p1@arkham.wimsey.bc.ca (Rob Slade) (03/01/91)
[Ed. Both of these reviews are now available by anonymous FTP on
cert.sei.cmu.edu in pub/virus-l/docs/reviews, along with the rest of
Rob Slade's (and a few others') reviews.]
Comparison Review
Company and product:
Microcom Software Division
3700-B Lyckan Parkway
Durham, NC 27717
USA
919-490-1277
Virex-PC, also Virex for Mac - scanner and vaccine
Summary:
VPCSCAN is the fastest scanning product yet reviewed. VIREX-PC vaccine
is customizable with multiple options and allows "protection" of
specified files as well as alerts on "formatting" and "program
modification" and is recommended for "expert" users. Documentation is
an excellent overview of viral and PC operations.
Cost US $99.00
Rating (1-4, 1 = poor, 4 = very good)
"Friendliness"
Installation 2
Ease of use 4
Help systems 2
Compatibility 3
Company
Stability 4
Support 3
Documentation 4
Hardware required 4
Performance 3
Availability 4
Local Support ?
General Description:
VPCSCAN is a virus detection and disinfection product. It will remove
some viri from files or optionally delete the file if it cannot be
disinfected. Disinfection or deletion is at user control. VIREXPC is a
"resident" "activity" and "change detection" program which checks for
formatting calls, direct disk writes, TSR initiation, "registration" of
programs, "checksum" changes or program specific (user defined)
prohibited operations. (During this review, Virex-PC refers to the
whole package, VIREX-PC to the TSR vaccine program only.)
Ross Greenburg was one of the first to produce an anti-viral product,
Flu-Shot. Microcom's Virex product for the Macintosh is also well
established. SCANDEMO, a "scan only" demonstration product, is
available free of charge on some electronic bulletin board systems.
Please, when reading this review, note a built in bias towards Ross
Greeburg's work. Comparison of features and specifications
User Friendliness
Installation
Disks shipped write protected. Documentation stresses the importance of
write protecting the disks, suggests making "working copy" of the
original disk, and checking the computer system with VPCSCAN before
making installation onto the hard disk, but the suggested procedure
could leave the "working copy" infected.
Installation requires the Virex-PC diskette in drive A:, regardless of
which drive it is invoked from. If you wish to install the program onto
a "boot floppy", the diskette to be installed "to" must be in drive B:.
Effective installation is impossible without reading the documentation
and understanding the concepts and system configuration thoroughly. The
documentation is complete and quite clear, but "naive" users may find
the number of functions and features, and the explanations, daunting to
tackle.
Subsequent to installation, the "Protection File" can be editted.
However, the "README" file notes that this should not be done while
VIREX-PC is active, and if you invoke VIREX-PC automatically at boot
time, you will have to boot from a floppy in order to modify your
protection.
Ease of use
Once installed, the system operates without intervention, unless viral
activity is detected. The alert screens are clear and informative. The
decisions necessary, and the usefulness or "hindrance" of the system
depends largely on the installation, which should be "matched" to the
experience of the user.
VPCSCAN's screen display shows the files checked individually, but
continues to display the directories checked until the screen is full,
so that a number of directories can be seen at once. This is much
clearer than the practice of other programs which only display one file
at a time, or only the directories checked, especially given the speed
of VPCSCAN's operation.
Help systems
Alert screens contain somewhat esoteric, but very complete information
on the activity taking place. This will be very helpful to expert
users, but even novices will find it easier to make an "informed"
decision on whether or not to allow an operation.
Compatibility
VPCSCAN, in contrast to the lists known to SCAN and FPROT, finds
relatively few viri. Those that it does find, however, would likely
account for better than 99% of actual infections. The manual states
that updates are made quarterly, and that registered users will receive
"notification" of updates. (According to the registration cards,
updates will be $25 each, or you may receive a year's "subscription" for
$75.) However, it is now three months (one "quarter") since I
registered my copy, and I have yet to receive any notification. (It is
possible, although improbable, that this period exactly coincides with
one "update period.")
Although one of the standard alerts in the package is for "direct writes
to diskette", and even though the Stoned/New Zealand virus is one which
VPCSCAN will identify (although not disinfect), VIREX-PC was not able to
protect against, and did not warn of, infection by the Stoned virus.
Although VIREX-PC will make a checksum of disk or diskette boot sectors,
it does not checksum partition boot records.
Company Stability
Microcom is a stable and diverisfied company, if somewhat samller than a
Lotus or Microsoft. Virex for the Mac has been around for some time,
although it is not one fo the current "leaders" among Mac antivirals.
Ross Greenburg was one of the first to write an antiviral program for
MS-DOS (Flu-Shot) and it is still a viable program.
Company Support
Virex-PC was the third to arrive of all the commercial programs I had
requested for review. Microcom had no problems with shipping across the
border, although the package did arrive crushed.
Note also the lack of update notification for the period specified.
Documentation
Very good (clear, concise) section on general virus information.
The procedure given in the Quick Start section could produce an infected
"working copy" of the Virex-PC disk.
The installation "prompts" are no better or worse than others reviewed,
but the documentation explains all options very clearly, both in terms
of the options available, and the reasons for the options.
Hardware Requirements
There are no special hardware requirements.
Performance
VPCSCAN is amazingly fast. File checking is at least twice as fast as
either FPROT or SCAN across all platforms tested.
VIREX-PC has more options than other vaccine type programs, as well as
change detection capabilities. However, although one of the standard
alerts in the package is for "direct writes to diskette", and even
though the Stoned/New Zealand virus is one which VPCSCAN will identify
(although not disinfect), VIREX-PC was not able to protect against, and
did not warn of, infection by the Stoned virus. Although VIREX-PC will
make a checksum of disk or diskette boot sectors, it does not checksum
partition boot records.
Local Support
No provisions.
Support Requirements
The installation and operation of VIREX-PC and VPCSCAN should not be
beyond the average intelligent user who is willing to spend time with
the manual before installation. However, in supported environments, it
would be best to have the support staff perform installation.
General Notes
Although in many respects a superior product, the inability to prevent
infection by the ubiquitous "Stoned" virus must be seen as a failing.
However, Virex-PC will detect the "Stoned" virus, and, with some care,
recovery can take place without recourse to other specialised products.
copyright Robert M. Slade 1991
==============
Vancouver p1@arkham.wimsey.bc.ca | "It says 'Hit any
Institute for Robert_Slade@mtsg.sfu.ca | key to continue.'
Research into (SUZY) INtegrity | I can't find the
User Canada V7K 2G6 | 'Any' key on my
Security | keyboard."c-rossgr@uunet.uu.net (03/07/91)
Just a few notes on the Virex-PC review. >VPCSCAN is the fastest scanning product yet reviewed. VIREX-PC vaccine >is customizable with multiple options and allows "protection" of >specified files as well as alerts on "formatting" and "program >modification" and is recommended for "expert" users. Documentation is >an excellent overview of viral and PC operations. A great deal of thought went into the next version of the code to make it more suitable for not just the "expert" user, but for the "novice" user as well -- as well as the person in between the two extremes. As much as I resisted changing the code from its inherent "hacker" roots (based upon my FLU_SHOT+ code), Microcom was able to change my mind by waving vast reams of money in front of my face and saying the magic words "user friendly". >Ross Greenburg was one of the first to produce an anti-viral product, >Flu-Shot. Microcom's Virex product for the Macintosh is also well >established. SCANDEMO, a "scan only" demonstration product, is >available free of charge on some electronic bulletin board systems. FLU_SHOT+ is still available, but most (if not all) of my development work is in Virex-PC: a good portion of that trickles down, eventually, to FLU_SHOT+, but Virex-PC is amazingly more complete. The SCANDEMO program available on BBS's will expire at the end of this month. Before then they'll be a new SCANDEMO available that will expire sometime in September. This new one is much more complete in its virus string collection (see below). >Installation > >Disks shipped write protected. Documentation stresses the importance of >write protecting the disks, suggests making "working copy" of the >original disk, and checking the computer system with VPCSCAN before >making installation onto the hard disk, but the suggested procedure >could leave the "working copy" infected. Hey! I didn't write the manual! I've forwarded the complaint on to the manual writers (documentalists -- aren't large corporations great in verbifying things? :-) ), and it'll be fixed in Version 2.0: thanks for pointing it out. >Effective installation is impossible without reading the documentation >and understanding the concepts and system configuration thoroughly. The >documentation is complete and quite clear, but "naive" users may find >the number of functions and features, and the explanations, daunting to >tackle. As mentioned above, the new release is specifically designed to be more "user friendly" - pop-up help screens, a nice front end on the install program, etc. Those help screens can even be made user configurable by large sites. If there's enough interest, I'll try to convince the marketing guys at Microcom to include the help compiler into a release of the code so that people who don't like my help text can use their own. Send me notes via E-mail: I'll letcha know what Microcom has to say. >VPCSCAN, in contrast to the lists known to SCAN and FPROT, finds >relatively few viri. Those that it does find, however, would likely >account for better than 99% of actual infections. The next release of the code should have well over 300 virus signatures in it. We keep up to date on this stuff and have the facility of using an external file if a serious infection that we don't carry in our distributed version suddenly sems important. I've been just a tad busy on the next release.... >The manual states >that updates are made quarterly, and that registered users will receive >"notification" of updates. (According to the registration cards, >updates will be $25 each, or you may receive a year's "subscription" for >$75.) However, it is now three months (one "quarter") since I >registered my copy, and I have yet to receive any notification. (It is >possible, although improbable, that this period exactly coincides with >one "update period.") ..did I mention how much I hate and dispise Windows? Argh! Internal inconsistancies and documentation that makes good landfill -- they do cause some delays. However, every registered user will get a free update (those using the code currently will get the free update to the Windows version I'm working on now: the one with the new install program, etc.) Those who subscribe to the update service (a bargain!) will get their full four updates without a question, by the way, even if I'm a bit late in releasing new code. Did I mention how much I hate Windows? >Although one of the standard alerts in the package is for "direct writes >to diskette", and even though the Stoned/New Zealand virus is one which >VPCSCAN will identify (although not disinfect), VIREX-PC was not able to >protect against, and did not warn of, infection by the Stoned virus. >Although VIREX-PC will make a checksum of disk or diskette boot sectors, >it does not checksum partition boot records. Sighted: one bug, one oversight. Sank same. You'll se a fix for both of these problems in the V2.0 release. >Company Stability > >Microcom is a stable and diverisfied company, if somewhat samller than a >Lotus or Microsoft. Virex for the Mac has been around for some time, >although it is not one fo the current "leaders" among Mac antivirals. >Ross Greenburg was one of the first to write an antiviral program for >MS-DOS (Flu-Shot) and it is still a viable program. From my understanding, the Mac Virex is either number two or number three on the Mac side of things, depending upon how you measure these things. Naturally, since I only use real computers I don't know about Mac's...<grin> Ross M. Greenberg Author, Virex-PC & Flu_Shot+ Disclaimer: This account does not imply that my opinions and Microsoft's are the same. Take my word for it: they're not!