p1@arkham.wimsey.bc.ca (Rob Slade) (05/25/91)
Comparison Review
Company and product:
Paul Mace Software
400 Williamson Way
Ashland, OR 97520
USA
tech support 503-488-0224
fax: 503-488-1549
sold and supported through:
Fifth Generation Systems, Inc.
10049 N. Reiger Rd.
Baton Rouge, Louisiana
USA 70809
1-800-873-4384 sales and info
504-291-7283 tech support
504-291-7221 admin
telecopier: 504-292-4465
Mace Vaccine-Anti-viral software version 3.0, 890505
Summary:
Activity monitoring software, plus change detection
Cost
Rating (1-4, 1 = poor, 4 = very good)
"Friendliness"
Installation 3
Ease of use 2
Help systems 1
Compatibility 2
Company
Stability 3
Support 1
Documentation 1
Hardware required 1
Performance 2
Availability 2
Local Support ?
General Description:
SURVEY.EXE is a change detection program which calculates and stores
signatures of files. VACCINE.EXE monitors attempts to modify system
areas of hard disks, and may use the data from SURVEY.EXE to alert to
changes in programs as they are invoked. Recommendation limited to
*hard disk only* systems in situations where technical support staff are
responsible for system integrity and need to have records of changes.
Comparison of features and specifications
User Friendliness
Installation
The program disk is shipped write protected, but on a writeable disk.
The first line of the installation instructions, however, do stress the
importance of write protecting the disk before putting it into any
drive.
The README.TXT file is referred to in the installation documentation,
but (with this version) contains only the note that the documentation is
up to date. (The fact that this note is dated two years past is not
reassuring.) The README.TXT file is suggested to be viewed by running
README.BAT, but this requires that the MORE program be in the effective
path.
Installation consists simply of copying the files. The files can be
renamed, but the documentation does not note the necessity of keeping
the proper extensions. (Admittedly, any user who knows how to rename
files will likely also know the importance of extensions.)
Ease of use
There are two separate programs in the package. SURVEY.EXE calculates a
"check value" for each file in all subdirectories on the current, or any
specified, disk. The values are kept in a file called HELP.CRC on the
root directory of the checked disk. The check value is a four digit
hexadecimal code, and the name of the file would seem to indicate that
this is a CRC calculation rather than a checksum. Once the "survey" has
been done once, all, or specified individual, files may be checked
against it for changes. If a program has been altered the user is
alerted (but no action is suggested) and any changes are noted in a file
called CHANGES.CRC. New programs are not noted in the CHANGES.CRC file.
System areas are not checked: the package relies on the action of
VACCINE to stop any attacks on the boot sector or partition table.
The other program, VACCINE.EXE, is a resident program which can be
invoked with a number of switches to allow for three different levels of
protection to direct action against hard disk system areas. Although
the different levels are explained clearly, the decision as to which
level or option to use is not supported by discussion in the manual.
The package gives the initial impression that these functions are
integrated, and that complete protection against viral infection is
provided. Further exploration, however, reveals that each program must
be used indepenently, and that checks for modification of files or
system areas are by no means assured.
Help systems
There are no help systems.
Compatibility
The program does not protect against infection by the Stoned virus, or
any other boot virus. In testing, it did not detect the presence of the
infection on the hard disk, and did not prevent infection of floppy
diskettes. Although the documentation refers to protection of floppy
diskettes (and how to turn it off), further reading indicates that this
refers only to prevention of formatting of diskettes.
Further testing, in fact, reveals that there is almost no protection
provided to floppy disks, and, indeed, that it is *not possible to run
the program on a floppy only system*. The VACCINE program will not go
resident if a hard disk is not present. This is nowhere mentioned in
the documentation (which states that it "works on all IBM and compatible
machines with DOS 2.0 or higher, and uses slightly more that 6K of
memory." It is also not noted by the program: when invoked it merely
states that a hard disk is not present.
The VACCINE program apparently makes no attempt to prevent changes to
program or other files, but does prevent changes to system areas of the
hard disk. (Depending upon the level of protection selected, this may
only be extended to the first hard disk.) Therefore, system management
utilities may conflict with the package. The documentation specifically
warns against the use of disk testers, defragmenters or sector editors
while VACCINE is operating. The program can be "turned off" to allow
operation of such programs.
Also, any programs which alter their own code will generate alerts by
the SURVEY program, or by VACCINE at level 3.
Company Stability
Unknown.
Company Support
Unknown.
Documentation
The documentation is clear and understandable, but quite sparse (only 15
pages long.) While directions for operating the program are plain, the
implications of what the program will do are not, even after several
readings. (After testing, the careful wording fo some of the passages
becomes clear. Personally, I find the documentation almost misleading
in many areas, although few can be said to be inaccurate when looked at
carefully.)
Hardware Requirements
A hard disk is required, although that is *not* mentioned in the
package.
Performance
Able to detect (manually) changes to previously surveyed program files.
Local Support
None provided.
Support Requirements
The package is simple enough for an intermediate user to install. Given
the current climate of viral activity, naive users would have to have
immediate access to experienced advice to interpret the activity of this
package, and any alerts it would generate. Intermediate users would be
able to use the program effectively most of the time, but should have
access to skilled help for many situations.
General Notes
This product has a very high reputation with many as one of the first
commercial antiviral programs. However, the fact that it has not been
updated in two years is surprising. Given that fact, however, the
weaknesses of the program may be understandable. Nonetheless, they are
enough to prevent one from recommending the product in any but the most
restricted situation.
copyright Robert M. Slade, 1991 PCMACE.RVW 910524
=============
Vancouver p1@arkham.wimsey.bc.ca | "If you do buy a
Institute for Robert_Slade@mtsg.sfu.ca | computer, don't
Research into (SUZY) INtegrity | turn it on."
User Canada V7K 2G6 | Richards' 2nd Law
Security | of Data Security