PCCPAV.RVW   931113
                               Comparison Review
 
Company and product:
 
Central Point Software
15220 N. W. Greenbrier Parkway #200
Beaverton, OR   97006
USA
503-690-8090
503-690-8088
Tech: 503-690-8080
Tech fax: 503-690-7133
BBS: 503-690-6650
800-445-4064
800-445-4208
Central Point Anti-Virus 1.3
 
Summary:
 
Virus scanner, resident scanner, change detection and operation restricting
software.
 
Cost                          
 
Rating (1-4, 1 = poor, 4 = very good)
      "Friendliness"
            Installation      2
            Ease of use       2
            Help systems      3
      Compatibility           3
      Company
            Stability         3
            Support           3
      Documentation           3
      Hardware required       4
      Performance             3
      Availability            3
      Local Support           1
 
General Description:
 
CPAV is the main module, which provides manual scanning and change detection. 
VSAFE and VWATCH are two separate modules which provide resident scanning and
operation restriction.  BOOTSAFE is a change detection program checking the
boot sector and MBR.  The program is well designed, but poorly implemented in
many places.  The graphical user interface is quite cluttered, and could be
used more effectively.  The resident protection will interrupt attempts by
programs to format the hard disk, write to disk system areas, go resident, and
can be set as a general write protect.
 
                  Comparison of features and specifications
 
 
 
User Friendliness
 
Installation
 
Central Point Anti-Virus is shipped on dual media.  The disks are now shipped
on non-writable diskettes.
 
Although the installation program is larger than CPAV itself, the primary
function is a simple copy operation.  The files are ready to run as received,
and can be copied to any disk or directory the user chooses.  The remainder of
the installation program is seemingly devoted to configuration options.
 
If installation is invoked with a drive letter, the drive specified is scanned
for viral code before continuing.  This is a disadvantage for me, as I keep
samples of viral code on the disk for testing.  Fortunately for me,
unfortunately for naive users, if no drive is specified, the install program
can be fooled into testing any drive on the machine.
 
Installation is easy and well guided, up to a point.  When it comes to the
choice of startup options for the resident portions of the program, the options
are not clearly explained by the program.  (They are explained in the manual.) 
In addition, the default configuration appears to err on the side of
convenience, rather than caution.  Warnings of programs staying resident, and
attempts to write to the boot sector of a floppy disk are options, but are not
in the default.  In addition, after options are chosen, the user is allowed not
to have the commands to start the resident checking programs installed in the
CONFIG.SYS or AUTOEXEC.BAT files, but the implications of that choice are not
explained by either the program or the manual.
 
Ease of use
 
The CPAV program is easy to use, although the options and menus would likely be
bewildering.  There is an "express menu" option, which provides lower
functionality.  However, the screen is not much simpler and is very crowded. 
Full menus is the default, and the express menu option is to be found in a list
of several items under configuration.
 
Important functions can be accessed in a variety of ways including a CUA
interface, mouse support and function keys.  One of the function keys on the
"full menus" screen is F10/Menu.  It appears to do nothing.
 
The VSAFE/VWATCH programs would benefit from additional explanation of the
options.
 
Help systems
 
Help is available in a number of forms, but is not searchable.
 
Compatibility
 
The program appears to work with most environments, and will identify most
viri.
 
Company Stability
 
Central Point is well known for utility software.  In addition, the fact that
this software is virtually identical to that bundled with MS-DOS will
undoubtedly give it added clout.
 
Company Support
 
A virus hotline, for signature updates, is available 24 hours a day, as is a
BBS.
 
It should be noted that it was over two months between the time I ordered my
copy and the time it arrived.
 
Documentation
 
Documentation is clear and well presented.  There is a READ.ME file on the disk
which should be read carefully, as it contains a number of "finer points" which
are missing from the manual.  The "Virus Dictionary" of the manual should be
viewed with coution as it contains a number of errors.
 
Hardware Requirements
 
No special hardware is required.
 
Performance
 
The program finds most viri, and is able to clean the most common ones
effectively.  Tests with large virus libraries indicate an accuracy of about
two-thirds that of the best scanners.  It is also subject to a high number of
false positive alarms, and has been the source of a great many trivial postings
querying the reports it generates.
 
The VSAFE/VWATCH programs show a great deal of promise.  Options for defense
through these programs include warnings of program attempts to: low level
format the hard disk, go resident, write to hard disk system areas or floppy
boot sectors, or to write to executable files.  The programs can also be used
to detect boot sector viri on floppy disks and as a generalized software write
protect.  The programs warn of viri resident in memory, but allow operation to
continue with, in my opinion, insufficient warning of the consequences.  The
resident programs are also easy to disable, and a number of viri now do contain
code specifically to disable the CPAV TSRs.
 
(Interestingly, in testing, the Stoned virus was prevented from infecting
floppy disks, but did not trigger the alert window which normally asks if such
an operation is to be allowed.)
 
The BOOTSAFE component loads only once the AUTOEXEC part of the boot process
has been achieved.  This makes it subject to stealth infectors.  The change
detection files, if deleted, are simply recreated, which is a vulnerability
that some viri now exploit.
 
Local Support
 
None provided.
 
Support Requirements
 
In normal operation none should be needed.  Installation and configuration
would benefit from expert advice.
 
copyright Robert M. Slade, 1991, 1993   PCCPAV.RVW   931113

======================
roberts@decus.ca           rslade@vcn.bc.ca           rslade@vanisl.decus.ca
          "Look, Mum, `Barbies'!" - Ryan's reaction to "FashionFile"
Author "Robert Slade's Guide to Computer Viruses" 0-387-94663-2 (800-SPRINGER)