[comp.virus] Review of Eliminator

p1@arkham.wimsey.bc.ca (Rob Slade) (05/15/91)

                               Comparison Review

Company and product:

International Computer Virus Institute
1257 Siskiyou Boulevard, Suite 179
Ashland, OR   97520
USA
503-488-3237
503-482-3284
BBS 503-488-2251
British Computer Virus Research Centre
12 Guildford Street, Brighton, East Sussex, BN1 3LS, England
Tel: 0273-26105
Joe Hirst
Eliminator/Virus Monitor/Virus Clean, version V1.17, Oct. 1990, Rel B,
also Virus Simulation Suite


Summary:

Resident and manual virus scanning and disinfection, also demonstration
virus simulators.

Cost: range from $190 (single copy with updates) to volume $8.50/CPU
(US)

Rating (1-4, 1 = poor, 4 = very good)
      "Friendliness"
            Installation      2
            Ease of use       3
            Help systems      1
      Compatibility           2
      Company
            Stability
            Support
      Documentation           3
      Hardware required       4
      Performance             3
      Availability
      Local Support

General Description:

Virus Monitor is a resident scanning program which checks disks as
accessed, and programs when invoked.  Virus Clean is a manual scanner
and disinfector.  The programs are suitable for intermediate users in
the average computing environment.

The suite of virus characteristic simulator programs are interesting,
and may be useful in boosting attention in virus awareness training.

                  Comparison of features and specifications



User Friendliness

Installation

The programs are shipped protected, but on a writable disk.  There is no
installation program, as installation consists merely of copying the
files to the system they are to be run on.  Virus Monitor (VM.COM) is a
resident checker, and the user is instructed to add it as the first line
in the AUTOEXEC.BAT file, but no direction is given as to how this is to
be done.

The package comes with a printed manual.  There is also a file on disk
(MANUAL.TXT) which is the same information in softcopy.  The disk label
directs the user to type "ICVI" to get information.  Doing this presents
a menu which offers to list onscreen or print out the manual (as well as
the documentation for the virus simulators.)

The documentation is brief, but fairly clear aside from the lack of
installation instructions.  There is no discussion of dealing with
pre-existing infections.

Ease of use

The resident scanner, VM.COM, has no options and, the documentation
suggests, should be started at boot time.  When invoked, it will examine
memory for viral infections, and then go into the background.  (If any
infection is found, the program will disable it.)  As disks are
accessed, VM will examine the boot sector, and will alert the user to
known virus code.  No other action is taken or suggested, the user is
merely prompted to "Press any key to continue."  If an infected program
is called, the program will alert the user and refuse to run the file.

The Virus Clean program (VC.COM) accepts command line switches to check
only boot sectors, check only files, check files with specific
extensions, check all files, list files checked, pause when the screen
has filled, output to a file, delete infected files or remove
infections.  The removal option has five sub-options, boot sector only,
.COM ONLY, .EXE only, all and none.  The default settings are stated to
be to check boot sectors, .COM and .EXE files, not to list checked files
and to remove only boot sector and .COM infections.  (This is suggested
by the documentation because of the possible overwriting of overlay
portions of .EXE files.)  However, in testing the program did not
attempt any removal of infections.

When removal is attempted on a write protected disk, the program will
generate an error message.

The virus simulator programs that come with the disk are amusing, and
can be useful in demonstrating to users the type of activities that
viral programs *may* demonstrate.  I have found that they stimulate
great interest in seminars, but must be used with caution so as not to
suggest that all viral programs demonstrate these, or similar,
characteristics.  (Joe Hirst is to be congratulated on the TSR expertise
that allows Cascade, Ping-Pong/Italian, Oropax and Yankee Doodle to play
simultaneously.  Note that attempts to run Cascade on 386 systems have
not been successful.)

Help systems

None provided.

Compatibility

Given the old release date (as supplied), the program finds a
significant number of common viral programs.  Of interest is the fact
that the program checks for variation in known viral strains, and alerts
the user to keep a copy for forwarding to the distributor for study.

Company Stability

Unknown.

Company Support

Unknown.

Documentation

The documentation is brief, in terms of program operation, but clear.
Over two thirds of the documentation is given to a description of the
operation of the viral programs that the program will detect.  This
section has about the same level of detail as that supplied with FPROT,
but with fewer viral programs listed.

Hardware Requirements

No special hardware required.

Performance

Although the program does not match the number of viral programs
detected by some others, the speed of operation ranks with the fastest
scanners tested.

Local Support

Unknown.

Support Requirements

Although the program is not very complicated, the lack of automated
installation, the lack of detail in the installation section of the
documentation, and the command line switches used by VC.COM suggest that
novice users will need some assistance.

copyright Robert M. Slade, 1991   PCELMNTR.RVW  910514


=============
Vancouver          p1@arkham.wimsey.bc.ca   | "If you do buy a
Institute for      Robert_Slade@mtsg.sfu.ca |  computer, don't
Research into      (SUZY) INtegrity         |  turn it on."
User               Canada V7K 2G6           | Richards' 2nd Law
Security                                    | of Data Security