Xref: utzoo comp.binaries.ibm.pc.d:293 comp.sys.ibm.pc:15792 Path: utzoo!attcan!uunet!husc6!psuvax1!psuhcx!matt From: matt@psuhcx (Matt Cohen) Newsgroups: comp.binaries.ibm.pc.d,comp.sys.ibm.pc Subject: Flushot PLUS TRASHES CMOS RAM Message-ID: <82@psuhcx.psu.edu> Date: 22 May 88 06:10:57 GMT Sender: matt@psuhcx.psu.edu Reply-To: matt@psuhcx (Matt Cohen) Organization: Penn State University Engineering Computer Lab Lines: 97 I was testing FLUSHOT Plus to see if it was worth the $10.00 fee the Author, Ross Greenberg is charging. I knew that a large number of hours had been put into the program. The documentation made it lk prettgood, even though it was a bit rambly. I created a FLUSHOT.DAT file, and put in 37 lines of the form C=filename When I loaded Flushot, I got a message saying that there was no room for a table, and the machine hung. I had not read the documentation closely enough. It turns out that you have to put a 'dummy' checksum in each line like this: C=filename[12345] Where 12345 is the dummy number. When flushot is started, it checksums the file, and reports the new number, which you have to write down and type in FOR EACH FILE! I then rewrote the FLUSHOT.DAT file with only two programs, command.com and a.bat checksummed. Flushot checked them on startup, but did not perform as advertised when I ran A.BAT, changed it, and ran it again. Flushot claims that it checksums files whenever they are loaded by MSDOS. I guess this does not apply to BATCH files. I was going to test checksumming of .EXE files, but FLUSHOT trashed my CMOS ram. FLUSHOT PROTECTS CMOS RAM ? Finally, I added two more lines to FLUSHOT.DAT with dummy checksums. I restarted FLUSHOT and got the following message: CMOS RAM HAS BEEN CHANGED. Y TO CONTINUE, ANY OTHER KEY TO PROCEED Followed by a long garbled bunch of characters!. Naturally, when I rebooted I could not boot from the Hard Disk, until I restored the setup information. My CMOS ram was trashed by FLUSHOT! I hoped that no damage had been performed to my FAT!. I then restored my ram with a CMOS-SAV progam which I wrote for such a purpose, and reloaded flushot. I then ran a program which zeroed out my CMOS ram using MS C outp() function, without a whimper from FLUSHOT. Note that I had no TSR'S present when this happened. I have a Leading Edge AT clone (Made by Mitsubishi, same as SPERRY IT). I am running DOS 3.1. I considered the possibility of Ross Greenberg enforcing his $10.00 fee by putting counters into flushot (since I had to restart it each time I changed anything in the FLUSHOT.DAT file and did this a number of times) and put the idea aside. (That was a pretty virulent dissertation in the manual about *worms*, maybe he thinks that people who don't buy his software are *worms*?!? :-) What I think Ross will accomplish by these threats, rewards, challenges is ENCOURAGE scores of copycats to write viruses to beat flushot (which is buggy). My conclusion is that FLUSHOT Plus does not perform as advertised (in my case, anyway) and I would not use it or even trust it with my data. The checksum protection is quite limited in number of files, and the method of entering the checksum is quite painful. The bugs in the program might be excusable if the program was public domain or shareware in the sense that you pay for it only if you think it is valuable (not if you use it, since technically, I owe Ross Greenberg $10 since I used it) . I think that it tries to do too much, and ends up doing too little, even the wrong thing altogether. This shows poor design and testing practice. When I support a shareware program, I am not paying the author for his time, I am paying for a finished product. And a finished product, FLUSHOT PLUS is not ! The above is my opinion, and no-one is liable for it but myself. I reserve the right to deny everything. Matt Cohen (matt@psuhcx)