the return of the smiling assassin

Discussion in 'other anti-trojan software' started by Longboard, May 17, 2006.

Thread Status:
Not open for further replies.
  1. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    :eek: ntl gives BOClean a wrap!!! Pigs seen flying. Raining dogs and cats. New conspiracy allegations expected any moment :eek:

    http://illusivesecurity.pytalhost.com/viewtopic.php?t=136

    In the process gives the pointy end to some others

    Does he design these specific tests?
    How relevant in the real world?

    LBD
     
  2. john2g

    john2g Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    207
    Location:
    UK
    You forgot to mention that he tested version 4.12 not the current version.
    4.12 hasn't been able to be updated for a few months now.
     
    Last edited: May 17, 2006
  3. comma dor dash

    comma dor dash Registered Member

    Joined:
    Jun 5, 2005
    Posts:
    146
    1.
    "You forgot to mention that he tested version 4.12 not the current version. 4.12 hasn't been able to be updated for a few months now."

    I hope that the latest version has not become worse and that the signature database has not been decreased since March 2006. Otherwise, the latest version may be unable to detect our age-old samples ;-)

    2.
    It's quite unfortunate that I am unable to anonymously purchase BOClean.

    3.
    I recently had lunch with an intellectual property rights lawyer (working for the industry, not the consumers). You can imagine that we had a rather looong discussion ;-)

    My arguments regarding DRM, fair use principle, interoperability, protection of open source software developers, competition law (including abuse of legal monopolies like IPRs) did not impress him too much. He was quite interested in the conflict between the overly strict European reverse engineering legislation and the business of the AV industry.

    Surprisingly, however, he was truly concerned when I explained to him that it is almost impossible to anonymously purchase software nowadays. He said that privacy IS important and that it is unreasonable to disclose your personal data if you want to purchase a cheap software product for 50 bucks or so. In particular, he was concerned about cross-border purchases because countries like the U.S. are quite far behind as regards data protection, ~Snip~ Political comment removed - Ron and so on.

    I was happy that he listened to at least one of my arguments and explained to him that the use of google frequently allows you to create a personal profile of a person of whom you know the e-mail address or the name. Thereafter, I googled his name and provided him with private information about himself ... ;-)

    I doubt that such concerns will stop the industrie's lobbying activities (i.e., the industry is likely to get any law it wants). But at least it's worth a try ...

    As regards, BOClean and other AV/AT software developers: you should enter into an arrangement with a trustworty intermediary (i.e., NOT Digital River) that does not disclose private data to you. If a consumer wants updates etc. s/he can still decide whether s/he wants to disclose private data to you. Moreover, it is always possible to prevent software piracy if you check the license no. when signature updates are downloaded.
     
    Last edited by a moderator: May 17, 2006
  4. comma dor dash

    comma dor dash Registered Member

    Joined:
    Jun 5, 2005
    Posts:
    146
    5.
    "Does [s/]he design these specific tests?"

    Yes. I crypted an unpacked trojan with a commercial protector.

    6.
    "How relevant in the real world?"

    As regards non-replicating malware I consider this simple test more relevant than, for example, our more complicated experiments dealing with decompression delays. This is because these commercial protectors are "readily available" in underground boards and every script kiddy can use them in order to camouflage malware. It does not require more than a few mouse clicks to operate a protector. There are frequently polls started in trojan boards dealing with the question: "What is the best packer?" and so on.

    7.
    @Ronjor

    My entire comment regarding IPRs and privacy is (of course) highly political. The removed "political issue" and data protection are closely connected. But I agree that the removed "political issue" (= 2 non-spectacular words) may be somewhat controversial. Therefore, let's protect the innocent Wilder's user o_O
     
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    It's not to protect the "innocent Wilders user". It's to keep someone of a different political belief, probably someone from that country from posting back disputing that his comment was not true or fair, or whatever... Then we'd end up heading into a totally unrelated conversation to the primary topic of this thread. (Somewhat like we're doing now, i.e. talking about the edit, but this is a lot less political. :D )
     
  6. comma dor dash

    comma dor dash Registered Member

    Joined:
    Jun 5, 2005
    Posts:
    146
    Oh .. my gosh ;-)

    And what about the political comment contained in the headline of this topic? Seriously, I NEVER smile when I kill people. I always wait until they are dead :ninja:
     
  7. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    I prefer smiling assassins to scowling ones. They're much more pleasant. :D
     
  8. john2g

    john2g Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    207
    Location:
    UK
    Why do you need to?

    You have a copy of BOClean 4.12 and all you need to get the current version is to mail upgrade@nsclean.com and provide them with your original purchase details.
     
  9. comma dor dash

    comma dor dash Registered Member

    Joined:
    Jun 5, 2005
    Posts:
    146
    Has been explained in our forum. I purchased a boxed version while I was still a U.S. resident. I won't disclose private data in order to obtain an update. I got 4.12 from another source.
     
  10. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    @ ,.- Wie geht es Ihnen?

    your objection to giving out private data particularly in your situation is understandable and admirable.

    The concept of anonymity on the www is light relief really. :D

    I have raved/rambled about the stealing of all our privacy before and many aspects of being on multiple databases is a grave concern to me. I bought a new DVD player the other day and to get the guarantee for the device activated there was a 2 page "profile" to be filled in which included all sorts of details AFAICS none of which were germane.
    On one hand innocent "market profiling' to "improve our customer communications" on the other hand intrusive nonsense which interconnects me to at least three vendor related databases.

    edit: The opt out box was a tiny little option under around and behind the last page .

    Now we all can see and know how the US Govt "protects our privacy" Big Brother was a kindergarten toddler in comparison. !!

    We all now know how crap the security for various data bases are.
    Out of interest why are you so down on DIgital River?

    Software updates are a problem when one considers how many updateable apps we have and what info we have given out.

    For purely selfish reasons on my part, surely you of all people can suss out a way to have an internet id that would allow you to access the softwares that catch your eye. I for one would be willing to donate part of the costs of buying such software as long as you didn't know who I was and I recieved a 10 page disclaimer detailing who you are and how you will use my donation; in triplicate. LOL

    As a one person task force that probably does represent a problem.
    cf XPT rixstep and the rickster. LOL

    Wiederschon.

    Lbd.
     
    Last edited: May 19, 2006
  11. comma dor dash

    comma dor dash Registered Member

    Joined:
    Jun 5, 2005
    Posts:
    146
    1.
    "Out of interest why are you so down on DIgital River?"

    This was just an example. They distribute BOClean.

    2.
    What's also interesting. A customer has to disclose his identity in order to purchase software. Certain vendors try to avoid disclosing their identity ;-)

    See for example, Ghost Security: http://www.ghostsecurity.com/index.php?page=about . There is no information about the company/individual with whom you conclude a contract. Weird, isn't it? (Of course "insiders" know who stands behind this firm. But that does not matter.)

    Also the developer of System Safety Monitor does not disclose the relevant data: http://www.syssafety.com/company.html . Are you dealing with an individual or a limited liability company that can easily let you down and go into bankruptcy if there is a problem?

    In Germany, for example, commercial websites without detailed contact data are illegal: http://www.bahnhof-hamburg.de/impressum.html
     
  12. comma dor dash

    comma dor dash Registered Member

    Joined:
    Jun 5, 2005
    Posts:
    146
    ~quote and remarks to that quote removed since the accusational post was removed....Bubba~
    @all

    I have valid licenses for many scanners. But I do not use them (and in particular not for online updates). Normally, I try to anonymously purchase boxed versions. Sometimes, I purchase a license through a trustworthy intermediary (which is perfectly legal). In addition, I have many more license keys which I use in order to perform a test. This includes trial licenses, licenses sent to us by software developers (although we constantly say that we do not want any free licenses) etc.

    Example 1: I have purchased a valid A2 license (simply in order to support the developer). But I never used it. The developer (who wants me to test his software) granted me an additional license valid until 2015 or something. In addition, he frequently sends me the license data via e-mail (because I always forget it and I'm too lazy to look for it ;-) That's how it works in practice. Also developers like Misec, SysSafety, Ulbrich etc. offered or even sent free licenses to us. You really can't do much about it. (Exception: I successfully refused the grant of a free license by Misec.)

    Example 2: I have a valid NOD32 license. But I don't use it. Instead I use trial licenses or alternative licenses that are "readily available". Do I feel bad about it? No. Why should I?

    The REAL good question would be whether we have valid licenses for the "readily available" packers/crypters/commercial protectors that we frequently harvest from underground boards in order to perform real-world tests. And you may ask software developers a similar question.
     
    Last edited by a moderator: May 19, 2006
  13. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Removed an unnecessary accusational post.
     
  14. comma dor dash

    comma dor dash Registered Member

    Joined:
    Jun 5, 2005
    Posts:
    146
    Then you can remove the rest as well (except the very last paragraph because this is the only interesting question).
     
Thread Status:
Not open for further replies.