PCFPROTD.RVW 950607 Antiviral Protection Comparison Review Company and product: Data Fellows Ltd Paivantaite 8 FIN-02210 ESPOO, FINLAND tel +358-0-478 444 fax +358-0-478 44 599 f-prot@datafellows.fi http://www.datafellows.fi produced by Frisk Software International frisk@complex.is F-PROT Professional 2.17 Summary: Resident and manual scanning, change detection Cost: U$50 and up (varies) Rating (1-4, 1 = poor, 4 = very good) "Friendliness" Installation 3 Ease of use 4 Help systems 3 Compatibility 3 Company Stability 3 Support 3 Documentation 3 Hardware required 4 Performance 4 Availability 3 Local Support 2 General Description: Scanning, resident scanning and disinfection capabilities. A commercial version of the shareware F-Prot package, it also contains change detection software. DOS and Windows software, plus a specific Windows "resident" scanner (Gatekeeper). OS/2 and NetWare versions are available separately. Comparison of features and specifications User Friendliness Installation The product is shipped on three writable but protected 1.44M disks. There is separate installation for each of the DOS, Windows and Gatekeeper programs. In the automated installation, VIRSTOP is installed to be invoked from AUTOEXEC.BAT. Those wishing to invoke it from CONFIG.SYS must do the installation manually. Ease of use Except for resident scanning, F-PROT is now invoked from a single program. The user, by default, is presented with a graphical interface, but command line switches are an option for those wanting more speed, or a standard invocation for a large group of users. Help systems Online help is available. Compatibility F-PROT consistently maintains the highest ratings in all independent tests of scanning of known viral programs, including my own. Because of an external language file, F-PROT is available in at least eighteen languages, and can be readily translated into others. (The additional language versions are primarily available from Data Fellows.) The heuristic analysis portion of the program occasionally generates a "false positive" alert about a program that is not, in fact, infected. This is to be expected from this type of scanning, and the incidence is much reduced from when this function was first included with the program. The heuristic analysis feature has been generally effective in identifying new and "unknown" viral strains, but is not perfect. (Perfection is, of course, inherently unattainable in this type of program.) Indeed, the documentation for this feature states that it is still to be considered experimental, and is very conservative in its claims. Programs known to cause false positives are listed. The program now has a specific Windows interface, as well as a resident scanner specifically built for the Windows environment (to address problems of scanning for polymorphic viral programs in that environment). Company Stability Fridrik Skulason now has an established company. F-PROT is being included in commercial programs and is now sold in these commercial versions. frisk has, however, committed to continuing to support the shareware version. Data Fellows has been the European agent for F-Prot for some years, but is also actively involved in the antiviral research community, and is genuinely "adding value" to the product. Company Support Data Fellows is available on the Internet and has some presence on Fidonet as well. Data Fellows provides an excellent "F-Prot Update" publication which covers not only new features, but also general news on the virus scene. Documentation The manual from Data Fellows is very complete and contains some excellent general background. However, Gatekeeper, Windows and Windows Administration are essentially separate manuals contained in the same binder, and this can be confusing. The Gatekeeper manual does need some clarification in the network area. Hardware Requirements No special hardware is required. The DOS programs can be run from floppy disk. Performance During my own testing, and the majority of others as well, F-PROT has consistently identified more viral programs than the "current release" of any other product. F-PROT is somewhat slower at scanning than other products which concentrate on speed because of the multiple signatures being used to check for each virus, but is not the slowest scanner tested. The user is in control of F-PROT at all times, with the exception that VIRSTOP will not allow the boot sequence to continue in the case of a boot sector infection at startup. F-PROT, in six years of my testing, has not given a false positive alarm on any normal program, nor has it interfered with any normal program operation. This is not to say that it doesn't: there are many reports of false positives and Fridrik Skulason usually puts out a notice as soon as he confirms such reports. These reports, and those from users, have significantly reduced over the past year, indicating a very stable and reliable product. The change detection file is now renameable: a minor security weakness in previous versions. Additional strength may be obtained by running the program from a locked floppy disk. Local Support The popularity of the shareware version makes it likely that local users can give you assistance. Data Fellows has an extensive VAR network in the countries they distribute to. Support Requirements Very little support should be needed for this program, although additional help may be required for full functionality in network situations. On occasion assistance may be needed in disinfection, or in positively identifying a new viral strain, but no product tested deals with this situation better than F-PROT. copyright Robert M. Slade, 1990, 1992, 1993, 1995 PCFPROTD.RVW 950607 ====================== ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733 RSlade@cyberstore.ca "No passion in the world is equal to the passion to alter someone else's draft" - H. G Wells Author "Robert Slade's Guide to Computer Viruses" 0-387-94311-0/3-540-94311-0