PCDATPHS.RVW 940101
Comparison Review
Company and product:
Digital Dispatch, Inc.
9725 Pleasant Avenue South, Suite 2L
Bloomington, MN 55420
612-884-9914
800-221-8091
Fax: 612-884-9916
Data Physician Plus! 4.0B
Summary: Resident and non-resident scanning, disinfection, activity monitoring,
change detection
Cost
Rating (1-4, 1 = poor, 4 = very good)
"Friendliness"
Installation 2
Ease of use 2
Help systems 1
Compatibility 3
Company
Stability 2
Support 2
Documentation 2
Hardware required 4
Performance 2
Availability 2
Local Support 1
General Description:
VIRHUNT is a non-resident scanner, change detector and disinfector (with
"generic" disinfection). RESSCAN is a resident scanning program (with a
Windows compatible component WIN-RS and a network component, RS-NET). VIRALERT
is an activity monitor (with a Windows component, WIN-VA). ANTIGEN adds a
change detection module onto executable files, which can also disinfect unknown
viral programs which do not change original code, and can add password
protection to programs to prevent unauthorized use. Two other (file viewing
and "Disk Killer" recovery) utilities are included. Also notable is the fact
that the installation program will save copies of the CMOS and "boot records"
of the hard drive.
� Comparison of features and specifications
User Friendliness
Installation
Data Physician Plus! is shipped on three writable and unprotected 360K
diskettes. (Each used to be clearly stamped with the serial number in very
large, clear digits. I assume this is still the case with regular copies
although mine were simply stamped "DEMO COPY". The serial number is not always
an easy item to find on any software.)
A "Quick Start" sheet, separate from the manual, suggests that you simply run
RESSCAN, and then use VIRHUNT if a virus is discovered. (RESSCAN, by default,
does a full scan of the disk when invoked, and then remains resident.)
The manual is fairly imposing and technically oriented at first glance. (It is
unbound, printed one side, and three-hole punched.) Page 10 is the first
mention of installation, and suggests that you might wish to run the INSTALL
program in order to intall VIRHUNT alone.
INSTALL is a "menued" program, but it is hard to say that it is very useful.
It does describe the programs, but does so in language that a novice would
likely not be comfortable with. The description is not very long, but is
followed by the full list of command line options for the program. You can now
choose which ones you want and then have them all installed at once. (ANTIGEN
is not included in the installation options.) Entries can now be made in your
AUTOEXEC.BAT file.
INSTALL does have two interesting features. One is the "Recovery" function,
which allows the CMOS and boot sector (and presumably the MBR, although this is
not explicitly stated) to be stored offline, and restored if necessary to
recover a "damaged" disk. (This function is shared by VIRHUNT.)
The other is the ability to create "batch" files for running the various
programs. A "fill in the blanks" form is presented, and a batch file is
created which will run the specified program with the specified options. (The
F1 key is stated to give "information": this turns out to be simply the program
descriptions as above.) A major deficiency in this function is that the
default filename for the batch files is always the same. At first I thought
that this meant one batch file could be created in order to run all the
programs, but this is not so. Each batch file overwrites the previous one: if
a filename exists the user is not warned that the previous file will be lost.
(With this in mind, the option to "pause" the batch file if a virus is found
becomes somewhat ridiculous.) Do *NOT* use this on AUTOEXEC.BAT. (After
installation of a program, there is a similar function to update AUTOEXEC.BAT.
It will install RESSCAN and RS-NET in AUTOEXEC. It allows the user the option
to backup AUTOEXEC.BAT before changing it.)
Ease of use
The interface, while not overly difficult, is not particularly easy or
consistent. A user familiar with a variety of interfaces will likely be able
to find out how it works by trial and error, but a novice may get stuck in
certain places.
A number of the options are difficult to figure out. Partially this is simply
a matter of the complexity of a "useful" system. (Data Physician has a large
number of options which could be helpful in a wide variety of situations.)
However, in a number of cases it is based upon poorly chosen wording or a lack
of information. For example, ANTIGEN can not be used from a write protected
disk, even when it is protecting files on another, since it creates temporary
work files in its own area. However, the error message is extremely terse and
gives no indication of the real problem. As another example, once a list of
files for ANTIGEN to protect has been selected, the command to proceed is
"Quit". Even having read the manual thoroughly, and after having gotten
VIRHUNT to create a signature file for change detection, it took me three runs,
by trial and error, to find the correct setting to have VIRHUNT use the
signature file to "generically remove" a new virus.
A number of option combinations give odd results. For example, in order to use
the "generic disinfection", one must "turn off" virus checking. However, if
virus checking is turned off while scanning to *create* the change detection
signature files, a file with no signatures is created. (To make matters worse,
if you specify creation of the signature file, any previous file is overwritten
without warning.)
Help systems
Little provided. A list of viral programs and their "characteristics" is
provided in VIRHUNT: it is extremely terse and of very little use.
Compatibility
Data Physician appears to be very compatible with a variety of hardware,
networks and Windows.
Company Stability
Digital Dispatch's antiviral programs have been on the market for many years,
although not widely publicized or marketed. Other products by the company are
unknown.
Company Support
Nothing is mentioned about support, specifically, except that if you get a copy
of a new virus to DDI, they will get a fix out by the next day. However, you
have to hunt around a bit in order to find the address and phone number. (In
fact, the printed address only ever mentions the five digit Zip code. The
"5+4" code is found in the "About DDI" section of the VIRHUNT program.) In
suggesting that you send a copy of a virus to them mention is made of sending
it by modem: no BBS number is listed anywhere.
Documentation
The documentation is not necessarily poorly written, but is extremely technical
in nature. As the technical reference sections appear, the writing becomes
more confident. The type of document DDI is used to producing is very obvious.
There is little general discussion of viral programs, nor of the strengths and
weaknesses of various portions of the program.
There are now two substantial READ.ME files on the disk. In fact it is likely
that the third disk would not be needed were it not for the fact that the
entire documentation for the program exists not only in a text file, but also
in an MS-Word format document. Actually, having the softcopy version is very
helpful for searching via text editor, as the table of contents isn't very
useful. However, the documentation for the virus description language (for
specifying newly found, or your "own", viral programs) is still almost entirely
on the disk file CIL.DOC--which no longer exists. (It is still referred to in
the documentation, so presumably the capability still exists.)
Hardware Requirements
At least one disk drive, 384K and MS-DOS 2.x or higher. All of the programs
will run on a single floppy system.
Performance
Virus scanning is relatively slow, in comparison to other current products.
Most common viral programs are detected, but not all. Identification of some
new viral programs which are similar to older ones is not particularly good.
Change detection is effective with VIRHUNT, as is the generic disinfection.
ANTIGEN however, is much less so. On one test, it did not detect the presence
of an infection, although the "protective" code seemed to go through the
checking cycle twice. (That test also allowed the infect of other files.) In
another test, the infection was caught and successfully removed, but only after
infection of another file had occurred. ANTIGEN was never able to stop the
infection operation, be it direct action or memory infection.
ANTIGEN will conflict with programs with internal loaders or non-standard
headers.
Local Support
None provided.
Support Requirements
It is unlikely that the novice user would be comfortable using the program at
all. The intermediate user may be able to obtain some protection through the
use of the program, but is unlikely to be able to utilize it to the fullest
extent. Advanced support personnel should be responsible for the installation
and configuration of the program.
General Notes
This is definitely a program for the advanced technical user with a good
background in antiviral protection. The package contains a number of
protective layers and options, and can perform in a great many situations. The
configuration and command line options allow for many different kinds of
protection in different environments.
It is, however, not a product for the average user. It can certainly be
installed on a novice's system by advanced technical support, and contains a
number of options for doing exactly that in a large corporate environment. The
ability to specify notices to users in the event of infection and the
configuration files are two examples here.
The product would also be of use to the serious virus researcher supporting a
user population. The CIL virus specification language is extremely detailed,
and much more effective, in this case, than simple string searching
capabilities of other scanners.
Recommended for the advanced technical user with advanced knowledge of computer
viral programs, in a large user population with centralized responsibility for
security.
copyright Robert M. Slade, 1992, 1994 PCDATPHS.RVW 940101
======================
roberts@decus.ca rslade@vcn.bc.ca rslade@vanisl.decus.ca
The Internet interprets censorship as damage and routes around it - J. Gilmore
Author "Robert Slade's Guide to Computer Viruses" 0-387-94663-2 (800-SPRINGER)