p1@arkham.wimsey.bc.ca (Rob Slade) (02/05/91)
Comparison Review
Company and product:
Techmar Computer Products
97 - 77 Queens Blvd.
Rego Park, NY 11374
USA
718-997-6800
Antivirus Plus (purported "AI vaccine")
Summary:
Protection against major known viri and some viral type activites from
new or unknown viri. Easy setup with no requirement for user decisions,
but strong possibility of interference with normal computer operations.
If used, it is recommended that experienced viral specialists be
available to handle infections identified. Not recommended for systems
with frequent changes in software or configuration.
Cost $99.95 US
Rating (1-4, 1 = poor, 4 = very good)
"Friendliness"
Installation 2
Ease of use 4
Help systems 1
Compatibility 2
Company
Stability 3
Support ?
Documentation 2
Hardware required 2
Performance 2
Availability 2
Local Support 1
General Description:
CURE is a manual scanning program with disinfection features. IMMUNE2
is a resident scanner that checks files as they are loaded, disks when
accessed, and memory when the program is first loaded. PREVENT1 is a
resident vaccine program.
Antivirus-Plus will detect infections by currently common viri. The
promise of detection of unknown viri is possible, but not likely in the
case of more advanced viral programs.
Recommended only for situations using the computer in fairly limited and
standard fashion, where automated attendance is a primary concern.
Comparison of features and specifications
User Friendliness
Installation
Antivirus-Plus appears to require installation from the A: drive onto a
hard disk. It is possible to install onto a foppy disk, and it is
possible to install from a drive other than A:, but it will continue to
request a "writeable" disk in A:.
The documentation states that removal from the hard drive requires
"de-installation", but this does not appear to be the case.
Installation is almost completely automated. Modification of
AUTOEXEC.BAT is not sophisiticated, but did not cause problems in
testing.
Ease of use
IMMUNE2 and PREVENT1 are automatic, background processes which operate
without operator attention. When the programs "identify" a process,
they do not do so either by virus name, or by identity of infected
program. The user is requested (by IMMUNE2) to run CURE, but no
parameters are given. See also "Compatibility" regarding false alarms.
Help systems
None provided.
Compatibility
Both CURE and IMMUNE2 identify common and well known viri, although not
always by the "standard" names. Jerusalem-B is identified as "Black
Friday #1", for example. All Antivirus-Plus programs are fairly noisy
about their detection of a virus, vis the message that appears when
IMMUNE2 is invoked while a virus is present in memory:
> +==========================+
> " Warning !! "
> Fri 1-18-1991 13:02:09.49" You are using an "
> A>antvirus\immune2 " infected disk(ette). "
> !! A Virus is present in y" "
> !! Removing the virus now " Use ANTI VIRUS "cure" "
> !! A Virus is present in y" program to remove virus. "
> !! Removing the virus now " "
> !! A Virus is present in y" Hit any key to continue "
> !! Removing the virus now +==========================+
> !! A Virus is present in your computer memory !!
> !! Removing the virus now !!
> !! A Virus is present in your computer memory !!
> !! Removing the virus now !!
> !! A Virus is present in your computer memory !!
> !! Removing the virus now !!
> The ANTI-VIRUS immunity program is now resident.
The same window, without quite so much "background noise", appears when
any disk, infected with a known boot sector virus, is accessed, even by
a directory request. It also appears when an infected program is run,
and states that the program has been disinfected. The program is *not*
disinfected on disk, but the virus appears to be barred from memory.
(Note that the virus in memory which triggered the display above was not
removed from memory, but was rendered inactive.)
The PREVENT1 program, however, fairs rather worse. It does not appear
to prevent any change to the boot sector, and therefore it seems that
new boot sector viri will be undetectable by the program, unless they
are very crude. This problem, however, is pale in comparison with the
problems PREVENT1 will cause with normal, uninfected, programs.
If you use a program (such as a word processor) to delete or modify a
program file, PREVENT1 will halt program execution. This may not seem
like a big deal: after all, how many people use (as I do) Word Perfect
as a disk manager? However, some programs, Word Perfect among them,
make changes to the program itself when you change some part of the
configuration, and PREVENT1 will stop this as well, telling you:
> Set-up Menu
>
> 0 - End Set-up and enter WP
>
> 1 - Set Directories or Drives for Dictionary and Thesa
> 2 - Set Initial Settings
> 3 - Set Screen and Beep Options
> 4 - Set Backup Options +==========================+
> " Warning !! "
> Selection: 0 " You have been running "
> " an infected program. "
> Press Cancel to ignore cha" "
> " PREVENT1 has removed the "
> " memory infection ! "
> " "
> " Hit any key to continue "
> +==========================+
It is, therefore, inadvisable to use Antivirus-Plus on a system which
undergoes frequent changes in this manner.
PREVENT1 is not completely consistent here. Word Perfect is halted when
trying to delete a program file, PCTOOLS is not. It is, therefore,
quite possible that some viri may slip past this protection.
Company Stability
Techmar is the distributor of Antivirus-Plus and other IRIS products in
the United States. Fink Enterprises, which distributes IRIS products in
Canada, will not carry Antivirus-Plus.
Company Support
Help line support was not used in testing. Techmar shipped very
quickly, but did not properly identify the package, which created
problems at the border.
Documentation
Documentation is provided solely on disk. The directions are clear and
readable, but very little information is provided beyond the most basic
installation information. Some information is the documentation is not
consistent with program operation, but not to the point of preventing
installation or operation.
Hardware Requirements
Documentation states hard disk required, but this can be avoided. Disk
"wants" to be installed from A: drive.
Performance
IMMUNE2 and CURE will identify many common viri. They fail to identify
the AIDS virus, which is interesting in that, while AIDS infections are
not common, the virus source code is available and widely known to
researchers. (CURE was the first "scanning" program tested not that was
not able to identify the virus.)
PREVENT1 will prevent some disk writes to program files, but allows
others to pass, including the deletion of program files. It apparently
does not check any writes to disk boot sectors or "bad" sectors.
Local Support
None stated or found.
Support Requirements
Alarms will likely require intervention by experienced personnel.
copyright 1991 Robert M. Slade
Vancouver p1@arkham.wimsey.bc.ca _n_
Insitute for Robert_Slade@mtsg.sfu.ca H
Research into (SUZY) INtegrity /
User Canada V7K 2G6 O=C\
Security Radical Dude | O- /\_
/-----+---/ \_\
/ | ` ||/
"A ship in a harbour is safe, but that / ||`----'||
is not what ships are built for." || ||
- John Parks `` ``