Throwback Thursday: What You Pay For... (September 1996)

2015-07-16

Ian Whalley

Virus Bulletin, UK
Editor: Martijn Grooten

Abstract

As is well documented, the Internet offers many opportunities for viral spread. However, it also provides mechanisms for anti-virus spread – in 1996, VB took a brief look at the world of downloadable anti-virus software.


(This article was first published in Virus Bulletin in September 1996.)

Much is written, in these pages and in other publications, about the risks of downloading a virus from the Internet. Viruses can be picked up both intentionally and inadvertently – this is the threatening side of the free-for-all (well, almost) data transfer the Internet offers.

However, this article will look at the brighter side. Not only does the Internet give viruses the chance to penetrate computer systems, it also offers users the chance to retrieve both software and information to help combat them.

The Old Days

The concepts of ‘freeware’ and ‘shareware’ have been around since the dawn of computing. Indeed, at the very beginning most software was free, and written mainly to further a primitive art. In the PC age, most software on the majority of PCs is purchased, as are the computers themselves. However, the twin worlds of freeware and shareware have managed to survive – whilst most corporates wouldn’t touch shareware with a barge-pole, it is invaluable for genuine enthusiasts and hobbyists.

One of the few problems with software for nothing (or very little) was this: how do you get access to it? The software may be free, but the floppy disk containing it is not, nor is the postage. Certainly, BBSs went some way to alleviating these problems, but long-distance telephone charges which are incurred downloading from BBSs across the world are never welcome, and those were the days of modems with a maximum data transfer rate far less than half of today’s.

Today

The Internet, now in so many offices and homes throughout the world, provides an obvious transfer mechanism for such software. Once connected, the user can download from anywhere from London to Ulan Bator, free of charge.

When it comes to anti-virus software, the Internet has a big advantage. It can take up to several weeks to get a piece of software by post, but you can get it immediately (it takes many minutes, in tedious reality…) from the Internet. If you think your computer has a virus, the last thing you want is to wait days to receive the program to detect and cure it. Now, a user can simply point a browser at a WWW site and download a scanner, and fix the problem there and then.

What's Out There?

As with everything on the Internet, the problem is not so much ‘is it there?’ but ‘where is it?’. Most major anti-virus companies are on-line, and the rest are working towards it. In addition, you can sometimes use the major software resources on the Internet – SimTel springs to mind as the most well-established of these, but there are many others.

There are many products from smaller companies, or even individuals, which do not have their own Web or FTP site. These are consequently only available from such software resources – more on these later on.

A Word of Warning

This article was begun with clear mental definitions of the terms ‘freeware’, ‘shareware’, and ‘evaluation copy’. However, as soon as the research began, a discrepancy between the way the words are used in the industry, and the definitions perceived at the outset, surfaced.

Take ‘shareware’, for example. This is used to describe software which may be used for a certain length of time before you must either delete it, or pay the registration price to the company, which is similar to the meaning of the phrase ‘evaluation copy’. With shareware, the user may pass the software on to anybody: each user is then subject in turn to the same terms and conditions.

The terms and conditions placed by various manufacturers on their software will be illustrated throughout the article by quoting from the relevant documentation.

Free Stuff

So, what’s out there that will cost you nothing? By far the best known anti-virus product to match this criterion is Frisk’s F-Prot – not only is it free, but it’s also very good.

The terms and conditions state that the ‘English-language shareware version of the F-PROT anti-virus program is free of charge for any individual using on his/her personally owned computer, which is not used for a commercial purposes [sic]’. Of course, for companies there is a range of prices, based on the number of PCs to be protected. [1]

Almost Free Stuff

Many more companies advertise their products as being available as ‘shareware’, with exact conditions varying only slightly from product to product. For example, ESaSSThunderBYTE document states: ‘We invite you to download an evaluation version of our software with no obligation, other than to remove the software at the end of your 30-day trial period if it does not meet your needs or expectations.’ [2]

Similarly, Stiller Research’s terms for Integrity Master allow the user to evaluate the software for sixty days [3], after which he is expected to pay for the software if he wishes to continue using it.

The terms and conditions for McAfee SCAN are not clearly stated in the accompanying documentation; however, when run, the program displays the message: ‘This version of the software is for Evaluation Purposes Only and may be used for up to 30 days to determine if it meets your requirements… If you choose not to license the software, you need to remove it from your system.’ [4]

Evaluation copies?!

Few products appear in this, the final category used by vendors to describe the versions of their products available for download. However, the term is in current use.

SophosSweep, when downloaded from its WWW site and executed, informs the user: ‘This software is licensed for evaluation purposes only. It is not licensed for business use or for resale.’ [5] The time allowed for evaluation is not mentioned; the closest specification is the statement: ‘You can download … for a limited period of free evaluation.’ [6]

Also available for evaluation in this way is S&SFindVirus, which is configured to execute until two months after the release date. As the documentation states: ‘This version of Dr Solomon’s FindVirus is for evaluation purposes only. It is NOT free, shareware, or public domain.’ [7]

It is interesting to note the declaration that the product is not shareware, although the conditions under which it may be used are not vastly different from those which do label themselves shareware. The only material difference is that users are clearly not meant to pass on products calling themselves ‘evaluation copies’, whereas they are positively encouraged to pass on shareware.

Other Notes

So far, this sounds fantastic, doesn’t it? Product after product after product, all free, even if after a while most must be thrown away. However, there is a lot of rubbish out there, and the uninitiated find it difficult to separate the wheat from the chaff.

All sorts of interesting anti-virus products were available for download from the mysterious ether that is the Internet; unfortunately, many had one major problem in common. The text editor with which this article was written dates from early 1994, and the editor with which the author writes email dates from the mid-1970s.

Despite this, both work as well as the day they were completed. However, unlike text editors, anti-virus products have a use-by date: there’s little point in using a scanner from 1991 to protect a PC in 1996. This is the main factor allowing anti-virus vendors to sell you a subscription to their product, rather than just a box with some disks inside.

Products from as long ago as the late 1980s were available (and downloaded) from the anti-viral haunts of the Internet, but no updates to any of these pieces of software could be found. The authors gave up writing it, but somewhere out there, the software lives on. Worthy of note was a Brain detector which was discovered – Brain died out in the wild years ago, and would never survive today. The software worked (it detected and removed Brain from a 360K 5.25-inch diskette…), but is entirely useless in the world of the 1996 computer user.

However, not even the issue of outdated software is easy. Very old (1993) copies of F-Prot were also available for download – not only must you beware of obsolete products, but also obsolete versions of software. Whilst F-Prot in its current incarnation is a perfectly good anti-virus product, the same cannot be said of a three-year-old copy.

Conclusions

That users can download and use anti-virus products at a moment’s notice should they suspect a problem on their machine is undoubtedly a positive development. With the exception of long download times, which are the bane of the Internet (especially for home users connecting via modem), the only real problems involve ensuring that the software is both up to date and up to the job.

A final thought: the software is made available by vendors largely on the honour system – if the conditions require it, it is not only legally a good idea to pay for continued use of the software, but also a matter of courtesy.

Bibliography

[1] ORDER.DOC, part of the F-Prot v2.23a distribution, file dated 5 June 1996.

[3] WWW document, http://www.stiller.com/.

[4] Output from McAfee SCAN v2.5.0.

[5] Output from Sophos Sweep v2.88.

[7] README.1ST, part of the FindVirus v7.62 distribution, file dated 17 July 1996.

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest articles:

Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

Aditya Sood & Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited to compromise the C&C panel in order to gather threat intelligence, and present a model of mobile AppInjects.

Cryptojacking on the fly: TeamTNT using NVIDIA drivers to mine cryptocurrency

TeamTNT is known for attacking insecure and vulnerable Kubernetes deployments in order to infiltrate organizations’ dedicated environments and transform them into attack launchpads. In this article Aditya Sood presents a new module introduced by…

Collector-stealer: a Russian origin credential and information extractor

Collector-stealer, a piece of malware of Russian origin, is heavily used on the Internet to exfiltrate sensitive data from end-user systems and store it in its C&C panels. In this article, researchers Aditya K Sood and Rohit Chaturvedi present a 360…

Fighting Fire with Fire

In 1989, Joe Wells encountered his first virus: Jerusalem. He disassembled the virus, and from that moment onward, was intrigued by the properties of these small pieces of self-replicating code. Joe Wells was an expert on computer viruses, was partly…

Run your malicious VBA macros anywhere!

Kurt Natvig wanted to understand whether it’s possible to recompile VBA macros to another language, which could then easily be ‘run’ on any gateway, thus revealing a sample’s true nature in a safe manner. In this article he explains how he recompiled…


Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.