seabrawk

Because I DO think its important, I wanted to distill some points from another thread into a single post, and provide my thoughts. I am not trying to stir things up, nor beat a dead horse:

I would first like to point out that I have run my own tests and have verified that what Synetech has asserted from the beginning is true: Windows indexing disabled, the temp file in the c:\Windows directory is accessed every ten seconds.

As pointed out by profcolli, the process of checking a file every 'n' seconds, is a process used by various applications, for various reasons. In the case of the Windows indexing service, I would imagine it is a result of attempting to index certain files and is therefore "expected". It is in those cases where it is unexpected that some poeple have expressed distaste for this sort of behavior (such is the case for the Elby products, as well as the Gemini product linked by profcolli).

As quoted by alan1476, and ArcCoyote this may be some sort of hidden trial period enforcement, although I am not sure that much effort went into reseraching this assertion. It appears profcolli has provided a better explanation from a more informed source, which is that it was "part of its design to check whether drive access is required..."

This, however, would mean that the file would continue to be polled for eternity, as long as the software is installed on the machine, regardless of the registration status (this is untested), and begs the question "How did they do it before?"

In either scenario, I am unsure if I want many applications on my machine with this type of behavior, but to each their own. I just figured that some people may still be interested in this, and thought that the original thread was prematurely closed.

_chef_

My honest advice is to ask m$ about their product...

__________________
Started with burning capable optical drives (CD-R) in 1997.
Bought optical drives from AOpen, HP, LiteOn, NEC, Philips, Pioneer, Plextor, Ricoh, Samsung, Sanyo, Toshiba and Yamaha.
'Things are now in motion that cannot be undone.' [Gandalf, LoTR]

Enable DMA with micrAp$0ft Enable DMA free at your will busTRACE => Upper/Lower Filters Util
DevCon ***HOW TO ... Delete the Upper & Lower Filters!***

If you expect help then please start by using the powerful SEARCH.

THE C.

Nonsense is why Alan closed the original thread... Oh and by request of the OP.

__________________
Dell Inspiron E1705 Notebook, OS:Vista Premium, Intel Core 2 Duo T5600, 4GB PC5300 RAM, Geforce 7800 256MB Video Card, 100GB Seagate Momentus 7200rpm HDD, TrueLife HD Display LCD, Optiarc AD-5540A DVD Burner, 1 Lite-On 1635SX External Drive, 2 External Sony DRU-830A Drives, 1 External LG GSA-H54L Drive, 1 CopyStar Duplicator With ASUS DVDE616A3 DVDRomDrive and 2 Pioneer DVR-112D mounted in it, 2 SimpleTech 400GB External HD's, 2 SeaGate 400GB External HD's, 1 Buffalo 250GB SATA External HD, and Logitech Pro speaker system!

PC#2: Averatec 6210HX80 Notebook, Athlon 64 2.0GHtz Processor, 1.5GB RAM PC2700, 80GB Hitachi TravelStar5400rpm HD, 64MB Nividia Video Card, Optiarc AD-5540A burner, 15.4 Widescreen, OS: Vista Basic.

"And In The End The Love You Take, Is Equal To The Love, You Make."

profcolli

@seabrawk:
This is a good summary of the original thread, but the fact remains that programs that need drive access need some polling mechanism. Whether it is done transparently or not is a moot point. Hidden files are used by many applications, usually to prevent system problems that would result if a user "messed around" with them. ATI uses hotpolling extensively and you will have a hard time finding out how - if you disable it you may have problems switching from 2d to 3d applications, but on the other hand it gives you more control over overclocking. These are not the kinds of things you want to expose to inexperienced users. Elaborate Bytes and Slysoft are reputable companies with valuable products, but nobody is forced to use them.

Hidden does not necessarily mean bad (and repeated access for necessary system functions is what keeps your system functioning).

Synetech

It’s not, it is done by the DRIVER, not the application. The driver is used by multiple, but not all, applications, and therefore could not be responsible for license management. This is verified by monitoring and analyzing various activities (file, registry, network, pipe, etc. accesses) performed by the driver and the applications.

Exactly. I asked if maybe it is required to defeat some new super-protection but was once again rudely rebuffed. (In that other thread SlyFox1 is either lying or did not actually read the original thread (note the date of his post and the last post of the original thread). I suspect that alan is in fact SlyFox1 himself or a coworker of SlyFox1 at Elby/Slysoft, which would explain his irrational defensiveness.)

Sorry, I was just so upset.


The most interesting thing about it though is Elby/Slysoft’s genius in using a random (or more likely hash) value for the filename of the temp file instead of using a standard name that contains the random/hash along with the other data. This way, it is next to impossible for people to look it up and find information on it.

Think about it: try to formulate a Google query for it. You cannot use the filename you have because the file has a different name on other systems. Google does not (currently) support regular expressions, so you cannot use that either. You cannot even use Google to search for parts of words like "c:\windows\s". (This is all assuming that the person has even realized the format of the filename, which most people to inquire have not.) Most people will not have traced the file to the software that created it, so they will not likely have used the terms ElbyCDIO (although in most HiJackThis logs it comes up for obvious reasons), and probably not even SlySoft, CloneCD, AnyDVD, CloneDVDMobile, or VirtualCloneDrive. They may possibly not even have used hidden, system (the two attributes that are set on the file). The effective query is reduced to “Windows .TMP” which is more or less useless. In fact, you cannot even search on it in most forums because .TMP is “shorter than [the default] 4 letters [term-length minimum]”. Therefore it becomes really, really hard to find other pages where people have posted questions about the file.

Very clever (or should I say sneaky.)

However, if you finagle the query enough, you will find plenty of pages among the results where people have asked about it, and/or been advised to use an in-use file deleter on it, etc. Of course as time goes by and more people update to a version that causes it, and more people become more savvy and look in their Windows directories to clean out junk, it will become more visible.


Anyway, I have long since ceased using and thouroughly removed all traces of Slysoft and Elby’s apps, trial and paid ones alike. (Despite the waste, I think removing them is “worth every dime”.) Gone are anything that even remotely have to do with Slysoft or Elaborate Bytes: program files, drivers, installers, registry entires, ini files, services, web pages, pics, (file) locks, rocks, jocks, fox (and sheep), boogers, lugers, and even the kitchen sink. There are other software out there, including ones that are even better, including some open source, (read trust-worthy) ones. Thanks in fact to this very forum for leads.

__________________
--
Synetech

coolcolors

This is a old debated issue that isn't of concern for the most users whom use Slysoft software. If you have issues with such program, don't use the program. As the previous thread was already closed by the MOD Alan.

http://club.cdfreaks.com/f18/conspic...t-apps-234705/

Synetech

You don’ t read things that you reply to do you? You really should read a thread through before chiming in to avoid saying something foolish or redundant. Besides, the sword cuts both ways. If you don’t care, then keep using it. Why do you need to complain? There ARE people who care, so why would you try to shut them up? How would you like it if people tried to stifle your concerns? Just do a Google search and you will see that there are people who have this issue.


Oh, and for anyone that does have concerns and must use the software, simply create a folder with that filename. It seemed to work (as far as the testing that I had done at the time) just fine without successfully accessing the file. In fact I had even tried disabling the ElbyCDIO service altogether and it was still working.

__________________
--
Synetech

Synetech

I was doing some work with virtual-machines today. Since this topic came up earlier today (I don’t recall how or why), when I finished with the vms, before I wiped and reset them, I decided to give the Elby driver a last test for fun. I have good news and bad news.

The good news is that the filename of the “temp”file is not random and can easily be determined. It is derived from the serial-number of the boot-drive (for some reason). It is not actually a hash, but simply the eight-digit serial number XOR’d with the magic value 8af15bc6. So for example:

(I still don’t know what the contents of the file are though, so if anyone figures it out I’d be curious to know.)

The bad news is that this realization messes up all of the previous explanations. I don’t know about any of you, but I for one rarely change the serial number (or even the volume label) of any of my drives, LET ALONE every ten seconds. It cannot logically be used to enforce the license (you can test this by altering the serial number), and even if it did, it could do it once on startup, not every 10 seconds for all eternity. It is not testing for the drive’s presence (why would it need to test the serial number to check for the drive’s presence, simply opening the device should be sufficient, and for that matter, why check the (hd) boot-drive at all, this is OPTICAL drive software.)

I cannot think of a reason to check the drive’s serial number every 10 seconds forever. Maybe it was some kind of debug function that they forgot to remove from the final code. #ifdef _DEBUG guys! In any case, I never said that it was in fact malware or a rootkit, and whatever the purpose for the infinite polling, it is unlikely to be for malicious purposes. My only beef is that it snuck in quietly (not in changelog), sort of hid (hidden and system), and forever eats resources for an unknown and unexplained reason.

For any programmers out there, it is trivial enough to patch the driver file to stop polling (don’t forget to update the checksum). However, that is probably against the EULA (ironic ), but creating a directory by the same name is not, which sufficiently prevents the disk access without affecting function—although the polling continues, and in fact does TWO accesses every 10 seconds (that quickly fail instead of doing a read/write). Of course setting the ElbyCDIO service to disable stops the polling and doesn’t seem to stop any of the apps from working, at least not that I can tell.


Well, that’s it. I have provided you people with as much information and research on this topic as there is. You now have enough to make an informed decision. If you don’t mind files scattered on your hard drive in places they shouldn’t be and in your registry (I have seen orphaned reg entries from various SlySoft/Elby apps in inappropriate place, eg HKCU\) and you want or need to continue using it, then that’s fine (hopefully it will be the only program stuck in an infinite-loop on your system), if not then that’s fine too.

I hope that I have helped anyone who did wonder about this and other people who attempt an Internet search for answers will somehow be led to these threads for enlightenment. (You never know, it could even drum you up a couple of sales.)

Either way, happy ripping.



(I wonder if Mark Russinovich faced this kind of resistance when he tried to help. )

__________________
--
Synetech