4Q <paul_zest@hushmail.com> wrote in
news:1179329750.101349.153500@e65g2000hsc.googlegr oups.com:
> Dustin Cook wrote:
>> 4Q <paul_zest@hushmail.com> wrote in
>> news:1179276570.507651.209520@p77g2000hsh.googlegr oups.com:
>>
>> > Dustin Cook wrote:
>> >> 4Q <paul_zest@hushmail.com> wrote in
>> >> news:1179272370.540821.22420@h2g2000hsg.googlegrou ps.com:
>> >>
>> >> > David H. Lipman wrote:
>> >> >> From: "John" <John@eff2ess.com>
>> >> >>
>> >> >>
>> >> >> |
>> >> >> | NOD32
>> >> >> |
>> >> >> | Threat detected
>> >> >> |
>> >> >> | File: C:\Program Files\BugHunter\PROCESS.EXE
>> >> >> | Threat: Win32/PrcView application
>> >> >> |
>> >> >> | On the one hand I've so far accepted Bughunter as a valuable
>> >> >> | addition to the malware fight. On the other hand, no point
>> >> >> | in running a good virus killer like NOD32 if I just ignore
>> >> >> | warnings. Any observations?
>> >> >> |
>> >> >> | Thanks.
>> >> >> |
>> >> >> | John
>> >> >>
>> >> >> This is NOT malware. It is classified as a "Potentially
>> >> >> Unwanted Program" In this case PROCESS.EXE is a Process
>> >> >> Application. It is not that the utility is malicious in
>> >> >> itself, it can be used maliciously. BugHunter is NOT using it
>> >> >> maliciosly.
>> >> >>
>> >> >> In the contect of NugHunter, PROCESS.EXE is safe to use.
>> >> >>
>> >> >
>> >> > Notice David's splellnig mistakes!
>> >> > "maliciosly", "NugHunter" is he worried
>> >> > his credibility is heading for
>> >> > a banana slip?
>> >>
>> >> His credibility is not an issue here. Yours was at one point, but
>> >> I've established well that you do not have a clue about the
>> >> BugHunter program. You don't have any credibility left for me to
>> >> attack, i've pummeled you to nothing ness.
>> >
>> > *HAHAHA* Yes, dancing the jig everytime
>> > I twang yer strings. C'mon boy do some
>> > more of that troll assisted pummeldance.
>> >
>> >>
>> >> Maybe in your future endeavors, you'll troll somebody who you can
>> >> manipulate and convince people that the person is evil. You've
>> >> failed miserably trying it with me; I'm glad to have played this
>> >> with you tho, You helped me prove that I've indeed changed as I
>> >> said. I am not destructive, and you can't wiggle out of that fact.
>> >> *grin*
>> >>
>> >
>> > Sorry you don't like a critique of your cobbled together ASIC 'n
>> > BATCH script
>> > Bug**** (aka BugHunter), but people
>> > should know the truth about you and your
>> > past. Btw comes up #1 on MSN search engine.)
>>
>> May want to re-check that #1 spot, as you seem to have lost it. This
>> is what you can't wiggle around 4Q.
>
> Maybe you need to learn to read before
> you step on your dick again, Lord Bug****
>
> "Bug****" is #1 on www.msn.com
> "Bug****" is #1 on search.yahoo.com
> "Bug****" is #1 on altavista.com
"Bug****" isn't "BugHunter", 4Q. Who's dancing?
> http://fourq.host.sk <-- See how easy
> it is to cobble a Bug**** like program
> together using bASIC.
yet it took you 2 hours or so? Hehhe..
>
>
> =====================================
>
> *bad analysis* from Dustbin Cook.
> He just doesn't like the fact that a
> non-ASIC coder can knock up a simple
> script that does the same function as
> his (worked on for 2-3yrs) masterpiece.
Oh, the analysis wasn't as thorough as I could have been. I focused on a
few problems and differences between our work, not all of them.
> Also he distorts the facts regarding
> maliciousness authoring and spreading
> of malware. He's trying to compare like
> with like.
I'm distorting nothing. I haven't authored a destructive program since
2000; And everyone including you knows it. Your trying to use what I've
done in the past to say that I'm the same now. You just don't want to
face the facts I got tired of doing stupid vx things and decided to do
something useful. I believed you originally called me a turncoat for
this. I don't see myself as a traitor 4Q, I do not target viruses, I have
no interest nor desire in viral detection. Worms are a subset (depending
on who you ask) of viruses, but I don't see them as a real viruses, and
therefore, I don't see my detecting them is turncoating. You do. We
differ.
> *Years of spreading virus and malware
> with the intention of getting his crap
> into the wild. (Dustbin Cook as Raid[SLAM))
virus and malware? You make as much sense as the statement "new and
improved."
I already admitted to what I've done, 7+ years ago. Get over it. Big Bad
Raid doesn't owe you a damn thing!
> *Writing an article for a magazine
> discussing ideas and taking care not to
> cross the line. (me)
Nice try. You provided functional source code and an easy to follow flow
chart. you went to the other side of the line, jerk.
When my source code was published, it wasn't functional without some
effort on the persons part trying to compile it.
> He might as well paint Peter Szor and
> Kris Kaspersky with the same brush if
> discussing and publishing ideas without
> malicious intent is his like for like.
Give it up. A totally unfair comparison. Nothing you do is without
malicious intent. You are not in the same league as those individuals,
your nothing compared to them. Please don't insult their intelligence by
thinking anyone should compare you or your actions to that of theirs.
>
>
>
>
>>
>> Recently, the BSer 4Q has published what he feels is a clone of
>> BugHunter.
>>
>> Let's compare the two.
>>
>> This is a BugHunter clone, it's basically a cobbled together script
>> comprising of bASIC.
>> The program uses industry standard MD5 (128bit checksumming). MD5
>> information,
>> code and algorithm is freely available on the net. This clone does
>> not use Charles Dye's
>> LOCATE.COM but used the internal DIR command to generate a recursive
>> list of files.
>> (Longfile names and DOS 8.3 format are supported with XP's internal
>> DIR)
>>
>> The program shells to a 3rd party program, md5. BugHunter shells to
>> locate.com to acquire a recursive list, 4Q requires md5 (not his own)
>> and shells via command.com to have dir do the work, hardcoded,
>> leaving no customization room without the source code.
>>
>
> "(not his own)" you ****in idiot MD5
> is(was) the industry standard for
> checksumming files and producing a oneway
> hash developed by world renowned
> crypto-scientist Rov Rivest (Hash clash
> discovered by Chinese crypto-researcher
> in 2004)
And why don't you tell everyone about a collision hash with md5?
http://it.slashdot.org/article.pl?sid=05/09/23/0618252
Nevermind, they can click the link.
> Not at all idiot, the site gives a
> basic critique of Bug**** and it's
> malicious author Dustbin Cook. The
In what possible way at this point in time is the program known as
BugHunter malicious 4Q? Can you defend the claim and the justification
for md5ing it to your program?
> code is a hacked prototype to demonstate
> how simple it is to knock up a checksum
> checker in a few minutes. (not 2-3yrs).
Considering your shelling to md5 for the actual math work, I'd expect
even you to be able to write something like what you did.
> It's quite clear from the description
> that the code isn't meant to be much
> more than a showcase of how simple it
> is to knock up a cobbled together script.
The code was supposed to demonstrate the basics for what BugHunter is
doing, but it fails to do so. Your script is so generically natured, it's
no better than Dr Sollys perfect scanner.
> If I was to code such a program for real
> it would be written in 32bit C++ with a
> proper user interface with full reporting
> facilities.
And still as inefficient?
>
>
>> 4Q's program generates an md5 signature for each file on your hard
>> disk, and then compares the results to a "known" text file containing
>> supposedly bad md5checksums.
>>
>> This leaves the high probability of variants of the same stuff
>> getting by; as his routine doesn't have the ability to determine file
>> a and file b are both zlob if he doesn't have two md5 checksums.
>>
>
> ****ing idiot. Add any MD5 checksum of
> any malware variants to XLIST.TXT and
> they will be detected.
Re-Read what I said. Nevermind, I'll write it simpler. You will require
two unique md5 signatures to validate the fact file a and file b are the
same minus a couple of random byte changes. IE: As I said, *Your* program
will *miss* anything that's even slightly different than another, even if
they are the same. In the spyware industry, your as useful as pcbutts.
A single md5 database checksummer isn't used in the industry for a reason
4Q, and this is one of them. You do not understand how the BugHunter
program works, and this is painfully obvious.
>
>> BugHunter does not scan every file on your computer, as it's database
>> system is able to provide it more information than a single checksum
>> value. One such value is the file length.
>> checksum every single file on your computer (well, drive c: only, he
>> didn't consider network shares or read-only media), wasting oodles of
>> your valuable time; and giving you a very real false sense of
>> security due to the sheer amounts of variants it will miss.
>
> ****ing idiot. You can't read for ****
c: typo, sorry. See Above concerning who can't read.
Anything to dispute in the paragraph?
> can you! "drive c:" Where does it
> even mention drive C? it's --> H <--
> you utter ****stain. Drive H was a
> little partition setup for testing.
> And it's obvious from the fact it was
> a demo that the program doesn't check
> anything aside from that demo partition,
> otherwise I would have recursively
> checked for all drives or used LOCATE
> with some params.
Wait.. Aren't you whining because I use LOCATE? Yes, yes you are. Why can
you use it then?
> That demo checks every file and wastes
> CPU time because it was designed as a
> simple prototype not a production release
It was designed as something that was supposed to be similiar to
BugHunter, for a comparison. Your program isn't even close. Your
algorithms (heheheh) aren't even close.
It's very sloppy and extremely generic. Slightly above pcbutts coding
ability I'm sure, but probably not much.
> It wasn't a Beta release or even an Alpha
> release and no binary was given BECAUSE
> my thickheaded friend the intention was
> to demo how simple code be knocked up in
> a few minutes to do a very basic function
> of scanning a set of files against a
> checksum list. (see above notes about
Sure, if I was using a checksum list. But then, I'd waste time like you
and checksum every file... You really don't have a clue how it works..
lol.
Just so you know, Some individuals reading along do know exactly how
BugHunter works, so your only embarrasing yourself now. *grin*
> C++ and user interface above for more
> clues)
>
>
>>
>> BugHunter does not rely on 3rd party programs for the engine to run,
>> the
>
> A simple CRC checker (not recommended
> for use in any serious security
> applications). [ Tripwire *industry
> standard integrity checker* for example
> uses Rov Rivest MD5 ]
BugHunter isn't a simple crc checker. And I wouldn't recommend someone
use a simple crc checker in any security program, either. Tripwire isn't
a malware scanner.
>> only time 3rd party programs (which is available with source code, as
>> is md5) are used is for mundane things like, a recursive list and
>> process suspending/killing.
>>
>
> Read that as Dustbins inability to
> write such 3rd party programs. After
> all how is he going to read NTFS or FAT32
> from his 16bit BASIC application? bASIC
4Q, The file system is transparent to the program.
As a fellow programmer? (heh) you should have known that. I'm not
accessing data on a sector or direct hardware level, so the filesystem
doesn't matter. If you can see the drive in dos/console, BugHunter can
too. It's as simple as that.
> was designed for very old DOS systems
> FAT16 (no long filename support).
Actually, if I really wanted to support long filenames, I could. Extended
interrupts do provide access to them. Just ask Art. He's written a few
things in QuickBasic which display and access long filenames in dos fine.
That's been available since windows95 you know, Long filename support for
dos programs that wanted to bother.
> No wonder he won't release any source
> code for his pile of crap, let's see him
> handle NTFS with int13 from his 16bit
> platform.
As I don't access the hard disk via the bios, why would I need to access
the ntfs file system directly?
You keep calling it a pile of crap, yet it continues to get awards and
nice reviews and support. It's still one of the fastest (if not the
fastest) scanners available, for dos or windows. I've corrected every
issue reported concerning it too. In what way is it a pile of crap?
>> 4Q is using enclosed statements when it's not necessary, clearly
>> indicating his unfamiliarity with the language. It's no wonder what
>> should have taken 10 minutes to write took him roughly 2 hours.
>>
>
> Don't forget I didn't cut and paste
> bits and pieces from old virus code
> (like you did) and I wrote from scratch
> whilst cooking my meal, watching TV,
> and coffee moments
I don't recall any of my virus code having an interface, like BugHunter
does. Are you going to accuse me of stealing my own code now too?
The fact my code is written/commented well enough that it can be adapted
for use in other programs is a good thing, I'm sorry your such a sloppy
programmer that yours is that app specific. If you can't reuse some of
your code, you can't code. Period.
>> For example,
>> open ("O",2,"B2.DAT"
>> is not necessary; this is classic newbie textbook asic programming.
>> open "o",2,"b2.dat" will work just as well.
>>
>
> Very misleading. I wrote the code as
> an easy to understand "bASIC" program
> uppercase for keywords and parenthesis
> around functions for clarity. You need
> to re-read what Kadaitcha Man had to
> say about your scriddle skrit code
> http://fourq.host.sk/chars/Dustin_Cook/
Kadaitchman got his ass handed to him trying to correct my code.
Remember? I posted working code, his corrections resulted in non
functional code. He backpeddled ever since. He did so poorly, his code
wouldn't compile if you tried; And I didn't have to try to know this,
despite his backpeddling claim saying otherwise.
Your going to need more reliable witnesses on your side, He's a chump.
> And don't forget I code in C/C++ not bASIC. Perhaps you should ask
> Guillermito
> if he will send you some of my object
> oriented C++ A.L. work, was published on
> Coderz.net Then come back and compare
> your standard of coding with mine.
The fact asic isn't something your too familiar with isn't a valid excuse
to defend such poor programming. Remember, you invited this by trying to
pass that pos code of yours off as something even remotely close to
BugHunter. If that's the best imitation you can do for me, I'm
disappointed. Your a lousy fan.
>
>
>> "It is effectively the same application "
>>
>> If anyone thinks his work is the same as mine, then I invite you to
>> re- read my post.
>>
>
> Why don't you release some of your
> "pinto" source code. Let's say one of
> your 1.9 Bug**** versions complete
> with compile instructions so we can
> take a look at your mastery of programming.
Heh, BugHunter is by no means a pinto. Only a moron would think of yours
as the Mustang. Source code isn't available, and as a programmer, you
shouldn't need it to figure out how the program runs. Unless, your just
not as good as your trying to pass yourself off to be.
>> Also mentioned on your review is the following bogus information,
>> Would you mind backing the following statement up?
>>
>> "It is alleged that the BugHunter crapware is a sleeper Trojan
>> and will put peoples privacy at risk. " - 4Q showing extreme paranoia
>> on alt.comp.virus. Next he'll tell us he really was abducted by
>> aliens.
>>
>
> *hah* Smokescreen. You with a long long
> history of maliciousness and releasing
> virus malware into the wild expect people
> to believe you can be trusted. It's like
> asking a reformed bankrobber to look
> after a savings trust.
So you have no way of backing the statement up then? I didn't think so.
You couldn't back up the initial claim that it was already a trojan, so I
didn't really expect a good defense on this claim of yours either. I was
hoping you'd respond in a fashion such as this to show everyone else what
your real intentions are. As if everyone hasn't figured you out by now.
>
>
>> "Dustbin Cook is a well known malware spreader and has
>> authored (and spread) many virus, worms and trojans." - 4Q outright
>> lieing in public. I never wrote any trojans, and my collection of
>> malware was fairly small compared to many other authors.
>>
>> 4Q, feel free to mention to the audience that you are also a malware
>> author, and you did spread your work. Compare our actions equally for
>> a change. You host a worthless website and generally do nothing for
>> the good of anyone. I write/maintain a useful application which is
>> designed to disable/remove similiar things to what both of us used to
>> write.
>>
>
> See notes above
Please do. Also note,
4Q's website: nothing useful to be found.
My website: a program which will remove over 8,500 malicious executables
and scripts.
Does it really take a rocket scientist to see whats useful and whats a
waste of webspace?
--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml
Reply With Quote