PCSOPHOS.RVW 931220 Comparison Review Company and product: Sophos Limited 21 The Quadrant Abingdon Science Park Abingdon, Oxfordshire OX14 3YS UK (0235) 559933 fax: (0235) 559935 Vaccine 4.28, Sweep 2.41 and D-Fence 2.01 Summary: Change detection, scanning and "quarantine" software Cost: Vaccine pounds 99.50, Sweep pounds 295/yr, D-Fence pounds 195/10 units Rating (1-4, 1 = poor, 4 = very good) "Friendliness" Installation 2 Ease of use 2 Help systems 1 Compatibility 2 Company Stability 3 Support 1 Documentation 2 Hardware required 2 Performance 3 Availability 2 Local Support General Description: The three products are each sold separately. Vaccine is a change detection program, and when purchased separately comes with Sweep for an initial check of the system. Sweep is a scanner. (A version which runs under VMS and will check MS-DOS files on a VAX fileserver is also available.) D-Fence is a program which renders disks used within a specific workgroup unusable outside that group and vice versa. The packages are reviewed here together rather than in separate reviews since Vaccine is the major product and the others appear to be adjunct to it. Comparison of features and specifications User Friendliness Installation The Sophos VACCINE package is shipped on non-writable disks, both 5 1/4" and 3 1/2" low density media. After having reviewed so many antiviral programs that demand you trust them with your hard disk (Trust us!), it was refreshing to see that Sophos actually suggests that you install the program onto a floppy disk! Unfortunately, this means nothing, as the installation program refuses to install the package unless a hard disk is present. In fact, none of the programs except SWEEP will work on a floppy-only system. The documentation does give detailed instructions for manual instruction. Ease of use Basic functions of the programs can be accessed reasonably easily. However, specification of some of the command line options and "lists" of items to check would definitely be beyond the grasp of novice users, and likely beyond intermediate users as well. Help systems Some "online" help systems are provided, but they do not provide much assistance. Compatibility No problems were evident in testing. Company Stability Sophos is a fairly major player in the system security field, in minicomputer and communications systems as well as micro software. It is also the publisher of the "Virus Bulletin" periodical (and convener of that publication's conference). Company Support Only the address, phone and fax numbers are given: no mention is made of support. (If SWEEP detects a virus a message instructs the user to call Sophos "for advice".) The company is available on the Internet. Although I have never called about a specific problem with the product, the company has never returned a phone call or email message in two years. It is noteworthy that my first review copy arrived with a note saying that the D-Fence program would be dispatched "next week". In spite of waiting eight months before committing the review to paper, the program never did arrive for the first round of testing. Documentation The manuals are much changed from the first version. The "Quick Start Manual", "VACCINE User Manual", "Using VACCINE in a large organisation" and "Sophos Utilities User Manual" are included with the Vaccine package; the others have much smaller manuals. The "Data Security Reference Guide", which was primarily a catalogue of other products available from Sophos is no longer included. The user manuals are definitely technical reference level. There is a great deal of information regarding the use of the program for the experience user. There is also information regarding the limitations of the program, or best means of use, but this is often very brief, and one has to be almost looking for it to find it. The general description of viral programs is limited. Some of the points are plainly incorrect. For example, the description of viral programs states that "[a]fter some time, all programs on the hard disk will be infected" thus implying that all viral programs are file infectors, and then goes on to list a number of viri, the first three of which are boot sector infectors. Among the "rules" for avoiding viral programs are the same tired "avoid BBSes, avoid shareware, buy commercial" themes. The manual also appears to claim that a change detection system can prevent damage by trojan horse programs and logic bombs. Hardware Requirements None of the programs, except SWEEP, will work on a floppy only system. Performance The documentation admits, albeit briefly and unwillingly, to the weaknesses of change detection, and even specifically mentions that "stealth" type viral programs will not be detected if the virus is active. The ability to "snapshot" areas of memory, the interrupt table and specific (system and/or sector) areas of the hard disk is a valuable plus. The SWEEP programs functions quite well against common viral programs with the exception that it tends to "find" more than one virus in an infected file (up to eight in the case of a single "Jerusalem" infection). Users should note that a scan of memory is a separate option with SWEEP: unlike most other scanners which scan memory by default but allow you to turn off the memory scan, with SWEEP you must specify a memory scan if you want one. Local Support None provided. Support Requirements A novice user, installing this on a system after all other software had been installed, would likely be provided with good protection against viral programs. However, it is likely that use of this product in any normal business operation would require the support of personnel expert in computer use as well as viral operation. General Notes One would have to say that VACCINE is a product for the use of experts. The package seems to tacitly admit this with the additional section of the manual for use in a large concern. As a tool for serious support personnel, the product does provide very significant utilities for protection of computer systems. copyright Robert M. Slade, 1992, 1993 PCSOPHOS.RVW 931220 ====================== roberts@decus.ca rslade@vcn.bc.ca slade@freenet.victoria.bc.ca "I'm afraid we're swindlers. We'll end in prison yet." - Albert Einstein Author "Robert Slade's Guide to Computer Viruses" 0-387-94663-2 (800-SPRINGER)