PCADVGRV.RVW 910906 Antivirus Product Comparison Review Company and product: Advanced Gravis Computer Technology 7033 Antrim Avenue Burnaby, B. C. V5J 4M5 604-434-7274 Telecopier: (604) 434-7809 Advanced Security for PC (also available for Mac) Summary: File encryption and hard disk access restriction. Virus checking is performed through a program which tests itself for changes in similar fashion to early versions of Victor Charlie. Cost Rating (1-4, 1 = poor, 4 = very good) "Friendliness" Installation2 Ease of use3 Help systems2 Compatibility1 Company Stability3 Support1 Documentation2 Hardware required3 Performance1 Availability2 Local Support1 General Description: FSECURE is a file encryption system, VSECURE is a "bait" viral detector and HDSECURE is a software system for restricting access to the hard disk apart from a password verified boot from the hard disk. Not recommended for antiviral protection. Advanced Gravis has had an opportunity to respond to the contents of this review. The company representative stated that, although the promotional literature states that the product will "[detect] the intrusion of harmful code (viruses)", the HDSECURE product is not intended for that purpose. Comparison of features and specifications User Friendliness Installation The programs are shipped on protected but writable 360K disks. In the case of the unit received for testing, the write protect tab had been displaced prior to receipt. The manual recommends copying the original disks and using the backup for installation. Both "automatic" and manual installation is available. Review of the manual procedure suggests that installation is restricted to copying of the files to the hard disk and some additions to the AUTOEXEC.BAT file. The HDSECURE program apparently alters the partition boot record in order to deny access unless the computer is booted from the hard disk and the password is entered. Numerous restrictions on this exist in terms of bootable disks, multiple disks and partitioned disks. Unless the system is limited to a single logical hard disk, the "Technical Support" section of the manual should be thoroughly studied before installation is performed. Also, the documentation does not sufficiently stress the danger of loss of access if the program fails, although it does note that the hard disk should be backed up prior to installation. Ease of use The programs are easy to use and well prompted. Use of the program would appear not to require reading of the documentation. However, the manual should be read thoroughly and completely before using any portion of the program. A number of points regarding non-standard installation are mentioned only in obscure portions of the manual. Help systems Online help is mostly in the form of "warning" prompts. Compatibility Installation requires that the system be free of certain types of background software. The installation process can detect disk caching software and other conflicting programs, and will abort with a message. Detection of viri with the VSECURE program appears to be limited to memory resident, non-stealth, COM infecting viri. Company Stability Advanced Gravis is well known and established in the field of specialized peripheral hardware products. Company Support No one is available after 4:30pm PST. The company does not have an answering machine or voice mail. Documentation The documentation is clear and readable, but certain important pieces of information are "buried" in appendices. Hardware Requirements A hard disk is required for the operation of HDSECURE. Performance While the consistent operation of the encryption portion of the program may detect infection of executable files, and prevent execution of file infections, the use of HDSECURE cannot be recommended for virus protection, and is recommended against in any situation where boot sector virus infection may be possible. HDSECURE replaces the MBR, and uses some form of "stealth"-like programming to make this change transparent to the system. According to the documentation, this change makes the hard disk "invisible" unless properly booted from the hard disk with the proper password. Casual testing confirms this. However, the very common Stoned virus is able to completely bypass this security and infect the hard disk. Having infected the hard disk, the virus is resident in memory, and actively infectious, on all subsequent booting of the hard disk. However, because of the stealth programming involved in HDSECURE, antiviral programs, although able to find the virus in memory, are unable to find any trace of the infection on the disk, and are unable to remove it. Far from protecting the disk from infection, HDSECURE now protects the virus from disinfection. (Use of the DSRPART.COM program produced from Padgett Peterson's DISKSECURE package was able to remove the infection.) In addition, infection by the virus appeared to affect the HDSECURE program itself. Although the hard disk protector would still recognize the original password for access to the disk, HDSECURE would no longer accept the password in order to change passwords or remove protection. Thus, the program was protecting the infection from removal, and could not be removed itself. Having removed the infection, and in doing further exploration, a simple copying activity appeared to damage portions of the FAT, and rendered the disk unbootable. Again, combined use of DSRPART and the Norton Disk Doctor program was able to salvage the damage. I hope. Minor changes are still apparent. Local Support None provided. Support Requirements In terms of virus removal, the documentation states that "the best and surest way to remove a virus infection is to re-initialize all ... disks including your hard disk ..." It should be recognized that this process is neither necessary nor sufficient for viral disinfection. Advanced support is therefore required in any cases of detection of viral infection. General Notes Advanced Security appears to be effective as a means of restricting access to information on a hard disk. The package cannot be recommended as a protection against viral infections. copyright Robert M. Slade, 1991 PCADVGRV.RVW 910906 ====================== roberts@decus.ca rslade@vcn.bc.ca slade@freenet.victoria.bc.ca "If you do buy a computer, don't turn it on." - Richards' 2nd Law of Security Author "Robert Slade's Guide to Computer Viruses" 0-387-94663-2 (800-SPRINGER)