PCDATPHS.RVW 940101 Comparison Review Company and product: Digital Dispatch, Inc. 9725 Pleasant Avenue South, Suite 2L Bloomington, MN 55420 612-884-9914 800-221-8091 Fax: 612-884-9916 Data Physician Plus! 4.0B Summary: Resident and non-resident scanning, disinfection, activity monitoring, change detection Cost Rating (1-4, 1 = poor, 4 = very good) "Friendliness" Installation 2 Ease of use 2 Help systems 1 Compatibility 3 Company Stability 2 Support 2 Documentation 2 Hardware required 4 Performance 2 Availability 2 Local Support 1 General Description: VIRHUNT is a non-resident scanner, change detector and disinfector (with "generic" disinfection). RESSCAN is a resident scanning program (with a Windows compatible component WIN-RS and a network component, RS-NET). VIRALERT is an activity monitor (with a Windows component, WIN-VA). ANTIGEN adds a change detection module onto executable files, which can also disinfect unknown viral programs which do not change original code, and can add password protection to programs to prevent unauthorized use. Two other (file viewing and "Disk Killer" recovery) utilities are included. Also notable is the fact that the installation program will save copies of the CMOS and "boot records" of the hard drive. Comparison of features and specifications User Friendliness Installation Data Physician Plus! is shipped on three writable and unprotected 360K diskettes. (Each used to be clearly stamped with the serial number in very large, clear digits. I assume this is still the case with regular copies although mine were simply stamped "DEMO COPY". The serial number is not always an easy item to find on any software.) A "Quick Start" sheet, separate from the manual, suggests that you simply run RESSCAN, and then use VIRHUNT if a virus is discovered. (RESSCAN, by default, does a full scan of the disk when invoked, and then remains resident.) The manual is fairly imposing and technically oriented at first glance. (It is unbound, printed one side, and three-hole punched.) Page 10 is the first mention of installation, and suggests that you might wish to run the INSTALL program in order to intall VIRHUNT alone. INSTALL is a "menued" program, but it is hard to say that it is very useful. It does describe the programs, but does so in language that a novice would likely not be comfortable with. The description is not very long, but is followed by the full list of command line options for the program. You can now choose which ones you want and then have them all installed at once. (ANTIGEN is not included in the installation options.) Entries can now be made in your AUTOEXEC.BAT file. INSTALL does have two interesting features. One is the "Recovery" function, which allows the CMOS and boot sector (and presumably the MBR, although this is not explicitly stated) to be stored offline, and restored if necessary to recover a "damaged" disk. (This function is shared by VIRHUNT.) The other is the ability to create "batch" files for running the various programs. A "fill in the blanks" form is presented, and a batch file is created which will run the specified program with the specified options. (The F1 key is stated to give "information": this turns out to be simply the program descriptions as above.) A major deficiency in this function is that the default filename for the batch files is always the same. At first I thought that this meant one batch file could be created in order to run all the programs, but this is not so. Each batch file overwrites the previous one: if a filename exists the user is not warned that the previous file will be lost. (With this in mind, the option to "pause" the batch file if a virus is found becomes somewhat ridiculous.) Do *NOT* use this on AUTOEXEC.BAT. (After installation of a program, there is a similar function to update AUTOEXEC.BAT. It will install RESSCAN and RS-NET in AUTOEXEC. It allows the user the option to backup AUTOEXEC.BAT before changing it.) Ease of use The interface, while not overly difficult, is not particularly easy or consistent. A user familiar with a variety of interfaces will likely be able to find out how it works by trial and error, but a novice may get stuck in certain places. A number of the options are difficult to figure out. Partially this is simply a matter of the complexity of a "useful" system. (Data Physician has a large number of options which could be helpful in a wide variety of situations.) However, in a number of cases it is based upon poorly chosen wording or a lack of information. For example, ANTIGEN can not be used from a write protected disk, even when it is protecting files on another, since it creates temporary work files in its own area. However, the error message is extremely terse and gives no indication of the real problem. As another example, once a list of files for ANTIGEN to protect has been selected, the command to proceed is "Quit". Even having read the manual thoroughly, and after having gotten VIRHUNT to create a signature file for change detection, it took me three runs, by trial and error, to find the correct setting to have VIRHUNT use the signature file to "generically remove" a new virus. A number of option combinations give odd results. For example, in order to use the "generic disinfection", one must "turn off" virus checking. However, if virus checking is turned off while scanning to *create* the change detection signature files, a file with no signatures is created. (To make matters worse, if you specify creation of the signature file, any previous file is overwritten without warning.) Help systems Little provided. A list of viral programs and their "characteristics" is provided in VIRHUNT: it is extremely terse and of very little use. Compatibility Data Physician appears to be very compatible with a variety of hardware, networks and Windows. Company Stability Digital Dispatch's antiviral programs have been on the market for many years, although not widely publicized or marketed. Other products by the company are unknown. Company Support Nothing is mentioned about support, specifically, except that if you get a copy of a new virus to DDI, they will get a fix out by the next day. However, you have to hunt around a bit in order to find the address and phone number. (In fact, the printed address only ever mentions the five digit Zip code. The "5+4" code is found in the "About DDI" section of the VIRHUNT program.) In suggesting that you send a copy of a virus to them mention is made of sending it by modem: no BBS number is listed anywhere. Documentation The documentation is not necessarily poorly written, but is extremely technical in nature. As the technical reference sections appear, the writing becomes more confident. The type of document DDI is used to producing is very obvious. There is little general discussion of viral programs, nor of the strengths and weaknesses of various portions of the program. There are now two substantial READ.ME files on the disk. In fact it is likely that the third disk would not be needed were it not for the fact that the entire documentation for the program exists not only in a text file, but also in an MS-Word format document. Actually, having the softcopy version is very helpful for searching via text editor, as the table of contents isn't very useful. However, the documentation for the virus description language (for specifying newly found, or your "own", viral programs) is still almost entirely on the disk file CIL.DOC--which no longer exists. (It is still referred to in the documentation, so presumably the capability still exists.) Hardware Requirements At least one disk drive, 384K and MS-DOS 2.x or higher. All of the programs will run on a single floppy system. Performance Virus scanning is relatively slow, in comparison to other current products. Most common viral programs are detected, but not all. Identification of some new viral programs which are similar to older ones is not particularly good. Change detection is effective with VIRHUNT, as is the generic disinfection. ANTIGEN however, is much less so. On one test, it did not detect the presence of an infection, although the "protective" code seemed to go through the checking cycle twice. (That test also allowed the infect of other files.) In another test, the infection was caught and successfully removed, but only after infection of another file had occurred. ANTIGEN was never able to stop the infection operation, be it direct action or memory infection. ANTIGEN will conflict with programs with internal loaders or non-standard headers. Local Support None provided. Support Requirements It is unlikely that the novice user would be comfortable using the program at all. The intermediate user may be able to obtain some protection through the use of the program, but is unlikely to be able to utilize it to the fullest extent. Advanced support personnel should be responsible for the installation and configuration of the program. General Notes This is definitely a program for the advanced technical user with a good background in antiviral protection. The package contains a number of protective layers and options, and can perform in a great many situations. The configuration and command line options allow for many different kinds of protection in different environments. It is, however, not a product for the average user. It can certainly be installed on a novice's system by advanced technical support, and contains a number of options for doing exactly that in a large corporate environment. The ability to specify notices to users in the event of infection and the configuration files are two examples here. The product would also be of use to the serious virus researcher supporting a user population. The CIL virus specification language is extremely detailed, and much more effective, in this case, than simple string searching capabilities of other scanners. Recommended for the advanced technical user with advanced knowledge of computer viral programs, in a large user population with centralized responsibility for security. copyright Robert M. Slade, 1992, 1994 PCDATPHS.RVW 940101 ====================== roberts@decus.ca rslade@vcn.bc.ca rslade@vanisl.decus.ca The Internet interprets censorship as damage and routes around it - J. Gilmore Author "Robert Slade's Guide to Computer Viruses" 0-387-94663-2 (800-SPRINGER)