Comparison Review
 
Company and product:
 
Techmar Computer Products
97 - 77 Queens Blvd.
Rego Park, NY   11374
USA
718-997-6800
Antivirus Plus (purported "AI vaccine")
 
 
Summary: activity monitor with resident and non-resident scanners
 
Cost    $99.95 US
 
Rating (1-4, 1 = poor, 4 = very good)
      "Friendliness"
            Installation      2
            Ease of use       4
            Help systems      1
      Compatibility           2
      Company
            Stability         3
            Support           ?
      Documentation           2
      Hardware required       2
      Performance             2
      Availability            2
      Local Support           1
 
General Description:
 
CURE is a manual scanning program with disinfection features.  IMMUNE2
is a resident scanner that checks files as they are loaded, disks when
accessed, and memory when the program is first loaded.  PREVENT1 is a
resident vaccine program.
 
Recommended only for situations using the computer in fairly limited and
standard fashion, where automated attendance is a primary concern.
 
Protection against major known viri and some viral type activites from
new or unknown viri.  Easy setup with no requirement for user decisions,
but strong possibility of interference with normal computer operations. 
If used, it is recommended that experienced viral specialists be
available to handle infections identified.  Not recommended for systems
with frequent changes in software or configuration.
 
                  Comparison of features and specifications
 
 
 
User Friendliness
 
Installation
 
Antivirus-Plus appears to require installation from the A: drive onto a
hard disk.  It is possible to install onto a foppy disk, and it is
possible to install from a drive other than A:, but it will continue to
request a "writeable" disk in A:.
 
The documentation states that removal from the hard drive requires
"de-installation", but this does not appear to be the case.
 
Installation is almost completely automated.  Modification of
AUTOEXEC.BAT is not sophisiticated, but did not cause problems in
testing.
 
Ease of use
 
IMMUNE2 and PREVENT1 are automatic, background processes which operate
without operator attention.  When the programs "identify" a process,
they do not do so either by virus name, or by identity of infected
program.  The user is requested (by IMMUNE2) to run CURE, but no
parameters are given.  See also "Compatibility" regarding false alarms.
 
Help systems
 
None provided.
 
Compatibility
 
Both CURE and IMMUNE2 identify common and well known viri, although not
always by the "standard" names.  Jerusalem-B is identified as "Black
Friday #1", for example.  All Antivirus-Plus programs are fairly noisy
about their detection of a virus, vis the message that appears when
IMMUNE2 is invoked while a virus is present in memory:
 
  >                             +==========================+
  >                             " Warning !!               "
  >   Fri  1-18-1991 13:02:09.49"   You are using  an      "
  >   A>antvirus\immune2        "   infected disk(ette).   "
  >   !! A Virus is present in y"                          "
  >   !! Removing the virus now " Use ANTI VIRUS "cure"    "
  >   !! A Virus is present in y" program to remove virus. "
  >   !! Removing the virus now "                          "
  >   !! A Virus is present in y" Hit any key to continue  "
  >   !! Removing the virus now +==========================+
  >   !! A Virus is present in your computer memory !!      
  >   !! Removing the virus now !!                          
  >   !! A Virus is present in your computer memory !!      
  >   !! Removing the virus now !!                          
  >   !! A Virus is present in your computer memory !!      
  >   !! Removing the virus now !!                          
  >   The ANTI-VIRUS immunity program is now resident.      
 
The same window, without quite so much "background noise", appears when
any disk, infected with a known boot sector virus, is accessed, even by
a directory request.  It also appears when an infected program is run,
and states that the program has been disinfected.  The program is *not*
disinfected on disk, but the virus appears to be barred from memory. 
(Note that the virus in memory which triggered the display above was not
removed from memory, but was rendered inactive.)
 
The PREVENT1 program, however, fairs rather worse.  It does not appear
to prevent any change to the boot sector, and therefore it seems that
new boot sector viri will be undetectable by the program, unless they
are very crude.  This problem, however, is pale in comparison with the
problems PREVENT1 will cause with normal, uninfected, programs.
 
If you use a program (such as a word processor) to delete or modify a
program file, PREVENT1 will halt program execution.  This may not seem
like a big deal: after all, how many people use (as I do) Word Perfect
as a disk manager?  However, some programs, Word Perfect among them,
make changes to the program itself when you change some part of the
configuration, and PREVENT1 will stop this as well, telling you:
 
  >                                     Set-up Menu         
  >                                                         
  >   0 - End Set-up and enter WP                           
  >                                                         
  >   1 - Set Directories or Drives for Dictionary and Thesa
  >   2 - Set Initial Settings                              
  >   3 - Set Screen and Beep Options                       
  >   4 - Set Backup Options    +==========================+
  >                             " Warning !!               "
  >   Selection: 0              "  You have been running   "
  >                             "  an infected program.    "
  >   Press Cancel to ignore cha"                          "
  >                             " PREVENT1 has removed the "
  >                             "  memory infection !      "
  >                             "                          "
  >                             " Hit any key to continue  "
  >                             +==========================+
 
It is, therefore, inadvisable to use Antivirus-Plus on a system which
undergoes frequent changes in this manner.
 
PREVENT1 is not completely consistent here.  Word Perfect is halted when
trying to delete a program file, PCTOOLS is not.  It is, therefore,
quite possible that some viri may slip past this protection.
 
 
Company Stability
 
Techmar is the distributor of Antivirus-Plus and other IRIS products in
the United States.  Fink Enterprises, which distributes IRIS products in
Canada, will not carry Antivirus-Plus.
 
Company Support
 
Help line support was not used in testing.  Techmar shipped very
quickly, but did not properly identify the package, which created
problems at the border.
 
Documentation
 
Documentation is provided solely on disk.  The directions are clear and
readable, but very little information is provided beyond the most basic
installation information.  Some information is the documentation is not
consistent with program operation, but not to the point of preventing
installation or operation.
 
Hardware Requirements
 
Documentation states hard disk required, but this can be avoided.  Disk
"wants" to be installed from A: drive.
 
Performance
 
IMMUNE2 and CURE will identify many common viri.  They fail to identify
the AIDS virus, which is interesting in that, while AIDS infections are
not common, the virus source code is available and widely known to
researchers.  (CURE was the first "scanning" program tested not that was
not able to identify the virus.)
 
PREVENT1 will prevent some disk writes to program files, but allows
others to pass, including the deletion of program files.  It apparently
does not check any writes to disk boot sectors or "bad" sectors.
 
Local Support
 
None stated or found.
 
Support Requirements
 
Alarms will likely require intervention by experienced personnel.
 
copyright 1991 Robert M. Slade   PCANTIVP.RVW

======================
DECUS Canada Communications, Desktop, Education and Security group newsletters
Editor and/or reviewer ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733
Author "Robert Slade's Guide to Computer Viruses" 0-387-94311-0/3-540-94311-0