More On Michael Paris
Saturday, 28 August 1999
Last Updated Saturday, 22 November 2008
Please Note: This information applies only to Michael Scott Paris of Dover, New Hampshire,
not to any other person (and there are quite a few) named Michael Paris.
I'm aware of at least one case of mistaken identity, and hope readers of
this material won't allow it to affect their opinion of any other person
they know by the same or similar name.
Back to Pseudo Psecurity Pseller
Deception
In December of 1998, I exchanged several emails with "Scott Davis." His lengthy diatribes contained numerous false and inaccurate statements, and conveyed threats of legal action against me for my truthful exposure of the Lockdown product and its advertising. In these emails, "Davis" posed as an attorney and a satisfied user of Lockdown who had been taken into the confidence of the operators of Harbor Telco. The frequent misspellings and obviously poor comprehension of legalese made it clear he was not who he claimed. At the time, I believed the author was a principal of Harbor Telco, one Roger LeClerc. But I have since established firmly that none other than Michael Paris was the writer, by comparing headers of the emails I received with those sent to another person by "Scott Davis" -- in which Paris reveals his actual identity. The origin was identical.
Old Scam
Michael Paris has a history of aggressive sales of another similarly poor product, the InVircible antivirus application. InVircible has long since fallen into disrepute among virtually all antivirus professionals, and evidently for very good reason. Paris was the primary InVircible distributor for the US from late 1994 to about March of 1998, and was fully aware of its shortcomings; as well as its occasional destruction of its users' data.
Paris sometimes claims he dropped InVircible because he realized the product was a poor one; but the software's developer says he was canned by the company after a dispute in which he was accused of bootlegging its software.
Paris has claimed that he was consulted for one of the bad reviews InVircible received, and that this involvement precipitated his conflict with the company's owner, Zvi Netiv. But the writer of that review has told me he never consulted with Michael Paris; in fact, the author says he'd never been in any contact with Michael Paris until Paris sought him out in December 1998, about 7 months after the review was published in May; and that was of course long after Paris and InVircible had had their falling-out. Paris' purpose for this contact? An effort to damage and discredit Zvi Netiv and InVircible.
When he lost the lucrative InVircible business, Paris turned to "Hackerproof98." Sold by Paris under the company name Byte Tight Security, Hackerproof98 was a direct copy of a freeware program created by a Dutch fellow named L. A. van der Hoogt. Originally named NetWatcherPro, it was basically a poor implementation of a pretty good idea: a monitor for Windows file shares which would alert the user to connections and disconnect unwanted users. According to van der Hoogt, Paris made him "an offer I couldn't resist".
On its face, and assuming it worked, such a utility could be handy for a limited number of users. Not very many people had a real use for this, so realistically, it presented only modest marketing prospects. Byte Tight engaged in a spam campaign in the form of "security alerts" on the subject of a "new" and supposedly widespread "gaping Internet security hole" which was in fact a known file sharing configuration error in some LAN-connected Windows machines. It was an easily-solved problem and affected only a very small percentage of Internet users. Paris engaged the media. He variously claimed this "hole" affected 60%, 80%, even ALL Internet-connected Win9x and NT systems. Networking professionals knew better and said so loudly.
That was July of 1998. Sales of Hackerproof98 had apparently stopped short by late July or August when Paris and his partner had a falling-out. Hackerproof98 didn't work and was in disrepute. Worse, paid-for software was not delivered to numerous customers (even though all they had to do was email the buyer an unlock code!). Paris has since tried to claim he was not involved in his partner's "premature release" of Hackerproof98, that it was a beta version, that it was all perpetrated by his former (now disappeared) partner, etc. That partner, Eddie Davidson, may conceivably have absconded with the funds as Paris says; but Michael Paris was involved in personally promoting Hackerproof98 and directing people to the very website he now claims he did not sanction or control.
To escape the nasty reputation Hackerproof98 had so quickly earned, the product's name was changed to Lockdown 2000 and a substantially identical sales campaign was resumed. Paris posted a disclaimer on the Hackerproof98 site to redirect its traffic to lockdown2000.com.
Sometime around October, Paris apparently snapped to the widespread concern about remote-access trojans. Lockdown was clumsily modified to sometimes spot ONE trojan (of the many which were by then in circulation), the well-known Back Orifice. Paris announced that Lockdown Version 2.0 now removed ALL trojans.
Parallels
There are close parallels between the sales tactics used to market the InVircible antivirus application and those Paris now uses to market Lockdown2000. One of the more obvious is the unspecified "new generic technology" which is claimed to be effective against all present and future threats. Those claims are subject to challenge.
Another parallel is Paris' efforts to create an illusion of credibility through non-independent reviews. In 1995, Paris reportedly paid one Paul Williams to produce a comparative review of antivirus software which portrayed InVircible as vastly superior to all other products -- using questionable "tests." No review exists anywhere by any reputable professional which even approximates Mr. Williams' results. Many excellent comparative reviews do exist, and they typically show mediocre performance for InVircible, at best.
Similarly, In January of 1999, Paris persuaded a website author, Demoniz of the well-known security-related bikkel.com, to write a favorable Lockdown review. It's unknown what he offered in exchange. The Bikkel review, though never posted in full, met with immediate protests from knowledgable readers. Demoniz withdrew it entirely. No trace of anything to do with Lockdown can be found on his website. In public, Demoniz refuses to mention the matter. In emails, he has repeatedly stated to me and to others that he was pressured by Paris and that he wants nothing more to do with the subject. Demoniz said of his review: "It wasn't accurate and never should be published." But Paris continues, to this day, to prominently proclaim Bikkel's endorsement on the Lockdown2000 website. Inexplicably, Demoniz has not publicly objected to this misuse of his name.
More recently, Paris has employed BHZ of net-security.org to produce a favorable review of Lockdown2000. BHZ was repaid in the form of free hosting of the net-security.org domain on the harbortelco server. While BHZ has acknowledged the terms of this deal in emails to me, he has refused to perform honest tests of Lockdown and continues to maintain the review on his site. BHZ is apparently incapable of any realistic technical assessment of the application. Net-security.org is a news site, and except for Lockdown, offers no software reviews; it consists primarily of brief summaries of computer-security related news with links to other sites.
False Advertising
Another of Paris' claims for Lockdown (and for Hackerproof before it) is that it is a firewall, which it most certainly is not.
As he was with InVircible, Paris is well aware of Lockdown's shortcomings. But he continues to pursue its sales without pause or apology, and makes numerous sweeping statements about the product's function and efficacy. Paris has admitted that he is well aware that Lockdown2000 does not protect shared files from deletion and alteration. He says he has known this since the product's inception as Hackerproof98. Yet his marketing claims continue to state specifically that files cannot be deleted under Lockdown's protection; in fact he goes so far as to claim that Lockdown's protection is absolute.
Consumer Fraud
When confronted with a dissatisfied customer, Paris' standard response seems to be to blame the user, and/or to lead them through explanations and configuration changes. Often he will offer participation in a never-ending beta test, as if he were handing out a rare favor.
I have emails from former users which show a pattern of abusive and deceptive responses to those customers' demands for refund. In one apparently typical case, the buyer got a ridiculous runaround in which Roger LeClerc expressed his grave concern that the user would obtain a double refund; this objection was repeated in response to every attempt at rational dialogue until the exasperated customer gave up trying. In another, the dissatisfied customer reports that "They became highly upset that I was reclaiming a refund and reinforced their policy that disputing was a sin and that the problem was now between the credit card company and myself. They refused to further have a meaning(ful) discussion about the subject and hung up the phone."
Evasion
When his product is critically reviewed, Paris immediately issues the ever-present beta-test version under a new version number and declares the review out of date.
History of Net Abuse
Paris' primary business partner in the brief Hackerproof98 venture was Eddie Davidson, a spammer who is very well-known and particularly offensive. Eddie was apparently bankrupted by lawsuits resulting from his illegal net abuse, which may explain his alleged theft of the Hackerproof98 proceeds.
I find numerous instances where Paris or his associates have engaged in mass email and UseNet spamming. There was a spam campaign promoting the porn site digital3dfantasy.com, which was hosted on the harbortelco server.
Paris was forced to find another provider. Yet he apparently hasn't learned quite enough from the experience. As of this date (8/99), Paris maintains an open mail server at mail.harbortelco.com. This means his mail server is open to potential abuse by illicit spammers, who might relay mass email to you because Paris inexplicably hasn't taken the simple necessary steps to limit access.
UseNet and email spams promoting Lockdown2000 have been reported recently. Paris has met complaints with hostility.
Back to Pseudo Psecurity Pseller