patel@mwunix.mitre.org (Anup C. Patel) (03/08/91)
Has anyone heard of a anti-virus package called PC-cillin? I am in the process of evaluating it, and wish to share my experience with it. PC-cillin is a combination of hardware and software solution. The package consists of an "Immunizer Box". The purpose of the box is "to preserve a record of your computer's boot sector and partition table." Whenever the system is turned on , the current partition is compared with the record stored in the Box. The Immunizer Box gets attached to the parallel port. The software portion consists of a program called PCCILLIN and PCC. PCC is used to install the software, scan the system, and create a rescue diskette. One noticable feature of PCC is that it checks high memory as well as conventinal memory. ALthough I'm not sure how many viruses hide themselves in memory above 1MB. PCCILLIN is a TSR that gets installed at boot time from the AUTOEXEC.BAT file. Upon bootup, PC-cillin compares information in the Immunizer Box with the current partition table and boot sector. It also installs a TSR that is supposed to monitor system activity. I ran an application infected with the 4096 virus while PCCILLIN was memory resident. PCCILLIN should have intercepted this infection, but did not report anything abnormal. However, PCC reported the infection when I performed a memory scan. I know this may not be enough information to make a final judgement, but how do others feel about virus protection scheme such as this. Loading PCCILLIN from AUTOEXEC.BAT is obviously a bad idea. I'm not too confident on its ability to check for viruses either, when PCCILLIN is resident. Thanks for listening!!