Impressed: it has been years since I've been hacked this well :(

[Scott Kane]

From: "David Bovill" <david at openpartnership.net>

> Yes - but I trust the sites. I never, or almost never download shareware, 
> or software demos unless it from a company that i know of and can trust.
> Shareware and ex-shareware authors out there should maybe defend 
> themselves here - at least there seem to be download sites that claim to 
> scan
> everything for malware. I for one have never liked the look of them.

Here's where the moderator of comp.software.shareware.* should step in.... 
;-)   There are several ways to approach this problem.  First - if the 
software is being sold it is *generally* (but never by all means certain) 
that it's not going to be something nasty.  There have been exceptions (like 
the horrible Mac programmer who deleted peoples root if they used a crack - 
total idiot).  The reason is economic pragmatism.  You won't be selling 
stuff for long if you are caught doing something nasty.  Especially after 
the whole  Aureate disaster five or so years ago.

Second.  If running on Windows is the exe signed?  If it's not signed don't 
run it.  Why should you?  If the author won't cough out a relatively paltry 
sum for a security certificate then don't bother unless you know them and 
trust them.

Third - any member of the ASP (Assoc of Shareware Professionals with a 
twenty year clean track record) will be an ex member the moment spyware or 
anything nasty is proven.  I can state this categorically because as an ex 
Vice President of the ASP (I'm currently just a regular member who 
volunteers to perform "Offers" to members from other companies - anybody 
wanting to offer something to programmers for a little discount or special 
deal can contact me off-list) I've been involved in turning a member into an 
ex member and it was done cleanly, quickly and publically (which is one of 
the reason such programmers love me so much - *not* <g>).  AISIP 
(Indepenndent Software Industry Professionals) which is privately held and 
has a zero tolerance attitude.  I can't say the same for OISV members.  I 
have no idea what Nick and Scott would or might care to do in this instance. 
Somebody might like to ask.

Finally - if you can't ascertain this information from the programmer check 
www.asp-shareware.org    or www.aisip.com on their members pages.  In 
addition the safest place to get software is usually the programmers own 
website (and if they are reputable and serious they'll have a .com or local 
version of .com and not www.myispnamehere.com/~fredshome/index.html   <g> 
There are documented cases of people changing code on download sites and 
even substituting the linked programm (research "Stephen Huff"  aka "Stephen 
Super Genious From Outer Space" in Google for such an example where PAD 
files where substituted - leading the ASP to introduce PAD Signing for 
members).

Scott Kane