Comparison Review Company and product: Techmar Computer Products 97 - 77 Queens Blvd. Rego Park, NY 11374 USA 718-997-6800 Antivirus Plus (purported "AI vaccine") Summary: activity monitor with resident and non-resident scanners Cost $99.95 US Rating (1-4, 1 = poor, 4 = very good) "Friendliness" Installation 2 Ease of use 4 Help systems 1 Compatibility 2 Company Stability 3 Support ? Documentation 2 Hardware required 2 Performance 2 Availability 2 Local Support 1 General Description: CURE is a manual scanning program with disinfection features. IMMUNE2 is a resident scanner that checks files as they are loaded, disks when accessed, and memory when the program is first loaded. PREVENT1 is a resident vaccine program. Recommended only for situations using the computer in fairly limited and standard fashion, where automated attendance is a primary concern. Protection against major known viri and some viral type activites from new or unknown viri. Easy setup with no requirement for user decisions, but strong possibility of interference with normal computer operations. If used, it is recommended that experienced viral specialists be available to handle infections identified. Not recommended for systems with frequent changes in software or configuration. Comparison of features and specifications User Friendliness Installation Antivirus-Plus appears to require installation from the A: drive onto a hard disk. It is possible to install onto a foppy disk, and it is possible to install from a drive other than A:, but it will continue to request a "writeable" disk in A:. The documentation states that removal from the hard drive requires "de-installation", but this does not appear to be the case. Installation is almost completely automated. Modification of AUTOEXEC.BAT is not sophisiticated, but did not cause problems in testing. Ease of use IMMUNE2 and PREVENT1 are automatic, background processes which operate without operator attention. When the programs "identify" a process, they do not do so either by virus name, or by identity of infected program. The user is requested (by IMMUNE2) to run CURE, but no parameters are given. See also "Compatibility" regarding false alarms. Help systems None provided. Compatibility Both CURE and IMMUNE2 identify common and well known viri, although not always by the "standard" names. Jerusalem-B is identified as "Black Friday #1", for example. All Antivirus-Plus programs are fairly noisy about their detection of a virus, vis the message that appears when IMMUNE2 is invoked while a virus is present in memory: > +==========================+ > " Warning !! " > Fri 1-18-1991 13:02:09.49" You are using an " > A>antvirus\immune2 " infected disk(ette). " > !! A Virus is present in y" " > !! Removing the virus now " Use ANTI VIRUS "cure" " > !! A Virus is present in y" program to remove virus. " > !! Removing the virus now " " > !! A Virus is present in y" Hit any key to continue " > !! Removing the virus now +==========================+ > !! A Virus is present in your computer memory !! > !! Removing the virus now !! > !! A Virus is present in your computer memory !! > !! Removing the virus now !! > !! A Virus is present in your computer memory !! > !! Removing the virus now !! > The ANTI-VIRUS immunity program is now resident. The same window, without quite so much "background noise", appears when any disk, infected with a known boot sector virus, is accessed, even by a directory request. It also appears when an infected program is run, and states that the program has been disinfected. The program is *not* disinfected on disk, but the virus appears to be barred from memory. (Note that the virus in memory which triggered the display above was not removed from memory, but was rendered inactive.) The PREVENT1 program, however, fairs rather worse. It does not appear to prevent any change to the boot sector, and therefore it seems that new boot sector viri will be undetectable by the program, unless they are very crude. This problem, however, is pale in comparison with the problems PREVENT1 will cause with normal, uninfected, programs. If you use a program (such as a word processor) to delete or modify a program file, PREVENT1 will halt program execution. This may not seem like a big deal: after all, how many people use (as I do) Word Perfect as a disk manager? However, some programs, Word Perfect among them, make changes to the program itself when you change some part of the configuration, and PREVENT1 will stop this as well, telling you: > Set-up Menu > > 0 - End Set-up and enter WP > > 1 - Set Directories or Drives for Dictionary and Thesa > 2 - Set Initial Settings > 3 - Set Screen and Beep Options > 4 - Set Backup Options +==========================+ > " Warning !! " > Selection: 0 " You have been running " > " an infected program. " > Press Cancel to ignore cha" " > " PREVENT1 has removed the " > " memory infection ! " > " " > " Hit any key to continue " > +==========================+ It is, therefore, inadvisable to use Antivirus-Plus on a system which undergoes frequent changes in this manner. PREVENT1 is not completely consistent here. Word Perfect is halted when trying to delete a program file, PCTOOLS is not. It is, therefore, quite possible that some viri may slip past this protection. Company Stability Techmar is the distributor of Antivirus-Plus and other IRIS products in the United States. Fink Enterprises, which distributes IRIS products in Canada, will not carry Antivirus-Plus. Company Support Help line support was not used in testing. Techmar shipped very quickly, but did not properly identify the package, which created problems at the border. Documentation Documentation is provided solely on disk. The directions are clear and readable, but very little information is provided beyond the most basic installation information. Some information is the documentation is not consistent with program operation, but not to the point of preventing installation or operation. Hardware Requirements Documentation states hard disk required, but this can be avoided. Disk "wants" to be installed from A: drive. Performance IMMUNE2 and CURE will identify many common viri. They fail to identify the AIDS virus, which is interesting in that, while AIDS infections are not common, the virus source code is available and widely known to researchers. (CURE was the first "scanning" program tested not that was not able to identify the virus.) PREVENT1 will prevent some disk writes to program files, but allows others to pass, including the deletion of program files. It apparently does not check any writes to disk boot sectors or "bad" sectors. Local Support None stated or found. Support Requirements Alarms will likely require intervention by experienced personnel. copyright 1991 Robert M. Slade PCANTIVP.RVW ====================== DECUS Canada Communications, Desktop, Education and Security group newsletters Editor and/or reviewer ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733 Author "Robert Slade's Guide to Computer Viruses" 0-387-94311-0/3-540-94311-0