matt@psuhcx (Matt Cohen) (05/22/88)
I was testing FLUSHOT Plus to see if it was worth the
$10.00 fee the Author, Ross Greenberg is charging.
I knew that a large number of hours had been put into the program.
The documentation made it lk prettgood, even though it was a bit
rambly.
I created a FLUSHOT.DAT file, and put in 37 lines
of the form
C=filename
When I loaded Flushot, I got a message saying that
there was no room for a table, and the machine hung.
I had not read the documentation closely enough. It turns
out that you have to put a 'dummy' checksum in each line
like this:
C=filename[12345]
Where 12345 is the dummy number. When flushot is started,
it checksums the file, and reports the new number, which
you have to write down and type in FOR EACH FILE!
I then rewrote the FLUSHOT.DAT file with only two programs,
command.com and a.bat checksummed. Flushot checked them on
startup, but did not perform as advertised when I ran A.BAT,
changed it, and ran it again.
Flushot claims that it checksums files whenever they are
loaded by MSDOS. I guess this does not apply to BATCH files.
I was going to test checksumming of .EXE files, but FLUSHOT
trashed my CMOS ram.
FLUSHOT PROTECTS CMOS RAM ?
Finally, I added two more lines to FLUSHOT.DAT with dummy
checksums. I restarted FLUSHOT and got the following
message:
CMOS RAM HAS BEEN CHANGED. Y TO CONTINUE, ANY OTHER
KEY TO PROCEED
Followed by a long garbled bunch of characters!.
Naturally, when I rebooted I could not boot from the
Hard Disk, until I restored the setup information.
My CMOS ram was trashed by FLUSHOT! I hoped that no damage
had been performed to my FAT!.
I then restored my ram with a CMOS-SAV progam which I wrote
for such a purpose, and reloaded flushot.
I then ran a program which zeroed out my CMOS ram using
MS C outp() function, without a whimper from FLUSHOT.
Note that I had no TSR'S present when this happened. I
have a Leading Edge AT clone (Made by Mitsubishi, same
as SPERRY IT). I am running DOS 3.1.
I considered the possibility of Ross Greenberg enforcing
his $10.00 fee by putting counters into flushot (since I
had to restart it each time I changed anything in the
FLUSHOT.DAT file and did this a number of times)
and put the idea aside. (That was a pretty virulent dissertation
in the manual about *worms*, maybe he thinks that people
who don't buy his software are *worms*?!? :-)
What I think Ross will accomplish by these threats, rewards,
challenges is ENCOURAGE scores of copycats to write viruses
to beat flushot (which is buggy).
My conclusion is that FLUSHOT Plus does not perform as
advertised (in my case, anyway) and I would not use it
or even trust it with my data.
The checksum protection is quite limited in number of
files, and the
method of entering the checksum is quite painful.
The bugs in the program might be excusable if
the program was public domain or shareware in the
sense that you pay for it only if you think it is
valuable (not if you use it, since technically, I
owe Ross Greenberg $10 since I used it) .
I think that it tries to do too much, and ends up doing
too little, even the wrong thing altogether. This shows
poor design and testing practice.
When I support a shareware program, I am not paying the
author for his time, I am paying for a finished product.
And a finished product, FLUSHOT PLUS is not !
The above is my opinion, and no-one is liable for it but
myself. I reserve the right to deny everything.
Matt Cohen (matt@psuhcx)
ejb@think.COM (Erik Bailey) (05/22/88)
Lineater, you'd better get your asbestos suit on pronto! ***FLAME ON*** In article <82@psuhcx.psu.edu> matt@psuhcx (Matt Cohen) writes: > > >I was testing FLUSHOT Plus to see if it was worth the >$10.00 fee the Author, Ross Greenberg is charging. > > [...] > > I had not read the documentation closely enough. It turns > out that you have to put a 'dummy' checksum in each line > like this: > C=filename[12345] > Where 12345 is the dummy number. When flushot is started, > it checksums the file, and reports the new number, which > you have to write down and type in FOR EACH FILE! Would you rather it do it FOR YOU? Gee that would be swift, wouldn't it? Nah, I don't think it would be TOO hard to extract the encodeing technique out of the code and rechecksum a trashed file... Lissen Matt, that is in there for YOUR protection!!! Is 5 minutes of entering a few numbers REALLY so BAD??? > I then rewrote the FLUSHOT.DAT file with only two programs, > command.com and a.bat checksummed. Flushot checked them on > startup, but did not perform as advertised when I ran A.BAT, > changed it, and ran it again. Well, what type of character did you put after the checksum? Only a + checksums a file when it is run. A - or ,1 checksum it at FSP load time. > Flushot claims that it checksums files whenever they are > loaded by MSDOS. I guess this does not apply to BATCH files. > I was going to test checksumming of .EXE files, but FLUSHOT > trashed my CMOS ram. > >FLUSHOT PROTECTS CMOS RAM ? Yes, it does. Since I don't have an AT, I've not used this feature. It may be a bug. > I considered the possibility of Ross Greenberg enforcing > his $10.00 fee by putting counters into flushot (since I > had to restart it each time I changed anything in the > FLUSHOT.DAT file and did this a number of times) > and put the idea aside. (That was a pretty virulent dissertation > in the manual about *worms*, maybe he thinks that people > who don't buy his software are *worms*?!? :-) > What I think Ross will accomplish by these threats, rewards, > challenges is ENCOURAGE scores of copycats to write viruses > to beat flushot (which is buggy). Well, I take offense to this. Why? I'm a close personal friend of Ross, and a major beta-tester for his software (INCLUDING fsp). Look. Ross didn't HAVE to write that program. In fact, way back on FLUSHOT v1.0, he just wrote it for the heck of it. He had no idea it would turn into practically a full-time job. If you put that much effort in, I'd suspect that you'd expect some money in return. BTW -- a *LOT* of people have registered FSP. BTW#2 -- there is NOT a counter in the code. > My conclusion is that FLUSHOT Plus does not perform as > advertised (in my case, anyway) and I would not use it > or even trust it with my data. > The checksum protection is quite limited in number of > files, and the > method of entering the checksum is quite painful. Awwww.... Can't read a number and type it in? Looks like you have a limited mental capacity. > > The bugs in the program might be excusable if > the program was public domain or shareware in the > sense that you pay for it only if you think it is > valuable (not if you use it, since technically, I > owe Ross Greenberg $10 since I used it) . Sorry, that's not shareware anymore. Look at 90% of shareware code. They say, basically, that you are entitled to use the program for a small period of time (for example TAPCIS says 21 days, and yes, I've registered mine), and if you use it beyond that, you are *REQUIRED* (emphasis on that word) to register. > I think that it tries to do too much, and ends up doing > too little, even the wrong thing altogether. This shows > poor design and testing practice. Well, don't use it. > When I support a shareware program, I am not paying the > author for his time, I am paying for a finished product. > And a finished product, FLUSHOT PLUS is not ! That's what new versions are for. v1.3 will be coming out very soon (probably this week) which will, among other fixes, fix a bug in the X= handling of 1.2... I'm SSSOOOOO sorry you object to bugs. Hope you never bought Lotus 1-2-3... > The above is my opinion, and no-one is liable for it but > myself. I reserve the right to deny everything. Good. Deny it then. > Matt Cohen (matt@psuhcx) ***FLAME OFF*** I am, by the way, forwarding your original letter to Ross. --Erik Erik Bailey | CompuServe | 7 Oak Knoll | (ARPA/USENET courtesy of ihnp4!think!ejb | PCMagNet | Arlington, MA 02174 | Thinking Machines Corp., ejb@think.com | 72261,3275 | (617) 643-0732 | First St, Cambridge, MA) do headache -> take 1 aspirin od "This terminates one way or another" -Dijkstra
ejb@think.COM (Erik Bailey) (05/23/88)
As promised, I forwarded matt@psuhcx (Matt Cohen)'s letter to Ross. Here's his reply: "Well, Matt, I'm sorry that you found the program to be less than you expected. You certainly got your money's worth, though, didn't you? Look, the program does try to do a lot. One area I'v had consistant trouble with has been CMOS. It'll get pulled in the next release. Not because some people didn;t find it useful. Just because the bitching from the people who had problems with it isn't worth the lousy $10 that the other people pay. If you don't like it, don't use it. I'm certain that I won;t lose any sleep over it. You might want to consider using one of the commercial products. I understand that at least one of them costs about $200. But, since you have to pay them in advance, I would assume that you'd not even consider such a thing. I ask people to contact me if they have a problem. I guess that part of the manual (the one with my phone number) must have escaped your astute observations as well as the "How to Use Flu_Shot" section must have. I know!! Your printer was out of paper! Well, just for you Matt, I'll print out a copy here and send it to you --- if you pay the postage. But, I guess with people like you around, I should just stop enhancing FLU_SHOT, or trying to protect *you* from the bad guys. Hell, I can't even protect you from yourself. Have a nice day, Matt." Erik Bailey | CompuServe | 7 Oak Knoll | (ARPA/USENET courtesy of ihnp4!think!ejb | PCMagNet | Arlington, MA 02174 | Thinking Machines Corp., ejb@think.com | 72261,3275 | (617) 643-0732 | First St, Cambridge, MA) do headache -> take 1 aspirin od "This terminates one way or another" -Dijkstra