PCVIRSAF.RVW 921125 Comparison Review Company and product: EliaShim Microcomputers 520 W. Hwy. 436, #1180-30 Altamonte Springs, Florida USA 407-682-1587 fax: 407-869-1409 XTree Co. 4330 Santa Fe Road (4115 Broad Street, Building 1?) San Luis Obispo, CA 93401-7993 USA 800-477-1587 805-541-0604 fax: 805-541-4762 BBS: 805-546-9150 75300.2266@Compuserve.com ViruSafe 4.6 Summary: activity monitor, scanner, change detection, operation restriction, utilities, and "bait" program Cost Rating (1-4, 1 = poor, 4 = very good) "Friendliness" Installation 2 Ease of use 3 Help systems 1 Compatibility 1 Company Stability 2 Support ? Documentation 2 Hardware required 2 Performance 2 Availability 2 Local Support ? General Description: Menu or command line driven multi-layered defense. Significant tools for those studying viral operation and experienced in their functions. Comparison of features and specifications User Friendliness Installation The program is shipped on two non-writable 5 1/4" disks or one write protected 3 1/2" disk. The program can be run off the disk, or installed on the hard disk through an installation program. Manual installation and command line switch descriptions are also available. Ease of use The menu interface is generally straightforward and simple. There are some exceptions, and the interface could not be said to be completely intuitive. Configuration screens give no indication of how to "complete" the setup once choices have been made. As well, the behaviour of the "List of Viruses" function is difficult. The screen format, and cursor movement keys, of the list and the resulting information do not match. However, it is helpful to have this feature onscreen. Help systems Limited. Help is context sensitive, but seldom tells you what you want to know about. Compatibility Additional virus signatures can be added in an external text file. The format for the signatures is given in the READ.ME text on disk, and is not difficult to figure out. In addition, the system is able to add signatures of new viral programs which it finds in memory. However, the format is not compatible with the fairly widely used IBM VIRSCAN format. Also, a maximum of 64 signatures can be added in this way. Program testing on machines fitting the hardware requirements occasionally failed for unknown reasons. Company Stability Xtree is a fairly well established company, known for utility and disk management software. The version of ViruSafe obtained from Xtree does not differ significantly from the earlier version obtained from EliaShim, but does appear to contain programs that were developed by Xtree. Company Support Unknown. Documentation The documentation is quite brief. While clear, the manual is quite terse and seems to be designed for the more advanced user. Much of the documentation is a description of how the menuing system and command line switches work. No specifics are given as to how functions (such as "revealing the presence of" unknown viral programs in memory) are accomplished. More important is the fact that no "defaults" for any of the programs are listed. For example, the activity monitoring program, VS, has a long list of command line switches for various functions, but no indication as to which of them are "on" when started without switches. It is fairly obvious that the new documentation has been copied wholesale from an earlier edition without adequate proof-reading. For example, installation of new virus signatures refers repeatedly to "Chapter 2", but this manual has no numbered chapters. A very helpful feature is a "latest information" button on the menu interface which presents the disk READ.ME file. Thus the latest program info, helpful hints and the hardcopy errata can be browsed onscreen. Hardware Requirements At least two disk drives, one of which must be a floppy, 512K memory and DOS 3.0 or higher. Performance It is gratifying to note the importance that ViruSafe gives to boot sector viri. The package contains provisions to save and restore the boot sector and partition records for the hard disk. Testing of this program was very problematic. This version of the program still would not run properly on the primary testing machine (a NEC Multispeed). The system locked up, repeatedly on most attempts to invoke any of the programs in the package, including the installation and menuing program. Testing of the programs is not as complete as I would prefer. However, it can be said that the claims made for this package exceed performance. The package is able to detect known viral programs, and can deal with most effectively. Performance with viral programs not known to the authors/program indicates that these viri are able to bypass protections. The change detection module, PIC, has a "generic disinfection" feature. In tests this worked very well, and was much simpler to operate that other reviewed programs with the same feature. Local Support Not provided. Support Requirements Users at any level should be able to run the program without assistance. The instructions for installing the programs on a system which may be infected are clear and should be helpful in clearing up existing infections before installation proceeds. However, the plethora of options with regard to activity monitoring and change detection would best be set up by an advanced user experienced in virus protection. General Notes The package has a multilayered approach to virus detection and prevention. It should be suitable for most users in situations of normal risk. While the package would effectively deal with the bulk of infections one would normally encounter, some of its claims would appear to be overrated. The package tacitly admits this: while it claims to be able to find both known and unknown viral programs, it does recommend buying the upgrades. Nevertheless, its use would significantly reduce risk of infection. copyright Robert M. Slade, 1992 PCVIRSAF.RVW 921125 ====================== roberts@decus.ca rslade@vanisl.decus.ca aa046@freenet.victoria.bc.ca "So, concerning the above message, you think Rob Slade is responsible?" "Heavens, no! I think Rob Slade is terribly *ir*responsible!" Author "Robert Slade's Guide to Computer Viruses" 0-387-94663-2 (800-SPRINGER)