[comp.sys.ibm.pc] IBM Virus Protection: Review and QUESTIONS!

Ctrl-Alt-Del@cup.portal.com (06/17/88)

[NOTE: I wrote this before seeing Ted Shapin's entry here.  I
have downloaded it, but haven't read it yet.  Thank you, Ted.
I sure would like to see a flurry of activity here in the days
ahead!    S.D.]

I have recently acquired several shareware anti-virus programs.
This is a question for people who are familiar with them, and may
provide information for those who (like me until a few days ago)
know very little about them, but realize that they really
*should* get to it some day.  What follows is a brief description
of the programs I've acquired.  I haven't run any of them yet; I
hope to see some responses from all of you knowledgeable people
out there.  Here are the questions:

Are they really anti-viruses or viruses in cheap disguise?  I.e,
do the sizes and dates match yours?  Have you used them?  (There
is one in particular I am *very* suspicious of...please read on.)

Which function the best?  I have too many to use them all.  Which
are the good ones?  Which ones can I throw away because a better
one has made it obsolete?

Thank you all in advance for your input.  I will post a summary
of the emailed information I receive if I get useful email stuff
which we should all see.

Scott Dalrymple   (on Portal; not sure of the address syntax:
Columbia, MD       !cup.portal.com!scott dalrymple, or something?)

Following is information on these programs: BOMBSQAD, CHK4BOMB,
CRCDOS, DPROTECT, FLUSHOT3, HDSENTRY, NOHARD, NOVIRUS, TRAPDISK,
VACINE, WPHD


BOMBSQAD COM     3072   1-01-80   2:18a
Andy Hopkins, Wilmington, DE.  Docs list no date, version 1.2.
TSR Disk protector.  Can be switched off.  Specify any combo of
Read, Write, Format, & Verify protection.  Can't specify drives,
apparently protects ALL.  If protected operation is attempted,
pop-up message displays drive, head, track, sector, # of sectors
and address.  User can allow or prevent the attempted operation.

CHK4BOMB EXE    12032  11-14-85   8:21a
Andy Hopkins, Wilmington, DE.  Docs say 10/29/85, version 1.0
Check an unknown program before it runs.  Displays all ASCII
strings in the program and checks for dangerous disk activity
(write to absolute sectors, format disk, use of ROM BIOS for direct
disk access).

DPROTECT COM      793  10-11-85  11:10a
Gee Wong, GEE WIZ S/W, E. Brunswick, NJ. Docs say 10/11/85, ver. 101.
TSR Disk protector.  Must reboot to remove.  Monitors interrupt 13h
for any destructive disk activity on one drive or all drives (not
clear whether x (>1, <all) drives can be protected.  When a call
that modifies disk is attempted, message is displayed.  Hit any key
and system is rebooted (to clear RAM and I/O Ports).

HDSENTRY COM      438   7-11-87   4:31p
Andrew Fried, Titusville, FL.  Docs say 1987, no version.
TSR Disk protector.  Must reboot to remove.  Monitors interrupt 13h
and effectively removes interrupt 26h (absolute disk write).
Can't specify drives, protects hard drive(s).  (All reference to
hard drive is *singular*, not plural.)  Disallows writes and formats,
allows reads and resets.  Warning is displayed.  No option to allow
a write or format.  Caller thinks he got to the hard drive.

NOHARD   COM      368   1-04-86   9:20a
Rob King, Springfield, VA.  Docs give no date, no version.
Admittedly very crude.  Removes hard disk interrupt.  Reboot to
restore.  Documentation is about 10 lines--which is somewhat
suspicious, although the author does give his (or a) name.

NOVIRUS  EXE     9050   1-24-88   7:26p
Yan Seiner, Princeton, NJ.  Docs say 1988, no version number.
Compares command.com with another copy on any drive:\path and
corrects if necessary.  No description of any output to screen.

TRAPDISK COM     3915   9-13-83  12:51p
No author listed.  Docs give no date, version 1.0.
A modification of BOMBSQAD, with due credit given to Andy Hopkins.
Even the documentation is shamelessly replicated almost verbatim.
Fixes bug in BOMDSQAD that incorrectly reports hard drive letters
and provides a third option (in addition to 'allow' and 'deny')
when protected operation is attempted: 'allow and disable TRAPDISK'
which stops any further checking.

VACINE   EXE    14560   2-23-88   7:23p
Art Hill, LaGrange, IL.  Docs give no date, version 1.2.
Checks your system files to be sure they haven't been tampered with.
Documentation is brief and states, "Copy it [VACINE] to the root
directory of your hard disk and type VACINE for instructions."
Art, forgive me if you are legitimate, but I'm not gonna touch
this one with a ten foot pole.  At least not on my hard drive.
Maybe on a floppy after CHK4BOMBing it, with one of these other
TSR disk protectors engaged.  Maybe.  (Funny that vaccine is
spelled wrong....)

WPHD     DOC     1280  10-23-85   1:52p
No author listed.  Docs say 10/21/85, no version number.
TSR Disk protector.  Can be switched off.  Write and format-
protects the hard drive (*singular*, not plural).  If format
is run, it appears to be reformatting but actually it is only
verifying.  (Why sit through all that verification?)

CRCDOS   EXE    18740   1-11-88  10:02p
R. E. Faith, no address.  Docs say 1/11/88, version 1.0.
Builds a CRC table for any list of files.  They you run it later
(every day recommended) to compare all CRCs with table.

FLUSHOT3 COM     2363   2-10-88
Ross Greenberg, New York, NY.  Docs say 1/26/88, version 3.
TSR disk protector.  Monitors either or both 13h and 26h.
Protects against harmful operations on COMMAND.COM and the two
hidden files. It also detects and corrects any changes to CMOS
ROM.

Thanks again for your input.
Scott