VisiCrypt: Strong Symmetric Encryption Spreadsheet

[danleonida]

I developed a strong, symmetric encryption spreadsheet in Excel and am trying to start a dialogue about it. Call it a poorman's peer review technology. It is free and copylefted.

It exploits the fact that spreadsheets allow up to 32K characters in a cell. The advantage of doing it in a spreadsheet -- was successfully tested in MS Excel and OpenOffice -- is that it can be used from just about any public PC on the continent.

It is not intended to encrypt files. It is primarily meant for email encryption.

Here she comes...

2012.08.24…VisiCrypt 1.1.xls
This is the main xls file.

2012.08.24…VisiCrypt 1.1.csv
Same as above only in csv format. The intent is that users could use the xls file as a model and reconstruct the xls file privately and offline. During the development process I got infected on several occasions and that’s how I made sure the users of VisiCrypt would not have to go through all that suffering.

2012.08.22...VisiVirus - 2.3 meg empty file.xls (download pwd="infected")
2012.08.22...VisiVirus - Selection too large.xls (download pwd="infected")
Above two links are to some of the viruses I mentioned above. The first is a 2.3 meg EMPTY xls file which resisted all my efforts of garbage collection. If anyone can decompile it… I’m very curios as to what the hell is in there!!

The second VisiVirus link is to a locked xls which does not allow the user to expand the software. This “feature” vanishes if one recreates the VisiCrypt.xls from the dot-csv version.

2012.08.26...VisiKey 1.2.xls
Last one generates random keys by XOR’ind Excel RAND() with some graphics file to mask the PSEODOrandom attribute of the RAND() function. This allows two parties that want their privacy to generate a large number of long and disposable keys that CANNOT be guessed by ‘people’ with insider knowledge of the operation of RAND() function.

Hope that’s enough of a dialogue starter. Have fun and…

Please do disturb!
Not disturbed enough yet.

danleonida-at-yahoo-dot-com

[CloneRanger]

@ danleonida

Quote:

Above two links are to some of the viruses I mentioned above. The first is a 2.3 meg EMPTY xls file which resisted all my efforts of garbage collection. If anyone can decompile it… I’m very curios as to what the hell is in there!!

Hi, what makes you think those files are infected ?

I uploaded them to here

2.3 meg empty file.xls - *

selection too large.xls -

Nothing found by ALL those AV's !

I converted them to .TXT & discovered LOTS of "interesting comments in them for eg

Quote:

Knowledge speaks, but wisdom listens. Jimi Hendrix.

What's all that about ?

I can't help with the Encryption though, over my head All the best with it though.

[danleonida]

Quote:

Originally Posted by CloneRanger

@ danleonida
Hi, what makes you think those files are infected ?

The fact that one oof them is just an empty xls and saves in 2.3 megs. I’m an ol’ timer in Excel and never saw a file I could not clean up. What’s in the 2.3 megs?

*

Those are commercial virus scans. The viruses I contracted were custom made for my enjoyment by someone with a stake against strong encryption for emails.

The ‘selection too large’ xls prevents one from pasting a simple Excel line more than 3-400 times. The ability to paste once for every character you want to encrypt is essential to the VisiCrypt end-user.

Quote:

Originally Posted by CloneRanger

@ danleonida
I converted them to .TXT & discovered LOTS of "interesting comments in them ;
What's all that about ?

That’s just sample text included in the file so that users can ‘play’ with it! Try it! You may be surprised.

Quote:

Originally Posted by CloneRanger

@ danleonida
I can't help with the Encryption though, over my head All the best with it though.

You seem to be selling yourself short! Are you familiar with the basic operation of a spreadsheet? That’s all it takes! One of the reasons I’m trying to start a dialogue is to see just what kind of difficulties people have in using it!

Be good and do disturb!
Not disturbed enough.

danleonida-at-yahoo-dot-com

[CloneRanger]

Quote:

Originally Posted by danleonida

The viruses I contracted were custom made for my enjoyment by someone with a stake against strong encryption for emails.

You didn't explain that originally ! So how did you get Uninfected ?

I would suggest you post both those files here http://www.kernelmode.info/forum/vie...be19c661d4d3d8 FULLY explaining the situation. You won't find much better skills most place else to analyise them. If there is "something" dodgy in them, they "should" discover it

Quote:

That’s just sample text included in the file so that users can ‘play’ with it!

I see

[danleonida]

Quote:

Originally Posted by CloneRanger

You didn't explain that originally ! So how did you get Uninfected ?

I wrote equations which extracted only MY equations and place them in a new tab in dot-csv format. Dot-csv, if you don't already know, is WYSIWYG text and has no 'room' to place a virus. I used this file to totally recreate by cut&paste the original file in a brand new Excel workbook.

It worked like a charm and I'm advocating the very same technique to anybody having a need for max level of security. The operation only takes from to two hours, depending of one's level of cut/paste expertise in Excel. BTW, Excel macros can be distributed in the same way, too!

About the URL to the site able to find the virus. Thx! I'll try it. I think what I need is more like Microsoft expertise to decompile/analyze the files. I'm quite sure there are hidden macros in there which run even if macros are disabled.

[danleonida]

Hi CloneRanger,

Quote:

I would suggest you post both those files here http://www.kernelmode.info/forum/...

I did and here's the link.

About...

Quote:

I can't help with the Encryption though, over my head...

Cryptography ranges from second grade all the way to way post doctoral complexity level. Let me give you an example of unbreakable second grade level encryption.

1 – Write ALL characters [including non printable] you want to encrypt in a row.
2 – Tape the row in a loop and make another identical loop for the person receiving the cryptogram.
3 – The key is numeric and decimal.
4 – Place the key under the plaintext, one digit below each character. Repeat key as needed.
5 – To encrypt, advance the the loop at [2] clockwise the number of places in the key digit below. To decrypt do the same, only counterclockwise.

Now… If the key is, say, 13 then breaking the cipher by brute force [trying ALL possibilities] is no problem. But what if the key is 100 digits long?! There are one google possibilities!!

That’s the ‘secret’ of VisiCrypt! It allows key of up to 2^15 characters! The encryption algorithm is a no-brainer! Just the bit-by-bit exclusive-or of the characters with the key. VisiKey [find link in opening post] allows for easy, untraceable creation of thousands of random [as opposed to pseudo random] keys so that each one of them can only be used once. BTW, if you don’t know what “excliusive-or’ing” is, I placed a simple demo of it in VisiKey.

Symantec, I hear, purchased PGP sometime in 2010 and is no longer available for free. They charge about $100 per year just for the license!

I’m unaware of any other free&strong encryption for emails anywhere! VisiCrypt has the added advantage of its software being visible at all times and quite uninfectable if distributed as a text file.

That is why I want to start a public dialogue on the subject. Will you give it a try?!

[CloneRanger]

Quote:

Originally Posted by danleonida

I did and here's the link

Be interesting to see what happens. At least one of the members on there works for MS in AntiMalware etc & is highly regarded.

I don't have Excel or anything similar, as i have no need for it, so i won't be able to assist !

[danleonida]

Quote:

Originally Posted by CloneRanger

Be interesting to see what happens. At least one of the members on there works for MS in AntiMalware etc & is highly regarded.

So far, nothing happened! Some views but no replies, or any signs of curiosity!

Do you happen to know the UID of the MS AntiMalware guy? I might be able to find him in another thread and ask him. However… I have my doubts he’ll be able/willing to embarrass his employer publically. Excel is notorious for its MISERABLE security! It’s worth a try, though!

Quote:

Originally Posted by CloneRanger

I don't have Excel or anything similar, as i have no need for it, so i won't be able to assist !

VisiCrypt works just fine in OpenOffice Calc. You will not be able to easily reconstruct the spreadsheet from the published dot-csv file. I can provide a dot-csv for OpenOffice Calc if there is a demand.

Just in case you are curious, here’s OpenOffice 3.2.0 download.

[CloneRanger]

Hi, OpenOffice requires Java which i don't have or want I'll PM you the username

[danleonida]

CloneRanger,

I added download pwd to the virus files on my server. for the record, however, I've never experienced any effects of these viruses on the PC! Only on the running encryption Excel!

But you had a good point!

BTW, Do you know why the mod - I assume - removed the links to the virscan reports?!

[JRViejo]

Quote:

Originally Posted by danleonida

BTW, Do you know why the mod - I assume - removed the links to the virscan reports?!

danleonida, as a new member, perhaps you are not aware of our Policy Regarding the Posting of Jotti/Virus Total Results.

Quote:

It is a policy here at Wilders Security Forums that scan results from services such as Jotti, Virus Total or similar websites, should not be posted unless requested by a forum staff member.

[chronomatic]

Congratulations, you have reinvented the one-time-pad, though a weak easily breakable version.

As Bruce Schneier says:

"Anyone can invent an encryption algorithm they themselves can't break; it's much harder to invent one that no one else can break".

[danleonida]

Quote:

Originally Posted by chronomatic

Congratulations, you have reinvented the one-time-pad, ...

Thank you! Now I know what is called. I'm NOT a cryptographer; I'm a retired h/w designer, which is the area of my inventions.

I knew the technique was uncrackable, only I read about that in an article whaich called OTP the First Axiom of Cryptography.

Here's is what the textbook of all textbooks has to say about OTP.

Quote:

Originally Posted by chronomatic

(OTP)...though a weak easily breakable version.

...it's much harder to invent one that no one else can break".

That's interesting, very interesting!

How can an encryption algorithm be categorized by someone as both OTP and 'weak'??!! That's an oxymoron!

In the first part of the last quote you make a very strong statement: "weak easily breakable".

How in the world can I defend myself in a way other then issuing a challenge to you?! I don't want to do that except by request only.

Have you even looked at it or read the rest of the thread?

[chronomatic]

Quote:

Originally Posted by danleonida

Cryptography ranges from second grade all the way to way post doctoral complexity level. Let me give you an example of unbreakable second grade level encryption.

1 – Write ALL characters [including non printable] you want to encrypt in a row.
2 – Tape the row in a loop and make another identical loop for the person receiving the cryptogram.
3 – The key is numeric and decimal.
4 – Place the key under the plaintext, one digit below each character. Repeat key as needed.
5 – To encrypt, advance the the loop at [2] clockwise the number of places in the key digit below. To decrypt do the same, only counterclockwise.

Sounds a lot like the "wheel cipher" system Thomas Jefferson invented in the 18th century. The system Jefferson used had 2^138 complexity but is still *easily* breakable today. Read the cryptanalysis section at the Wikipedia article to see why. http://en.wikipedia.org/wiki/Jefferson_disk

Quote:

That’s the ‘secret’ of VisiCrypt! It allows key of up to 2^15 characters! The encryption algorithm is a no-brainer! Just the bit-by-bit exclusive-or of the characters with the key.

What you have done is reinvent the stream cipher, although a simplified and easily breakable one.

Quote:

VisiKey [find link in opening post] allows for easy, untraceable creation of thousands of random [as opposed to pseudo random] keys so that each one of them can only be used [u][b]once.

How are you getting truly random numbers on a computer? Or are you rolling dice? And why would anyone want to use a cipher where one has to remember a different key for each message? Moreover, how do you propose for key exchange to happen? Via carrier pigeon?

Quote:

Symantec, I hear, purchased PGP sometime in 2010 and is no longer available for free. They charge about $100 per year just for the license!

So? Gnupg is free and open-source and is fully PGP compatible. Don't trust it? Then read the source code and find the errors yourself and let the rest of us know about them.

Quote:

I’m unaware of any other free&strong encryption for emails anywhere!

Gnupg.

Basically you are committing the cardinal sin of cryptography -- inventing your own home brew cipher without proper peer review. Run this idea by the guys on sci.crypt and see what they say.

[danleonida]

Quote:

Originally Posted by chronomatic

Gnupg.

Basically you are committing the cardinal sin of cryptography -- inventing your own home brew cipher without proper peer review. Run this idea by the guys on sci.crypt and see what they say.

That's a highly unusual and long reply! I only have the time right now to comment on your last statement because the comment I have in mind is soo...oo short, sweet and simple.

About "peer review"...

What the h... do you think I'm doind here?

About "inventing my own cypher"...

THE ALGORITHM IS HARDLY MORE THAN JUST AN XOR WHICH I DID NOT INVENT!!

I did however invent other useful things which 'created the need' for VisiCrypt in the first place!

About sci.crypt ...

I'll pay them a visit right after this board. I still want to read your reply in the Zimmermann thread.

Got to go...

[danleonida]

Quote:

Originally Posted by chronomatic

Sounds a lot like the "wheel cipher" system Thomas Jefferson invented in the 18th century. The system Jefferson used had 2^138 complexity but is still *easily* breakable today. Read the cryptanalysis section at the Wikipedia article to see why. [url="http://en.wikipedia.org/wiki/Jefferson_disk%5B/quote"][color=#0000ff]http://en.wikipedia.org/wiki/Jefferson_disk

Not “*easily* breakable today” by a second grader!! That was just AN EXAMPLE!

Edit: I checked the wikilink you gave and the two cyphers are not even close! The one in my example has two 'disks': one for the sender; one for the receiver!

Oh dear!

Quote:

Originally Posted by danleonida

Let me give you an example of unbreakable second grade level encryption.

Quote:

Originally Posted by chronomatic

How are you getting truly random numbers on a computer? Or are you rolling dice? And why would anyone want to use a cipher where one has to remember a different key for each message? Moreover, how do you propose for key exchange to happen? Via carrier pigeon?

You didn't read the post?! Now, did you!

Edit: One thing I forgot to mention in the original post is that the thousands of keys are generated in a face-to-face meeting of Alice/Bob and put on a memstick. The stick stays around their necks 24/7 and, if lost in an attack, they just get together again to generate a new memstick. There NOTHING lost if the keys are only used once. Caching of cryptograms will not work.

Quote:

Originally Posted by danleonida

2012.08.26...VisiKey 1.2.xls

Last one generates random keys by XOR’ind Excel RAND() with some graphics file to mask the PSEODOrandom attribute of the RAND() function. This allows two parties that want their privacy to generate a large number of long and disposable keys that CANNOT be guessed by ‘people’ with insider knowledge of the operation of RAND() function.

Quote:

Originally Posted by chronomatic

Then read the source code and find the errors yourself and let the rest of us know about them.

...or use VisiCrypt.xls which their accountant can verify!!! ...and, of course, they can let YOU know what they found!!!!

Let's get serious around here, shall we?!

Your prose comes across as that of a caffeine-deprived, bored academic that's very, very good at name-dropping! Not a good candidate for a peer review! Don't you agree?

Quote:

Originally Posted by danleonida

About "peer review"...

What the h... do you think I'm doind here?

How about it?!

Quote:

Originally Posted by danleonida

How in the world can I defend myself in a way other then issuing a challenge to you?! I don't want to do that except by request only.

Have you even looked at it or read the rest of the thread?

Would you – or anyone else for that matter – enjoy a challenge??!

Edit: And what about all them viruses coming my way while talking/developing VisiCrypt/VisiKey and am talking [to myself] about on another forum?
The link is on this forum #6, top!

[chronomatic]

Quote:

Originally Posted by danleonida

Edit: One thing I forgot to mention in the original post is that the thousands of keys are generated in a face-to-face meeting of Alice/Bob and put on a memstick. The stick stays around their necks 24/7 and, if lost in an attack, they just get together again to generate a new memstick. There NOTHING lost if the keys are only used once. Caching of cryptograms will not work.

Well then you have reinvented the One-Time-Pad. A OTP is essentially a stream cipher where the keys are only used once, which sounds an awful lot like what you've done here. I'm still trying to figure out what the spreadsheet is for.

There are numerous problems with OTP's. For one, each bit of data must be encrypted with one bit of truly random key. This means the keys will be extremely large, especially when talking about moving lots of data. For instance, if I wanted to encrypt my 2 TB hard drive with a OTP, I would have to keep a second hard drive sitting here with 2 TB's of key on it. So it makes it worthless. If an adversary gets the "key" hard drive, he gets all the data. Protecting the key is a major problem with OTP's.

Second, the key can never be reused. Even part of the key cannot be reused. During the Cold War the U.S. cracked some Soviet OTP's because the Soviet's got lazy and reused their pads.

And third, key exchange is a *major* hassle. As you said, you have to meet in person to exchange pads. This simply isn't practical for 90% of the people on the Internet wanting to exchange e-mails with someone thousands of miles away.

This is *exactly* why Whit Diffie and Martin Hellman discovered public-key cryptography (along with people at GCHQ). It allows you to securely exchange keys over an insecure medium. It was the biggest breakthrough in cryptography in centuries and is available to everyone on the Internet for free. I see no reason to reinvent OTP's when we have better and much more practical options.




.

[danleonida]

Quote:

Originally Posted by chronomatic

Well then you have reinvented the One-Time-Pad. … I'm still trying to figure out what the spreadsheet is for.

Will you, please, stop using the word ‘invention’ and its derivatives? I am an inventor and quite sensitive about the misuse of the word et al! Thank you!

The encryption algorithm is just an XOR function which I DID NOT invent. It is a stupid, naturally occurring logic equation: A xor B = A not B or B not A!! Nothing else! The spreadsheet approach is another story though I still think it is not (although it may be!) an ‘invention’.

Do you use them, or have some experience in the area?

They are INTRINSICALLY OPEN!

1 - You click on a value – any value – and see the expression that generated it.

2 – Excel/OpenOffice allows for up to 2^15 characters per cell. THE KEY CAN BE THIS LONG!!

3 – They can be distributed (this MAY be an invention, but I don’t care!) as a dot-csv file. If you don’t already know… It stands for comma-separated-values and it is just a text file. It can include chksums, CRCs, etc and cannot be bugged ‘in transit’. The distributor of such s/w can be his/her own ‘authenticator’!

4 – It is part of various Office s/w suits and, therefore, run from public computers (e.g. libraries) that may not provide users with execute privileges.

Encryption and spreadsheets are a match made in Haven, for my money!


You seem to know more about encryption/general security! Can you see any ‘hole’ in my rationale?! That’s what peer-reviews all about!

Quote:

Originally Posted by chronomatic

… For one, each bit of data must be encrypted with one bit of truly random key.

We almost agree! ‘Truly random’ only as far as Eve is concerned!

Specifically, I’m currently considering another spreadsheet – VisiKey – which XORs a ‘truly’ randomly chosen graphics file with locally generated pseudorandom numbers to generate thousands of truly random keys stored on two identical memsticks in a Alice/Bob face-to-face meeting. These keys are used ONCE, zeroed out and saved again, hopefully, to avoid their presence on disk blocks labeled ‘available’.

Goes without saying that the PC doing it is NOT online, never was and never will be for max. security. Also the ‘truly’ randomly chosen graphics file (or random portions thereof) is never stored or talked about outside the Alice/Bob face-to-face meeting.

Quote:

Originally Posted by chronomatic

…if I wanted to encrypt my 2 TB hard drive…

Sorry my friend! VisiCrypt is meant to EMAIL!!

I’m afraid your 2 TB hard drive will have to be done by hand!!! Sorry!

Quote:

Originally Posted by chronomatic

…And third, key exchange is a *major* hassle. As you said, you have to meet in person to exchange pads.

Yes and no! For max. security ‘yes’!

For not-so-max security, one can send a first key by regular mail or imbedded in a graphics file (spreadsheet for that in progress!) and subsequent keys imbedded in the current cryptogram. Well… No such thing as a free lunch!

Quote:

Originally Posted by chronomatic

…It was [RSA, d.l.] the biggest breakthrough in cryptography in centuries and is available to everyone on the Internet for free. I see no reason to reinvent OTP's when we have better and much more practical options.

Don’t you think I know that?! Really…!?

VisiCrypt Short History

Developed it in 2006.
Submitted for review (I literarily gave them a floppy) to the Local National Insecurity Industrialists.
Review No.1: “We didn’t think you were going to make this far! You should suggest in the VisiCrypt documentation that users could use PGP to exchange keyphrases”.
Review No.2: “We don’t mind if you are using it but, please, (they actually said “please”!) do not distribute it!”

Chronomatic, Assuming that you don’t think that I’m lying to you, are you still convinced that RSA is “free” on the Internet?! Do you still “see no reason to reinvent OTP's”?!

Edit: Given the number/nature of the viruses I contracted, I would say that somebody out there sees a reason to reinvent OTP. I placed the viruses on kernelmode forum in an effort to find pros to look at them. No luck! All quiet!

Yesterday I PM'ed a guy described as knowledgeble in malware and invited him to join my thread!

Today...The site has been down for several hours. I just don't know if that's normal, a coincidence, or what... Here's the link if anybody wants to try it!

[danleonida]

...and here's my competition:

"...designing a specific hardware security device – the MilsCard. It comprises all the sensitive system components and is available as a USB token.

Why aren't they talking about the measures taken to ensure the USB driver is not bugged? Ex.: If incoming data seems to be random for, say, 10 secs, replace it with pseudorandom stream!!

Who's going to know?!

[chronomatic]

Quote:

Originally Posted by danleonida

...and here's my competition:

"...designing a specific hardware security device – the MilsCard. It comprises all the sensitive system components and is available as a USB token.

Why aren't they talking about the measures taken to ensure the USB driver is not bugged? Ex.: If incoming data seems to be random for, say, 10 secs, replace it with pseudorandom stream!!

Who's going to know?!

No one. You can't trust hardware like that unless it is fully open and can be analyzed.

[chiraldude]

I have been trying to follow this thread but really can't figure out what it is about.
I think the OP is trying to make One Time Pad encryption simple to use via a spreadsheet. The purpose of this is to generate encrypted messages that can be attached to email.
Question: What is the threat model this is intended to address?
Really, if you don't define the threat you are trying to protect against, you end up in hopeless arguments about hypothetical attacks.

Don't know what to say about the virus thread that is embedded in the main thread. It's really hard to analyze virus code that is generated by alien technology from Area 51.

[danleonida]

Quote:

Originally Posted by chronomatic

...You can't trust hardware like that unless it is fully open and can be analyzed.

The ol' saying holds true in cryptography more than anywhere else: If you want it done right, do it yourself!

I miss my old parallel printer port which MS "strongly discourages" system makers from providing. It was memory mapped, fast, required no installation or drivers and just perfect for apps like the milsCard!

http://en.wikipedia.org/wiki/Parallel_port

[danleonida]

Quote:

Originally Posted by chiraldude

I have been trying to follow this thread but really can't figure out what it is about.
I think the OP is trying to make One Time Pad encryption simple to use via a spreadsheet. The purpose of this is to generate encrypted messages that can be attached to email.
Question: What is the threat model this is intended to address?

You got it! It doesn't have to be attached; it could be included.

Also virtually unbreakable by virtue of the very long keys. Keys generated face-to-face and stored on USB. Consist of XOR of pseudoRAND numbers generated by spreadsheet with truly randomly chosen txt, png, bin file selected during the preliminary Alice/Bob meeting and NEVER stored.

Immune [?] to MITM attacks by virtue of its text file distribution. Chksum, CRC, etc in the works. I still want some opinions from people more knowledgeable than me on the subject of keygen!

Quote:

Originally Posted by chiraldude

Don't know what to say about the virus thread that is embedded in the main thread. It's really hard to analyze virus code that is generated by alien technology from Area 51.

!!! I'll publish some shots of the 'aliens' in action! Not all viruses are 'photogenic' enough for screenshots! I'm not at 'home' just now, so I got to go...

[danleonida]

Quote:

Originally Posted by chiraldude

Don't know what to say about the virus thread that is embedded in the main thread. It's really hard to analyze virus code that is generated by alien technology from Area 51.

Back to 'homebase' and took the pictures I promised you!

Infected Excel: 2012.08.22...VisiVirus - Selection too large.xls
Virus screenshot:2012.09.10...VisiVirus - Selection too large - Screenshot.PNG

There is a download password for the Excel file: "infected"

Edit.2: Sorry! I forgot!

THE FILE IS INFECTED BUT I HAVE NEVER KNOWN THE INFECTION TO AFFECT THE COMPUTER! JUST THE SPREADSHEET! The file is also locked so it cannot be used for encryption. Only for the alien virus demo![/edit.2]

The screenshot shows what happens if one wants to copy the full row 37 and paste it down about 500, or so, rows. The message "Selection too large" IS NOT FROM EXCEL!!! IT IS FROM THE VIRUS!!!

The top of the screen contain my whereabouts courtesy of WhatIsMyIP.com

PROOF:

If one reconstructs the Excel file from the dot-csv I provide: 2012.08.24…VisiCrypt 1.1.csv

...one gets a perfectly operational VisiCrypt like this: 2012.08.24…VisiCrypt 1.1.xls

...which allows a user to paste line 37 as many times as needed (once for every character in the plaintext/cryptogram.


CONCLUSION:

Since someone went through the trouble of creating a virus with "my name on it", it follows that VisiCrypt is a threat to him/her if made public.


SO,...

Let's not just make it public, let's make it public AND as perfect as we can!

Is anybody game in this mildly risky venture?!

Edit.1: All together I contracted 3 viruses while developing VisiCrypt. Someone on this board sent me here where, he said, the MS malware people 'hang out'.

I sent a PM last Thursday. Since last Friday the site was only up for long enough to see that the PM was answered, one out of three viruses were looked at and the conclusion was 'not malware'.

Really?![/edit.1]