Comparison Review
 
Company and product:
 
Trend Micro Devices Inc.
2421 W. 205th St., #D-100
Torrance, CA   90501
USA
213-782-8190
PC-cillin - program change detection hardware/software - version 2.95L
 
 
Summary:
 
A change detection and vaccine program with some scanning functions.  Change
detection is applied to boot sectors and partition boot records as well. 
System status information is stored in a hardware device connected to a
parallel port.                         
 
Cost   US $139.00
 
Rating (1-4, 1 = poor, 4 = very good)
     "Friendliness"
          Installation   3
          Ease of use    3
          Help systems   2
     Compatibility       2
     Company
          Stability      ?
          Support        2
     Documentation       3
     Hardware required   3
     Performance         2
     Availability        2
     Local Support       ?
 
General Description:
 
The best functioning parts of the package appear to be the scanning, and
"resident scanning" operations.  Not highly recommended; most suitable for
novice users with operations primarily limited to a single hard disk and
strictly limited disk swapping.
 
           Comparison of features and specifications
 
 
 
User Friendliness
 
Installation
 
Note that there is no indication on the packaging as to version number.  The
first version tested had files dated November 2, 1990 and was stated to be
version 2.95 in the README.DOC file on disk.  The second package received (from
a different source) was identical except for two added stickers identifying the
item as "Made in Taiwan R O C", but had file dates of November 8, 1990 to
January 23, 1991 and was stated to be version 2.95L in the README.DOC file. 
Further reading of the README.DOC indicates that this version is now "LAN
aware", more viral programs are recognized, scanning is faster and that minor
cosmetic changes are made to the display.  (Previous problems with
documentation have also been rectified, and the package now contains both disk
sizes.)
 
The disk is shipped write protected, although only by a write protect tab. 
(The disk is not a "notchless" read-only disk.)  The installation procedure is
written with a "pre-infected" system in mind, and, if followed carefully,
should provide against infection by any virus known to the program.  (The
procedure to be followed in case of partition table infection, although quite
clear in its explanation of the problem, is deficient in not recommending
making a backup before beginning the procedure.)
 
PC-cillin can install from, or to, any drive, but will not install to the drive
from which the installation files are being run.  Installation is simple and
reasonably quick.  Modification to AUTOEXEC.BAT or CONFIG.SYS is simple, but
non-destructive and maintains a backup file.
 
When "verifying for known viruses" during installation, PC-cillin states that
it is checking high memory.  This is an intriguing report, as the machine used
for testing has only the standard 640K and a CGA card.  Based on relative
times, the program appeared to be checking aproximately 2 megabyte of memory
that did not exist.
 
Upon installation to a boot virus infected system, PC-cillin identified the
virus, but allowed the installation to proceed.  Upon "rebooting", PC-cillin
alerted for the presence of a boot sector virus.  Interestingly, once the disk
was disinfected, PC-cillin allowed the disk to boot normally.  Without having
access to the encoding system used, it is difficult to say what check is used
to detect a change in the boot sector.  A deliberate change made in the boot
sector text had no effect.
 
The package makes provision for software updates of the "signature" programs
without the need for reinstallation of the entire system.
 
Ease of use
 
A single program, PCC.EXE, gives access to all functions, installation,
scanning (called "Quarantine" by PC-cillin) and the production of a "rescue
diskette".  Installation and scanning are clear and self-explanatory in
operation.  The making of a rescue diskette is less so, involving unnecessary
disk swapping.
 
When scanning, PC-cillin does not disinfect infected files, but does offer to
delete them.  The decision is left to the user.  Boot sector viri on floppies
are not disinfected, even if they are the "boot floppy" that PC-cillin was
installed on.  Repair information is apparently only stored for the hard disk
PC-cillin is installed on.
 
Because of its "background" operation, PC-cillin presents an "inverse face" (PC
graphics character 02H) in the upper right hand corner of the screen when in
operation.  The documentation states that this display can be toggled off or on
with <Alt><Ctrl><Tab>, and that the operation of PC-cillin in background can be
toggled on and off with <Alt><Ctrl><Backspace>.  The message displayed by the
PCCILLIN program at invocation now indicates the same key sequence, but the
toggle still does not work.
 
Help systems
 
None provided.
 
Compatibility
 
The scanning function of PC-cillin is now stated to recognize 176 different
viri, and it does recognize the most common viri that make up the bulk of
current infections.  The "vaccine" functions of the product are either very
intelligent or very doubtful: the program will allow programs to modify
themselves, other programs and disk boot sectors, as well as deleting program
files.  (Disk writing by certain programs appears to be restricted, but in
testing no alarms were generated by multiple attempts to write to program files
through the use of different programs and editors.)  Protection of boot sectors
appears limited to the "installed" hard disk: the program will not recover an
infected boot sector floppy.
 
Company Stability
 
Unknown.
 
Company Support
 
When the company first shipped the product for review, an incorrect Customs
declaration for shipping to Canada delayed shipping of the review copy.
 
The program makes provision for software updates of the "signature" programs,
but does not indicate any definite way to keep customers informed.  Although my
copies are registered, I have received no notice of the change in versions.
 
Documentation
 
The documentation is clear and well laid out, and contains an excellent
discussion of general viral operations.  The progression through the book is
logical, and novice users should be able to follow it clearly.  Advanced users
will still find items of interest in the section on general viral concepts. 
The "stiff" binding and grammatical errors in the README.DOC file have been
corrected.
 
 
Hardware Requirements
 
At least one parallel (printer) port is required.  The "Immunizer Box"
attachment is said to be transparent to user data.
 
Performance
 
The product is "aware" of the currently most common viri.  Identification in
various areas relies on known viral activity: although memory is checked, it
does not appear to "find" memory resident viri which can also be found on disk. 
Vaccine or recovery activities are restricted at best.
 
Local Support
 
None provided
 
Support Requirements
 
The program is easy enough for a novice to use and install without assistance. 
If a virus is found, it is recommended that experienced personnel deal with it.
 
                          General Notes
 
A great deal of thought and planning has gone into the concept and packaging of
this product.  Provision for the use of floppy diskettes, and a general
strengthening of the "vaccine" and change detection portions of the program
would benefit it immensely.
 
copyright Robert M. Slade 1991 PCCILL2N.RVW   910417

======================
roberts@decus.ca           rslade@vcn.bc.ca           rslade@vanisl.decus.ca
     "Information Superhighway" anagram - "When forming, utopia's hairy."
Author "Robert Slade's Guide to Computer Viruses" 0-387-94663-2 (800-SPRINGER)