p1@arkham.wimsey.bc.ca (Rob Slade) (01/25/91)
Comparison Review
Company and product:
McAfee Associates
4423 Cheeney Street
Santa Clara, CA 95054
USA
SCAN, CLEAN, VSHIELD, SENTRY - virus detection, disinfection and
protection, also FSHIELD and VCOPY
Summary:
A useful and regularly updated set of products with a large user base.
Separate distribution of the programs may be a problem.
Cost: $25 - $35 US per program, $159 for the set as of version 72
Rating (1-4, 1 = poor, 4 = very good)
"Friendliness"
Installation 2
Ease of use 3
Help systems 2
Compatibility 3
Company
Stability 3
Support 3
Documentation 2
Hardware required 4
Performance 2
Availability 3
Local Support 3
General Description:
SCAN is a boot sector, memory and file scanning program, with some
disinfection capabilities. CLEAN is a disinfection program. VSHIELD
and SENTRY are resident file infection and activity checking programs.
The programs are widely available on electronic bulletin board systems
in the U. S. and Canada, at varying version levels. They are widely
used, and supported by third party "front ends", utilities and menuing
systems. The programs are updated regularly, and are supported by the
"Homebase" BBS run by McAfee associates.
Comparison of features and specifications
User Friendliness
Installation
SCAN and CLEAN do not require installation as such. All programs,
however, are distributed in .ZIP format and, beginning with version 72,
require PKUNZIP version 1.10 for unpacking with authenticity
verification.
VSHIELD is distributed in two, mutually exclusive, versions. Both
versions require the use of SCAN's /AV option, which adds an
authentication CRC check onto programs. A second level of protection is
added in one version with file infection checking for known viri. (Note
that the /AV code must be added to all programs before installation of
VSHIELD for it to be effective, and that this will cause programs, such
as Word Perfect, which contain their own "change detection" programming,
to fail.) VSHIELD must be installed "manually" by the user in the
AUTOEXEC.BAT file with all desired options and switches.
SENTRY is a change detection program which examines boot sectors, system
software and even memory structure. It is distributed as an
installation program, but as any change to the system (including
software updates) will cause alarm warnings, it must be re-installed
upon each change.
Ease of use
The SCAN program is fairly simple to execute, but provides for a very
large number of options in the form of software "switches". These can
complicate the use of the program, but probably will not be used by most
users. The base scanning function is simple to operate, and novice
users will probably not use any other functions. (The one major
exception is the /AV option. If used on a program that is already "self
checking" it will likely cause the program to terminate, and so must be
identified and removed.)
Use of CLEAN or VSHIELD is complicated by the fact that SCAN must be a
part of the process, but again the basic operation is straightforward.
Help systems
If SCAN is invoked with no specifications, it gives three examples of
use. There is no "online" listing for the software "switches" for the
various programs.
Compatibility
SCAN and the other programs in the suite are updated regularly, and the
latest version should be able to handle almost all viri that a user
would encounter. The addition of the external file option in version 71
is also a major increase in utility.
Company Stability
John McAfee has been producing versions of SCAN for a number of years,
updating on a very regular basis. SCAN is probably the most widely used
virus scanner in North America at present.
Recent versions have been subject to a number of "bug fix" releases.
Company Support
McAfee Associates lists their address and phone number in all
documentation, and support the Homebase BBS.
Documentation
The directions for use of the programs are clear in all cases, if
somewhat concise. However, novice users will find little conceptual
information about viri, or specific information about the various viri
that SCAN will deal with.
The documentation, while not quite alarmist, certainly strongly suggests
that the user, if any virus is ever found, should "retain" the services
of McAfee Associates. Also, outside sources (such as the Hoffman virus
list) often state that viri can be dealt with by, for example, using the
"SCAN /D" option, without warning that this merely deletes and
overwrites the existing file.
Hardware Requirements
No special hardware is required. The SCAN program itself will not work
with local area networks, but a NETSCAN program is available (again as a
separate package which must be separately obtained.)
Performance
For boot, memory and file scanning only, SCAN is measurably faster than
FPROT, although not anywhere as fast as VPCSCAN. SCAN did miss some
viri in testing, but the only viri missed were all, in some way,
crippled.
SCAN does not have the range of functions of FPROT. In addition, FPROT
consistently offered superior "disinfection" capabilities. Versions of
CLEAN tested (and the earlier MDISK) have, in my own experience,
occasionally left the computer or disk in a worse state than the virus.
Local Support
Because of the very wide use, local support of SCAN is more generally
available. The available version, however, is not always the latest, as
many users, in my experience, tend to use the one version they obtain
for at least a year before seeking another.
There are also a number of shareware products that "enhance" the use of
SCAN, such as menuing "front ends" or programs to assist in checking
archived files.
Support Requirements
If at all possible, it would be best if knowledgeable users assisted
with the use of SCAN. The programs are simple enough to be operated by
a novice user, and no harm should result, but best results will be
obtained with the program if someone aware and informed of virus
operation is involved.
General Notes
SCAN is a very useful virus scanning program, and John McAfee is to be
commended for keeping it updated over the years. It has undoubtedly
saved, without exaggeration, many millions of dollars in lost computer
services. That said, one is still left with the impression that the
program, as a program, could benefit from more attention to function,
and less to the promotion of the services of McAfee Associates. The
breaking of the program into different packages for distribution
increases the difficulty in installation and use, and seems only to
serve to hide the true cost of the program, which is very high for
shareware.
copyright 1991 Robert M. Sladegt1546c@prism.gatech.edu (Gatliff, William A.) (01/29/91)
Pardon my input into something I know very little about, but I have a question/comment: I have observed that, according to a lot of the posts in this newsgroup, many of these viri infect the boot sector of a disk. To help combat this, what would be the possibility of 'delibrately' infecting ones boot-sector with a piece of code that would display some kind of 'ok' message if it hadn't been tampered with? For example, as the computer goes to boot, it loads the boot sector and prints something like 'All is ok as of ...<maybe insert a date here.> as instructed by the program that lies there (the one I *put* there.) Ok. Now, if the user doesn't see that message when he boots, he can suspect that all is not ok. Maybe this piece of code would run some kind of check on itself to be sure it hadn't been relocated or something... This is just a brief flash of insight I had, I'm *not* a programmer or anything. Would this be a helpful tool in the war against viruses? I would like to add that even within the very short amount of time I have spent reading this newsgroup I have been impressed with the amount that you guys seem to know about these animals. It makes me feel good that there are a number of obviously very capable dudes/dude-etts working on the side of those who need protection from these creatures. b.g.