It all started on December 14th when sUBs, the developer of ComboFix apprised me that someone wrote a blog entry stating that:
"The author of Combofix yanked it offline due to some bug that can cause computers not to boot. In its place is a link to a disclaimer. The last version available was released on 12/11/09. The latest copy we had here onsite was from 11/24/09. Iíve uploaded that version here. I never had the problem of a system not booting due to Combofix and keeping it offline while there are still computers infected with spyware seems a bit irresponible. I guess Iíll have to start mirroring it here in case they decide to take it offline again."We were baffled. Here sUBs is working his butt off on a solution to a problem that can cause a computer to become a brick, and this jerk is calling him irresponsible for pulling the program so that he can protect users from this bug. Since sUBs was so busy working on the bug, he wrote something up and asked me to contact the author and deal with it. So I sent this guy an email containing the message sUBs requested that reads:
Though I appreciate the fact that you find ComboFix to be useful enough to want to host it yourself, it was taken down for a reason. Please remove your hosted copy of ComboFix immediately.sUBs didn't care about the blog post. All he wanted was for this person to remove the download so that it would not be distributed and harm anyone, let alone the fact that it is copyrighted and being distributed without permission. I get an email back basically stating that we should allow the download and "buyer beware". He then tries to make an analogy about whether I would drive a car if there was a recall. Then states that he spent half his morning looking for CF because one of his clients had an infection. Finally he states as a compromise he would remove the blog posting, which he did, but leave the file on his web site for personal use, which he did.
You state on your blog:
"I never had the problem of a system not booting due to Combofix and keeping it offline while there are still computers infected with spyware seems a bit irresponible."
Do you think that as the developer of ComboFix, and having devoted years of my life to creating and updating it, that I take the program down without intense consideration and regret? I think, as the developer, I know when a bug is important to prompt me to take ComboFix, while I fix it, so that I can protect users from having their systems become unbootable. To me it is more irresponsible for someone to host a file when it has been publicly stated by the developer that it has a serious bug, then to stop the program from being available. If you wish to use the file for yourself that is fine, but it is inappropriate to host it for others to use.
Thank you very much.
First of all, if you can't fix an infection without ComboFix then I suggest you should really start learning some of the other tools that can be found on the web. There are many tools that would allow you to remove almost any infection if you learned how to use them. ComboFix just makes the job immensely easier, but to leave it available with a serious bug because it makes our life easier is ridiculous. Basically, this person wanted to sacrifice other people's computers so that his life would be easier. What really galled me was the fact that he had the nerve to make a compromise. This is not his file. He did not create it. It is copyrighted to sUBs and if he does not give you permission, it is simple as that. Get it off your server!
So sUBs sent him another email that gives his opinion as to why it was removed, whether a car would be driven, and ultimately states:
This is a copyrighted work and I do not want anyone hosting my file for distribution illegally. If you choose to host it for your personal use, then that is your prerogative as long as the URL is not publicly available. I see that the file is still available at this URL:Well, this morning the file was still there with no response. So sUBs asked me to act as his agent and file a DMCA infringement notice to this person and his ISP. This is where I started dealing with this person, and let me tell you, it is not a pleasure. I feel bad for anyone who has to deal with this guy on a day-to-day basis. So I send him and his ISP this infringement notice with the following email:
As this is a publicly available URL, i ask you to move the file elsewhere on the site that is not visible and known to others, so that you continue using it personally.
Attached is a DMCA Copyright Violation notice for the copyrighted material that you are hosting without permission. This copyrighted content is located at:If the guy is not going to behave with polite discourse, then we have to use a heavy hand.
I ask that this content be removed immediately as you were not given permission to host this content.
Thank you for your prompt attention to this matter.
Bleeping Computer, LLC.
A couple of hours later I get an email from the guy stating that he removed the file and is going to post my DMCA Infringement Notice on his site. That does not bother me, but he posted it with my legitimate email, which is required for these notices, and I didn't want that to get picked up by SPAM bots. So I whipped up a new version of the notice, with my email redacted and asked him to host it instead. I also tried to reason with the guy stating that:
Would you react in a similar manner if Microsoft knew you were hosting a file of theirs? Would you tell them they are wrong and even though they are the copyright holder you will do as you wish?I got back a few scathing emails about how Microsoft is not the same as a file with a bunch of batch files, etc, etc. If it is just a bunch of batch files, maybe this blogger should go and write his own tool. Let's see how he feels when people start disregarding how he wants it distributed. Surprisingly, though, he did put up the version of the notice without my email, which I do appreciate. Thanks! I find out a few hours later, though, that he has banned my IP address from viewing his blog. Go figure.
What I find so confusing, is that here is a person who obviously needs ComboFix, yet he was so willing to piss off the author enough that it may make author wonder, why bother? Not only that, but this person thought it was his god given right to do whatever he wanted with someone else's work, even though that work was copyrighted and he had no permission to distribute it. This is obviously someone who does not care about others wishes and only cares about making his life easier.
I deal with content thieves all day and it is a huge time waster for me. There are those who do it by mistake, but when told that they are taking copyrighted material, promptly remove it. Then you have those who even after being told, don't give a damn, and continue doing so; well they are a breed unto themselves.
From all the comments on our site and on Facebook about ComboFix not being available, I can see that 99.99% of you truly appreciate the work that sUBs does on this program and understand why it was pulled. Yes, its frustrating to lose this tool because it makes our lives easier, but at the same time we do not want to turn our friends, familys, clients, and let alone our own, computers into a glorified brick. Many people who have little technical knowledge use ComboFix because they are told to, not heeding the warnings, and then if they fit the right criteria and hit the bug, no longer have a working computer. Some of these people do not have friends who are technically adept enough to reinstall their computer. Some of these people do not have enough money to hire a technician. So it is important for any program that we suggest work properly and without risk to the user.
In my personal opinion doing anything but that, would be irresponsible.