Dustin Cook wrote:
> Recently, the BSer 4Q has published what he feels is a clone of
> BugHunter.
You missed a few newsgroups out so I
added them for you (no need to thank me)
Also you forgot the link to the BugHunter
appraisal webpage.
http://fourq.host.sk/INFO/BugHunter/ <-- fixed
Okay one last thing have you added the
above link to your awards page yet.
Okay continue with your froathing and foaming.
>
> Let's compare the two.
>
> This is a BugHunter clone, it's basically a cobbled together script
> comprising of bASIC.
> The program uses industry standard MD5 (128bit checksumming). MD5
> information,
> code and algorithm is freely available on the net. This clone does not
> use Charles Dye's
> LOCATE.COM but used the internal DIR command to generate a recursive
> list of files.
> (Longfile names and DOS 8.3 format are supported with XP's internal DIR)
>
> The program shells to a 3rd party program, md5. BugHunter shells to
> locate.com to acquire a recursive list, 4Q requires md5 (not his own) and
> shells via command.com to have dir do the work, hardcoded, leaving no
> customization room without the source code.
>
> XLIST.TXT (Supplied with the program. This is a file containing the
> Malware MD5 checksums)
> In the case shown here this is Malware BugHunter 2.2 (by Dustbin Cook)
>
> This would by all accounts be a false alarm, and along the same lines as
> tactics used by PCButts. I recommend 4Q's site be added to the mvp deny
> list; as it's obviously misleading people.
>
> 4Q's program generates an md5 signature for each file on your hard disk,
> and then compares the results to a "known" text file containing
> supposedly bad md5checksums.
>
> This leaves the high probability of variants of the same stuff getting
> by; as his routine doesn't have the ability to determine file a and file
> b are both zlob if he doesn't have two md5 checksums.
>
> BugHunter does not scan every file on your computer, as it's database
> system is able to provide it more information than a single checksum
> value. One such value is the file length.4Q's program will checksum
> every single file on your computer (well, drive c: only, he didn't
> consider network shares or read-only media), wasting oodles of your
> valuable time; and giving you a very real false sense of security due to
> the sheer amounts of variants it will miss.
>
> BugHunter does not rely on 3rd party programs for the engine to run, the
> only time 3rd party programs (which is available with source code, as is
> md5) are used is for mundane things like, a recursive list and process
> suspending/killing.
>
> 4Q is using enclosed statements when it's not necessary, clearly
> indicating his unfamiliarity with the language. It's no wonder what
> should have taken 10 minutes to write took him roughly 2 hours.
>
> For example,
> open ("O",2,"B2.DAT"
> is not necessary; this is classic newbie textbook asic programming.
> open "o",2,"b2.dat" will work just as well.
>
> Various other newbie coding style is present, but it's basically amusing
> demonstration of his skills. Remember folks, it took him roughly 2 hours
> to come up with this cpu cycle wasting gem. Not to mention the unnessary
> wear and tear on your hard disk, md5checksumming all files n all.
>
>
> "It is effectively the same application "
>
> If anyone thinks his work is the same as mine, then I invite you to re-
> read my post.
>
> Also mentioned on your review is the following bogus information, Would
> you mind backing the following statement up?
>
> "It is alleged that the BugHunter crapware is a sleeper Trojan
> and will put peoples privacy at risk. " - 4Q showing extreme paranoia on
> alt.comp.virus. Next he'll tell us he really was abducted by aliens.
>
> "Dustbin Cook is a well known malware spreader and has
> authored (and spread) many virus, worms and trojans." - 4Q outright
> lieing in public. I never wrote any trojans, and my collection of malware
> was fairly small compared to many other authors.
>
> 4Q, feel free to mention to the audience that you are also a malware
> author, and you did spread your work. Compare our actions equally for a
> change. You host a worthless website and generally do nothing for the
> good of anyone. I write/maintain a useful application which is designed
> to disable/remove similiar things to what both of us used to write.
>
>
>
>
>
> --
> Dustin Cook
> Author of BugHunter - MalWare Removal Tool - v2.2a
> email: bughunter.dustin@gmail.com.removethis
> web..: http://bughunter.it-mate.co.uk
> Pad..: http://bughunter.it-mate.co.uk/pad.xml
Reply With Quote