USERQBPP@SFU.BITNET (Robert Slade) (12/23/90)
Antiviral Protection Comparison Review
Company and product:
Fridrik Skulason
Box 7180
IS-127 Reykjavik
Iceland
frisk@rhi.hi.is
F-PROT-Virus detection/protection/disinfection and utilities
Summary:
Highly recommended for any situation. Best "value for cost" of
any package reviewed to date. Installation may require knowledge
of MS-DOS.
Cost
Site license
Education $1(US) per computer (minimum $20)
Other $2(US) per computer
Rating (1-4, 1 = poor, 4 = very good)
"Friendliness"
Installation 2
Ease of use 3
Help systems 2
Compatibility 4
Company
Stability 2
Support 3
Documentation 2
Hardware required 4
Performance 3
Availability 3
Local Support ?
General Description:
Of the five classes of anti-viral systems, the only one that
FPROT does not provide for is encryption. It provides vaccine
(F-LOCK), change detection (F-OSCHK, F-XLOCK), operation
restricting (F-DLOCK, F-XCHK) and scanning (F-DRIVER.SYS, F-FCHK,
F-DISINF, F-SYSCHK) protection. The package also includes
various system information utilities
Comparison of features and specifications
User Friendliness
Installation
The installation of FPROT is not a one step process, since the
package contains a number of different programs for different
protective purposes. The user must decide which programs to use,
and therefore the installation must be done in stages.
There is no installation program, but the documentation does have
a separate installation file. This file states that the user
should have a knowledge of MS-DOS, and that is likely necessary.
The installation process, however, is described clearly, and is
quite complete.
The package is distributed as "shareware", and therefore any user
who obtains it is likely to have the necessary skills for its
installation.
The installation procedure does "allow" one possible point of
infection if the computer is infected when the program is
installed, but the program will immediately detect the infection
unless it is not found in the signature file. Since the program
is "posted" in archived format, the user should be able to clear
the infection and start with fresh files.
Ease of use
All the functions of FPROT are found in different programs, and
all are invoked from the command line, so when a user knows what
function is desired it is a simple matter to obtain it. Only two
of the programs have any "switches" other than file or path
specification.
Help systems
As all packages are invoked from the command line for a single
function, there is no need for "online" help. When programs are
called without necessary file or path specifications, a message
explaining what is needed appears.
Compatibility
The various programs have been tested on a wide variety of
computers, and have not created any problems with hardware, even
on systems that have serious problems with TSR programs.
The documentation lists a number of "contra-indicated" software
packages and systems which may conflict with program operations.
However, in six months of testing, no normal character based
program or TSR has been found to conflict with any FPROT program.
Company Stability
Unfortunately, the future of FPROT is currently in doubt. It may
continue as a shareware product, or it may be sold to commercial
interests.
Company Support
No problems have been encountered with the program so far.
Fridrik Skulason is available through the Internet, and replies
to queries can be expected within a week or less.
Documentation
Being shareware, the package has no printed documentation. The
text files included with the programs are very clear and
thorough, and provide an excellent primer on virus functions and
protection. Novice users may, however, find the USAGE.TXT
document to be daunting. Fortunately only the INSTALL.TXT
document is required to use the product. The virus listings are
comprehensive as to the number of viri, if somewhat less
technical and detailed than the Brunnstein and Hoffman listings.
Hardware Requirements
No special hardware is required.
Performance
During testing, FPROT has consistently identified more viri than
the "current release" of any other product. It has occasionally
given a "false positive", but only in the case of identifying a
definite virus with two different names, or when scanning another
virus scanning product. FPROT is generally slower at scanning,
and the separate signature file renders it slower still, but the
separate file also allows new signatures to be added without
waiting for a product upgrade.
The user is in control of FPROT at all times, with the exception
that F-DRIVER.SYS will not allow the boot sequence to continue in
the case of a boot sector infection at startup.
FPROT, in six months of testing, has not given a false positive
alarm on any normal program, nor has it interfered with any
normal program operation.
Local Support
Since FPROT is shareware, there are no local dealers to obtain
support from. FPROT has fewer users in North America than SCAN,
and so local help may be harder to obtain, but the documentation
should make up any deficiencies.
For users in Europe, FPROT is available as a commercially
distributed product. For those in Canada, some support is
available through the new SUZY Information Service, through
INtegrity, the data security and anti-viral IN (Information
Network.)
Support Requirements
In a situation where technical support is available for the user
base, installation may best be performed by the support group. A
corporate environment will likely wish to have security policies,
and support for the package in addition to installation would
best be coordinated by this group.
General Notes
Because of its "shareware" distribution, FPROT is best compared
against John McAfee's SCAN program.
FPROT is definitely the more complex package, but that is because
of far greater functionality. SCAN, in it's most recent
releases, has offered a minor disinfection feature, but for most
disinfection one must obtain, separately and at separate cost,
the CLEAN and/or the older M-DISK programs. Resident
"vaccination" is also available, but again it is in the separate
SENTRY or VSHIELD programs. Finally, for use of any of these on
a network, NETSCAN is required. None of the SCAN family of
programs offers the system information utilities that FPROT comes
bundled with.
FPROT is kept up to date with regular additions to the signature
file, and constant improvements to the program. SCAN versions
are released at approximately the same frequency as FPROT, but in
a six month trial period from June to November of 1990, FPROT
releases consistently identified more viri, and with greater
accuracy than did the "same level" releases of SCAN. (During
this period, McAfee had to release four "bug fix" versions,
Skulason only one.) Fridrik Skulason also publishes the
signatures of new viri on the VIRUS-L (Usenet comp.virus)
distribution lists, and signature files can be updated between
releases.
FPROT, distributed as shareware, is free for individual users.
For a $15 US fee, Fridrik Skulason will mail out a "registered"
copy. The cost of the SCAN program is apparently subject to
negotiation, but the "list price" in the documentation,
shareware, for home use, is $25 US. For the full set of four
programs (SCAN, CLEAN, SENTRY and VSHIELD, not including NETSCAN)
mailed on disk from McAfee Associates the cost is $119 US. Site
licenses for FPROT are available for $2 US per CPU, $1 for
educational institutions. Site licenses for SCAN alone are
quoted at $8 US per CPU.
copyright 1990 Robert M. Slade