On Apr 19, 2022 at 2:36:43 PM MST, "David Brooks" wrote
<MXF7K.417167$Lc1.416728@fx12.ams1>:

> On 19/04/2022 00:55, Snit wrote:
>> On Apr 18, 2022 at 4:28:34 PM MST, "David Brooks" wrote
>> <Cum7K.239058$Xa1.222860@fx10.ams1>:
>>
>>> On 19/04/2022 00:11, Snit wrote:
>>>> On Apr 18, 2022 at 3:39:52 PM MST, "David Brooks" wrote
>>>> <ZMl7K.84786$4c1.52692@fx13.ams1>:
>>>>
>>>>> On 18/04/2022 18:04, Snit wrote:
>>>>>> On Apr 18, 2022 at 10:01:17 AM MST, "David Brooks" wrote
>>>>>> <xPg7K.84694$4c1.24673@fx13.ams1>:
>>>>> [....]
>>>>>>> I was giving him the 'benefit of the doubt' - putting your views of him,
>>>>>>> aside to see if he could be reasonable.
>>>>>>>
>>>>>>> I apologise to you, Snit. It appears you are right. :-(
>>>>>>
>>>>>> No need to apologize. I was sincere in saying I have no issue with anyone
>>>>>> speaking to Carroll and giving him chance after chance. Let him show who he
>>>>>> is... that means more than anything I or anyone else says. I have no interest
>>>>>> in joining him in efforts to engage in character assassination.
>>>>>
>>>>> Maybe he really *IS* trying to help me. Right now, though, I'd like him
>>>>> to help on the current project explained below.
>>>>
>>>> I do think on some level he does think he is. He is challenged, though, with
>>>> focus. For example when we were discussing AppCleaner and
>>>> PrivilegedHelperTools he jumped to speaking of curl and AppleScript, and then
>>>> admitted they were not even related. His "defense" is both were about tech and
>>>> it was just thread drift. His understanding of context is lacking, and his
>>>> ability to understand what other people are looking for is weak or
>>>> non-existent.
>>>>
>>>> I am not sure I will be able to help him with his AppleScript questions, but I
>>>> will focus on AppleScript as I speak to him about it (assuming he is able to
>>>> stay on topic and even explain what he is trying to do). I might suggest a
>>>> solution other than AppleScript or whatever, but I will stay to what he is
>>>> looking to do. He does not seem to get that concept at all.
>>>>
>>>>>
>>>>>>> What will it take to get YOU to help me tear down the barriers set up in
>>>>>>> the ClamXav software? Would payment help?
>>>>>>
>>>>>> Seems like it is niche software that few people buy. Not sure what you are
>>>>>> looking to have me do.
>>>>>
>>>>> Well - few folk 'like' the product on Facebook!
>>>>
>>>> I do not think the FB page is really used.
>>>>
>>>>> Just a few hundred the
>>>>> last time I looked. Is there any way of finding out just how many folk
>>>>> DO use ClamXav?
>>>>
>>>> Not that I know of. How would we unless the publisher advertises that?
>>>>
>>>>> Now - going back to not needing to know the contact name of a
>>>>> prospective purchaser. The very long Software Licence Agreement
>>>>> stipulates that "you undertake not to disassemble, decompile,
>>>>> reverse-engineer ... the Software etc., etc. - See 2.1.4"
>>>>
>>>> Seems pretty standard:
>>>>
>>>> https://www.lawinsider.com/clause/reverse-engineering
>>>
>>> Agreed.
>>>
>>>>> What I'd like you to help me do is take apart the software we download
>>>>> - IN SPITE of the Licence restrictions. After all, it is FREE to
>>>>> download and the developer will have no idea who we are - so cannot
>>>>> possibly take legal action against us. Neither will he have ANY idea
>>>>> what we are doing with his product.
>>>>
>>>> The stipulation is likely tied to doing so to replicate or otherwise impact
>>>> the product, but I would not have any real knowledge of reverse engineering.
>>>> Before I could do that I would need to be good with "engineering" -- in this
>>>> case programming. I am not.
>>>
>>> Where is Dustin Cook when you need him?!!!
>>
>> LOL! Hanging out with his best buddies LegionX. :)
>
> Haha! :-D "Many a true word is spoken in jest"!

:)

>>>>> Or am I missing something here? Will the installed product have total
>>>>> control of our computer and spy from within?!!! That's what I want to
>>>>> determine!
>>>>
>>>> What would you be looking for to see if this was the case, and why this
>>>> software in specific?
>>>
>>> The proverbial "needle in a haystack". Why? Let's just call it intuition.
>>
>> A couple thoughts on seeing what it does... though both take time, money, and
>> knowledge:
>
> Which 'comparison' software do you suggest?

The idea would be just to compare the whole drive. What new files are there.
Even more important, perhaps, are there any "standard" files with a different
size or otherwise altered. I doubt it -- but if there was a key OS file that
was altered, or even files placed around that things like AppCleaner not only
failed to find but were just odd -- unexplainable to even someone who knows
the OS "guts" well -- that would be of concern.

>> 1) Wipe a machine and then do a full backup. Then install the app. Let it run.
>> Compare the two with some software that looks for ANY changes. Of course do
>> not use the machine for anything else. This will tell you everything the app
>> changes.
>
> Seems like a plan!
>
>> 2) Get a sniffer and watch your network. Data might be encrypted, but the IP
>> or URL should be visible (at least in most cases). You will then know if it is
>> "calling home".
>
> I already *KNOW* it calls home!

Do you know how often or what it says? I would expect it to look for updates,
and with that type software it SHOULD get updated definitions often.

>
>>>>> Just remember, all readers here, that *I bought and paid for ClamXav* -
>>>>> yet the developer refused to discuss the product with me from the very
>>>>> moment I
>>>>> told him that I was "looking for 'bad guys'".
>>>>>
>>>>> His action was instantaneous so no discussion ensued. Good guys don't
>>>>> behave like that.
>>>>
>>>> If the insinuation was that you were looking to accuse him I can see where
>>>> that would put him off. Heck, if someone wanted to go through my old teaching
>>>> videos for the purpose of "looking for bad guys" I would be curious what they
>>>> found but likely would not be too keen on helping them. Then again, it is me,
>>>> and I tend to dive into such stuff... but look how Carroll takes advantage of
>>>> my nature on that. Even without finding REAL stuff he makes up things -- such
>>>> as how I altered videos after posting them (you cannot do that on YouTube, so
>>>> his claim cannot be true). I can see why it would be wise not to get involved
>>>> with such stuff. Not saying your goals are like Carroll's, but just the idea
>>>> of someone digging into your product with the goal of finding wrong doing is
>>>> not something most would jump at.
>>>
>>> I shall sleep on what you have said. Thank you for your comprehensive reply.
>>>
>>> Whilst I'm 'away with the fairies', please see if you can find the
>>> ClamXav *forums*, run by Mark Allan, right up until he started to charge
>>> a fee for ClamXav (around 2015 IIRC). I did find them a few years ago,
>>> but they now seem out of reach.
>>
>> Not sure if he ran these... and have not really looked much into them:
>>
>> http://web.archive.org/web/20140716001053/https://www.clamxav.com/BB/viewforum.php?f=1
>
> Wow! That was quick! Yes, they are his forums. You will note that a
> 'prime mover' there is called AlVarnell. He's an important guy around
> the 'security' forums and a prime mover in the Malwarebytes forums.
>
> Have you happened across Al anywhere?

Not that I recall.

--
Personal attacks from those who troll show their own insecurity. They cannot use reason to show the message to be wrong so they try to feel somehow superior by attacking the messenger.

They cling to their attacks and ignore the message time and time again.