p1@arkham.wimsey.bc.ca (Rob Slade) (03/06/91)
Comparison Review
Company and product:
Trend Micro Devices Inc.
2421 W. 205th St., #D-100
Torrance, CA 90501
USA
213-782-8190
PC-cillin - program change detection hardware/software
Summary:
A change detection and vaccine program with some scanning functions.
Change detection is applied to boot sectors and partition boot records
as well. System status information is stored in a hardware device
connected to a parallel port.
Cost US $139.00
Rating (1-4, 1 = poor, 4 = very good)
"Friendliness"
Installation 3
Ease of use 3
Help systems 2
Compatibility 2
Company
Stability ?
Support 2
Documentation 3
Hardware required 3
Performance 2
Availability 2
Local Support ?
General Description:
The best functioning parts of the package appear to be the scanning, and
"resident scanning" operations. Not highly recommended; most suitable
for novice users with operations primarily limited to a single hard disk
and strictly limited disk swapping.
Comparison of features and specifications
User Friendliness
Installation
The disk is shipped write protected, although only by a write protect
tab. (The disk is not a "notchless" read-only disk.) The installation
procedure is written with a "pre-infected" system in mind, and, if
followed carefully, should provide against infection by any virus known
to the program. (The procedure to be followed in case of partition
table infection, although quite clear in its explanation of the problem,
is deficient in not recommending making a backup before beginning the
procedure.)
PC-cillin can install from, or to, any drive, but will not install to
the drive from which the installation files are being run. Installation
is simple and reasonably quick. Modification to AUTOEXEC.BAT or
CONFIG.SYS is simple, but non-destructive and maintains a backup file.
Upon installation to a boot virus infected system, PC-cillin identified
the virus, but allowed the installation to proceed. Upon "rebooting",
PC-cillin alerted for the presence of a boot sector virus.
Interestingly, once the disk was disinfected, PC-cillin allowed the disk
to boot normally. Without having access to the encoding system used, it
is difficult to say what check is used to detect a change in the boot
sector. A deliberate change made in the boot sector text had no effect.
The package makes provision for software updates of the "signature"
programs without the need for reinstallation of the entire system.
Ease of use
A single program, PCC.EXE, gives access to all functions, installation,
scanning (called "Quarantine" by PC-cillin) and the production of a
"rescue diskette". Installation and scanning are clear and self-
explanatory in operation. The making of a rescue diskette is less so,
involving unnecessary disk swapping.
When scanning, PC-cillin does not disinfect infected files, but does
offer to delete them. The decision is left to the user. Boot sector
viri on floppies are not disinfected, even if they are the "boot floppy"
that PC-cillin was installed on. Repair information is apparently only
stored for the hard disk PC-cillin is installed on.
Because of its "background" operation, PC-cillin presents an "inverse
face" (PC graphics character 02H) in the upper right hand corner of the
screen when in operation. The documentation states that this display
can be toggled off or on with <Alt><Tab><Backspace>, and that the
operation of PC-cillin in background can be toggled on and off with
<Alt><Backspace>. The message displayed by the PCCILLIN program at
invocation indicates a different key sequence. Neither appear to work.
Help systems
None provided.
Compatibility
The scanning function of PC-cillin is stated to recognize 146 different
viri, and it does recognize the most common viri that make up the bulk
of current infections. The "vaccine" functions of the product are
either very intelligent or very doubtful: the program will allow
programs to modify themselves, other programs and disk boot sectors, as
well as deleting program files. (Disk writing by certain programs
appears to be restricted, by in testing no alarms were generated by
multiple attempts to write to program files through the use of different
programs and editors.) Protection of boot sectors appears limited to
the "installed" hard disk: the program will not recover an infected boot
sector floppy.
Company Stability
Unknown.
Company Support
When the company first shipped the product for review, an incorrect
Customs declaration for shipping to Canada delayed shipping of the
review copy.
The program makes provision for software updates of the "signature"
programs, but does not indicate any definite way to keep customers
informed.
Documentation
The documentation is clear and well laid out, and contains an excellent
discussion of general viral operations. The progression through the
book is logical, and novice users should be able to follow it clearly.
Advanced users will still find items of interest in the section on
general viral concepts.
One complaint about the documentation concerns the binding. The book is
paperback size, and very stiffly bound, with cardboard dividers between
the sections. Thus the book is *physically* hard to read.
The "disk documentation" (README.DOC file) is not up to the same
standard. It is full of grammatical errors, and in some places is
nearly impossible to read.
Hardware Requirements
At least one parallel (printer) port is required. The "Immunizer Box"
attachment is said to be transparent to user data.
Performance
The product is "aware" of the currently most common viri.
Identification in various areas relies on known viral activity: although
memory is checked, it does not appear to "find" memory resident viri
which can also be found on disk. Vaccine or recovery activities are
restricted at best.
Local Support
None provided
Support Requirements
The program is easy enough for a novice to use and install without
assistance. If a virus is found, it is recommended that experienced
personnel deal with it.
General Notes
A great deal of thought and planning has gone into the concept and
packaging of this product. Provision for the use of floppy diskettes,
and a general strengthening of the "vaccine" and change detection
portions of the program would benefit it immensely.
copyright Robert M. Slade 1991
==============
Vancouver p1@arkham.wimsey.bc.ca | "It says 'Hit any
Institute for Robert_Slade@mtsg.sfu.ca | key to continue.'
Research into (SUZY) INtegrity | I can't find the
User Canada V7K 2G6 | 'Any' key on my
Security | keyboard."