Throwback Thursday: What You Pay For... (September 1996)

(This article was first published in Virus Bulletin in September 1996.)

Much is written, in these pages and in other publications, about the risks of downloading a virus from the Internet. Viruses can be picked up both intentionally and inadvertently – this is the threatening side of the free-for-all (well, almost) data transfer the Internet offers.

However, this article will look at the brighter side. Not only does the Internet give viruses the chance to penetrate computer systems, it also offers users the chance to retrieve both software and information to help combat them.

The concepts of ‘freeware’ and ‘shareware’ have been around since the dawn of computing. Indeed, at the very beginning most software was free, and written mainly to further a primitive art. In the PC age, most software on the majority of PCs is purchased, as are the computers themselves. However, the twin worlds of freeware and shareware have managed to survive – whilst most corporates wouldn’t touch shareware with a barge-pole, it is invaluable for genuine enthusiasts and hobbyists.

One of the few problems with software for nothing (or very little) was this: how do you get access to it? The software may be free, but the floppy disk containing it is not, nor is the postage. Certainly, BBSs went some way to alleviating these problems, but long-distance telephone charges which are incurred downloading from BBSs across the world are never welcome, and those were the days of modems with a maximum data transfer rate far less than half of today’s.

The Internet, now in so many offices and homes throughout the world, provides an obvious transfer mechanism for such software. Once connected, the user can download from anywhere from London to Ulan Bator, free of charge.

When it comes to anti-virus software, the Internet has a big advantage. It can take up to several weeks to get a piece of software by post, but you can get it immediately (it takes many minutes, in tedious reality…) from the Internet. If you think your computer has a virus, the last thing you want is to wait days to receive the program to detect and cure it. Now, a user can simply point a browser at a WWW site and download a scanner, and fix the problem there and then.

As with everything on the Internet, the problem is not so much ‘is it there?’ but ‘where is it?’. Most major anti-virus companies are on-line, and the rest are working towards it. In addition, you can sometimes use the major software resources on the Internet – SimTel springs to mind as the most well-established of these, but there are many others.

There are many products from smaller companies, or even individuals, which do not have their own Web or FTP site. These are consequently only available from such software resources – more on these later on.

This article was begun with clear mental definitions of the terms ‘freeware’, ‘shareware’, and ‘evaluation copy’. However, as soon as the research began, a discrepancy between the way the words are used in the industry, and the definitions perceived at the outset, surfaced.

Take ‘shareware’, for example. This is used to describe software which may be used for a certain length of time before you must either delete it, or pay the registration price to the company, which is similar to the meaning of the phrase ‘evaluation copy’. With shareware, the user may pass the software on to anybody: each user is then subject in turn to the same terms and conditions.

The terms and conditions placed by various manufacturers on their software will be illustrated throughout the article by quoting from the relevant documentation.

So, what’s out there that will cost you nothing? By far the best known anti-virus product to match this criterion is Frisk’s F-Prot – not only is it free, but it’s also very good.

The terms and conditions state that the ‘English-language shareware version of the F-PROT anti-virus program is free of charge for any individual using on his/her personally owned computer, which is not used for a commercial purposes [sic]’. Of course, for companies there is a range of prices, based on the number of PCs to be protected. [1]

Many more companies advertise their products as being available as ‘shareware’, with exact conditions varying only slightly from product to product. For example, ESaSS’ ThunderBYTE document states: ‘We invite you to download an evaluation version of our software with no obligation, other than to remove the software at the end of your 30-day trial period if it does not meet your needs or expectations.’ [2]

Similarly, Stiller Research’s terms for Integrity Master allow the user to evaluate the software for sixty days [3], after which he is expected to pay for the software if he wishes to continue using it.

The terms and conditions for McAfee SCAN are not clearly stated in the accompanying documentation; however, when run, the program displays the message: ‘This version of the software is for Evaluation Purposes Only and may be used for up to 30 days to determine if it meets your requirements… If you choose not to license the software, you need to remove it from your system.’ [4]

Few products appear in this, the final category used by vendors to describe the versions of their products available for download. However, the term is in current use.

Sophos’ Sweep, when downloaded from its WWW site and executed, informs the user: ‘This software is licensed for evaluation purposes only. It is not licensed for business use or for resale.’ [5] The time allowed for evaluation is not mentioned; the closest specification is the statement: ‘You can download … for a limited period of free evaluation.’ [6]

Also available for evaluation in this way is S&S’ FindVirus, which is configured to execute until two months after the release date. As the documentation states: ‘This version of Dr Solomon’s FindVirus is for evaluation purposes only. It is NOT free, shareware, or public domain.’ [7]

It is interesting to note the declaration that the product is not shareware, although the conditions under which it may be used are not vastly different from those which do label themselves shareware. The only material difference is that users are clearly not meant to pass on products calling themselves ‘evaluation copies’, whereas they are positively encouraged to pass on shareware.

So far, this sounds fantastic, doesn’t it? Product after product after product, all free, even if after a while most must be thrown away. However, there is a lot of rubbish out there, and the uninitiated find it difficult to separate the wheat from the chaff.

All sorts of interesting anti-virus products were available for download from the mysterious ether that is the Internet; unfortunately, many had one major problem in common. The text editor with which this article was written dates from early 1994, and the editor with which the author writes email dates from the mid-1970s.

Despite this, both work as well as the day they were completed. However, unlike text editors, anti-virus products have a use-by date: there’s little point in using a scanner from 1991 to protect a PC in 1996. This is the main factor allowing anti-virus vendors to sell you a subscription to their product, rather than just a box with some disks inside.

Products from as long ago as the late 1980s were available (and downloaded) from the anti-viral haunts of the Internet, but no updates to any of these pieces of software could be found. The authors gave up writing it, but somewhere out there, the software lives on. Worthy of note was a Brain detector which was discovered – Brain died out in the wild years ago, and would never survive today. The software worked (it detected and removed Brain from a 360K 5.25-inch diskette…), but is entirely useless in the world of the 1996 computer user.

However, not even the issue of outdated software is easy. Very old (1993) copies of F-Prot were also available for download – not only must you beware of obsolete products, but also obsolete versions of software. Whilst F-Prot in its current incarnation is a perfectly good anti-virus product, the same cannot be said of a three-year-old copy.

That users can download and use anti-virus products at a moment’s notice should they suspect a problem on their machine is undoubtedly a positive development. With the exception of long download times, which are the bane of the Internet (especially for home users connecting via modem), the only real problems involve ensuring that the software is both up to date and up to the job.

A final thought: the software is made available by vendors largely on the honour system – if the conditions require it, it is not only legally a good idea to pay for continued use of the software, but also a matter of courtesy.