "No"
or "Rarely; and then only when it suits me."
> If not I'd be happy to expand on it.
No need. I think the above sums it up rather succinctly.
[snip]
> I've answered the questions as well as I know how,
You know what? Just answering the question as asked would more than
suffice, particularly when there is no guile in the questions. They were
all Yes/No questions, so you should have answered them that way. Then
expound if you will.
[snip]
> Frisk, you asked the questions. Did I answer them to your satisfaction?
> Would you like me to expand on anything? Is there any answer I could give
> you that would satisfy you? Anything you feel has recieved a less than
> complete or evasive answer?
>
> I've answered your questions as best as I know how. I belive we will
> never agree on some things, but the answers are as true and complete as
> I know how to give.
Fair question.
-BPB
George Wenzel
>: >Some viruses mark the file date and time stamp (greater than 59 seconds
>: >or plus 100 years for example). Some AV products will detect this
>: >as suspecious and my Virus Simulator will set those off.
>
>Police officer George Wenzel wrote:
I am not a police officer, nor have I ever claimed to be. I am a volunteer
for a police department, and I study criminology, but I am NOT a peace
officer, nor to I claim to be in any way.
>: False alarm.
>
>No officer Wenzel. Some AV product are designed to report this. It's a
>design feature they document and offer as a feature.
Perhaps the anti-virus program will detect it as suspicious activity, but
because it is not a virus, I'd classify that behavior as a false alarm. If
you run TBAV in high-heuristics mode (version 6.51 at least), it'll set off a
couple of DOS files as being suspicious. Perhaps some people are willing to
live with this, but I certainly would not be. False alarms, especially in a
business setting, are expensive. Detection of any of your simulations as a
'possible virus' is a false alarm, because they are positively NOT viruses
(with the possible exception of your MtE 'virus').
>
>: >Some AV products will detect changes to the boot sector, and my Virus
>: >Simulator will change the boot sector of the test diskette. My Virus
>: >Simulator sets them off.
>
>Police officer George Wenzel wrote:
>: False alarm.
>
>No officer Wenzel. Many AV products claim this feature. The learn the
>boot sector for example, and then report changes as suspecious activity.
Suspicious activity is still something that would be considered a virus, and
could cause problems for people, especially in a business environment. Even
if your simulator made changes to the boot sector, this would still be a false
alarm. I consider a false alarm to be whenever an anti-virus product detects
something that could be a virus, when it is not.
>It's quite common for integraty checkers to report chnages in the boot
>sector. My Virus Simulator will overwrite the boot sector of the floppy
>test floppy diskette. Both the shareware version and the suppliment "B"
>will overwrite the boot sector of the test floppy diskette. You can
>confirm that my program does that by simply booting the system off the
>test diskette and you will see my message appear on the screen.
Like I said, this is a false alarm, because it is not a virus that is causing
the change in the boot sector. Pure integrity checkers can be used to detect
unknown viruses, but they are plagued with false alarms. Just because your
simulator causes one of these false alarms doesn't mean it is useful.
>
>Officer Wenzel if you don't want to examine my program for yourself,
>perhaps someone else can confirm this fact for you.
I am not a peace officer, nor have I claimed to be. I am a university student
studying sociology and criminology. I am a member of a university karate
club. I volunteer for a police department, but I am NOT a peace officer. I
don't need someone to confirm what your product does, I'll trust that you know
it well enough to provide factual information.
>
>AV products that report changes made to the boot sector of the floppy
>diskette will report that my program changed the boot sector of the
>floppy diskette...... Officer Wenzel that is hardly a false alarm.
That depends what the anti-virus product says. If it says: 'the boot sector
has been changed', then it isn't a false alarm, because it isn't saying it
detected a virus. If it says 'possible virus', 'possible virus activity' or
something like that, it is a false alarm.
>
>Doren wrote:
>: >Some AV products will detect programs going memory resident. My Virus
>: >Simulator puts something in memory the size of a cow, and will set them
>: >off.
>
>Police Officer George Wenzel wrote:
>: False alarm.
>
>No Officer Wenzel. There are a number of anti-virus products that report
>this activity. Not all anti-virus products are scanners. Some are
>activity monitors like the old Flu-Shot or the AV product Xtree used to
>market here in the US made by ELIRSM. Products that are designed to
>report this activity will detect my Virus Simulator doing it. They are
>doing their job, both the AV product and mine.
Perhaps you consider your product to be useful for testing anti-virus
products, but you now say that it is useful for testing ONLY generic detection
methods. Simply manually changing a file will set off a generic change
detector. Your product may set off these programs, but since it isn't a
virus, it is a false alarm. Purely generic detection methods are designed to
test for certain virus activity, but they are very prone to false alarms,
because legitimate changes happen all the time. Your product simply creates
another one of these false alarm situations.
>
>Doren wrote:
>: >Some AV products detect generic companion viruses, and will have no
>: >problem detecting my suppliment "C".
>
>Police officer George Wenzel wrote:
>: Once again, you ignore Frisk's request. There are problems regarding your
MtE
>: virus, mostly ethical, which makes it difficult to make detection of it
>: mandatory. It's also a virus that will never propagate in the wild, which
>: also makes it a low priority for detection.
>
>Hold on officer Wenzel! I know you've not seen and you refuse to even
>look at the suppliment "C", and it's had to convince you of anything you
>can't see with your own eyes, but the suppliment "C" isn't an MtE virus
>at all. It's a companion virus officer. It's part of my Virus Simulator
>package but it's not the same as the MtE suppliment.
I was assuming the MtE and 'C' supplements were one in the same. I apologize
for the mistake.
>
>I know you don't trust anything I tell you officer,
Why do you say this? I haven't said anything to imply that I distrust you. I
have contrary opinions, but that does not mean that I distrust you. And once
again, I am not a peace officer.
>and you won't look at
>it yourself, but again you're mistaken. Please officer won't you at least
>read the DOC file. Could you ask someone else to help you read it.
I can read just fine, and I find your condescending attitudes quite
interesting. They reveal that you simply cannot hold your own in a debate
without resorting to personal attacks. Too bad for you, because it simply
strengthens my argument.
>
>Here's how a companion virus works officer Wendel......
I'm assuming that is a legitimate typo. I would hope that it wasn't
intentional, because if it was, it would be quite rude.
>
>Oh just forget it. I'm sure you know all about it and don't need any help
>from me.
Thank-you for your brevity.
>: Your side of a debate is plenty, and I ask no more.
>
>: By the way, why are you addressing me by my first name? I know it's
pedantic,
>: but that's something that only my closest friends are welcome to do. I
avoid
>: calling you Doren, out of a mutual respect, and I would hope that you do
the
>: same for me.
>
>Sorry police officer Wenzel. You indicated your law enforcement backround
>in a previous post and I mean no dissrespect so I'd be happy to address
>you by your more formal title. No need to address me as Mr. Doren
>Rosenthal though, just plain "Doren" is fine.
I at no time indicated that I had a law enforcement background. First you say
that Gene Wirchenko (sp?) is a CARO member, when he has clearly stated that he
is not, and now you make up a profession for me. What's next? Will you be
trying to convince us that Dr. Solomon is female? Perhaps that Vesselin
Bontchev is an alien? Or maybe that Graham Cluley is planning to take over
the world with a thermonuclear device?
You're becoming quite adept at misrepresenting other people, misquoting other
people, and in general just being foolish in your posting. You do realize
that this sort of thing just makes your argument weaker, and the argument of
others look stronger?
>
>I guess it's just my laid back California informality. Here in San Luis
>Obispo I call the police comissioner, sargent and mayor by their first
>names too. I meant no dissrespect officer Wenzel.
I am not an officer, and if you know the police commisionner, sargeant, and
mayor by their first name, then addressing them as such is fine. You wouldn't
go up to Mr. Clinton and call him 'Bill', because you do not know him. You do
not know me personally, so I do not wish to be called by my first name by you.
>By the way. What law enforcement agancy are you with officer?
I volunteer with the Edmonton Police Service, but I am NOT an officer. I am
applying to work for the U of A Campus Security Services, but I am not (and
will not be in the near future) a peace officer in any degree.
Regards,
George Wenzel
<copy mailed to Mr. Rosenthal>
Graham Cluley
> What's next? Will you be
> trying to convince us that Dr. Solomon is female? Perhaps that
Vesselin
> Bontchev is an alien? Or maybe that Graham Cluley is planning to take
over
> the world with a thermonuclear device?
I'm afraid the powers that be at S&S have banned me from using the
thermonuclear device at the next show I'm doing. However, it looks like
I've got the go-ahead for the bubble-machine at InfoSec (Olympia, London)
later this month. These will be real bubbles, not the naff simulated
sort.
Regards
Graham
---
Graham Cluley CompuServe: GO DRSOLOMON
Senior Technology Consultant, UK Support: sup...@uk.drsolomon.com
Dr Solomon's Anti-Virus Toolkit. US Support: sup...@us.drsolomon.com
Email: gcl...@uk.drsolomon.com UK Tel: +44 (0)1296 318700
Web: http://www.drsolomon.com USA Tel: +1 617-273-7400
NEW:Evaluate Dr Solomon's FindVirus 7.58! Download it from our webpage
Fridrik Skulason
>Frisk, you asked the questions. Did I answer them to your satisfaction?
I don't know...either the messsage has been lost somewhere along the way or
delayed, but at least I have not seen your reply yet...only the comments
of others.
The comments seem to indicate that you mentioned the MtE supplement in part 1
of the question, which I specifically excluded there....I was trying to get
a clarification on exactly what your claims for the rest of the package
were.
George Wenzel
>I don't assume you agree with my answers Frisk, but did I complete the
>answers to your questions to your satisfaction? Is there anything you would
>like me to explain in more detail or expand on? Anything I could clarify
>more for you? Any questions or comments you have on any of my answers
>Frisk? Any answers you might have some sort of difficulty with?
You did answer the questions, but you didn't exactly follow the directions -
the first set of questions were specifically NOT directed to the MtE
supplement, but you referred to that supplement in your response.
>
>Please feel free to ask any additional questions you might have. I'm
>always happy to cooperate and answer as best I can.
I wouldn't say you have cooperated much lately. You made a claim that a CARO
member or members had claimed to have written viruses. A CARO member has told
you that your claim was false. You claim to have first-hand evidence
regarding your claim, and yet you do not cooperate with us by posting that
evidence.
I should also point out to the a.c.v. reading public that Mr. Rosenthal has
contacted me via e-mail and told me that he would send me his evidence if I
agreed to remove Lucky the Cat from my signature for 6 months (he called it a
game). I declined his offer, because whether or not he posts his evidence has
nothing to do with me, other than my casual interest.
One would wonder why Mr. Rosenthal has been so evasive when asked to post his
evidence regarding CARO members writing viruses. He has been blatantly asked
several times to provide his evidence, but he has yet to do so.
Iolo Davidson
fr...@complex.is "Fridrik Skulason" writes:
> I was trying to get a clarification on exactly what your
> claims for the rest of the package were.
Clarification? From Rosenthal?
--
CUTIE INVITED OF WHISKERS
VARSITY HOP PARTY A FLOP
GUY FULL Burma-Shave
Iolo Davidson
gwe...@gpu.srv.ualberta.ca "George Wenzel" writes:
> I'm considering writing a position paper on why a good virus
> will never exist.
Have you seen Vesselin Bontchev's paper on this?
Graham Cluley
> 'm considering writing a position paper on why a good virus will never
> (JOY!) are over though.
Take a look at Vesselin Bontchev's paper on the subject. I believe it's
available for download from our website.
George Wenzel
>George Wenzel writes:
>> 'm considering writing a position paper on why a good virus will never
>> exist. It'll have to be put off until the end of the month once exams
>> (JOY!) are over though.
>
>Take a look at Vesselin Bontchev's paper on the subject. I believe it's
>available for download from our website.
I'm revising my idea of writing such a paper, because upon reading Vesselin's
paper, I realize that I don't stand a chance of topping his. :-)
Doren Rosenthal
: George Wenzel writes:
: > 'm considering writing a position paper on why a good virus will never
: > exist. It'll have to be put off until the end of the month once exams
: > (JOY!) are over though.
: Take a look at Vesselin Bontchev's paper on the subject. I believe it's
: available for download from our website.
: Regards
: Graham
Vesselin Bontchev wrote his paper in a vacum. He refused to examine
any data that didn't support his claim. You might want to read something
from Dr. Frederick B. Cohen.
I believe it's Bontchev's position that if it replicates it a virus, and
all viruses are bad.
I offer several programs that replicate themselves to serve a usefull
function. An MtE supliment as part of my Virus Simulator which was used
to report a very serious problem in AV software I reviewed last summer.
This same software had been shipped by the AV company Vess now works for
and made it past all their QA procedures and testing. My Virus Simulator
saved Commands F-Prot Pro from a very embarrasing situation.
Also I offer a similar usefull virus the suppliment "C" which is a
functional companion virus. These usefull viruses are requested on this
forum all the time. I've offered a simulated version, but AV people have
pointed out several times that it's just not as usefull as the real
thing. I can there-fore claim the real virus preforms a usefull function
that can not be preformed by other means. My Virus Simulator is a good
example. Real virus works with all products, simulated virus (mine or
CARO/EICAR) only works with a few and not as well.
I also developed a program usefull in the development and test that I
needed that works by replicating itself. The programs it was used to
develop and test involve duplicate files. Replicating insures the files
are duplicates. UN_Test is mentioned in the October '95 Compuserve
magazine page 26 and I'm sure it's on Compuserve somewhere and I give it
free to beta testers of some of my other shareware and comercial programs
(or anyone who cares) if anyone's interested.
I'm not sure a program that replicates is bad. What I say is
malisious programs are bad. Programs that make changes to other
programs they have no right to change are bad. But programs that have
the users concent and the concent of the copyright holder of the
program they modify are NOT bad. Even if they are programs that
replicate and are considered viruses.
If it's doing a usefull job and everyone agrees to what it's doing, even
it replicates or is a virus, it can enjoy a usefull purpose and need not
be considered malisious code.
I have several examples of usefull programs that work by replicating
themselves that I feel work better than anything I've been able to come
up with that didn't replicate.
Even after six years I haven't been able to get AV companies to detect my
simulations reliably unles they were viruses and replicate. My Virus
Simulator serves a usefull function that has now been offered to a lesser
extent by the AV companies themselves as the CARO/EICAR string.
Vess wrote his paper without examining anyones examples. There's a great
quote from him to that effect in Dr. George Smiths book "The Virus
Creation Labs" page 87. Have you read it? It's been posted on virus-l
and other places so it's gotten to be kind of a classic for Vess. He should
consider it for his new signature. Have you seen it?
Doren Rosenthal
do...@slonet.org
Doren Rosenthal
: In article <4k11t7$d...@twizzler.callamer.com>, do...@biggulp.callamer.com (Doren Rosenthal) wrote:
: >I don't assume you agree with my answers Frisk, but did I complete the
: >answers to your questions to your satisfaction? Is there anything you would
: >like me to explain in more detail or expand on? Anything I could clarify
: >more for you? Any questions or comments you have on any of my answers
: >Frisk? Any answers you might have some sort of difficulty with?
: You did answer the questions, but you didn't exactly follow the directions -
: the first set of questions were specifically NOT directed to the MtE
: supplement, but you referred to that supplement in your response.
Frisk asked the question. I addressed his question in my answers. I'm
asking him if his questions were answered completely.
: >
: >Please feel free to ask any additional questions you might have. I'm
: >always happy to cooperate and answer as best I can.
: I wouldn't say you have cooperated much lately. You made a claim that a CARO
: member or members had claimed to have written viruses. A CARO member has told
: you that your claim was false. You claim to have first-hand evidence
: regarding your claim, and yet you do not cooperate with us by posting that
: evidence.
: I should also point out to the a.c.v. reading public that Mr. Rosenthal has
: contacted me via e-mail and told me that he would send me his evidence if I
: agreed to remove Lucky the Cat from my signature for 6 months (he called it a
: game). I declined his offer, because whether or not he posts his evidence has
: nothing to do with me, other than my casual interest.
I also posted the bet here. If I win you remove your CAT for six months.
The bet is I can deliver support or not. I don't have to prove anything
to you unless you put up something at risk.
: One would wonder why Mr. Rosenthal has been so evasive when asked to post his
: evidence regarding CARO members writing viruses. He has been blatantly asked
: several times to provide his evidence, but he has yet to do so.
I answer for the actions of Doren Rosenthal and people associated with
Rosenthal Engineering. Questions reguarding my actions should first be
presented to me.
CARO answer for their own actions and the actions of their members.
Qusestions reguarding their actions should first be presented to them.
Doren Rsoenthal
do...@slonet.org
Doren Rosenthal
: Doren Rosenthal (do...@biggulp.callamer.com) wrote:
: > Well George, that's why I don't have any problem paying Dr. Mark Ludwig
: > for his collection. It's a very good collection, I need the information
: > for the legitimate anti-virus efforts I'm engaged in, I feel his $100 USD
: > is a fair price.
: [snip]
: Please tell us why you've bestowed a Ph.D. on Mr. Ludwig. You've
: probably confused him with George Smith.
I have in my possesion a flyer from Dr. Mark Ludwigs company American
Eagle Publications which offers a book "Computer Viruses, Artificial Life
and Evolution by Dr. Mark Ludwig a physicist by trade.... Also Dr. Ludwig
introduced himself to me by phone and asked me to grant him an interview.
I'd never heard of him before that and he told me he had his doctorate at
that time.
If you have questions reguarding my credentials, I'm the appropriate
person to ask. If you need verification of any of my credentials I'll be
happy to direct you the the appropriate state or federal or other
licenseing board where those credentials are on file.
If you have questions about Dr. Ludwigs credistials I can
only repeate what he told me. You should ask him directly if you need
verification. I'm sure he will be happy to direct you himself. You can
contact him at American Eagle Pub. or the last e-mail address I have for
him which was first posted by Vess on virus-l as ame...@mcimail.com
: More important, tell us how you are qualified to judge the quality of
: Ludwig's CD.
I have the first version in my posession and have examined it personaly.
It is quite outstanding in my opinion but is now old. The new one is on
order but promises to be even better.
: All I see you doing is hawking a misrepresented product,
: blathering about a flawed test of F-PROT, and participating in some
: mindless banter about elephants. I see no evidence of:
: 1. Helping others to remove viruses
No you should read the very helpfull artical I wrote for Computer Shopper
that was quite helpfull. Commands engineers were very thankfull for
bringing their problem to their attention.
: 2. Providing technical information about what a particular virus does
I've mentioned a few viruses by name that are otherwise not being
discussed. For example Cornucopia.
: 3. Suggesting strategies that help to safeguard the computer of the
: common user
Oh but I do and it's described in Virus Simulator documentation. Have you
read it. I direct people to it all the time.
: 4. In general, helping others at all
: I suspect you'll disagree with me on (4), since you probably consider
: it "helpful" to recommend Ludwig's CD or to go on about how your
: simulator "helps test for proper installation of AV products", which it
: doesn't. But how about providing some timely, safe, helpful answers for
: the folks who have a virus problem? It might build you some shred of
: credibility.
I answer questions all the time. Most people contact me in private, but
questions involving the use of AV products offered by others should best
be answered by the supplier. I tend to focus on questions involving my
own AV product and that takes up the energy I wish to expend.
Doren.........
George Wenzel
>: Take a look at Vesselin Bontchev's paper on the subject. I believe it's
>: available for download from our website.
>
>all viruses are bad.
And what's wrong with that? It's his position, so he can choose what he
wants.
>
>I offer several programs that replicate themselves to serve a usefull
>function. An MtE supliment as part of my Virus Simulator which was used
>to report a very serious problem in AV software I reviewed last summer.
>This same software had been shipped by the AV company Vess now works for
>and made it past all their QA procedures and testing. My Virus Simulator
>saved Commands F-Prot Pro from a very embarrasing situation.
Firstly, Vesselin does NOT work for Command, he works for Frisk. There is a
difference. The problem in the AV software that you found was indeed a
glitch, but it was fixed before it caused problems for a single user. Your
simulator did not really prove anything. We've discussed this before, and I'd
rather leave it at that. This was really old news.
>
>Also I offer a similar usefull virus the suppliment "C" which is a
>functional companion virus. These usefull viruses are requested on this
>forum all the time. I've offered a simulated version, but AV people have
>pointed out several times that it's just not as usefull as the real
>thing. I can there-fore claim the real virus preforms a usefull function
>that can not be preformed by other means. My Virus Simulator is a good
>example. Real virus works with all products, simulated virus (mine or
>CARO/EICAR) only works with a few and not as well.
Real viruses will not work with all products because not all products detect
every virus. Many AV companies see your supplement C and your MtE as being so
limited in their replication mechanism that they will never be in the wild, so
they choose not to detect them. The EICAR file is a standard that is
beginning to be adopted by many anti-virus products, and I would hope that all
of them add detection of it soon. Your simulator does not include what I
consider to be true viruses, so it doesn't make sense for you to claim that
they are useful viruses, when they aren't viruses at all.
>
>I also developed a program usefull in the development and test that I
>needed that works by replicating itself. The programs it was used to
>develop and test involve duplicate files. Replicating insures the files
>are duplicates. UN_Test is mentioned in the October '95 Compuserve
>magazine page 26 and I'm sure it's on Compuserve somewhere and I give it
>free to beta testers of some of my other shareware and comercial programs
>(or anyone who cares) if anyone's interested.
Your Un_test program may have been useful for you and a few other people, but
it certainly wouldn't be useful for the general public. If this virus had
spread into the wild, one would have quite a bit of difficulty calling it
'useful' when it goes around copying files to directories all over everybody's
computer.
>
>I'm not sure a program that replicates is bad. What I say is
>malisious programs are bad. Programs that make changes to other
>programs they have no right to change are bad.
Programs that take up valuable CPU cycles when the user doesn't want them to
are bad, and all viruses must do this to propagate.
>But programs that have
>the users concent and the concent of the copyright holder of the
>program they modify are NOT bad. Even if they are programs that
>replicate and are considered viruses.
I'd suggest you read Vesselin's paper on good viruses. He makes quite a few
points about why this is not true.
>
>If it's doing a usefull job and everyone agrees to what it's doing, even
>it replicates or is a virus, it can enjoy a usefull purpose and need not
>be considered malisious code.
Okay then. Define a program that does something useful that everyone agrees
to what it does. If you think about it, you'll find that such a program does
not exist, whether it be virus or non-virus. Everybody has a different view
on what's useful, and with a virus you can't control who it spreads to, so you
can't intentionally have it spread to only the people who think it will be
useful.
>
>I have several examples of usefull programs that work by replicating
>themselves that I feel work better than anything I've been able to come
>up with that didn't replicate.
Perhaps they are useful for you, but that is a very limited function. They
won't be useful for everybody. If they're viruses, they have the possibility
of spreading to other people's computers. Other people might not share your
opinion about them being useful.
>
>Even after six years I haven't been able to get AV companies to detect my
>simulations reliably unles they were viruses and replicate. My Virus
And you still have problems with them. I believe that Frisk plans on updating
his engine so your MtE 'virus' is not detected because it can't replicate in
the wild and is therefore a false alarm.
>Simulator serves a usefull function that has now been offered to a lesser
>extent by the AV companies themselves as the CARO/EICAR string.
The EICAR string (note that it is just called that, not the CARO/EICAR string)
is useful for testing installation of anti-virus products. It will soon be
supported by all major anti-virus products, and it is guaranteed to work with
products that support it. Your simulator is not guaranteed to work, and it
usually doesn't.
>
>Vess wrote his paper without examining anyones examples.
Bullshit. Read the paper. He specifically took examples of proposed 'useful
viruses' and gave his reasons for why they could not exist.
>There's a great
>quote from him to that effect in Dr. George Smiths book "The Virus
>Creation Labs" page 87. Have you read it? It's been posted on virus-l
>and other places so it's gotten to be kind of a classic for Vess. He should
>consider it for his new signature. Have you seen it?
I haven't seen it, but I have heard of some of the crackpot theories that
Smith proposed, such as Vesselin being the 'Dark Avenger'. Pretty much
everyone agrees that claims like those are completely unfounded and without
proof.
Nick FitzGerald
do...@biggulp.callamer.com (Doren Rosenthal) writes:
> Graham Cluley (ham...@cix.compulink.co.uk) wrote:
[other irrelevancies snipped]
> : Take a look at Vesselin Bontchev's paper on the subject. I believe it's
> : available for download from our website.
>
> Vesselin Bontchev wrote his paper in a vacum. He refused to examine
> any data that didn't support his claim. You might want to read something
> from Dr. Frederick B. Cohen.
You clearly never read it then!
The paper Graham refers to is replete with careful considerations of
Cohen's works and specifically his claims viz "beneficial viruses".
> I believe it's Bontchev's position that if it replicates it a virus, and
> all viruses are bad.
You definitely didn't read it then, -or- are deliberately
misrepresenting what you read, or were unable to understand it.
Given your ramblings here the last few weeks, I'm afraid it seems the
latter two are the more likely interpretations.
> I offer several programs that replicate themselves to serve a usefull
> function. An MtE supliment as part of my Virus Simulator which was used
> to report a very serious problem in AV software I reviewed last summer.
> This same software had been shipped by the AV company Vess now works for
> and made it past all their QA procedures and testing. My Virus Simulator
> saved Commands F-Prot Pro from a very embarrasing situation.
>
> Also I offer a similar usefull virus the suppliment "C" which is a
> functional companion virus. These usefull viruses are requested on this
> forum all the time. I've offered a simulated version, but AV people have
> pointed out several times that it's just not as usefull as the real
> thing. I can there-fore claim the real virus preforms a usefull function
> that can not be preformed by other means. My Virus Simulator is a good
> example. Real virus works with all products, simulated virus (mine or
> CARO/EICAR) only works with a few and not as well.
What you define as "useful" and what the rest of the world perceives as
"good" or "beneficial" then becomes the issue. Define your terms Doren,
oh "professional engineer" or your highly developed "scientific
standards" may be corrupted. Without clear definitions this whole
debate is next to meaningless--just so much hot air.
Do us all a favour--go and read Vess's paper, give it a "fair reading"
(so you don't fall into your usual trap of setting up your opposition as
"straw man" arguments) then come back with some -counter arguments-
rather than dishing up the mish-mash of personal attack and vaguely
irrellevant anecdotal "I'm OK" stories we see here.
> I also developed a program usefull in the development and test that I
> needed that works by replicating itself. The programs it was used to
> develop and test involve duplicate files. Replicating insures the files
> are duplicates. UN_Test is mentioned in the October '95 Compuserve
> magazine page 26 and I'm sure it's on Compuserve somewhere and I give it
> free to beta testers of some of my other shareware and comercial programs
> (or anyone who cares) if anyone's interested.
Replication per se does not a virus make unless you accept Fred Cohen's
definitions--many do not! Besides that you still haven't defined useful
or "beneficial". Further, even if you UN_Test -is- viral, the question
is must thisa functionality be coded as a virus--for exammple, would it
not be better to write it as a program that generates a clone of
something else? Similar issues are discussed in Vess's paper--maybe you
should (re?)read it...
> I'm not sure a program that replicates is bad. What I say is
> malisious programs are bad. Programs that make changes to other
> programs they have no right to change are bad. But programs that have
> the users concent and the concent of the copyright holder of the
> program they modify are NOT bad. Even if they are programs that
> replicate and are considered viruses.
>
> If it's doing a usefull job and everyone agrees to what it's doing, even
> it replicates or is a virus, it can enjoy a usefull purpose and need not
> be considered malisious code.
>
> I have several examples of usefull programs that work by replicating
> themselves that I feel work better than anything I've been able to come
> up with that didn't replicate.
>
> Even after six years I haven't been able to get AV companies to detect my
> simulations reliably unles they were viruses and replicate. My Virus
> Simulator serves a usefull function that has now been offered to a lesser
> extent by the AV companies themselves as the CARO/EICAR string.
There are a huge set of implications that flow from accepting -any- of
the sugegstions you've just made. Vess addresses them in his paper. Is
this starting to sound like a scratched record? Someone here is trying
to portray themselves as the expert--anyone caring to read Vess's paper
will get a feel for how shallowly Doren is presenting these issues.
Come on Doren--live up to your prized professional ethics and admit you
have been lying and misrepresenting Vess to this point.
> Vess wrote his paper without examining anyones examples. There's a great
Another totally bogus claim. -If- anyone who has read Vess's paper
maintains that position they are clearly misrepresenting what they read.
But don't take my word for it--go read Vess's paper and decide for
yourself whether it's Doren or I who is taking a misinformed position.
> quote from him to that effect in Dr. George Smiths book "The Virus
> Creation Labs" page 87. Have you read it? It's been posted on virus-l
> and other places so it's gotten to be kind of a classic for Vess. He should
> consider it for his new signature. Have you seen it?
Another "I know something shocking but am not going to tell you" claim
from Doren.
Could it be that this (whatever it is!) is one of those things that
Smith has wrenched horribly from its original context so it seems to say
something different from what it "really" meant, or be one of those
occasional things we all say that come back to haunt us at a later time
when what we said then looks terribly bad now?
Like your other recent puerile claims of this ilk, your making such a
statement in public reduces your credibility and increases the
impression you give of being a spolit four-year-old.
For those who've read this far and are intrigued as to what Vess could
have written that Doren so fundamentally fails to understand, look at:
ftp://ftp.informatik.uni-hamburg.de/pub/virus/texts/viruses/goodvir.zip
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Nick FitzGerald, PC Applications Consultant, CSC, Uni of Canterbury, N.Z.
n.fitz...@csc.canterbury.ac.nz TEL:+64 3 364 2337, FAX:+64 3 364 2332
Virus-L/comp.virus moderator and FAQ maintainer
PGP fingerprint = 2E 7D E9 0C DE 26 24 4F 1F 43 91 B9 C4 05 C9 83
Doren Rosenthal
: In article <DpGqE...@cix.compulink.co.uk>, ham...@cix.compulink.co.uk ("Graham Cluley") wrote:
: >George Wenzel writes:
: >> 'm considering writing a position paper on why a good virus will never
: >> exist. It'll have to be put off until the end of the month once exams
: >> (JOY!) are over though.
: >
: >available for download from our website.
: I'm revising my idea of writing such a paper, because upon reading Vesselin's
: paper, I realize that I don't stand a chance of topping his. :-)
Good move Mr. Wenzel. It's always best to look at other peoples data and a
few other sources before publishing an opinion. You might also take a
look at Dr. Frederick B. Cohens book "Short Course on Computer Viruses".
He's done research in beneficial computer viruses. He's the guy who coined
the word "Computer Virus" in 1984.
Doren Rosenthal
do...@slonet.org
George Wenzel
>In article <4jvlqi$a...@pulp.ucs.ualberta.ca>
> gwe...@gpu.srv.ualberta.ca "George Wenzel" writes:
>
>> will never exist.
>
>Have you seen Vesselin Bontchev's paper on this?
When I posted that article, I had read it, but forgot it existed (mind
clutter, I suppose). Upon reading it again, I realized that improving upon it
would be rather difficult. I may ask Vesselin if he would allow me to
simplify the paper so the general public could read it without a problem. His
paper is rather technical (but not too technical). :-)
Doren Rosenthal
: In article <828775...@mist.demon.co.uk>, io...@mist.demon.co.uk wrote:
: >In article <4jvlqi$a...@pulp.ucs.ualberta.ca>
: > gwe...@gpu.srv.ualberta.ca "George Wenzel" writes:
: >
: >> I'm considering writing a position paper on why a good virus
: >> will never exist.
: >
: >Have you seen Vesselin Bontchev's paper on this?
: When I posted that article, I had read it, but forgot it existed (mind
: clutter, I suppose). Upon reading it again, I realized that improving upon it
: would be rather difficult. I may ask Vesselin if he would allow me to
: simplify the paper so the general public could read it without a problem. His
: paper is rather technical (but not too technical). :-)
Would you like to examine my Un_Test program? I'm not sure it counts as a
virus, but it sevrves a usefull purpose by replicating itself all over the
hard drive and clobbering the AUTOEXEC.BAT, CONFIG.SYS, WIN.INI and
SYSTEM.INI files. It was used to develop and test my "Rosenthal
UnInstall" which you're welcome to with my compliments as well.
If you find Vesselins paper too technical, I think you'll enjoy Dr. Fred
Cohen. Fred dosn't talk down to his readers and he backs up his work with
examples and good documentaion. It also comes with a disk.
Doren Rosenthal
do...@slonet.org
Robert Michael Slade
: Vesselin Bontchev wrote his paper in a vacum. He refused to examine
In a vacuum? A paper that was reviewed by a major technical working
group (probably his thesis advisor, as well) and published in a major
journal? Citing the major reference works up to that time? You must be
joking! (Or haven't got the right paper.)
: any data that didn't support his claim. You might want to read something
: from Dr. Frederick B. Cohen.
Now Cohen writes in a vacuum. His contentions that viral programs can be
useful are simply assertions at this point. He has not done the same
type of work on proving his theories of "good" viruses as he did in his
earlier work on definitions and undecidability. He has stated that he
has had viral programs doing network management and other tasks for
years, but he hasn't given details. His idea of a viral computing
environment is a very interesting one, but, until he defines it further,
it isn't compatible with the current non-viral environment.
: I offer several programs that replicate themselves to serve a usefull
: function. An MtE supliment as part of my Virus Simulator which was used
: to report a very serious problem in AV software I reviewed last summer.
Does your "MtE supliment" replicate? Why does the replication aspect of
it serve a useful purpose, since the MtE is polymorphic code? (Yes, I
understand that you need to make "copies" in order to test for
polymorphism, but self-replication is not needed for that purpose.)
: This same software had been shipped by the AV company Vess now works for
: and made it past all their QA procedures and testing. My Virus Simulator
: saved Commands F-Prot Pro from a very embarrasing situation.
What is this vital bug you found?
: Also I offer a similar usefull virus the suppliment "C" which is a
: functional companion virus. These usefull viruses are requested on this
What utility is offered by a companion virus? What does it do that can't
be done by existing software?
: forum all the time. I've offered a simulated version, but AV people have
: pointed out several times that it's just not as usefull as the real
: thing. I can there-fore claim the real virus preforms a usefull function
: that can not be preformed by other means. My Virus Simulator is a good
: example. Real virus works with all products, simulated virus (mine or
: CARO/EICAR) only works with a few and not as well.
"Writing viruses is good because if there weren't any viruses you
couldn't tell how well antiviral software works." Have I got it right?
So diabetes is good because if nobody had diabetes then we couldn't tell
how well synthetic insulin works?
: I also developed a program usefull in the development and test that I
: needed that works by replicating itself. The programs it was used to
: develop and test involve duplicate files. Replicating insures the files
: are duplicates. UN_Test is mentioned in the October '95 Compuserve
What is the problem with simply copying the files? That way you can
telll that they are duplicates, too. (And even test it, using XCOPY /V.)
: magazine page 26 and I'm sure it's on Compuserve somewhere and I give it
: free to beta testers of some of my other shareware and comercial programs
: (or anyone who cares) if anyone's interested.
I care. Please send me a copy.
: I'm not sure a program that replicates is bad. What I say is
I'm not absolutely sure, but Vesselin (hey, Vess, can we call you Dr.
Bontchev yet?) goes into a lot of detail on all the problems
sellf-replacting programs can cause simply by the fact of their
replication. Nobody has yet demonstrated that a self-replicating program
can fulfill any function that cannot be done, more safely and just as
easily, by a system that doesn't rely on self-replication.
: malisious programs are bad.
Well, yes. This would sort of follow by definition, I suppose.
: Programs that make changes to other
: programs they have no right to change are bad. But programs that have
: the users concent and the concent of the copyright holder of the
: program they modify are NOT bad. Even if they are programs that
: replicate and are considered viruses.
I think you had better go back and read Vesselin's paper. It deals with
this in detail.
: I have several examples of usefull programs that work by replicating
: themselves that I feel work better than anything I've been able to come
: up with that didn't replicate.
Yes, this is the same sort of thing Cohen says. Details, please.
: Vess wrote his paper without examining anyones examples. There's a great
: quote from him to that effect in Dr. George Smiths book "The Virus
: Creation Labs" page 87. Have you read it? It's been posted on virus-l
Smith's book, or hjust the isolated quote?
Robert Michael Slade
: look at Dr. Frederick B. Cohens book "Short Course on Computer Viruses".
: the word "Computer Virus" in 1984.
Cohen has done very valuable research in regard to viruses. He has made
pronouncements in regard to beneficial viruses, but that is not the same
thing.
It was Len Adleman who suggested the term virus to Cohen in 1983, while
Cohen was developing his ideas and experiments.
Checking sources is, indeed, a good idea.
Robert Michael Slade
Doren Rosenthal (do...@biggulp.callamer.com) wrote:
: virus, but it sevrves a usefull purpose by replicating itself all over the
: hard drive and clobbering the AUTOEXEC.BAT, CONFIG.SYS, WIN.INI and
: SYSTEM.INI files.
Obviously Doren Rosenthal has a definition of "usefull" that differs
radically from "useful". I can see where we all made this mistake. Once
we get him to define "usefull" we may see what it is that he has been
proposing. (Nobody could, with a straight face, submit that filling up
the hard drive and deleting the system files is a "useful" function.)
: If you find Vesselins paper too technical, I think you'll enjoy Dr. Fred
: Cohen. Fred dosn't talk down to his readers and he backs up his work with
: examples and good documentaion. It also comes with a disk.
Cohen's "Short Course" is, indeed, an enjoyable read. However, in this
context, Rosenthal seems to be implying that because much of the book is
well researched and documented, the assertions in regard to beneficial
viruses must be true. That does not follow.
In addition, I should note that *my* book comes with a disk, too. I do
not, however, submit that the inclusion of a disk with my book proves
that *my* position in regard to beneficial viruses is necessarily true :-)
======================
rob...@decus.ca rsl...@vcn.bc.ca rsl...@vanisl.decus.ca
Hanlon's razor:
Never attribute to malice that which can be adequately explained by stupidity.
Author "Robert Slade's Guide to Computer Viruses" 0-387-94663-2 (800-SPRINGER)
George Wenzel
>Would you like to examine my Un_Test program? I'm not sure it counts as a
>hard drive and clobbering the AUTOEXEC.BAT, CONFIG.SYS, WIN.INI and
>UnInstall" which you're welcome to with my compliments as well.
No, thank-you. I have no need for your Un_Test program, nor your uninstall
utility. I suppose that your Un_Test program might be useful for you, but if
released as a virus in the wild, it would not be useful for the general
public.
>
>If you find Vesselins paper too technical, I think you'll enjoy Dr. Fred
>Cohen. Fred dosn't talk down to his readers and he backs up his work with
>examples and good documentaion. It also comes with a disk.
I didn't find Vesselin's paper that technical. It isn't written in laymans'
terms, but it is easy to understand. I didn't find that Vess had talked down
to his readers, nor that he did not back up his ideas with examples and
documentation. Vesselin's paper was well written and well supported.
Morton Swimmer
>CARO answer for their own actions and the actions of their members.
>Qusestions reguarding their actions should first be presented to them.
What is this CARO thingy?
Dr Alan Solomon
In article <4k8ri2$9...@twizzler.callamer.com>, Doren Rosenthal (do...@biggulp.callamer.com) writes:
>
>I answer for the actions of Doren Rosenthal and people associated with
>presented to me.
>
>CARO answer for their own actions and the actions of their members.
>Qusestions reguarding their actions should first be presented to them.
Nope. I answer for Alan Solomon. I don't answer for Caro, even though I'm
a member. Each person answer for their own actions, not for a bunch of
other people's. I used to be a member of the Amersham Allottment and
Horticultural Association, and when I was a member, I didn't answer for
them, either. I'll spare you the long saga of the AAHA. Oh golly, I expect
there's some people here don't know what an allottment is. It's ten rods.
Rods are sometimes called poles or perches.
And, you still haven't answered my question, who wrote the Doren
Rosenthal virus simulator. If you don't answer soon, I'm going to conclude
that either you don't know, or else you're refusing to answer for some
reason. Which is it?
--
Dr Alan Solomon, Founder of S&S International
Chief Designer of Dr Solomon's Anti Virus Toolkit
US tel (617) 273 7400 UK tel +44 1296 318700
Business: drso...@drsolomon.com http://www.drsolomon.com
Personal: drs...@ibmpcug.co.uk http://www.ibmpcug.co.uk/~drsolly
Graham Cluley
> >CARO answer for their own actions and the actions of their members.
> >Qusestions reguarding their actions should first be presented to them.
>
Computer AntiVirus Research Organization: an informal gathering of
anti-virus bods (Fridrik Skulason, Vesselin Bontchev, Alan Solomon, Frans
Veldman, etc etc)
George Wenzel
>: >Take a look at Vesselin Bontchev's paper on the subject. I believe it's
>: >available for download from our website.
>
>: I'm revising my idea of writing such a paper, because upon reading Vesselin's
>: paper, I realize that I don't stand a chance of topping his. :-)
>
>Good move Mr. Wenzel. It's always best to look at other peoples data and a
>few other sources before publishing an opinion. You might also take a
>He's done research in beneficial computer viruses. He's the guy who coined
>the word "Computer Virus" in 1984.
Perhaps you should check your sources before publishing information, Mr.
Rosenthal. The name 'computer virus' was suggested to Cohen by another
individual (can't remember his name). Cohen, therefore, did not coin the
term.
George Wenzel
>
>>CARO answer for their own actions and the actions of their members.
>>Qusestions reguarding their actions should first be presented to them.
>
>What is this CARO thingy?
The Computer Anti-virus Research Organization, an informal association of
sorts for various anti-virus professionals around the world.
George Wenzel
>> What is this CARO thingy?
>
>anti-virus bods (Fridrik Skulason, Vesselin Bontchev, Alan Solomon, Frans
>Veldman, etc etc)
Right after making my own post, I read yours, Mr. Cluley. Oddly enough, my
post was almost exactly the same as yours. :-) Minus the names, of course.
I apologize for the duplication.
Doren Rosenthal
: >CARO answer for their own actions and the actions of their members.
: >Qusestions reguarding their actions should first be presented to them.
: What is this CARO thingy?
A secretive cartel made up of some anti-virus product developers and a
few academics who enguage in questionable activities they would
rather do in private.
You can read more about them in Dr. George C. Smiths book "The Virus
Creation Labs, A journey into the Underground" ISBN 0-929408-09-8.
Dr. Smith documents a number of shady, underhanded, low life activities he
attributes to CARO as a group.
For a list of CARO members you should ask one of them that frequents this
forum. It's also rumored Fridrick Skulason has lip print signatures on his
behind from many of the members, but you'll have to ask them, or possibly
encourage Frisk to drop his pants and show you.
Dr. Smith also devotes a whole chapter "Some Finks Take on A Lady" where
Skulason and his CARO compainions get credit for some very outrageous
activity. All quite well documented in the book.
In Smiths chapter "The Toy Maker and the Toad" he calls CARO "a nest of
vipers". I'm mentioned in that section myself (not a viper, I'm a good guy),
and can tell you what he wrote about me was quite acurate. There's a
great quote from Vesselin Bontchev in that chapter that was posted to
virus-l that is so outrageous, that I've seen it mentioned in print a
number of times. It's on page 87 and is a classic for CARO members as a
whole. Smith also included my response on page 89 and had I known it was
going quoted as often as I've seen it in print, I would have given it
more thought.
Dr. Smith documents these guys much better than I could and his book is
quite entertaining.
To be fair you should also ask the CARO people for yourself, but I
suggest you read the book first. You may have a few more questions they
can clear up for you that way.
When you ask questions on this forum though be sure to also ask if the
person is a CARO member or not, and if they had seen what you are
asking about. Many will offer opinions on things they have never seen
and claim them as fact.
Doren Rosenthal
do...@slonet.org
P.S. Doren Rosenthal is an independant anti-virus product developer and
not associated in any way with CARO, Dr. Smith, or American Eagle Pub.
I live in the AV community, but up in the mountains as a hermit with my
dancing girls. Don't have much use for the town council and just use them
to dump elephant shit on from up here. Air is fresh and clean up here,
town council is filled with some very smelly guys.
Ståle Fagerland
> Would you like to examine my Un_Test program? I'm not sure it counts as a
> virus, but it sevrves a usefull purpose by replicating itself all over the
> hard drive and clobbering the AUTOEXEC.BAT, CONFIG.SYS, WIN.INI and
> SYSTEM.INI files. It was used to develop and test my "Rosenthal
> UnInstall" which you're welcome to with my compliments as well.
Useful purpose? Being a trojan is useful?
Regards
StF
Ståle Fagerland
> Obviously Doren Rosenthal has a definition of "usefull" that differs
> radically from "useful". I can see where we all made this mistake. Once
> we get him to define "usefull" we may see what it is that he has been
> proposing. (Nobody could, with a straight face, submit that filling up
> the hard drive and deleting the system files is a "useful" function.)
Shame on you, Rob, for making phun of his spelling :)).
But I think it's obvious that his definition of useful is a bit different
from what most of us have in mind.
Regards
StF
Fridrik Skulason
>And you still have problems with them. I believe that Frisk plans on updating
>his engine so your MtE 'virus' is not detected because it can't replicate in
>the wild and is therefore a false alarm.
Uh...no, you got that wrong...I will have to detect it...if only because it is
trivial to modify the virus, and remove the restrictions built into it.
-frisk
--
Fridrik Skulason Frisk Software International phone: +354-5-617273
Author of F-PROT E-mail: fr...@complex.is fax: +354-5-617274
George Wenzel
>: More important, tell us how you are qualified to judge the quality of
>: Ludwig's CD.
>
>I have the first version in my posession and have examined it personaly.
>It is quite outstanding in my opinion but is now old. The new one is on
>order but promises to be even better.
Just because you have it and have looked at it doesn't mean you're qualified
to judge the quality of it.
>
>: All I see you doing is hawking a misrepresented product,
>: blathering about a flawed test of F-PROT, and participating in some
>: mindless banter about elephants. I see no evidence of:
>
>: 1. Helping others to remove viruses
>
>No you should read the very helpfull artical I wrote for Computer Shopper
>that was quite helpfull. Commands engineers were very thankfull for
>bringing their problem to their attention.
No, you did not help others to remove viruses. You helped an AV company to
become aware of a bug in their product.
>
>: 3. Suggesting strategies that help to safeguard the computer of the
>: common user
>Oh but I do and it's described in Virus Simulator documentation. Have you
>read it. I direct people to it all the time.
Your simulator does nothing to protect a user's computer.
Dr Alan Solomon
In article <4kch7r$f...@watnews2.watson.ibm.com>, Morton Swimmer (swimmer@) writes:
>
>>CARO answer for their own actions and the actions of their members.
>>Qusestions reguarding their actions should first be presented to them.
>
>What is this CARO thingy?
Mostly a beer drinking and social club, except all of the members are
interested in computer viruses.
Doren Rosenthal
CARO member Dr. Alan Solomon asks:
Who wrote the Doren Rosenthal Virus Simulator? (again)
Alan, you've asked this question a number of times and I've
responded as best as I know how.
I Doren Rosenthal, a person well known who maintains a number of
state and federal licenses under that name. I maintain a US
passport which includes a photo of myself in it. I have other
photo IDs if you require.
Doren Rosenthal
Rosenthal Engineering
P.O. Box 1650
San Luis Obispo, CA USA 93406
You've asked the question several times and please believe I'm
not trying to evade the answer. I don't question your need for
the information at all, and as a legitimate member of the AV
community (hermits are members too), I'm quite proud of my work
and happy to support your AV efforts as best as I know how.
Perhaps it's the format of my response, or an answer traceable
directly to it's source you require?
I can offer you a letter of affidavit that I wrote and take full
credit for the internationally known copyrighted work which I
offer as the Virus Simulator.
A copy of the work on diskette may be included as well if you
wish.
This letter will be printed on my Rosenthal Engineering
stationary and above my signature and seal which are a matter of
public record on file with the State of California and a number
of federal agencies including the US library of congress and the
US Commissioner of Patents and Trademarks. Your letter will be
signed in front of a licensed notary public, bear their official
seal and be sent directly from the notary public by certified
registered mail. That way you would have in your possession a
certified document traceable to its source without compromise.
Would that meet your requirements? If not could you please be
more specific as to the format you would prefer.
I'm returning to the dancing girls at my hermitage now so I can
get some work done. You're always welcome to contact me there by
e-mail in private. I'll return here the next time the girls and I
are in the mood to dump another load of elephant shit on the CARO
members of the self appointed AV community town council.
It's been fun.
Doren Rosenthal
do...@slonet.org
http://slonet.org/~doren/
Iolo Davidson
do...@biggulp.callamer.com "Doren Rosenthal" writes:
> P.S. Doren Rosenthal is an independant anti-virus product developer
What product is that? Your "simulations" are not an anti-virus
product.
--
CUTIE INVITED OF WHISKERS
VARSITY HOP PARTY A FLOP
GUY FULL Burma-Shave
Doren Rosenthal
: In <4k92sb$16...@pulp.ucs.ualberta.ca> gwe...@gpu.srv.ualberta.ca (George Wenzel) writes:
: >And you still have problems with them. I believe that Frisk plans on updating
: >his engine so your MtE 'virus' is not detected because it can't replicate in
: >the wild and is therefore a false alarm.
: Uh...no, you got that wrong...I will have to detect it...if only because it is
: trivial to modify the virus, and remove the restrictions built into it.
: -frisk
Thank you for your cooperation. I'm looking forward to the test reports
due out this summer which will also include Coruncopia detection and
removal. It should be quite interesting, I wish you luck with your fine
product and I hope it preforms better than the copy I reviewed last summer.
I need to get some work done so I'll be returning to the dancing girls
at my hermitage. Sorry Vess didn't make it this trip, but I offered to
enguage him if he wanted to show his face..... This time without the CARO
censor frisk.
Thanks for responding.
Doren Rosenthal
do...@slonet.org
Robert Michael Slade
: Shame on you, Rob, for making phun of his spelling :)).
: But I think it's obvious that his definition of useful is a bit different
: from what most of us have in mind.
Me, making fun of him? Nonsense! I thought he was making fun of me! :-)
(I have to get around to replacing this keyboard. The contact debouncer
must be shot, since I get random insertions of multiple "l"s (plus the
occasional "e", "w" and return) in whatever I'm doing. Third consecutive
"Certified Data"/London Drugs keyboard I've had with this same problem.
(Different letters, though.))
(I wonder if I could convince people that my letter transpositions are a
result of the same problem? Nah, probably not ... :-)
Robert Michael Slade
we fell for the troll, hook, line and sinker. His latest posting clearly
is an attempt to sound as offensive as possible, without actually saying
anything untrue. (You all remember the "campaign speech" that someone
made up years ago? Sounds terrible, but doesn't actually mean
anything?) Consider:
Doren Rosenthal (do...@biggulp.callamer.com) wrote:
: : What is this CARO thingy?
: A secretive cartel made up of some anti-virus product developers and a
: few academics who enguage in questionable activities they would
: rather do in private.
There *are* activities which CARO members would rather do in private.
Going to the bathroom, for instance.
: You can read more about them in Dr. George C. Smiths book "The Virus
: Creation Labs, A journey into the Underground" ISBN 0-929408-09-8.
Of course you can. It won't be true, but ...
: Dr. Smith documents a number of shady, underhanded, low life activities he
: attributes to CARO as a group.
Notice that "documents" is followed by "he attributes", which means that
DR's posting doesn't say anything about the truth of the allegations.
: For a list of CARO members you should ask one of them that frequents this
: forum. It's also rumored Fridrick Skulason has lip print signatures on his
: behind from many of the members, but you'll have to ask them, or possibly
: encourage Frisk to drop his pants and show you.
Note that, while this paragraph is clearly offensive, the use of
"rumored" means that the whole thing is meaningless.
: Dr. Smith also devotes a whole chapter "Some Finks Take on A Lady" where
: Skulason and his CARO compainions get credit for some very outrageous
: activity. All quite well documented in the book.
Again, "get credit" renders the whole paragraph moot. "Outrageous
activity", of course, could be anything at all.
: In Smiths chapter "The Toy Maker and the Toad" he calls CARO "a nest of
: vipers". I'm mentioned in that section myself (not a viper, I'm a good guy),
: and can tell you what he wrote about me was quite acurate. There's a
The "nest of vipers" quote probably does appear in the Smith book, but
note that nothing DR says implies that Smith's quote is true, in regard
to CARO.
: great quote from Vesselin Bontchev in that chapter that was posted to
: virus-l that is so outrageous, that I've seen it mentioned in print a
: number of times. It's on page 87 and is a classic for CARO members as a
: whole. Smith also included my response on page 89 and had I known it was
: going quoted as often as I've seen it in print, I would have given it
: more thought.
Again, DR says that there is a quote from VB, but without giving the
quote you can't tell what the quote might be about.
: Dr. Smith documents these guys much better than I could and his book is
: quite entertaining.
This merely states relative levels of knowledge, and "entertainment" is
subjective, so both of these can be true and still meaningless.
: To be fair you should also ask the CARO people for yourself, but I
: suggest you read the book first. You may have a few more questions they
: can clear up for you that way.
Again, true and meaningless.
: When you ask questions on this forum though be sure to also ask if the
: person is a CARO member or not, and if they had seen what you are
: asking about. Many will offer opinions on things they have never seen
: and claim them as fact.
Now, read this one carefully. It is quite eminently true that "[m]any
will offer opinions on things they have never seen and claim them as
fact", but the construction of the paragraph doesn't actually state this
is true of CARO members.
: P.S. Doren Rosenthal is an independant anti-virus product developer and
: not associated in any way with CARO, Dr. Smith, or American Eagle Pub.
Could very well be true. Would be, if he is just trolling.
: I live in the AV community, but up in the mountains as a hermit with my
: dancing girls. Don't have much use for the town council and just use them
: to dump elephant shit on from up here. Air is fresh and clean up here,
: town council is filled with some very smelly guys.
Obvious hyperbole, and therefore not subject to refutation.
There you have it. We've been had.
Nick FitzGerald
do...@biggulp.callamer.com (Doren Rosenthal) wrote:
> ... Otherwise questions involving the actions of others
> should be addressed to the people responsible for their own actions.
Given this and your ongoing refusal to answer questions asking for the
deatils to back-up your claims about a virus-writing CARO member, we are
left with the following possibilities:
1. Doren Rosenthal did -not- post a claim that a CARO member had
once publicly admitted to writing a virus.
2. Doren Rosenthal is not responsible for his/her own actions.
3. Doren Rosentahl openly and publicly practises double standards.
Option 1. is clearly false, and 2. and 3. increasingly less surprising.
> Questions involving the actions of CARO members should be addressed to
> CARO members. I'm not a CARO member. I offered to participate once, but I
And questions about Doren Rosenthal's claims apparently should be asked
of CARO members too!
Sheeeshhh...
> Got a question for CARO, ask them yourself.
Got a question for Doren--ask him youself.
Doren--this is known as "argument by analogy".
A simple technique known and widely used (except, perhaps, around San
Luis Obispo ??) for a few millenia. To escape its grasp you have to
make a good argument why the "parallels" are not analogous. (You could
argue that the exemplar is invalid, thus the analagous extension must
also be, but we assume that you presented the exemplar as a valid claim
and I see no reason to dispute its reaonableness.)
Morton Swimmer
>Morton Swimmer (swimmer@) wrote:
>
>: >CARO answer for their own actions and the actions of their members.
>
>
>A secretive cartel made up of some anti-virus product developers and a
>few academics who enguage in questionable activities they would
>rather do in private.
Are you a member? You seem to know a lot about it.
>
>You can read more about them in Dr. George C. Smiths book "The Virus
>Creation Labs, A journey into the Underground" ISBN 0-929408-09-8.
I saw that book, but I thought it was fiction and I'm still only half way through
James Clavell's latest book.
>
>Dr. Smith also devotes a whole chapter "Some Finks Take on A Lady" where
>...
>In Smiths chapter "The Toy Maker and the Toad" he calls CARO "a nest of
Point in case, it looked like fiction.
>...
>When you ask questions on this forum though be sure to also ask if the
>person is a CARO member or not, and if they had seen what you are
>asking about. Many will offer opinions on things they have never seen
>and claim them as fact.
I must make sure next time. Do they carry an ID card or something. How
can I verify that you are not some vile CARO person.
>P.S. Doren Rosenthal is an independant anti-virus product developer and
>not associated in any way with CARO, Dr. Smith, or American Eagle Pub.
Oh, right. This clears up everything.
>
>I live in the AV community, but up in the mountains as a hermit with my
>dancing girls. Don't have much use for the town council and just use them
>to dump elephant shit on from up here. Air is fresh and clean up here,
>town council is filled with some very smelly guys.
Like Ross Perot or something?
Cheers, Morton
Dr Alan Solomon
In article <4kh4ss$s...@twizzler.callamer.com>, Doren Rosenthal (do...@biggulp.callamer.com) writes:
>
>CARO member Dr. Alan Solomon asks:
>
> Who wrote the Doren Rosenthal Virus Simulator? (again)
>
>Alan, you've asked this question a number of times and I've
>responded as best as I know how.
No,. you've just ducked th issue.
>
>I Doren Rosenthal, a person well known who maintains a number of
>state and federal licenses under that name. I maintain a US
>passport which includes a photo of myself in it. I have other
>photo IDs if you require.
>
> Doren Rosenthal
> Rosenthal Engineering
> P.O. Box 1650
> San Luis Obispo, CA USA 93406
>
>You've asked the question several times and please believe I'm
>not trying to evade the answer. I don't question your need for
>the information at all, and as a legitimate member of the AV
>community (hermits are members too), I'm quite proud of my work
>and happy to support your AV efforts as best as I know how.
Then answer the question. Don't keep on beating about the bush.
>
>Perhaps it's the format of my response, or an answer traceable
>directly to it's source you require?
>
>I can offer you a letter of affidavit that I wrote and take full
>credit for the internationally known copyrighted work which I
>offer as the Virus Simulator.
>
>A copy of the work on diskette may be included as well if you
>wish.
>
>This letter will be printed on my Rosenthal Engineering
>stationary and above my signature and seal which are a matter of
>public record on file with the State of California and a number
>of federal agencies including the US library of congress and the
>US Commissioner of Patents and Trademarks. Your letter will be
>signed in front of a licensed notary public, bear their official
>seal and be sent directly from the notary public by certified
>registered mail. That way you would have in your possession a
>certified document traceable to its source without compromise.
>
>Would that meet your requirements? If not could you please be
>more specific as to the format you would prefer.
No, you're still evading the question. I may or may not have a need to
know, but why are you being so evasive about answering? Here's a straight
question, how about a straight answer, stripped of elephants and dancing
girls - Who wrote the Doren Rosenthal virus simulator? Surely this isn't
a difficult question? Surely there isn't anything to hide? Surely there
isn't some big secret you're ashamed to own up to?
>I'm returning to the dancing girls at my hermitage now so I can
>get some work done. You're always welcome to contact me there by
>e-mail in private. I'll return here the next time the girls and I
>are in the mood to dump another load of elephant shit on the CARO
>members of the self appointed AV community town council.
So now I suppose I'll never get an answer to the question -
Who wrote the Doren Rosenthal virus simulator?
George Wenzel
>>And you still have problems with them. I believe that Frisk plans on updating
>>his engine so your MtE 'virus' is not detected because it can't replicate in
>>the wild and is therefore a false alarm.
>
>Uh...no, you got that wrong...I will have to detect it...if only because it is
>trivial to modify the virus, and remove the restrictions built into it.
Ahh... sorry.. I misinterpreted a previous post of yours. Does this mean that
AV vendors are beginning to intentionally detect Doren's MtE virus?
On a related note, are more vendors adding detection of the EICAR file (NAV,
Sophos, PC-Cillin, and others haven't yet, I believe)?
Doren Rosenthal
: In article <4kbda5$4...@twizzler.callamer.com>, do...@biggulp.callamer.com (Doren Rosenthal) wrote:
: >: >Take a look at Vesselin Bontchev's paper on the subject. I believe it's
: >
: >: I'm revising my idea of writing such a paper, because upon reading Vesselin's
: >: paper, I realize that I don't stand a chance of topping his. :-)
: >
: >Good move Mr. Wenzel. It's always best to look at other peoples data and a
: >few other sources before publishing an opinion. You might also take a
: >look at Dr. Frederick B. Cohens book "Short Course on Computer Viruses".
: >He's done research in beneficial computer viruses. He's the guy who coined
: >the word "Computer Virus" in 1984.
: Perhaps you should check your sources before publishing information, Mr.
: Rosenthal. The name 'computer virus' was suggested to Cohen by another
: individual (can't remember his name). Cohen, therefore, did not coin the
: term.
Well if you do remember his name. or where you read it, call up American
Eagle publishing (1-520-367-1621) and complain to them because that's
what it says on their free flyer that I'm holding in my hand. If you
don't believe me..... what else is new? Call them and read it for
yourself but I've no time to argue about it.
Doren Rosenthal
Doren Rosenthal
: Doren Rosenthal wrote:
: Regards
: StF
Not sure I call it a trojen, or a virus. Usefull program that functions
by replicating itself. Sorry, no time tp explain. Read Compuserve
Magazine Oct. '95 page 26..... download from them and examine yourself.
Doren Rosenthal
do...@slonet.org
Shirl
Rosenthal) wrote:
[snip]
>Not sure I call it a trojen, or a virus. Usefull program that functions
>by replicating itself. Sorry, no time tp explain. Read Compuserve
>Magazine Oct. '95 page 26..... download from them and examine yourself.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Why? Could I catch something?
--
Shirl
==================
s...@dial.pipex.com
==================
George Wenzel
>: >CARO answer for their own actions and the actions of their members.
>: >Qusestions reguarding their actions should first be presented to them.
>
>: What is this CARO thingy?
>
>A secretive cartel made up of some anti-virus product developers and a
>few academics who enguage in questionable activities they would
>rather do in private.
Wrong! CARO is an informal group of friends, in which the high-ranking people
pick up the beer. I should note that the person who asked 'What is this CARO
thingy?' was indeed a CARO member, seeking to make a joke.
>
>You can read more about them in Dr. George C. Smiths book "The Virus
>Creation Labs, A journey into the Underground" ISBN 0-929408-09-8.
>
>Dr. Smith documents a number of shady, underhanded, low life activities he
>attributes to CARO as a group.
One should note that these opinions are Dr. Smith's, and aren't shared by
quite a few of us.
>
>Dr. Smith also devotes a whole chapter "Some Finks Take on A Lady" where
>Skulason and his CARO compainions get credit for some very outrageous
>activity. All quite well documented in the book.
>
>In Smiths chapter "The Toy Maker and the Toad" he calls CARO "a nest of
>vipers". I'm mentioned in that section myself (not a viper, I'm a good guy),
>and can tell you what he wrote about me was quite acurate. There's a
>great quote from Vesselin Bontchev in that chapter that was posted to
>virus-l that is so outrageous, that I've seen it mentioned in print a
>number of times. It's on page 87 and is a classic for CARO members as a
>whole. Smith also included my response on page 89 and had I known it was
>going quoted as often as I've seen it in print, I would have given it
>more thought.
I assume that's the insinuation that Vesselin is (was) the Dark Avenger.
There has never been any evidence to support this claim, nor anything but
speculation. Just because something's printed, Doren, doesn't mean that it is
true.
>
>When you ask questions on this forum though be sure to also ask if the
>person is a CARO member or not, and if they had seen what you are
>asking about. Many will offer opinions on things they have never seen
>and claim them as fact.
I've never claimed my opinions to be fact; they're as open to peer review as
anything else I do. We've told you why looking at your simulator would be
pointless, but you continue making your point out as a valid one. I suppose
we can invent a new term here: Rosenthalian logic. It's like Carrollean
logic, but even more severely flawed.
>P.S. Doren Rosenthal is an independant anti-virus product developer and
>not associated in any way with CARO, Dr. Smith, or American Eagle Pub.
No, Doren Rosenthal is NOT an anti-virus product developer, since he has never
made a product that combats viruses.
Graham Cluley
> Skulason) wrote:
> >>And you still have problems with them. I believe that Frisk plans on
> updating
> >>his engine so your MtE 'virus' is not detected because it can't
replicate
> in >>the wild and is therefore a false alarm.
> >
> >Uh...no, you got that wrong...I will have to detect it...if only
because it
> is
> >trivial to modify the virus, and remove the restrictions built into it.
>
> Ahh... sorry.. I misinterpreted a previous post of yours. Does this
mean
> that AV vendors are beginning to intentionally detect Doren's MtE virus?
We (Dr Solomon's) have been detecting it for quite a while. It is a
virus (unlike his simulations) so it seems right to detect it. We call
it "Doren Rosenthal" I think.
> On a related note, are more vendors adding detection of the EICAR file
(NAV,
> Sophos, PC-Cillin, and others haven't yet, I believe)?
Don't know - but it would be a good idea. Just in case anyone missed it,
here it is again:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Iolo Davidson
do...@biggulp.callamer.com "Doren Rosenthal" writes:
> George Wenzel (gwe...@gpu.srv.ualberta.ca) wrote:
>
> : Perhaps you should check your sources before publishing information, Mr.
> : Rosenthal. The name 'computer virus' was suggested to Cohen by another
> : individual (can't remember his name). Cohen, therefore, did not coin the
> : term.
>
> Well if you do remember his name. or where you read it, call up American
> Eagle publishing and complain to them because that's
> what it says on their free flyer that I'm holding in my hand. If you
> don't believe me..... what else is new? Call them and read it for
> yourself but I've no time to argue about it.
You cited a dodgy source and it turned out to be wrong. Why
should the rest of us, who wouldn't take "American Eagle's"
(Mark Ludwig's) word on anything, complain to him? You are the
one who has been misled, and then misled others in turn, if
there is still anyone that takes your word for anything.
Anyone misled by you has you to complain to. No one has
been misled by Ludwig directly on this occasion. Anyone who
hasn't worked it out yet can now see that your sources of
information are disreputable and make allowances in the future.
George Wenzel
>I need to get some work done so I'll be returning to the dancing girls
>at my hermitage. Sorry Vess didn't make it this trip, but I offered to
>enguage him if he wanted to show his face..... This time without the CARO
>censor frisk.
You keep saying you're leaving, but you don't leave...
Go and get some work done! Enjoy the dancing girls! Don't get stepped on by
the simulated elephants! :-)
Bruce Burrell
> George Wenzel (gwe...@gpu.srv.ualberta.ca) wrote:
[snip]
> : Perhaps you should check your sources before publishing information, Mr.
> : Rosenthal. The name 'computer virus' was suggested to Cohen by another
> : individual (can't remember his name). Cohen, therefore, did not coin the
> : term.
>
> Well if you do remember his name. or where you read it, call up American
> don't believe me..... what else is new? Call them and read it for
> yourself but I've no time to argue about it.
>
That's hypocrisy, sir. You won't include the EICAR string without some
official imprimatur, but you don't bother to apply the same rigor to
other stuff you cite.
Humbug.
-BPB
Bruce Burrell
[snip]
> get some work done. You're always welcome to contact me there by
> e-mail in private. I'll return here the next time the girls and I
> are in the mood to dump another load of elephant shit on the CARO
> members of the self appointed AV community town council.
Well, at least he's aware of the main component of his posts. [Does
one abbreviate that "composts"?)
> It's been fun.
The air smells better already.
-BPB
Eric S. Smith: Left-Field Marshal
Dr Alan Solomon <drs...@chartridge.win-uk.net> wrote:
>
>In article <4kh4ss$s...@twizzler.callamer.com>, Doren Rosenthal (do...@biggulp.callamer.com) writes:
>>
>>CARO member Dr. Alan Solomon asks:
>>
>> Who wrote the Doren Rosenthal Virus Simulator? (again)
>>
>>Alan, you've asked this question a number of times and I've
>>responded as best as I know how.
>
>No,. you've just ducked th issue.
[snip]
>>I can offer you a letter of affidavit that I wrote and take full
>>credit for the internationally known copyrighted work which I
>>offer as the Virus Simulator.
[snip]
>So now I suppose I'll never get an answer to the question -
>Who wrote the Doren Rosenthal virus simulator?
Umm...looks like the Dr. Solly Question Answer Scanner isn't quite free
of bugs, yet. What are you getting at? You don't believe him, or
something? Sure, the guy's a verbose pain, but the answer's kind of easy
to determine if you just read the post...
--Eric Smith
Doren Rosenthal
April 14, 1996
Dr. Alan Solomon asks (again):
Who wrote the Doren Rosenthal Virus Simulator?
----
Alan I'm giving you the best answer I know. I Doren Rosenthal, a
well known person in the international scientific community, wrote
it myself. I had cooperative assistance from several members of
the anti-virus community at the time I wrote it and publicly
offered participation to all at the time without prejutice.
I personally wrote it, and I personally take full responsibility
for the software know as:
Virus Simulator
also known as:
Rosenthal Virus Simulator
also known as:
Doren Rosenthal Virus Simulator
I realize that people like yourself sometimes might have a
problem concerning my shareware that I just can't resolve to
their satisfation. No matter what I offer, it's not satisfactory
to them. Even so, I still assume the resonsibility to see that
you are satisfied.
As you have indicated that your request for the information is
still less satisfactory than you require, I offer you an
independant, third party to act as ombudsman. The following
statement appears in the documentation for my Virus Simulator and
other shareware I offer. Please take advantage of it and trust
that I will do everything I can to cooperate to satisfy your
needs.
----
_______
____|__ | (R)
--| | |-------------------
| ____|__ | Association of
| | |_| Shareware
|__| o | Professionals
-----| | |---------------------
|___|___| MEMBER
Association of Shareware Professionals (ASP)
Rosenthal Engineering is a member of the Association of
Shareware Professionals (ASP). ASP wants to make sure that the
shareware principle works for you. If you are unable to resolve
a shareware-related problem with an ASP member by contacting
the member directly, ASP may be able to help. The ASP Ombudsman
can help you resolve a dispute or problem with an ASP member,
but does not provide technical support for members' products.
Please write to The ASP Ombudsman, at 545 Grover Road, Muskegon,
MI 49442, or send a message via CompuServe Mail to: ASP Ombudsman
70007,3536.
----
Doren Rosenthal
do...@slonet.org
Iolo Davidson
cs...@blaze.trentu.ca "Eric S. Smith: Left-Field Marshal" writes:
> In article <41...@chartridge.win-uk.net>,
> Dr Alan Solomon <drs...@chartridge.win-uk.net> wrote:
>
> >So now I suppose I'll never get an answer to the question -
> >Who wrote the Doren Rosenthal virus simulator?
>
> What are you getting at? You don't believe him, or
> something?
You just got here, right?
MLookabaug
(Doren Rosenthal) writes:
>
>Dr. Alan Solomon asks (again):
>
>
>Who wrote the Doren Rosenthal Virus Simulator?
I would be more interested in whoever could write a "Doren Rosenthal
Disappearance Simulator", as the real thing seems not likely to happen.
Mark Lookabaugh
George Wenzel
>Umm...looks like the Dr. Solly Question Answer Scanner isn't quite free
>of bugs, yet. What are you getting at? You don't believe him, or
>something? Sure, the guy's a verbose pain, but the answer's kind of easy
>to determine if you just read the post...
He's simply using Rosenthalian logic - batter other people with the same
question until they give up and give you the answer you want.
Bob Schultz
Doren Rosenthal is already making a simulated disappearance. Since
it's not real, nobody can detect it.
Dr Alan Solomon
In article <829483...@mist.demon.co.uk>, Iolo Davidson (io...@mist.demon.co.uk) writes:
>In article <Dptxr...@blaze.trentu.ca>
> cs...@blaze.trentu.ca "Eric S. Smith: Left-Field Marshal" writes:
>
>> In article <41...@chartridge.win-uk.net>,
>> Dr Alan Solomon <drs...@chartridge.win-uk.net> wrote:
>>
>> >So now I suppose I'll never get an answer to the question -
>>
>> What are you getting at? You don't believe him, or
>> something?
>
Oh dear, I don't think this is going to be any easier to explain than the
pink elephants or the rubber feet.
Dr Alan Solomon
In article <Dptxr...@blaze.trentu.ca>, Eric S. Smith: Left-Field Marshal (cs...@blaze.trentu.ca) writes:
>In article <41...@chartridge.win-uk.net>,
>Dr Alan Solomon <drs...@chartridge.win-uk.net> wrote:
>>
>>>
>>>CARO member Dr. Alan Solomon asks:
>>>
>>> Who wrote the Doren Rosenthal Virus Simulator? (again)
>>>
>>>Alan, you've asked this question a number of times and I've
>>>responded as best as I know how.
>>
>>No,. you've just ducked th issue.
>
>[snip]
>
>>>I can offer you a letter of affidavit that I wrote and take full
>>>credit for the internationally known copyrighted work which I
>>>offer as the Virus Simulator.
>
>[snip]
>
>>Who wrote the Doren Rosenthal virus simulator?
>
>of bugs, yet. What are you getting at? You don't believe him, or
>something? Sure, the guy's a verbose pain, but the answer's kind of easy
>to determine if you just read the post...
Uh - I read his post, and I can see what he says, and it's all very
interesting stuff, and no doubt accurate (isn't it funny how "no doubt"
actually means the opposte of what it sounds like, just like "I could care
less" actually means "I couldn't care less", which is the way that Brits
say it) but I also want to know who wrote the Doren Rosenthal virus
simulator. As to whether I believe him or not, I'll make that decision
when he posts an answer to my question. Which he hasn't yet. Even though
I've read his posts in which he claims to give the answer. Still, I'm a
patient person.
Dr Alan Solomon
In article <4krcfe$b...@newsbf02.news.aol.com>, MLookabaug (mlook...@aol.com) writes:
>In article <4kr1tb$2...@twizzler.callamer.com>, do...@biggulp.callamer.com
>(Doren Rosenthal) writes:
>
>>
>>Dr. Alan Solomon asks (again):
>>
>>
>
>I would be more interested in whoever could write a "Doren Rosenthal
>Disappearance Simulator", as the real thing seems not likely to happen.
Careful, we might stray off into pink-elephant-land here. Let's
concentrate on the main question, besides which all others pale into
insignificance, in my view. I mean, do we really care about things like
what Eicar's address is, or who was the technical director at some date
(which I can't remember the date, let alone who held that post). No, lets
not get diverted from the important question, which is:
Who wrote the Doren Rosenthal Virus Simulator?
--
Kurt Wismer
>From: do...@biggulp.callamer.com (Doren Rosenthal)
>Subject: Re: Public questions to Doren Rosenthal
>
>Good move Mr. Wenzel. It's always best to look at other peoples data and a
>few other sources before publishing an opinion. You might also take a
>look at Dr. Frederick B. Cohens book "Short Course on Computer Viruses".
>He's done research in beneficial computer viruses. He's the guy who coined
>the word "Computer Virus" in 1984.
<beep>{HONK!} *wrong*...
proffessor leonard adlemann (cohens comp. security prof. at the time) coined
the term computer virus... cohen simply created them...
guess where i got that info... from your revered george smith... the mind
boggles when contemplating how many other facts you've bungled...
~~~ TGWave v1.12+
--
| Fidonet: Kurt Wismer 1:259/423
| Internet: Kurt....@fknights.gryn.org
Eric S. Smith: Left-Field Marshal
Iolo Davidson <io...@mist.demon.co.uk> wrote:
>In article <Dptxr...@blaze.trentu.ca>
> cs...@blaze.trentu.ca "Eric S. Smith: Left-Field Marshal" writes:
>
>> In article <41...@chartridge.win-uk.net>,
>> Dr Alan Solomon <drs...@chartridge.win-uk.net> wrote:
>>
>> >So now I suppose I'll never get an answer to the question -
>>
>> What are you getting at? You don't believe him, or
>> something?
>
I've been here for a while, actually, I just don't read the Rosenthal
threads very closely (can you blame me?). Given that the guy *did*
respond in such a way as to indicate that he was the author of the thing,
Dr Solomon's continued badgering seemed a little, er, single-minded. Is
he afraid to accuse the guy of lying, if that's what we're supposed to
think, or what? As it stands, the good (?) Doctor's beginning to remind
me of parents who profess not to understand their kids' report cards.
This group is becoming far too much like alt.religion.scientology...
--Eric Smith
George Wenzel
>: Perhaps you should check your sources before publishing information, Mr.
>: Rosenthal. The name 'computer virus' was suggested to Cohen by another
>: individual (can't remember his name). Cohen, therefore, did not coin the
>: term.
>
>Well if you do remember his name. or where you read it, call up American
>Eagle publishing (1-520-367-1621) and complain to them because that's
>what it says on their free flyer that I'm holding in my hand. If you
>don't believe me..... what else is new? Call them and read it for
>yourself but I've no time to argue about it.
>
What? You have no time? Then why have you kept posting for the last week?
I suppose that if it's written in the American Eagle Publishing flyer, it must
be the most truthful truth. American Eagle surely wouldn't do anything bad
like mis-attribute something, now would they?
And no, I still don't remember the name, but I'm sure others on this forum
will be able to help you out. As far as me not believing you, I've never
posted something to that affect. I've disagreed with you, and I've debated
with you, but I give you the benefit of the doubt and assume what you're
saying is correct, providing you have evidence to back it up.
Shirl
Smith: Left-Field Marshal) wrote:
>I've been here for a while, actually, I just don't read the Rosenthal
>threads very closely (can you blame me?).
Hey! Then you've missing all the most interesting stuff! :-)
>Given that the guy *did*
>respond in such a way as to indicate that he was the author of the thing,
>Dr Solomon's continued badgering seemed a little, er, single-minded. Is
>he afraid to accuse the guy of lying, if that's what we're supposed to
>think, or what? As it stands, the good (?) Doctor's beginning to remind
>me of parents who profess not to understand their kids' report cards.
Having read the Rosenthal threads for some time, it rather struck me
that Dr Solly was simply responding in kind to Doren's continual and
insatiable questioning about the authorship of the EICAR string. Maybe
he's pulling Doren's leg... :-)
>
>This group is becoming far too much like alt.religion.scientology...
Thanks for that tip: I must nip across and have a look!
>
>--Eric Smith
0@0.0
>>his engine so your MtE 'virus' is not detected because it can't replicate in
>>the wild and is therefore a false alarm.
>Uh...no, you got that wrong...I will have to detect it...if only because it is
>trivial to modify the virus, and remove the restrictions built into it.
pathetically easy...
- Executioner/[Independent]
------====### legal notice ###====--------------------------------------------
Microsoft(tm) Network is prohibited from redistributing this work in any form,
either in whole or in part. License to distribute this posting is available to
Microsoft(tm) for (US)$100.00. Posting without prior permission constitutes an
agreement to these terms. Site license is available for (US)$10,000,000,000.00
OBProtest: shit piss fuck cunt cock-sucker mother-fucker tits
PGP Signature: 67 35 1F 85 34 3D ED CC FD 87 01 22 A5 47 31 EA
Key available on request.
Bruce Burrell
[snip]
> Uh - I read his post, and I can see what he says, and it's all very
> interesting stuff, and no doubt accurate (isn't it funny how "no doubt"
> actually means the opposte of what it sounds like, just like "I could care
> less" actually means "I couldn't care less", which is the way that Brits
> say it)
[I think what we Americans (US'ns?) say is actually short for "I could
-hardly- care less." The problem is that we are careless, and therefore
take far less care than we ought.]
> but I also want to know who wrote the Doren Rosenthal virus
> simulator. As to whether I believe him or not, I'll make that decision
> when he posts an answer to my question. Which he hasn't yet. Even though
> I've read his posts in which he claims to give the answer. Still, I'm a
> patient person.
I suggest that when you find out, you submit it to David for inclusion
in the FAQ. Might cut down on the bandwidth.
-BPB
Bruce Burrell
[Doren said]:
> >: Perhaps you should check your sources before publishing information, Mr.
> >: Rosenthal. The name 'computer virus' was suggested to Cohen by another
> >: individual (can't remember his name). Cohen, therefore, did not coin
> >: the term.
> >
> >Well if you do remember his name. or where you read it, call up American
> >Eagle publishing (1-520-367-1621) and complain to them because that's
> >what it says on their free flyer that I'm holding in my hand. If you
> >don't believe me..... what else is new? Call them and read it for
> >yourself but I've no time to argue about it.
> >
>
> What? You have no time? Then why have you kept posting for the last week?
>
> I suppose that if it's written in the American Eagle Publishing flyer,
> it must be the most truthful truth. American Eagle surely wouldn't
> do anything bad like mis-attribute something, now would they?
>
> And no, I still don't remember the name, but I'm sure others on this forum
> will be able to help you out.
Len Adleman, Fred Cohen's thesis advisor at Lehigh. Also the "A" of
RSA public key encryption, I think.
-BPB
[snip]
Dr Alan Solomon
In article <3173e7af...@news.dial.pipex.com>, Shirl (ra...@dial.pipex.com) writes:
>On Tue, 16 Apr 1996 15:49:44 GMT, cs...@blaze.trentu.ca (Eric S.
>Smith: Left-Field Marshal) wrote:
>
>>I've been here for a while, actually, I just don't read the Rosenthal
>>threads very closely (can you blame me?).
>
>Hey! Then you've missing all the most interesting stuff! :-)
>
>>Given that the guy *did*
>>respond in such a way as to indicate that he was the author of the thing,
>>Dr Solomon's continued badgering seemed a little, er, single-minded. Is
>>he afraid to accuse the guy of lying,
No, I'm certainly not accusing Doren of lying. Yes, you're right, I have
been a bit single-minded about this, haven't I?
>if that's what we're supposed to
>>think, or what? As it stands, the good (?) Doctor's beginning to remind
>>me of parents who profess not to understand their kids' report cards.
Oh, you mean it looks like I'm failing to understand Doren on purpose?
>Having read the Rosenthal threads for some time, it rather struck me
>that Dr Solly was simply responding in kind to Doren's continual and
>insatiable questioning about the authorship of the EICAR string.
Could be.
>Maybe he's pulling Doren's leg... :-)
Always a possibility - I'm well known as a wind-up artist.
Graham Cluley
> Iolo Davidson <io...@mist.demon.co.uk> wrote:
> >In article <Dptxr...@blaze.trentu.ca>
> > cs...@blaze.trentu.ca "Eric S. Smith: Left-Field Marshal" writes:
> >
> >> In article <41...@chartridge.win-uk.net>,
> >> Dr Alan Solomon <drs...@chartridge.win-uk.net> wrote:
> >>
> >> >So now I suppose I'll never get an answer to the question -
> >> >Who wrote the Doren Rosenthal virus simulator?
> >>
> >> What are you getting at? You don't believe him, or
> >> something?
> >
> >You just got here, right?
>
thing,
> Dr Solomon's continued badgering seemed a little, er, single-minded.
Is
remind
> me of parents who profess not to understand their kids' report cards.
Err.. I think Alan's playing at the same game as Doren. (Remember all
the "Who wrote the EICAR test file?" messages from Doren?)
> This group is becoming far too much like alt.religion.scientology...
It's a shame there's so much bandwidth on alt.religion.scientology, as
the bad points of Scientology could do with a wider airing IMNSHO. I
prefer alt.religion.christian.boston-church because most of the members
of the International (Boston) Church of Christ have been ordered by their
leaders not to read it, let alone post to it. But then the ICC always
was a less-professional cult (sorry you got me on one of my pet subjects)
George Wenzel
>
> Len Adleman, Fred Cohen's thesis advisor at Lehigh. Also the "A" of
>RSA public key encryption, I think.
<lightbulb in head flashes on> Ahh... That was the name... I knew is was
Leonard somethingorother, but I didn't want to say that the person who coined
the term 'computer virus' was just some Leonard. In Canadian society, calling
someone a Leonard is a bit of an insult. :-)
Somebody must have turned off the Doren Rosenthal Simulator, since I haven't
seen him around in a while. It's been nice. :-)
Graham Cluley
> someone a Leonard is a bit of an insult. :-)
Leonard Cohen?
Regards
Graham
---
Graham Cluley CompuServe: GO DRSOLOMON
Senior Technology Consultant, UK Support: sup...@uk.drsolomon.com
Dr Solomon's Anti-Virus Toolkit. US Support: sup...@us.drsolomon.com
Email: gcl...@uk.drsolomon.com UK Tel: +44 (0)1296 318700
Web: http://www.drsolomon.com USA Tel: +1 617-273-7400
NEW:Evaluate Dr Solomon's FindVirus 7.59! Download it from our webpage
George Wenzel
>> In Canadian society, calling
>> someone a Leonard is a bit of an insult. :-)
>
>Leonard Cohen?
I meant calling someone a Leonard when it's not really their name. I suspect
it came about because there was a person somewhere with lower-than-average
intelligence that was called Len, so calling somebody a 'Len' or a 'Leonard'
became a bit of an insult. It was a bit of a shifting vernacular though, and
it isn't used that much anymore.
Graham Cluley
> >Leonard Cohen?
>
> I meant calling someone a Leonard when it's not really their name.
Oh, I thought it might have been influenced by people's opinion of
Canada's most famous Leonard, writer of "That famous blue raincoat", "So
long Marianne", and other songs for students to commit suicide to.
Nick Wedd
"\"Graham Cluley\"" <san...@cix.compulink.co.uk> writes
>
>> >Leonard Cohen?
>
>Oh, I thought it might have been influenced by people's opinion of
>Canada's most famous Leonard, writer of "That famous blue raincoat", "So
>long Marianne", and other songs for students to commit suicide to.
Suicide? When I was a student I used his records as a hangover cure.
After ten minutes of listening to one, I would realise how ludicrous it
was, life couldn't possibly be _that_ bad.
--
Nick Wedd Ni...@maproom.demon.co.uk 72133...@compuserve.com
Robert Michael Slade
Nick Wedd (Ni...@maproom.demon.co.uk) wrote:
: "\"Graham Cluley\"" <san...@cix.compulink.co.uk> writes
: >
: >> >Leonard Cohen?
: >
: >Oh, I thought it might have been influenced by people's opinion of
: >Canada's most famous Leonard, writer of "That famous blue raincoat", "So
: >long Marianne", and other songs for students to commit suicide to.
: Suicide? When I was a student I used his records as a hangover cure.
: After ten minutes of listening to one, I would realise how ludicrous it
: was, life couldn't possibly be _that_ bad.
One of my prized possessions is an old, tattered, spirit-duplicated (yes,
*that* old) copy of "The Last Canadian Tourist in Havana Looks
Homeward". I suppose I should really find out something it's
legitimately published in.
Gamin
Now, there's a topic to catch the eye!
On Fri, 26 Apr 1996, Nick Wedd wrote:
> "\"Graham Cluley\"" <san...@cix.compulink.co.uk> writes
> >
> >> >Leonard Cohen?
> >
> >Oh, I thought it might have been influenced by people's opinion of
> >Canada's most famous Leonard, writer of "That famous blue raincoat", "So
> >long Marianne", and other songs for students to commit suicide to.
>
> Suicide? When I was a student I used his records as a hangover cure.
> After ten minutes of listening to one, I would realise how ludicrous it
> was, life couldn't possibly be _that_ bad.
> --
This is perhaps because you do not live in a country that has a fixation
on encouraging its own culture, pours millions of taxpayers' dollars into
encouraging the arts, and *then* ends up with Leonard Cohen, Margaret
Atwood, Robertson Davies, Gordon Lightfoot, Anne Murray......
And, just to make this posting relevant to the group, my boss just
managed to get himself a massive cross-platform case of Winword Concept.
I got it cleaned out of his clone by downloading the DSAVTK evaluation
copy, but we had to clean the Mac with Scanprot.doc from MSoft. This was
really loooooonnnnggggg and tedious. I tried to find inof on a better
Mac program, but couldn't in the time we had.
Is there a recommended Mac AV program that will get rid of this sucker
more effectively?
(It certainly changed his tune about the dangers of viruses, though.
Suddenly we have gone from: "It never happens in Japan, it never happens
to anyone I know and it never happens to me" to "what was that newsgroup
you read all the time?.....)
Dr Alan Solomon
In article <Pine.BSI.3.91.960427...@gol1.gol.com>, Gamin (ga...@gol1.gol.com) writes:
>Now, there's a topic to catch the eye!
>
>On Fri, 26 Apr 1996, Nick Wedd wrote:
>
>> "\"Graham Cluley\"" <san...@cix.compulink.co.uk> writes
>> >
>> >> >Leonard Cohen?
>> >
>> >Oh, I thought it might have been influenced by people's opinion of
>> >Canada's most famous Leonard, writer of "That famous blue raincoat", "So
>> >long Marianne", and other songs for students to commit suicide to.
>>
>> Suicide? When I was a student I used his records as a hangover cure.
>> After ten minutes of listening to one, I would realise how ludicrous it
>> was, life couldn't possibly be _that_ bad.
>> --
>This is perhaps because you do not live in a country that has a fixation
>on encouraging its own culture, pours millions of taxpayers' dollars into
>encouraging the arts, and *then* ends up with Leonard Cohen, Margaret
>Atwood, Robertson Davies, Gordon Lightfoot, Anne Murray......
>
>And, just to make this posting relevant to the group, my boss just
>managed to get himself a massive cross-platform case of Winword Concept.
>I got it cleaned out of his clone by downloading the DSAVTK evaluation
>copy, but we had to clean the Mac with Scanprot.doc from MSoft. This was
>really loooooonnnnggggg and tedious. I tried to find inof on a better
>Mac program, but couldn't in the time we had.
>
>Is there a recommended Mac AV program that will get rid of this sucker
>more effectively?
There's a Dr Solomon's for macintosh, of course ...
But you could have done it with what you had. Copy all DOC files onto
floppies, take them to a PC, clean them there.
>(It certainly changed his tune about the dangers of viruses, though.
>Suddenly we have gone from: "It never happens in Japan, it never happens
>to anyone I know and it never happens to me" to "what was that newsgroup
>you read all the time?.....)
It's that attitude (it never happens...) that keeps the AV in business,
funnily enough.
--
Dr Alan Solomon, the man behind Dr Solomon's Anti Virus Toolkit
US tel (617) 273 7400 UK tel +44 1296 318700
Files: http://www.drsolomon.com CIS: GO DRSOLOMON AOL: VIRUS
Email: drso...@drsolomon.com CIS: 101377,3677 AOL: DrASolly
Personal: drs...@ibmpcug.co.uk http://www.ibmpcug.co.uk/~drsolly