home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
JCSM Shareware Collection 1996 September
/
JCSM Shareware Collection (JCS Distribution) (September 1996).ISO
/
virusprt
/
virsim2c.zip
/
VIRSIM.DOC
< prev
Wrap
Text File
|
1994-11-14
|
37KB
|
668 lines
--------------------------------------------------------------------
Virus Simulator and Supplements
Safe & Sterile
Viruses Validate Security Measures
--------------------------------------------------------------------
Virus Simulator and Virus Simulator Supplements
Copyright Rosenthal Engineering 1991, 1993. All rights reserved.
P.O.Box 1650 San Luis Obispo, CA USA 93406
The time to be concerned about computer viruses is before you get one.
Virus Simulator and Supplements are intended to help users and technical
managers understand the problems viruses pose and provide a practical
way to exercise the protective measures they have taken to defend their
computer systems.
These Virus Simulator programs generate safe and sterile, controlled
test suites of sample virus programs. Virus Simulator's ability to
harmlessly compile and infect with safe viruses, is valuable for
demonstrating and evaluating anti-virus security measures without harm
or contamination of the system. The infected programs can be used as
bait for virus detecting programs to gain practical virus protection
experience.
Real Viruses or Simulated Viruses for Testing
These test virus simulations are not intended to replace the
comprehensive collection of real virus samples as maintained by
Rosenthal Engineering and other anti-virus product developers for
testing. They are, however, suitable for use by general end users,
system administrators and educators. These virus simulations set off
virus detectors for testing and demonstration without the danger
associated with their malicious virus counterparts.
The simulators all produce safe and controlled dummy test virus samples
that enable users to verify that they have installed and are using their
virus detecting programs correctly, additionally affording an
opportunity for a practice training exercise under safe and controlled
conditions.
- - - - - - - - - - -
Access to the Rosenthal Engineering Virus Collection
The Virus Simulators and supplements are really intended to give users
some hands on practical experience using their virus protection
products, on their own systems, without using live ammo. The simulators
ability to actually test products exhaustively is limited. That's why
Rosenthal Engineering maintains a very comprehensive collection of real
sample viruses for testing at our facility.
Most users find these simulated viruses more than adequate for their
needs, however anyone requiring access to our independent virus sample
collection should contact us directly. The collection is generally
recognized as one of the most comprehensive, verifiable available
anywhere. It is accessible, in our facility, on a workstation dedicated
for testing with real viruses.
- - - - - - - - - - -
Obtaining a Trusted Virus Simulator Copy
Because of the security nature of this program, you should not trust it
to be harmless unless you can directly trace its source to Rosenthal
Engineering without compromise. Never make copies from anything other
than the original write protected distribution disk. Remove all test
viruses from your system immediately after completing tests. Insist on
having the Virus Simulators generate your own unique simulation files
and never accept or distribute the simulated viruses themselves. This is
especially important if the simulations are to retain their safe and
sterile integrity.
There are several programs that generate the sample test viruses. Virus
Simulator and the Virus Simulator Supplements. Virus Simulator is
distributed as shareware. If you find the program useful, you are
requested send in the $25 (US) single user registration fee. When the
registration fee is received, the latest version of Virus Simulator
along with all the Virus Simulator Supplements is sent by priority first
class mail. Business, corporations, government agencies and institutions
require a negotiated site license. The Virus Simulator Supplements are
only available to registered users of Virus Simulator; The supplements
are not shareware.
- - - - - - - - - - -
Virus Simulator
Virus Simulator creates a simulated test suite of .COM and .EXE programs
as well as boot sector and memory resident viruses. These programs
contain the signatures (only) from real viruses. The programs themselves
are not really infected with anything, but contain carefully selected
portions of code from their real virus counterparts. Whenever possible,
these sections of code or virus signatures are selected to trigger
vigilant virus detectors. Since these are really only dummy viruses, not
all infected program simulations produced by Virus Simulator will
trigger every virus detecting program.
In addition to simulating .COM and .EXE infected files, Virus Simulator
allows the user to experiment with boot sector and memory resident virus
simulations. Again, signatures (only) from real viruses are used, but
the boot sector of the floppy disk is actually overwritten with
executable code (you can verify this by resetting the system with the
test floppy disk in place). The memory resident virus simulation
actually puts a suspicious program in memory.
Most often, real viruses are not created from scratch, but by modifying
existing viruses and thus pose additional problems for virus detecting
programs. To further emulate real viruses that might actually be
encountered, Virus Simulator creates a completely new modified simulated
virus the same way. No two files or disks will be created identically.
Virus Simulator prompts the user to generate any (or all) of three test
suite types: files, boot sector and memory.
1) Generate A:\VIRUS\VIR_#.COM & .EXE files. (Erase to remove)
2) Overwrite A: boot with (new) simulated virus (Format A: to remove)
3) Install memory test simulated virus (Power off system to remove)
Any or all of the options may be selected at the same time.
Place a freshly formatted diskette to be infected in the A: drive. If
you select the "1) Overwrite A: boot sector" option, the the system will
not be bootable from this disk, but will display an "Infected with
simulated boot sector virus" message. Virus Simulator actually
overwrites the boot sector with executable code; programs that report to
intervene in this situation should report that.
The A:\VIRUS\VIR_#.COM or .EXE files can be renamed and copied to other
disks for testing but remember to erase all test viruses after
completing your tests.
If option three ( "3) Install memory test virus" ) is selected, a
warning message will appear in the upper right corner of the screen
until power for the system is turned off. When power is restored, the
system will return to normal, and the memory virus will be removed.
Virus Simulator actually places a suspicious test program in memory as a
simulation and, programs that are report to intervene in this situation
should report the memory resident program.
How to Use Virus Simulator
Copy your special write protected distribution disk to your working
drive and store the original in a safe place.
Run VIRSIM at the DOS prompt, and follow the directions displayed. Then
use your anti-virus program to scan for viruses following the directions
supplied with that product. A note here about false alarms especially
when using disk caching. Anytime you read or write using a disk, the
data is first buffered by memory. If you've just written or read a test
suite, your virus scanning program may discover it still in the disk
buffer memory. Just power down the system and watch it go away.
These test suites are only safe and sterile simulations to evaluate your
security measures. A virus detecting program is validated when it
reports the simulations. Virus detecting programs that fail to find
these simulations may indeed discover their real counterparts and
variations, but should only be trusted after that ability is
demonstrated.
Virus Simulator and Virus Simulator Supplements will only generate file
and boot sector simulations on a formatted disk in drive A:, you must
have an A: drive. Copy VIRSIM.COM (and for registered users only,
VSIM_MTE.COM, VSIM_B.COM and VSIM_C.COM) to whatever drive you wish to
run it from. Precautions have been taken to force VIRSIM to run only
from the default directory.
NOTE. A:> VIRSIM or C:> VIRSIM (works ok)
C:> A:VIRSIM or C:>\TEST\VIRSIM (won't work)
VIRSIM.COM (and the supplements) compiles simulated viruses directly and
when scanned by virus detection programs, must always indicate being
free of infection. Only the simulated viruses should report any
infection. Each time Virus Simulator is run, it generates a completely
new and unique suite of with accompanying documentation. Text files
A:VIR_LIST.DOC and A:VIR_BOOT.DOC are created at execution time and
describe each unique virus test simulation suite. Executing the
generated test suite programs is not required. If executed, they will
only display their Rosenthal Engineering origin.
- - - - - - - - - - -
Virus Simulator Supplement B
Once the user has gained experience using the original Virus Simulator,
the supplements offer additional insights into how viruses work, and
more importantly, how to defend against them.
The Virus Simulator B Supplement provides users with hands on experience
protecting themselves from a boot sector virus. Although easily
detected, these are by far the most prolific and extremely infectious.
Like the other simulations the test samples are completely safe, but are
far more operational, and provide users with the hands on experience
required to defend themselves.
Several educational institutions have now incorporated this
demonstration into their lesson plans. It harmlessly illustrates the
importance of adhering to established anti-virus security measures quite
dramatically.
This type of virus hides in a special portion of the disk reserved for
the power up sequence, called "booting" and is therefore called the
"boot track" or "boot sector". A boot sector virus replaces the
legitimate boot sector program with its' own code. When the user "boots"
from the infected disk, the virus first loads itself into the computer
ahead of the legitimate programs.
Using Virus Simulator Supplement B (registered users only)
Copy VSIM_B.COM from the special write protected distribution disk to
your working or hard disk. Use a freshly formatted disk in drive A. You
must have an A: drive.
Run the VSIM_B from the DOS prompt and the program will instruct the
user to select the anti-virus product they employ. These are listed
alphabetically.
The Virus Simulator B Supplement program infects the floppy disk and
makes a DOC file labeling the disk as well. Users are encouraged to also
mark the disk label appropriately as well. Be sure to plainly mark the
sample disk so you don't stumble across it by accident and panic at some
future date. As a convenience, the simulation will expire in a few days
on systems that support a CMOS clock.
You can now scan the disk etc. as the anti-virus product recommends.
Now the fun part.... With the disk in place, re-boot the system.
The boot program displays it's intention (Test Virus), the copyright,
the expiration date and loads itself into memory. The system then boots
through from the hard drive, while "TEST VIRUS in memory!" flashes in
the upper right corner of the screen and the speaker beeps about every
seven seconds. Other than the beeping and flashing, the system appears
to work normally. If you are using MS Windows, the beeping will continue
even though the display remaps. If you open a DOS window, from within MS
Windows, the flashing message will display as well.
You now have about four minutes to try your anti-virus measures, or what
ever. Then, the screen becomes dominated with the "TEST VIRUS" flashing
message. The beep rate goes up to about two seconds, and on most
systems, the keyboard locks up! If you are in MS Windows, the mouse if
left enabled so you can exit elegantly, the keyboard is then re-enabled
when you return to DOS for a few minutes and finally locks again.
Some BIOS's allow you to disable booting from the A drive, which
prevents the demonstration from working. Real viruses have no problem
infecting your hard drives' boot sector, but these simulations are safe
so they will only boot from the floppy in A:, they will not infect or
otherwise compromise a hard drive or other disks. Unlike these safe and
sterile simulations, real viruses are not limited to being harmless.
- - - - - - - - - - -
Virus Simulator MtE Supplement
Viruses are becoming much more sophisticated and difficult to combat
especially with the introduction of polymorphic mutating viruses such as
those based on the Dark Avenger MtE Mutation engine. These viruses
obsolete the traditional pattern matching techniques of detection, which
are ineffective against this type of virus.
VSIM_MTE.COM compiles a safe set of test viruses and special dummy
program files they will infect (only). The test viruses will only infect
the special dummy test programs generated by the Virus Simulator MtE
Supplement. Unlike their malicious real world counterparts, these
simulations will only attack the dummy files provided in the A:\M_VIRUS
directory. Provisions have been taken to discourage modification and
tampering. Both .EXE and .COM viruses and dummies are provided. With the
exception of their special safety and security provisions, the MtE test
simulations are real polymorphic viruses.
At the heart of these MtE virus simulations is an actual MtE mutation
engine. The MtE engine provides virus writers with the ability to turn
their relatively simple programs into very sophisticated polymorphic
viruses which are extremely difficult to detect by virus scanners. Each
time the virus infects a host program, it mutates, changing its
signature pattern to avoid recognition. A few examples of viruses that
employ the MtE engine are:
Dark Avenger Mutating Engine, Dame, MtE, Pogue, Gotcha, 7S, Mut,
Dedicated, Fear, Groove, Coffee Shop, MtE-Spawn, Questo, Crypto Lab,
Encroach.
Although the MtE simulations produced by this program are safe and
controlled, they are real viruses, capable of infecting their special
dummy host programs. Vigilant anti-virus programs that are capable of
reliably detecting the MtE mutation engine should report these
simulations as being infected. Because these are polymorphic viruses
several samples are required to validate a virus detector, as each time
the virus mutates in attempt to avoid detection, its signature changes.
Using the MtE Supplement Virus Simulations
(registered users only)
To generate the MtE simulations and dummy files to be infected, run
VSIM_MTE from the default directory. Once again, make sure you have
installed your anti-virus software in accordance with the author's
instructions. Prepare freshly formatted disks to be infected in your A:
drive.
When you run the MtE supplement, it will first verify itself (by voice)
and display the sign on message, which asks if you wish to continue.
Enter "Y". (NOTE! These programs should be run directly from the DOS
prompt and not from inside MS Windows)
The Virus Simulator will then generate a directory full of dummy test
programs, until the disk is nearly full (allowing for an increase in
size as the programs are infected). Originally, only the first two
samples (A:\M_VIRUS\VIR_1.EXE and A:\M_VIRUS\VIR_2.COM) will be
infected. Examine the directory, and you will see a considerable
difference in size between the infected and clean programs. Execute an
infected program, and you can observe that the test virus will spread to
the other samples (only). The infected programs will display that they
are indeed infected and ask if you wish to continue. If you enter "Y",
the simulation will spread to from one to 15 other programs. Those
programs can then be run and they will, in turn infect the others. If
you enter "A" (for all) instead of "Y", the infection will spread to all
the dummy .COM or .EXE samples in the directory. Because of the
sensitive nature of these test samples, the infection will not spread to
any sample which has been modified. For security reasons the infections
will only activate on the A: drive in the A:\M_VIRUS directory, and only
if no modifications have been made to the dummy program files.
Once the files produced by Virus Simulator MtE Supplement become
infected, your virus detecting program should report them as such.
- - - - - - - - - - -
Virus Simulator Supplement C
The Virus Simulator Supplement C illustrated how a companion virus
works, and provides a functional demonstration that affords an
opportunity to exercise protective measures. These simulations, like the
others, are dramatic, but safe and harmless.
Companion viruses exploit a feature of the computers' operating system
that differentiates between programs with a COM or EXE file extension in
their name. When two programs have the same file name, for example
VIRUS_1.COM and VIRUS_1.EXE, the operating system will attempt to run
the COM program first.
The companion virus assumes the name (with a COM extension) of a
legitimate program with an EXE file name extension. When the user enters
the name of the program, the companion virus does its dirty work first,
and then allows the legitimate program to operate normally. Usually the
whole procedure is completely transparent to the user to avoid detection.
If the user examines the original program, they find it unchanged. The
companion virus remains even if the user reloads the legitimate program
directly from the distribution backup unless the program with the same
name (and COM file extension) is removed.
Using the Virus Simulator Supplement C
(registered users only)
Copy VSIM_C.COM from the special write protected distribution disk to
your working or hard disk. As with the other simulators, place a freshly
formatted disk in drive A.
When you run VSIM_C it will generate several dummy programs on the
floppy disk in the A:\C_VIRUS directory. These test programs are
identical except for their name (VIRUS_##.EXE). One of them is
associated with a companion virus simulation.
When the VIRUS_## programs are run, they will only display a simple
message. However, when the program associated with the companion virus
simulation runs, it will produce a dramatic, but harmless demonstration.
Execute each of the test programs until you discover the companion
virus. To terminate the demonstration, simply reset the system. You may
repeat the demonstration without generating new dummy samples on the
floppy disk again. You'll notice the simulation will assume the name of
a different dummy test program each time.
To reveal the companion virus simulation use the DOS command ATTRIB
A:\C_VIRUS\*.* and you will discover the hidden companion virus
simulation.
With DOS 5 and above, you can also use the DOS command DIR A: /S /A
- - - - - - - - - - -
How Anti-Virus Measures Protect Your System
There are several popular methods employed to detect viruses that these
simulators can exercise. Generally they occupy three categories;
scanners, monitor filters, and change monitors.
Scanners are the most popular. They check the system for pieces of code
that form a signature or fingerprint that is unique to each virus.
Because the scanning program will only detect viruses that it knows the
signature for, it may not detect a new or modified virus. Virus
Simulator offers the signatures of many real viruses, but may not be
using the same signatures your viruses detector uses. If your signature
scanner fails to report the dummy sample test viruses produced by Virus
Simulator, it is most likely that they are different than those required
by that scanner. Unlike the test viruses produced by the MtE Supplement,
the Virus Simulator and other supplements produce only dummy viruses,
not real viruses.
Monitor filters are TSRs (terminate and stay resident programs) that
watch for suspicious virus-like activity, such as creating or writing to
a program file or the boot sector or terminating with a TSR still active
in memory. Virus Simulator should have no difficulty demonstrating this
type of virus detector as it allows the user to actually overwrite the
boot sector of the floppy disk, install a very suspicious (but safe) TSR
in memory, and generate plenty of executable program files.
Change monitors learn what the original program or boot sector etc.
looks like and re-examines them periodically for modification. Virus
Simulator and supplements can demonstrate this, since the user can
actually elect to modify the floppy disk boot sector. Additionally, when
the MtE dummy test programs become infected, they change substantially.
You may also conduct additional tests on your system. For example, many
users mistakenly believe that changing the attribute of a program to
READ-ONLY will protect it from infection. You can test this using the
DOS ATTRIB command for example ( C>ATTRIB +R A:\M_VIRUS\VIR_99.EXE )
will not protect the dummy files from becoming infected by the MtE
simulation.
The best and simplest way to protect a floppy disk from infection is to
take advantage of the write protect tab. These are very effective unless
yours is some how inoperative. You may wish to conduct your own test by
enabling the write protect tab, and repeating the experiment. If your
write protect circuitry is functional, you should not be able to make
modifications to the protected disk and the MtE simulations will be
unable to infect the dummy files.
- - - - - - - - - - -
History of Virus Simulator
Virus simulator was first developed to support testing my System Monitor
program. System Monitor was not a virus scanner or even a program
devoted to exclusively to virus protection. There are enough things that
go astray in a normal computing environment to justify System Monitor on
its own. It installs in your IBM PC/XT/AT 386 or 486 Compatible computer
to test and extensively monitor a number of performance indicators. Each
time you use your computer, System Monitor re-evaluates the system and
alerts you to any discrepancies it finds with an announcement that is
hard to ignore.
You install System Monitor as soon as you're confident that your
computer is configured and operational. From then on, System Monitor
will intervene immediately upon detecting problems, usually long before
a user even suspects any difficulty. This early monitoring and detection
is essential in avoiding and correcting problems before they can
compound. It also provides formidable anti-virus protection.
Virus Simulator can help determine which anti-virus programs are best
for you. These programs can then be installed ahead of System Monitor so
a virus that attempts to disable either of these programs will have the
very Herculean task of disabling or circumventing them both, or risk
detection by the other.
The first version of Virus Simulator was only intended as a tool to
assist volunteers who were beta testing System Monitor in a real world
environment. Before beta testing, System Monitor had been tested in a
controlled environment, using a considerable collection of real viruses.
You can imagine the enthusiasm my beta testers showed to turning real
viruses loose on their systems.
During the beta testing of System Monitor, we discovered a real need for
Virus Simulator beyond its original intention. Some virus detectors not
only didn't find the simulated viruses, on closer inspection, they
didn't find the real ones either. We found several cases where no
security procedures were being adhered to and even though the
organization had purchased site license for a very capable program. Few
users had ever run it. Additionally, a virus detecting program thought
to be protecting a system used to duplicate distribution disks for other
offices, was found to be an obsolete version, which missed nearly all of
the currently simulated viruses. No virus protection program will ever
be effective without the cooperation of its users. Virus Simulator
provides a means to verify adherence to established security procedures.
Virus Simulator was made available to assist system administrators, end
users, and educators enabling them to perform their own tests. Virus
Simulator is not a replacement for the comprehensive collection of real
viruses maintained by Rosenthal Engineering and other researchers for
testing anti-virus programs.
Viruses are a form of terrorism and require many of the same
precautionary measures. Airports test the effectiveness of their
security measures in much the same way. An official, disguised as a
passenger, will attempt to bring a disarmed bomb through, trying to
evade security measures and avoid detection. Real viruses, like real
terrorists, are much more difficult to test with. The test viruses
generated by these virus simulators are safe and controlled, but form a
validation test suite that trigger vigilant anti-virus detectors.
Not all virus detectors use the same virus signatures that Virus
Simulator supplies. Some anti-virus software (like Dr. Solomons Tool
Kit, TBSCAN, VShield, VirStop and others) provide their own dummy sample
programs, so users can perform similar tests. Users can use these safe
simulations to verify that their anti-virus measures are correctly in
place and functional.
Anti-virus programs that report suspicious activity (like FLUSHOT or
SECURE ) should detect Virus Simulator actually overwriting the sample
floppy disk boot sector, installing an unauthorized memory resident
program, or modifying an executable program.
Authors of viruses are very aware of how virus detectors work. As
polymorphic viruses (especially the MtE mutation engine) were developed,
signature scanning alone became inadequate. The Virus Simulator MtE
Supplement addresses that need and some of the other comments users have
brought to my attention.
As more users of these programs began incorporating them into training
lesson plans, and demonstrations, the additional supplements B and C
were added.
- - - - - - - - - - -
Statistics, Probability and Making Sense of Tests
Virus Simulator makes an infinite number of simulated test viruses by
varying each one in a different way. This is much the same way a real
virus might be discovered in the world at large. Even testing with a
program infected with a real virus can not assure every combination will
be examined: Is it a .COM file? .EXE? system? compressed? Is it the same
for all programs or just large ones? How about files created before or
after a certain date or time. What about a virus that was modified, even
trivialy, offset a few bytes or changed from one message to another. Or,
a virus that only attacks one vendor's brand of software. The only way
to test with any kind of absolute certainty would be to perform tests
with every combination and variation, and, even then, hope you didn't
overlook any.
Now, try that with well into many hundreds of viruses and combinations.
It becomes apparent that no matter how exhaustive the tests are, they
are just random, probabilistic distributions. The study of probability
assumes that you know the entire population or universe from which you
are going to sample. Statistics assumes that you have only a sample and
that you are trying to determine, or at least guess, the parameters or
characteristics of the most likely population or source from which the
sample was taken. That's what Virus Simulator supplies, a large enough
sample population size to establish statistical significance with some
reliability.
A large sample size is especially important when attempting to validate
polymorphic viruses, as each sample will have a different signature.
These sophisticated viruses attempt to avoid detection by altering their
signatures, so it is not uncommon for several copies to escape
detection. The Virus Simulator MtE Supplement attempts to generate as
broad a spectrum of test samples as practical.
Allowing Virus Simulator to fill a single 360 k disk should be more than
adequate to support reliable testing. Although a 1.2 meg disk offers
some improvement, additional disks offers diminishing benefits, as the
distribution confidence interval shows an insignificant improvement
beyond that point. In other words, for files... One disk ought to do it.
Testing using boot sector viruses is another matter, because unlike the
hundreds of files that can be created on a disk by Virus Simulator,
there is only one boot sector per disk. You can generate a simulated
boot sector virus onto as many different disks as you like or overwrite
a single disk repeatedly. A new simulation will be generated each time.
- - - - - - - - - - -
Bibliography and Additional Sources of information
National Computer Security Center - Guidelines for Formal Verification
Systems (NCSC-TG-014)
National Computer Security Center - Computer Security Subsystem
Interpretation of the Trusted Computer System Evaluation Criteria
(NSC-TG-009)
National Computer Security Center - Rating Maintenance Phase
Program Document (NCSC-TG-013)
National Computer Security Center, Trusted Network Interpretation
of the Trusted Computer System Evaluation Criteria (NCSC-TG-005)
Department of Defense - Trusted Computer Systems Evaluation
Criteria (DOD 5200.28-STD)
Richard A. Kemmerer - Verification Assessment Study Final Report,
University of California
Peter J. Denning, ACM Press/Addison-Wesley - Computers Under
Attack: Intruders, Worms and Viruses
Lance J. Hoffman, Van Nostrand Reinhold, Anne Branscomb - Rogue
Programs: Viruses, Worms and Trojan Horses
Springer-Verlag, David Ferbrache - A Pathology of Computer Viruses
Dr. Fred B. Cohen, ASP Press - A Short Course on Computer Viruses
Dr. Solomons Virus Encyclopedia - S & S International
R. Burger - Computer Viruses: A High-Tech Disease
Dr. Mark Ludwig - The Little Black Book of Computer Viruses
Virus Bulletin Ltd - Abingdon England
Virus News International Ltd. - Berkhamsted, Hertfordshire UK
Computer Virus Developments Quarterly - American Eagle Pub. Inc.
P.O. Box 41401, Tucson, Arizona 85717
- - - - - - - - - - -
Shareware Announcement
Please feel free to use and evaluate Virus Simulator without charge for
10 days. You are encouraged to copy and distribute self extracting
archive VIRSIM2C.EXE freely, provided it remains unmodified, complete in
it's original form, and no fee (other than a nominal copy charge) is
required.
The Virus Simulator Supplements are only available directly from
Rosenthal Engineering once the single user registration fee is received.
The supplements are not shareware. All copyrights are reserved.
Once the required registration fee is received, the latest registered
version of Virus Simulator along with all the Virus Simulator
Supplements will be sent by priority first class mail.
Software License Agreement
This Software is copyrighted material. It is not sold, but licensed. The
registration fee must be paid before evaluation period expires or use of
the software must be discontinued.
You are encouraged to copy and distribute only the Virus Simulator self
extracting archive VIRSIM2C.EXE file freely, provided it remains
unmodified, complete in it's original form and no fee (other than a
nominal copy charge) is required. This software is provided "as is"
without warranty, either expressed or implied.
You may not make any changes or modifications to the software and you
may not decompile, disassemble, or in any way, reverse-engineer the
software.
This constitutes the entire agreement and understanding between the
parties and supersedes any prior agreement or understanding whether oral
or written and may only be modified in writing.
This software is provided "as is" without warranties of any kind.
Responsibility rests entirely with the user to determine its fitness for
a particular purpose. ROSENTHAL ENGINEERING SHALL NOT IN ANY CASE BE
LIABLE FOR SPECIAL, INCIDENTAL, CONSEQUENTIAL, INDIRECT OR OTHER SIMILAR
DAMAGES ARISING FROM ANY USE OF THIS SOFTWARE. Some states may not allow
these limits on warranties, so they may not apply to you. In no case
shall Rosenthal Engineering's liability exceed the license fees paid by
you to Rosenthal Engineering for the right to use the Licensed Software.
The single users license is obtained by sending your check for $25 (US)
to:
Rosenthal Engineering, P.O.Box 1650, San Luis Obispo,CA 93406 USA