p1@arkham.wimsey.bc.ca (Rob Slade) (01/25/91)
Comparison Review Company and product: McAfee Associates 4423 Cheeney Street Santa Clara, CA 95054 USA SCAN, CLEAN, VSHIELD, SENTRY - virus detection, disinfection and protection, also FSHIELD and VCOPY Summary: A useful and regularly updated set of products with a large user base. Separate distribution of the programs may be a problem. Cost: $25 - $35 US per program, $159 for the set as of version 72 Rating (1-4, 1 = poor, 4 = very good) "Friendliness" Installation 2 Ease of use 3 Help systems 2 Compatibility 3 Company Stability 3 Support 3 Documentation 2 Hardware required 4 Performance 2 Availability 3 Local Support 3 General Description: SCAN is a boot sector, memory and file scanning program, with some disinfection capabilities. CLEAN is a disinfection program. VSHIELD and SENTRY are resident file infection and activity checking programs. The programs are widely available on electronic bulletin board systems in the U. S. and Canada, at varying version levels. They are widely used, and supported by third party "front ends", utilities and menuing systems. The programs are updated regularly, and are supported by the "Homebase" BBS run by McAfee associates. Comparison of features and specifications User Friendliness Installation SCAN and CLEAN do not require installation as such. All programs, however, are distributed in .ZIP format and, beginning with version 72, require PKUNZIP version 1.10 for unpacking with authenticity verification. VSHIELD is distributed in two, mutually exclusive, versions. Both versions require the use of SCAN's /AV option, which adds an authentication CRC check onto programs. A second level of protection is added in one version with file infection checking for known viri. (Note that the /AV code must be added to all programs before installation of VSHIELD for it to be effective, and that this will cause programs, such as Word Perfect, which contain their own "change detection" programming, to fail.) VSHIELD must be installed "manually" by the user in the AUTOEXEC.BAT file with all desired options and switches. SENTRY is a change detection program which examines boot sectors, system software and even memory structure. It is distributed as an installation program, but as any change to the system (including software updates) will cause alarm warnings, it must be re-installed upon each change. Ease of use The SCAN program is fairly simple to execute, but provides for a very large number of options in the form of software "switches". These can complicate the use of the program, but probably will not be used by most users. The base scanning function is simple to operate, and novice users will probably not use any other functions. (The one major exception is the /AV option. If used on a program that is already "self checking" it will likely cause the program to terminate, and so must be identified and removed.) Use of CLEAN or VSHIELD is complicated by the fact that SCAN must be a part of the process, but again the basic operation is straightforward. Help systems If SCAN is invoked with no specifications, it gives three examples of use. There is no "online" listing for the software "switches" for the various programs. Compatibility SCAN and the other programs in the suite are updated regularly, and the latest version should be able to handle almost all viri that a user would encounter. The addition of the external file option in version 71 is also a major increase in utility. Company Stability John McAfee has been producing versions of SCAN for a number of years, updating on a very regular basis. SCAN is probably the most widely used virus scanner in North America at present. Recent versions have been subject to a number of "bug fix" releases. Company Support McAfee Associates lists their address and phone number in all documentation, and support the Homebase BBS. Documentation The directions for use of the programs are clear in all cases, if somewhat concise. However, novice users will find little conceptual information about viri, or specific information about the various viri that SCAN will deal with. The documentation, while not quite alarmist, certainly strongly suggests that the user, if any virus is ever found, should "retain" the services of McAfee Associates. Also, outside sources (such as the Hoffman virus list) often state that viri can be dealt with by, for example, using the "SCAN /D" option, without warning that this merely deletes and overwrites the existing file. Hardware Requirements No special hardware is required. The SCAN program itself will not work with local area networks, but a NETSCAN program is available (again as a separate package which must be separately obtained.) Performance For boot, memory and file scanning only, SCAN is measurably faster than FPROT, although not anywhere as fast as VPCSCAN. SCAN did miss some viri in testing, but the only viri missed were all, in some way, crippled. SCAN does not have the range of functions of FPROT. In addition, FPROT consistently offered superior "disinfection" capabilities. Versions of CLEAN tested (and the earlier MDISK) have, in my own experience, occasionally left the computer or disk in a worse state than the virus. Local Support Because of the very wide use, local support of SCAN is more generally available. The available version, however, is not always the latest, as many users, in my experience, tend to use the one version they obtain for at least a year before seeking another. There are also a number of shareware products that "enhance" the use of SCAN, such as menuing "front ends" or programs to assist in checking archived files. Support Requirements If at all possible, it would be best if knowledgeable users assisted with the use of SCAN. The programs are simple enough to be operated by a novice user, and no harm should result, but best results will be obtained with the program if someone aware and informed of virus operation is involved. General Notes SCAN is a very useful virus scanning program, and John McAfee is to be commended for keeping it updated over the years. It has undoubtedly saved, without exaggeration, many millions of dollars in lost computer services. That said, one is still left with the impression that the program, as a program, could benefit from more attention to function, and less to the promotion of the services of McAfee Associates. The breaking of the program into different packages for distribution increases the difficulty in installation and use, and seems only to serve to hide the true cost of the program, which is very high for shareware. copyright 1991 Robert M. Slade
gt1546c@prism.gatech.edu (Gatliff, William A.) (01/29/91)
Pardon my input into something I know very little about, but I have a question/comment: I have observed that, according to a lot of the posts in this newsgroup, many of these viri infect the boot sector of a disk. To help combat this, what would be the possibility of 'delibrately' infecting ones boot-sector with a piece of code that would display some kind of 'ok' message if it hadn't been tampered with? For example, as the computer goes to boot, it loads the boot sector and prints something like 'All is ok as of ...<maybe insert a date here.> as instructed by the program that lies there (the one I *put* there.) Ok. Now, if the user doesn't see that message when he boots, he can suspect that all is not ok. Maybe this piece of code would run some kind of check on itself to be sure it hadn't been relocated or something... This is just a brief flash of insight I had, I'm *not* a programmer or anything. Would this be a helpful tool in the war against viruses? I would like to add that even within the very short amount of time I have spent reading this newsgroup I have been impressed with the amount that you guys seem to know about these animals. It makes me feel good that there are a number of obviously very capable dudes/dude-etts working on the side of those who need protection from these creatures. b.g.