Helps to read the info doesn't it?
Yes, it helps, if such info was available without needing to make special
efforts. My default system is XP and I had to mount Win 98 to read your info
(correct there "a earlier" to "an earlier"). No wonder that I assumed F-comp is
an integrity verifier, as did other readers of this thread. If you weren't such
dummkopf then you could have added the info as text file to the program's ZIP.
In one mode that's all it does. In the other mode it reports files
that have been either written or modified after a selected date.
You are even dumber than I thought!
For your information, "dumb checksum" is a technical term to distinguish between
simple forms of checksumming / hashing, compared to more elaborate forms of
integrity checking, implemented in several AV products. For that matter, both
MD5 and CRC are "dumb" integrity verification methods, the term has nothing to
do with your program's amateurishness.
After having played with your program, here are some of my comments:
From the general appearance of the program, its GUI, and its declared purpose,
the program is a DOS one. Therefore, it makes no sense at all why you chose to
compile it to run in a DOS box under Windows 9x/ME, uniquely. It won't run in a
W2K/XP DOS box, nor pure DOS, and exits with the message "this program should
run in Windows" (as if XP isn't Windows!).
If it had any value at all, then it should be able to run under plain DOS, after
external booting. Going to the other end of the OS spectrum, your program
doesn't run under NT based OS (NT / W2K / XP). What's the logic in that?
The GUI: F-comp responds to mouse commands only, no keyboard inputs. If the
mouse doesn't function then you are stuck.
Report files: F-comp creates 8 reference and report files which it stores in
its own directory. Additional files are created on every run/query to F-comp.
There is no choice where to put those files except in the program's own
directory. This has several drawbacks. I put the program on my desktop to see
what it does, and had my desktop cluttered in no time with loads of unidentified
files. The major drawback of this behavior is that you can't use F-comp from
protected media, like CD, or write-protected floppy, as it hangs since it cannot
write to its own directory.
Functionality: Alteration detection based on time-date stamp change and file
size has little to no use in AV, unless supported by "smart" integrity checking
(opposed to "dumb" integrity checksumming, which is what I assumed you were
doing, until you clarified that F-comp isn't doing even that). As mentioned by
Michael, and myself in <
[email protected]>, current
malware is capable to conceal processes, services, directories and even files.
Therefore, it's a must that your program should be able to run from plain DOS,
and of protected media, to have any value at all.
I don't know for sure the reason for which you chose to implement F-comp the way
you did, but I suspect that the true one is simply because you have no clue how
to do it otherwise.
To users that are interested in the functionality that F-comp claims to provide,
may I add that there exist AV optimized products that do it properly and
effectively.
Bottom line: F-comp is a pathetic and amateurish implementation of an immature
concept.
Regards, Zvi
