More On Michael Paris
Saturday, 28 August 1999
Last Updated Sunday, 13 February 2000
Back to Pseudo Psecurity Pseller
Deception
In December of 1998, I exchanged several emails with "Scott Davis." His lengthy diatribes contained numerous false and inaccurate statements, and conveyed threats of legal action against me for my truthful exposure of the Lockdown product and its fraudulent advertising. In these emails, "Davis" posed as an attorney and a satisfied user of Lockdown who had been taken into the confidence of the operators of Harbor Telco. The frequent misspellings and obviously poor comprehension of legalese made it clear he was not who he claimed. At the time, I believed the author was a principal of Harbor Telco, one Roger LeClerc. But I have since established firmly that none other than Michael Paris was the writer, by comparing headers of the emails I received with those sent to another person by "Scott Davis" -- in which Paris reveals his actual identity. The origin was identical.
Old Scam
Michael Paris has a history of aggressive and dishonest sales of another similarly poor product, the InVircible antivirus application. InVircible has long since fallen into disrepute among virtually all antivirus professionals, and evidently for very good reason. Paris was the primary InVircible distributor for the US from late 1994 to about March of 1998, and was fully aware of its very serious failures; as well as its occasional destruction of its users' data.
Paris sometimes claims he dropped InVircible because he realized the product was a poor one; but in fact he was canned by the company after a dispute in which he was accused of bootlegging its software. The accusation appears to have been accurate. Several former associates of Paris have sought me out. Some of them, including a former employee, have claimed direct knowledge of Paris' mass-production of key-cracked versions of the InVircible product. I am told that Paris provided thousands of copies of the pirated software to Roger LeClerc of Harbor Resources -- who is now Paris' partner in the Lockdown 2000 scam.
Paris has claimed that he was consulted for one of the bad reviews InVircible received, and that this involvement precipitated his conflict with the company's owner, Zvi Netiv. But the writer of that review has told me he never consulted with Michael Paris; in fact, the author says he'd never been in any contact with Michael Paris until Paris sought him out in December 1998, about 7 months after the review was published in May; and that was of course long after Paris and InVircible had had their falling-out. Paris' purpose for this contact? An effort to damage and discredit Zvi Netiv and InVircible.
New Scam
When he lost the lucrative InVircible business, Paris turned to "Hackerproof98." Sold by Paris under the company name Byte Tight Security, Hackerproof98 was a direct copy of a freeware program created by a Dutch fellow named L. A. van der Hoogt. Originally named NetWatcherPro, it was basically a poor implementation of a pretty good idea: a monitor for Windows file shares which would alert the user to connections and disconnect unwanted users. According to van der Hoogt, Paris made him "an offer I couldn't resist".
On its face, and assuming it worked, such a utility could be handy for a limited number of users. Not very many people had a real use for this, so realistically, it presented only modest marketing prospects. But Paris apparently decided to create a market. He engaged in a spam campaign in the form of "security alerts" on the subject of a "new" and supposedly widespread "gaping Internet security hole" which was in fact a well-known file sharing configuration error in some LAN-connected Windows machines. It was an easily-solved problem and affected only a very small percentage of Internet users. Well, Paris pulled out all the stops. He variously claimed this "hole" affected 60%, 80%, even ALL Internet-connected Win9x and NT systems. Networking professionals knew better and said so loudly, but Paris well knew that the average Netizen knew practically nothing about such arcane networking issues, and he played it to the hilt, with some help from the not-very-Net-savvy media.
That was July of 1998. Sales of Hackerproof98 had apparently stopped short by late July or August when Paris and his partner had a falling-out. Hackerproof98 didn't work and was in disrepute. Worse, paid-for software was not delivered to numerous customers (even though all they had to do was email the buyer an unlock code!). Paris has since variously tried to claim he was never involved in Hackerproof98, that it was all perpetrated by his former (now disappeared) partner, etc. All of this is false. That partner, Eddie Davidson, may conceivably have absconded with the funds as Paris says; but the whole scheme has the earmarks of a whirlwind promotion, never intended for the long term. Michael Paris was fully involved throughout, personally promoting Hackerproof98 and directing people to the very website he now falsely claims he did not sanction or control.
To escape the nasty reputation Hackerproof98 had so quickly earned (more for failure to deliver, I suspect, than for refutals of Paris' fictions), the product's name was changed to Lockdown 2000 and a substantially identical sales campaign was resumed. Paris posted a false disclaimer on the Hackerproof98 site to redirect its traffic to lockdown2000.com.
Sometime around October, Paris apparently snapped to the widespread concern about remote-access trojans. Lockdown was clumsily modified to sometimes spot ONE trojan (of the many which were by then in circulation), the well-known Back Orifice. Paris announced that Lockdown Version 2.0 now removed ALL trojans.
Parallels
There are close parallels between the sales tactics used to market the InVircible antivirus application and those Paris now uses to market Lockdown2000. One of the more obvious is the unspecified "new generic technology" which is claimed to be effective against all present and future threats. It was not true of InVircible and it is not true of Lockdown2000.
Another parallel is Paris' outrageously fraudulent efforts to create an illusion of credibilitythrough false reviews. In 1995, Paris reportedly paid one Paul Williams to produce a bogus comparative review of antivirus software which portrayed InVircible as vastly superior to all other products -- using deliberately falsified "tests." No review exists anywhere by any reputable professional which even approximates Mr. Williams' results. Many excellent comparative reviews do exist, and they typically show mediocre performance for InVircible, at best.
Similarly, In January of 1999, Paris persuaded a website author, Demoniz of the well-known security-related bikkel.com, to write a favorable Lockdown review. It's unknown what he offered in exchange. The Bikkel review, though never posted in full, met with immediate protests from knowledgable readers. Demoniz withdrew it entirely. No trace of anything to do with Lockdown can be found on his website. In public, Demoniz refuses to mention the matter. In emails, he has repeatedly stated to me and to others that he was pressured by Paris and that he wants nothing more to do with the subject. Demoniz said of his review: "It wasn't accurate and never should be published." Paris knows all this, in fact according to Demoniz, Paris knew it before anyone else did. But he continues, to this day, to prominently proclaim Bikkel's endorsement on the Lockdown2000 website. Inexplicably, Demoniz has not publicly objected to this misuse of his name.
More recently, Paris has employed BHZ of net-security.org to produce a favorable review of Lockdown2000. BHZ was repaid in the form of free hosting of the net-security.org domain on the harbortelco server. While BHZ has acknowledged the terms of this deal in emails to me, he has refused to perform honest tests of Lockdown and continues to maintain the prostituted review on his site. BHZ is apparently incapable of any realistic technical assessment of the application. Net-security.org is a news site, and except for Lockdown, offers no software reviews; it consists primarily of brief summaries of computer-security related news with links to other sites.
False Advertising
Another of Paris' claims for Lockdown (and for Hackerproof before it) is that it is a firewall, which it most certainly is not.
As he was with InVircible, Paris is well aware of Lockdown's shortcomings. But he continues to pursue its sales without pause or apology, and makes numerous sweeping statements about the product's function and efficacy which he knows to be untrue. For instance, Paris has admitted that he is well aware that Lockdown2000 does not protect shared files from deletion and alteration. He says he has known this since the product's inception as Hackerproof98. Yet his marketing claims continue to state specifically that files cannot be deleted under Lockdown's protection; in fact he goes so far as to claim that Lockdown's protection is absolute.
Consumer Fraud
When confronted with a dissatisfied customer, Paris' standard response seems to be to blame the user, and/or to lead them through complex and usually irrelevant explanations and configuration changes. Often he will offer participation in a never-ending beta test, as if he were handing out a rare favor.
Harbor Telco has never to my knowledge, under any circumstances, granted a refund to any unhappy Lockdown buyer. Quite the contrary. I have emails from former users which show a pattern of abusive and deceptive responses to those customers' demands for refund. In one apparently typical case, the buyer got a ridiculous runaround in which Roger LeClerc expressed his grave concern that the user would obtain a double refund; this objection was repeated in response to every attempt at rational dialogue until the exasperated customer gave up trying. In another, the dissatisfied customer reports that "They became highly upset that I was reclaiming a refund and reinforced their policy that disputing was a sin and that the problem was now between the credit card company and myself. They refused to further have a meaning(ful) discussion about the subject and hung up the phone."
Evasion
When his product is critically reviewed, Paris immediately issues the ever-present beta-test version under a new version number and declares the review out of date. The product has yet to change appreciably in its basics, except to expand upon its deceptions and the breadth of its claims.
History of Net Abuse
Paris' primary business partner in the brief Hackerproof98 venture was Eddie Davidson, a spammer who is very well-known and particularly offensive. Eddie was apparently bankrupted by lawsuits resulting from his illegal net abuse, which may explain his alleged theft of the Hackerproof98 proceeds. (On the other hand, a claim of theft could be a perfect tax dodge for Paris.)
I find numerous instances where Paris has engaged in mass email and UseNet spamming; among the better-known incidents was a spam campaign promoting the porn site digital3dfantasy.com, which was hosted on the harbortelco server.
In November of last year, Paris lost hosting services for Harbortelco and all its associated domains; he was ejected by the backbone provider UU.NET because of the digital3dfantasy.com spamming offenses. He was forced to find another provider. Yet he apparently hasn't learned quite enough from the experience. As of this date (8/99), Paris maintains an open mail server at mail.harbortelco.com. This means his mail server is open to potential abuse by illicit spammers, who might relay mass email to you because Paris inexplicably hasn't taken the simple necessary steps to limit access.
UseNet and email spams promoting Lockdown2000 have been reported recently. Paris has met complaints with hostility.
Press the play button to hear
"April In Paris"