PCCPAV.RVW 931113 Comparison Review Company and product: Central Point Software 15220 N. W. Greenbrier Parkway #200 Beaverton, OR 97006 USA 503-690-8090 503-690-8088 Tech: 503-690-8080 Tech fax: 503-690-7133 BBS: 503-690-6650 800-445-4064 800-445-4208 Central Point Anti-Virus 1.3 Summary: Virus scanner, resident scanner, change detection and operation restricting software. Cost Rating (1-4, 1 = poor, 4 = very good) "Friendliness" Installation 2 Ease of use 2 Help systems 3 Compatibility 3 Company Stability 3 Support 3 Documentation 3 Hardware required 4 Performance 3 Availability 3 Local Support 1 General Description: CPAV is the main module, which provides manual scanning and change detection. VSAFE and VWATCH are two separate modules which provide resident scanning and operation restriction. BOOTSAFE is a change detection program checking the boot sector and MBR. The program is well designed, but poorly implemented in many places. The graphical user interface is quite cluttered, and could be used more effectively. The resident protection will interrupt attempts by programs to format the hard disk, write to disk system areas, go resident, and can be set as a general write protect. Comparison of features and specifications User Friendliness Installation Central Point Anti-Virus is shipped on dual media. The disks are now shipped on non-writable diskettes. Although the installation program is larger than CPAV itself, the primary function is a simple copy operation. The files are ready to run as received, and can be copied to any disk or directory the user chooses. The remainder of the installation program is seemingly devoted to configuration options. If installation is invoked with a drive letter, the drive specified is scanned for viral code before continuing. This is a disadvantage for me, as I keep samples of viral code on the disk for testing. Fortunately for me, unfortunately for naive users, if no drive is specified, the install program can be fooled into testing any drive on the machine. Installation is easy and well guided, up to a point. When it comes to the choice of startup options for the resident portions of the program, the options are not clearly explained by the program. (They are explained in the manual.) In addition, the default configuration appears to err on the side of convenience, rather than caution. Warnings of programs staying resident, and attempts to write to the boot sector of a floppy disk are options, but are not in the default. In addition, after options are chosen, the user is allowed not to have the commands to start the resident checking programs installed in the CONFIG.SYS or AUTOEXEC.BAT files, but the implications of that choice are not explained by either the program or the manual. Ease of use The CPAV program is easy to use, although the options and menus would likely be bewildering. There is an "express menu" option, which provides lower functionality. However, the screen is not much simpler and is very crowded. Full menus is the default, and the express menu option is to be found in a list of several items under configuration. Important functions can be accessed in a variety of ways including a CUA interface, mouse support and function keys. One of the function keys on the "full menus" screen is F10/Menu. It appears to do nothing. The VSAFE/VWATCH programs would benefit from additional explanation of the options. Help systems Help is available in a number of forms, but is not searchable. Compatibility The program appears to work with most environments, and will identify most viri. Company Stability Central Point is well known for utility software. In addition, the fact that this software is virtually identical to that bundled with MS-DOS will undoubtedly give it added clout. Company Support A virus hotline, for signature updates, is available 24 hours a day, as is a BBS. It should be noted that it was over two months between the time I ordered my copy and the time it arrived. Documentation Documentation is clear and well presented. There is a READ.ME file on the disk which should be read carefully, as it contains a number of "finer points" which are missing from the manual. The "Virus Dictionary" of the manual should be viewed with coution as it contains a number of errors. Hardware Requirements No special hardware is required. Performance The program finds most viri, and is able to clean the most common ones effectively. Tests with large virus libraries indicate an accuracy of about two-thirds that of the best scanners. It is also subject to a high number of false positive alarms, and has been the source of a great many trivial postings querying the reports it generates. The VSAFE/VWATCH programs show a great deal of promise. Options for defense through these programs include warnings of program attempts to: low level format the hard disk, go resident, write to hard disk system areas or floppy boot sectors, or to write to executable files. The programs can also be used to detect boot sector viri on floppy disks and as a generalized software write protect. The programs warn of viri resident in memory, but allow operation to continue with, in my opinion, insufficient warning of the consequences. The resident programs are also easy to disable, and a number of viri now do contain code specifically to disable the CPAV TSRs. (Interestingly, in testing, the Stoned virus was prevented from infecting floppy disks, but did not trigger the alert window which normally asks if such an operation is to be allowed.) The BOOTSAFE component loads only once the AUTOEXEC part of the boot process has been achieved. This makes it subject to stealth infectors. The change detection files, if deleted, are simply recreated, which is a vulnerability that some viri now exploit. Local Support None provided. Support Requirements In normal operation none should be needed. Installation and configuration would benefit from expert advice. copyright Robert M. Slade, 1991, 1993 PCCPAV.RVW 931113 ====================== roberts@decus.ca rslade@vcn.bc.ca rslade@vanisl.decus.ca "Look, Mum, `Barbies'!" - Ryan's reaction to "FashionFile" Author "Robert Slade's Guide to Computer Viruses" 0-387-94663-2 (800-SPRINGER)