Experimental BBS Explossion 3

home *** CD-ROM | disk | FTP | other *** search

/ Experimental BBS Explossion 3 / Experimental BBS Explossion III.iso / virus / flsf100.zip / FILESAFE.DOC < prev next >

Wrap

Text File | 1993-03-15 | 45KB | 1,088 lines

FileSafe Virus Detection Software User's Manual JAYAR Systems 253 College Street Suite 263 Toronto, Ontario Canada M5T 1R5 (416) 751-3284 LICENSE The license for the Shareware evaluation (trial use) version of FileSafe is contained in the file LICENSE.DOC. This file has been included for your convenience as an appendix to this manual. WARRANTY The Shareware evaluation (trial use) version of FileSafe is provided AS IS. JAYAR Systems MAKES NO WARRANTY OF ANY KIND, EXPRESSED OR IMPLIED, INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE. SUPPORT POLICY JAYAR Systems provides free support for this product. We will answer questions and fix serious bugs. If you have any questions about or problems with using this product, give us a call at the number on the inside front cover of this manual. Or, if you are not in a rush, send us a letter. We would also appreciate hearing from you if you have any comments or suggestions for improvements. _______ ____|__ | (R) --| | |------------------- | ____|__ | Association of | | |_| Shareware |__| o | Professionals -----| | |--------------------- |___|___| MEMBER FileSafe Copyright (C) 1993 JAYAR Systems All Rights Reserved CONTENTS 1 INTRODUCTION . . . . . . . . . . . . . . . . . . . . 2 2 INSTALLING FILESAFE . . . . . . . . . . . . . . . . 2 3 USING FILESAFE . . . . . . . . . . . . . . . . . . . 3 3.1 FILESIG . . . . . . . . . . . . . . . . . . . . . 3 3.2 CHCKSIG . . . . . . . . . . . . . . . . . . . . . 5 3.2.1 Directory-level Signature File . . . . . . . . . . 5 3.2.2 External Master Signature File . . . . . . . . . . 8 3.3 GETSIG . . . . . . . . . . . . . . . . . . . . . . 8 4 STRATEGY . . . . . . . . . . . . . . . . . . . . . . 8 APPENDIX A COMPUTER VIRUSES AND FILESIG APPENDIX B LICENSE B.1 TRIAL USE LICENSE: . . . . . . . . . . . . . . . . B-1 B.2 LIMITED DISTRIBUTION LICENSE: . . . . . . . . . . B-2 APPENDIX C DEFINITION OF SHAREWARE APPENDIX D HOW TO REGISTER FileSafe User's Manual (JAYAR Systems) Page 2 INTRODUCTION 1 INTRODUCTION FileSafe, if used conscientiously, is a practically foolproof virus protection program. It works by taking the fingerprint or signature of all the executable files and the boot record of your disk. _________ ____ FileSafe stores this information in a signature file in each directory. Periodically you check your files' current signatures against the originals. FileSafe reports any changes. Conventional virus detection programs of this type calculate a 32 bit cyclical redundancy check (CRC) number for a file. The CRC can be inverted though--a clever virus can modify a file without changing its CRC. FileSafe on the other hand generates a 128 bit message digest as a signature for each file. The message digest cannot be inverted. No two files have the same message digest and it is not possible to create a file that has a predetermined message digest. FileSafe is so ___ sensitive that changing one bit in a multi-megabyte file changes its signature. Computer viruses work by attaching themselves to (infecting) an executable or program file, or by modifying your disk's boot record. The problem lies in determining if this has happened. Clever viruses may not change either the file's size or alter its timestamp. That's where FileSafe comes in--it will detect any change, no matter how small or how well covered. FileSafe is easy to use and works best if you use it regularly. This manual explains how to protect yourself from viruses with FileSafe. o Section 2 describes how to install FileSafe. o Section 3 shows how to use FileSafe. o Section 4 suggests strategies for using FileSafe most effectively. o Appendix A discusses how viruses work in more detail. 2 INSTALLING FILESAFE Installation of FileSafe couldn't be easier. The distribution diskette contains the three programs described below and a file called README which you should check for any last minute updates that did not make this manual. FileSafe is actually contained in three programs: o FILESIG calculates signatures for the executable files on your disk and stores these signatures in signature files in the directories the files are located in. FileSafe User's Manual (JAYAR Systems) Page 3 INSTALLING FILESAFE o CHCKSIG reads the original file signatures from the signature files in your disk's directories and recalculates the signatures for each of the files listed therein. It writes a report file showing you if any of the files have changed. o GETSIG is an optional utility that you receive when you register your copy of FileSafe (see Appendix D). GETSIG gathers all the signature files from the directories on a disk and puts them into one file, perhaps on a floppy diskette. CHCKSIG can then use this file as its source file to read the original signature information. The distribution diskette is not copy protected so you can copy the programs to your hard disk (the suggested procedure)--a good location would be the directory where you keep your utilities. It should be a directory that is pointed to by your PATH environment variable so they will be easy to use. For instance, if your hard disk is designated drive C and you keep your utility programs in directory UTILS, then insert the distribution diskette in drive A and type A> COPY A:*.EXE C:\UTILS It is also possible to use any of the FileSafe programs from a floppy diskette. A feature of FileSafe is that the component programs are quite small and don't require a lot of memory or disk space so they are convenient to use even from a diskette. In any event, don't execute the programs from the distribution diskette. Copy them to another disk and put the distribution diskette away in a safe place. 3 USING FILESAFE This section describes the operation of the FileSafe component programs. 3.1 FILESIG You execute FILESIG from a directory you want to fingerprint so that you can check it later for virus infestation. FILESIG creates a file in the directory called dirname.SIG where DIRNAME is the name of the directory. If you are in the root directory of the disk the file is named ROOT.SIG. In this file FILESIG writes a data record for every file in the directory that has a filetype of .BIN, .COM, .EXE, .OVL or .SYS. If you are executing from the root directory and the disk is bootable then FILESIG also FileSafe User's Manual (JAYAR Systems) Page 4 USING FILESAFE writes a record for the boot sector of the disk. The data record for each file contains the file name, the file size, date and time the file was last modified and the file's signature. Here is a sample signature file, written for the root directory of a bootable disk: IBMBIO.COM 16369 12-30-85 12:00:00 336ffd03c58e805aa1372671442f4a00 IBMDOS.COM 28477 12-30-85 12:00:00 04baa0c094ba88e833300d3b9a1f4f13 COMMAND.COM 23791 12-30-85 12:00:00 4302a424a58f1da9afbed9bd6ecc1e0a CONFIG.SYS 159 05-27-90 21:44:22 904838eb1c3c8342c03f806eb6625019 FASTDISK.SYS 5804 09-26-85 09:01:21 f214518db5e3f37ccec4ce864fa2bacc REMM.SYS 9021 06-18-86 18:10:07 281d88d6cc71ca4162d63e8c78f639c0 REX.SYS 2150 04-15-86 16:26:26 c3639a605d29bd800a0be702df4f00a8 RAMBIOS.SYS 590 07-19-89 11:35:10 9d3658e1de983321f4b66f3097305363 CONFIG1.SYS 159 01-07-90 16:56:07 a15226c76423c01a3c8f709450fed6e7 BOOT.RECORD 512 c9a033d5aa3c497def0be28ac8c7034f Optionally, FILESIG will do this recursively for all subdirectories below the one you are executing it from as well. By default only executable files (i.e., those with the file extensions listed above) are checked, but FILESIG will optionally generate signature records for all the files in a directory, or alternatively for any one, named file. The syntax for executing FILESIG is [D:][PATH]FILESIG [-R] [-A] [-V] [-F filename] where items in [...] are optional. The options are: D:PATH before FILESIG specifies the drive and path where the program is located. You will not need this if FILESIG is in a directory on your hard drive and that directory is named in your PATH. You will likely use this option if executing FILESIG from a floppy diskette. -R By default, FILESIG generates a signature file and checks files for the current directory. This option causes FILESIG to check files in the current directory and in all directories below the current one, and in all directories below those, etc. -A By default, FILESIG only checks executable files--those with filetypes of .BIN, .COM, .EXE, .OVL or .SYS and the boot record if it is executed from the root directory of a bootable disk. This option causes FILESIG to check all files in the directories it visits. While non-executable files cannot be infected by a virus, you may wish to record their signatures to alert you if the files are ever modified. -V prints the version number of the program and quits. ________ -F filename causes FILESIG to generate a signature record for the named file only. FileSafe User's Manual (JAYAR Systems) Page 5 USING FILESAFE FILESIG creates a new dirname.SIG file in a directory when it is executed even if one already exists. This is not the case if you use the -F option. If the dirname.SIG file exists, the record is appended to the file. Note that this may cause a dirname.SIG file to have multiple entries for one file. Feel free to edit the dirname.SIG files that FILESIG produces and delete records for files you are not interested in. 3.2 CHCKSIG You use CHCKSIG to compare the signatures of files calculated at some earlier time to their present signatures to see if the files have been modified. CHCKSIG can operate in one of two modes. In the first it looks in the current directory (and optionally, subdirectories below it) for a signature file and then checks the files listed therein. In the second mode CHCKSIG checks the files listed in an external master directory file that was created with GETSIG. We will discuss the two modes of operation separately. 3.2.1 Directory-level Signature File - Once FILESIG has created a signature file in a directory you use CHCKSIG to check the files listed in the signature file to see if they have been changed. Optionally, you can request that CHCKSIG recursively check signature files in all subdirectories below the current one as well. When you execute CHCKSIG it looks in the directories it visits for a file called dirname.SIG, where dirname is the name of the directory. CHCKSIG reads the record for each file listed in the dirname.SIG file and recalculates its signature. CHCKSIG writes its findings in a file called FILESAFE.RPT that it creates in the directory that you execute it from. CHCKSIG checks each file for changes in the following attributes which could indicate file modifications. Section 4 discusses how to interpret its findings in the context of a possible virus attack. ____ o size: if the file's size has changed CHCKSIG prints the original signature record and the file's current size and timestamp and a warning that the size has changed. This indicates a file modification. The file's signature is not recalculated. ____ o date: if the file's timestamp has changed, CHCKSIG recalculates its signature and reports the old and new signature records for the file. A timestamp change alone does not necessarily mean the file has been modified. _________ o signature: if the file's signature has changed, CHCKSIG reports the old and new signature records for the file. This means that the file has been modified. FileSafe User's Manual (JAYAR Systems) Page 6 USING FILESAFE If CHCKSIG detects a change in a file's timestamp or signature but not its size, it reports the file's old and new signature records in FILESAFE.RPT and flags them with one, two or three asterisks (*). These are interpreted as: * only the file's date changed--internally it is still the same. ** only the file's signature changed--it has been modified. *** the file's timestamp and signature changed--it has been modified. Following is an extract from a FILESAFE.RPT file and what the various lines mean. F:\ === NE.COM 32375 09-20-87 22:03:20 ... OK BAC.COM 1392 09-03-86 19:57:14 ... OK DR.COM 3456 09-03-87 00:10:20 0c3900897b999754359758dc581a0e7e DR.COM 7808 02-12-93 22:33:10 ** file size has changed RN.COM 4352 10-14-87 00:18:14 ... OK CO.COM does not exist. JRCE.EXE 15978 01-01-93 00:00:01 d5ea1e4e710e281807ae74588aaf2134 JRCE.EXE 15978 01-01-93 00:00:01 616e85df3f52e12da7fe4c53469c1c35 * * SD.COM 320 09-03-86 19:57:15 291d40ced37b258f220945338c033eb5 SD.COM 320 02-12-93 22:34:09 291d40ced37b258f220945338c033eb5 * JRCL.EXE 13268 01-02-93 01:00:01 ... OK VTREE.COM 512 09-03-86 19:57:16 ffea28731f4a265674a7ec31cf2ce5e5 VTREE.COM 512 02-12-93 22:35:14 f05b513c59a53c59a1bec0af7a4033cd * * * DDIR.COM 800 09-01-92 22:45:22 ... OK JRC.EXE 29318 01-01-93 01:00:00 c5772d3d2dbdc76ce18f422207de2764 JRC.EXE 32774 01-01-93 01:00:00 ** file size has changed Note that this report has been created for the root directory on drive F. The files listed above therefore had entries in the signature file F:\ROOT.SIG. This disk was not bootable. From this report we can determine the following about the executable FileSafe User's Manual (JAYAR Systems) Page 7 USING FILESAFE files that were in this directory when FILESIG was executed originally: o The file size and timestamp of DR.COM have changed--this is probably an entirely new version of this file. o File CO.COM has an entry in file ROOT.SIG but no longer exists in this directory. o The signature of file JRCE.EXE has changed, but the timestamp and size are the same--note the two asterisks. o The timestamp on file SD.COM has changed, but the file contents have not--the size and signature are the same. Note the single asterisk. o The timestamp and signature of file VTREE.COM have changed--note the three asterisks. o The size of file JRC.EXE has changed but the timestamp has not--the file has nevertheless been modified. o All files (marked with ... OK) are unchanged. The syntax for executing CHCKSIG is [D:][PATH] CHCKSIG [-R] [-V] [-O filename] [-F filename] where items in [...] are optional. The options are: D:PATH before CHCKSIG specifies the drive and path where the program is located. You will not need this if CHCKSIG is in a directory on your hard drive and that directory is named in your PATH. You will likely use this option if executing CHCKSIG from a floppy diskette. -R By default, CHCKSIG looks for a dirname.SIG file and checks the files listed in it for the current directory only. This option causes CHCKSIG to check files in the current directory and in all directories below the current one, and in all directories below those, etc. -V prints the version number of the program and quits. ________ -O filename by default CHCKSIG writes its findings in a file called FILESAFE.RPT that it creates in the directory that was current when it was executed. You can override this behaviour with this option. This allows you to specify another name for the report file, or by specifying a full drive, path, filename allows you to place the report file in another location. ________ -F filename causes CHCKSIG to recalculate the signature for only the FileSafe User's Manual (JAYAR Systems) Page 8 USING FILESAFE named file. This file must already have a record in the dirname.SIG file. If CHCKSIG fails to find a file called dirname.SIG in any of the directories it visits, it issues a warning and continues. If the dirname.SIG signature file is empty, CHCKSIG proceeds without comment. If a file listed in the signature file no longer exists in that directory, CHCKSIG issues a warning and continues. 3.2.2 External Master Signature File - With GETSIG you can collect all the .SIG files from part of a directory tree and place them in an ______ _________ ____ external master signature file (see Section 3.3) for enhanced security. You receive GETSIG when you register your copy of FileSafe (see Appendix D). You can then execute CHCKSIG from any directory and check the files in the master signature file. CHCKSIG does not check directories for the presence of a dirname.SIG file in this case. 3.3 GETSIG FILESIG creates a signature file in each directory it visits and stores signature information in that file for every executable file in that directory. Normally, CHCKSIG visits a directory, reads the signature file in that directory and checks the files listed therein. Optionally, you may use GETSIG to gather all the signature files created by FILESIG in a particular directory subtree into a master signature file. This master file can be located anywhere--on a floppy diskette for instance. CHCKSIG can then be instructed to check the files listed in the master signature file (see Section 3.2.2). Register this copy of FileSafe and we will send you GETSIG along with a typeset manual. 4 STRATEGY In this section we outline the steps to follow to use FileSafe to make yourself safe from virus attack. For background on the information presented in this section see Appendix A. 1. Make frequent backups of your hard disk. While this won't protect you from viruses it makes things easier if you must restore files that have been damaged by a virus. 2. Make a safe-boot floppy. To do this, cold boot your computer (i.e., turn off the power if it is already on) from the original DOS startup disk that came with your system. This disk has been made by the manufacturer without a write-enable notch. Now use FileSafe User's Manual (JAYAR Systems) Page 9 STRATEGY the DOS program DISKCOPY to copy this disk to a new one. This copy is your safe-boot floppy. Put a write-protect tab on it. Every time you use any of the FileSafe programs, cold boot your computer from the safe-boot floppy. 3. Use FILESIG to create a signature file for the boot record and all the executable files on you hard disk. If your hard disk is drive C, for example, do this by typing: A> C: C> CD \ C> FILESIG -R Use GETSIG to collect the signature files into a master signature file. Put a freshly formatted floppy into drive A and C> A: C> GETSIG -D C:\ This creates a master signature file called FILESAFE.DAT on the floppy in drive A. Put a write protect tab on this floppy. It is slightly more secure to use the master signature file to check your files than the individual directory signature files on your hard disk. 4. Periodically use CHCKSIG to check your entire hard disk. If you use your computer frequently you should do this on a regular basis, say once a week. On a more frequent basis, say daily, check the root directory on your hard disk. For the entire disk check, insert the floppy with the master signature file into drive A and type C> CHCKSIG -S A:FILESAFE.DAT or by typing C> CD \ C> CHCKSIG -R To check only the root directory type C> CD \ C> CHCKSIG In all cases CHCKSIG creates a file called FILESAFE.RPT that you should read. What are you looking for? Any executable (program) files whose contents have changed or a change in your boot record. If this has happened and you don't know of any good reason why it ______ ___ ____ __ ____ ______ __ _________ should have--assume the file or boot sector is infected. Be particularly suspicious if the file's signature has changed but FileSafe User's Manual (JAYAR Systems) Page 10 STRATEGY its size or timestamp have not. In the root directory, the boot sector, the ROM-BIOS file IBMBIO.COM, the DOS service routine file IBMDOS.COM, (or IO.SYS and MSDOS.SYS for non-IBM systems) and the COMMAND.COM file should never change unless you install a new version of the operating system, in which case you should go back to step 2 and proceed from there. Executable files should not change unless you install a new version of them. Executable files you create yourself by programming in C or some other language will change every time you compile and link a new version of them. 5. If you install a new program or a new version of an old program, you should create a new signature file for that directory: C> CD dirname C> FILESIG _______ where dirname is the name of the directory. If you are just updating an existing program and only one or two executable files are involved it may be faster add signature records to the existing signature file by invoking FILESIG with the -F option and then editing the signature file to remove the old records. Use GETSIG to create a new master signature file for your disk as described in step 3. 6. What if you find a program you suspect is infected? Erase it and restore a clean copy from the original manufacturer's disk, or from your backups. This includes the COMMAND.COM file. If your BIOS or DOS files have been corrupted you will have to reinstall the system files as described in your DOS manual. What if your boot sector is corrupted? If you find your boot sector has been altered you must reformat your hard disk. Backup everything you want to keep if you have not done so already and reformat it using your original DOS disk. APPENDIX A COMPUTER VIRUSES AND FILESIG A virus is a program that attaches itself to another program and then replicates itself and spreads. A virus has two parts. The first is the infector--this is the part that replicates the virus. The second part is the detonator. At some point the virus activates and does something--usually something harmful such as erasing data on your hard disk or making it inaccessible. There are two general types of viruses: boot sector viruses and executable file infectors. The boot sector virus works by replacing all or part of the boot sector on your disk. The boot sector normally contains a small program that your computer reads in the process of booting. The notable thing about the boot sector is that it is not a file--it is a special section of the disk outside the file area. If the boot sector is infected, that means that by the time your computer has booted, the virus is active. The only way to get infected from a boot sector virus is to boot your computer from an infected floppy. The virus then infects the boot sector of your hard disk. The prevention is simple--don't. Only boot your computer from its internal hard disk or from a safe-boot floppy as described in Section 4. If a boot sector virus is active it will usually notice any time a bootable floppy is in one of the drives and infect it as well. This is how it replicates itself. The majority of viruses are boot sector viruses. The rest are executable file infectors. These viruses only become active when the infected program is run. If the program has not run since you booted your computer, the virus is not active. This type of virus can only infect executable files--that is, files with one of the following filetypes: .COM, .EXE, .SYS, .BIN, or .OVL. Data files, like text files, spreadsheet files or database files cannot become infected and present no danger. Executable file infectors are harder to guard against. They often install themselves as TSRs and infect every program that is run--eventually all your executable files will be infected. A program that just replicates itself and spreads as described above is ____properly called a worm. When it detonates, then you know you have a virus. COMPUTER VIRUSES AND FILESIG Page A-2 How do you protect yourself from viruses? One way conventional anti-virus programs do it is to scan the executable files on your disk looking for the "fingerprints" of known viruses. The problem is that new viruses are being developed all the time so you must constantly get updates of the anti-virus program. This tactic is also useless against a new class of self-mutating virus which essentially changes itself every time it replicates. And then there are stealth viruses--when the anti-virus program reads the portion of disk where the stealth virus is installed, the virus, which has to be active, intercepts the read and returns to the anti-virus program the image of a virus-free disk. Another tack anti-virus programs take is to install themselves as TSRs and watch for "virus-like" behaviour. Unfortunately a lot of legitimate activity carried on by programs gets flagged this way and you get a lot of false alarms. To get any work done you will probably deactivate the monitor. The only foolproof method of detecting a virus infection is to monitor potential infection sites, the boot sector and executable files, for unexplained modification. This means you have to know what the sites look like in their uninfected state, and have a guaranteed method of determining when a change has occurred. This is where programs like FileSafe come in. In order for a virus infection to occur a virus must attach itself either to your disk's boot sector or to an executable file. In the simplest case this will result in an increase in the file size which is readily noticeable. However, a clever virus can attach itself by overwriting part of the file so that the size doesn't change and it can also prevent the timestamp from changing. Since the boot sector is not a file it doesn't have a timestamp or a size to change. It is therefore necessary to take a "fingerprint" of the file or boot sector and compare this periodically to the original. The fingerprint that is usually used is the cyclical redundancy check, or CRC, which is a 32-bit number calculated as a function of all the bytes in the file. Unfortunately, this can be quite easily inverted. For instance, a boot sector virus could calculate the CRC of the boot sector before infection, install itself and then determine what extra bytes to add to restore the original CRC. FileSafe however, with its 128-bit message digest algorithm, computes a fingerprint for the file or boot sector that cannot be replicated. If the contents of the file or boot sector change, so will its fingerprint. This leaves only stealth viruses, which if active could fool FileSafe. For this reason you should always cold boot your computer with your safe-boot floppy before running the FileSafe programs. This will ensure that no virus is active when FileSafe is running. APPENDIX B LICENSE This appendix contains important license information regarding the use of FileSafe, Version 1.00. This information applies to individual users who wish to pass copies out to friends and associates. User Groups, Computer Clubs, Disk Vendors and Distributors, Subscription Services, Disk-of-the-Month Clubs, etc., should refer to the VENDOR.DOC file for complete information relating to them. BBS SYSOPs should refer to the SYSOP.DOC file for complete information relating to them. PLEASE! Show your support for Shareware by registering the programs you actually use. JAYAR Systems depends upon and needs your support. Thank you! B.1 TRIAL USE LICENSE: FileSafe is NOT a public domain program. It is Copyright (C) 1993 by JAYAR Systems. All rights reserved. This software and accompanying documentation are protected by Canadian Copyright law and also by International Treaty provisions. Any use of this software in violation of Copyright law or the terms of this limited license will be prosecuted to the best of our ability. The conditions under which you may copy this software and documentation are clearly outlined below under "Distribution Restrictions". JAYAR Systems hereby grants you a limited license to use this software for evaluation purposes for a period not to exceed sixty (60) days. If you intend to continue using this software (and/or it's documentation) after the sixty (60) day evaluation period, you MUST make a registration payment to JAYAR Systems. Using this software after the sixty (60) day evaluation period, without registering the software is a violation of the terms of this limited license. Licensee shall not use, copy, rent, lease, sell, modify, decompile, LICENSE Page B-2 TRIAL USE LICENSE: disassemble, otherwise reverse engineer, or transfer the licensed program except as provided in this agreement. Any such unauthorized use shall result in immediate and automatic termination of this license. All rights not expressly granted here are reserved to JAYAR Systems. For information on registering your copy of FileSafe see Appendix D, "How to Register." B.2 LIMITED DISTRIBUTION LICENSE: As the copyright holder for FileSafe, JAYAR Systems authorizes distribution by individuals only in accordance with the following restrictions. (User Groups, Computer Clubs, Disk Vendors and Distributors, Subscription Services, Disk-of-the-Month Clubs, etc., should refer to the VENDOR.DOC file for complete information relating to them.) (BBS SYSOPs should refer to the SYSOP.DOC file for complete information relating to them.) Individuals are hereby granted permission by JAYAR Systems to copy the FileSafe diskette for their own use (for evaluation purposes) or for other individuals to evaluate, ONLY when the following conditions are met. The FileSafe package is defined as containing all the material listed in the PACKING.LST text file. If any files listed in the PACKING.LST text file, or the PACKING.LST file itself, are missing, then the package is not complete and distribution is forbidden. Please contact us to obtain a complete package suitable for distribution. o The FileSafe package--including all related program files and documentation files - CANNOT be modified in any way and must be distributed as a complete package, without exception. The PACKING.LST text file contains a list of all files that are part of the FileSafe package. o No price or other compensation may be charged for the FileSafe package. A distribution cost may be charged for the cost of the diskette, shipping and handling, as long as the total (per disk) does not exceed $10.00. o The FileSafe package CANNOT be sold as part of some other inclusive package. Nor can it be included in any commercial software packaging offer, without a written agreement from JAYAR Systems. o The PRINTED User's Guide may not be reproduced in whole or in part, using any means, without the written permission of JAYAR Systems. In other words, the disk-based documentation may not be distributed in PRINTED (hardcopy) form. LICENSE Page B-3 LIMITED DISTRIBUTION LICENSE: o The FileSafe package cannot be "rented" or "leased" to others. o Licensee shall not use, copy, rent, lease, sell, modify, decompile, disassemble, otherwise reverse engineer, or transfer the licensed program except as provided in this agreement. Any such unauthorized use shall result in immediate and automatic termination of this license. o U.S. Government Information: Use, duplication, or disclosure by the U.S. Government of the computer software and documentation in this package shall be subject to the restricted rights applicable to commercial computer software as set forth in subdivision (b)(3)(ii) of the Rights in Technical Data and Computer Software clause at 252.227-7013 (DFARS 52.227-7013). The Contractor/manufacturer is JAYAR Systems, 253 College Street, Suite 263, Toronto, Ontario, CANADA M5T 1R5. All rights not expressly granted here are reserved to JAYAR Systems. APPENDIX C DEFINITION OF SHAREWARE Shareware distribution gives users a chance to try software before buying it. If you try a Shareware program and continue using it, you are expected to register. Individual programs differ on details--some request registration while others require it, some specify a maximum trial period. With registration, you get anything from the simple right to continue using the software to an updated program with printed manual. Copyright laws apply to both Shareware and commercial software, and the copyright holder retains all rights, with a few specific exceptions as stated below. Shareware authors are accomplished programmers, just like commercial authors, and the programs are of comparable quality. (In both cases, there are good programs and bad ones!) The main difference is in the method of distribution. The author specifically grants the right to copy and distribute the software, either to all and sundry or to a specific group. For example, some authors require written permission before a commercial disk vendor may copy their Shareware. Shareware is a distribution method, not a type of software. You should find software that suits your needs and pocketbook, whether it's commercial or Shareware. The Shareware system makes fitting your needs easier, because you can try before you buy. And because the overhead is low, prices are low also. Shareware has the ultimate money-back guarantee--if you don't use the product, you don't pay for it. ASP OMBUDSMAN POLICY This program is produced by a member of the Association of Shareware Professionals (ASP). ASP wants to make sure that the shareware principle works for you. If you are unable to resolve a shareware-related problem with an ASP member by contacting the member directly, ASP may be able to help. The ASP Ombudsman can help you resolve a dispute or problem with an ASP member, but does not provide technical support for members' products. Please write to the ASP Ombudsman at 545 Grover Road, Muskegon, MI 49442 or send a CompuServe message via CompuServe Mail to ASP Ombudsman 70007,3536. APPENDIX D HOW TO REGISTER FileSafe is a "shareware program" and is provided at no charge to the user for evaluation. Feel free to share it with your friends, but please do not give it away altered or as part of another system. The essence of "user-supported" software is to provide personal computer users with quality software without high prices, and yet to provide incentive for programmers to continue to develop new products. If you find this program useful and find that you are using FileSafe and continue to use FileSafe after a reasonable trial period, you must make a registration payment of US$29.00 (Cdn$34.00) to JAYAR Systems. The registration fee will license one copy for use on any one computer at any one time. When you register you receive the following: o You will get the latest version of FileSafe, o The registered version of FileSafe does not display a banner (registration reminder notice) when it runs, o You will get a typeset manual, o You will get the utility GETSIG that gathers signature files from a directory tree and stores them in a master signature file. This makes using FileSafe somewhat more secure and convenient. o You will be informed of updates and given a reduced upgrade cost. You must treat this software just like a book. An example is that this software may be used by any number of people and may be freely moved from one computer location to another, so long as there is no possibility of it being used at one location while it's being used at another. Just as a book cannot be read by two different persons at the same time. Commercial users of FileSafe must register and pay for their copies of FileSafe within 30 days of first use or their license is withdrawn. Your registration fee purchases a single user license. If you need to use multiple copies, significant savings can be had by purchasing a site license rather than registering multiple individual copies. Even a two-user site license saves you money. See the file SITELICE.DOC for details. HOW TO REGISTER Page D-2 Anyone distributing FileSafe for any kind of remuneration must first contact JAYAR Systems at the address given in DESCRIBE.DOC for authorization. This authorization is automatically granted to distributors and vendors who are members of the Association of Shareware Professionals (ASP). See files VENDOR.DOC and SYSOP.DOC for details. You are encouraged to pass a copy of FileSafe along to your friends for evaluation. Please encourage them to register their copy if they find that they can use it. All registered users will receive a copy of the latest version of the FileSafe system. Send in the following form to register your copy of FileSafe: HOW TO REGISTER Page D-3 REGISTRATION FORM Send to: JAYAR Systems GST Registration Number: 253 College Street R124607193 Suite 263 Toronto, Ontario Canada M5T 1R5 Name ___________________________________________ Address ___________________________________________ ___________________________________________ ___________________________________________ ___________________________________________ Telephone __________________________ +--------+------------------------+------------+------------+ Quantity | Product | Each | Total | +--------+------------------------+------------+------------+ | | | US$29.00 | | | | FileSafe | or | | | | |Cdn$34.00 | | +--------+------------------------+------------+------------+ | Canadian residents add 7% GST | | +----------------------------------------------+------------+ | Ontario residents add 8% PST | | +----------------------------------------------+------------+ | Outside Canada/U.S.A., add shpg/hndlg | $5.00 | +----------------------------------------------+------------+ | TOTAL | | +----------------------------------------------+------------+ Please remit by cheque (we will accept cheques in your local currency at the appropriate rate of exchange) or by money order. We will accept your company's purchase order. We also accept payment by Visa or Mastercard. P.O. Number ______________________________________ (P.O. to follow) +------------------------------------------------------------------+ | Note - Fill out the following ONLY if you are making payment by | | credit card. You may also call (416) 751-3284 for credit | | card registrations. | | | | Master Card [ ] Visa [ ] Card Number ______ ______ _____ ______ | | | | Name on the Card (print) _______________________________________ | | | | Expires ____/____ | | Signature ___________________________________ | | | +------------------------------------------------------------------+