PCIBMSCN.RVW   910617
                               Comparison Review
 
Company and product:
 
IBM High Integrity Computing Lab
Thomas J. Watson Research Center
P. O. Box 218
Yorktown Heights, New York
USA      10598
Bill Arnold, author
David Chess CHESS@YKTVMV.IBM.COM, CHESS@YKTVMV.BITNET 
VIRSCAN 2.00.01 dated 910307
 
 
Summary:
 
Non-resident scanner with user extensible signature file.
 
Cost    $35 US for original license, $10 for upgrades, enterprise wide license
 
Rating (1-4, 1 = poor, 4 = very good)
      "Friendliness"
            Installation      3
            Ease of use       3
            Help systems      3
      Compatibility           3
      Company
            Stability         3
            Support           2
      Documentation           3
      Hardware required       4
      Performance             3
      Availability            2
      Local Support           1
 
General Description:
 
IBM's VIRSCAN product appears to fall somewhat oddly between commercial
software and shareware.  Although IBM retains all rights to the program (in a
license agreement written as only IBM can), there is no printed documentation,
and the package is available on either single disks or via the IBMLINK service. 
The price is reasonable for an individual, but almost absurdly low given the
"enterprise wide" license.
 
VIRSCAN is a non-resident scanner with a non-encrypted and user extensible
signature file.  Command line switches can be used to obtain a variety of
information about the system.  The program makes no attempt to disinfect or
delete infections.
 
Recommended for any situation, but particularly for medium to large companies
and for intermediate to advanced users.
                  Comparison of features and specifications
 
 
 
User Friendliness
 
Installation
 
VIRSCAN, when supplied on disk, is shipped on "non-writable" diskettes.
 
IBM does not suggest installation on the hard drive at all.  The suggested use
of the program is to boot from a protected floppy, and run the program from the
floppy disk.  The documentation does give directions on how to prepare a
bootable floppy with the scanning program on it.  These directions are very
complete.  (Directions are even given on how to write protect a 3 1/2" floppy
disk, although they are not as explicit for 5 1/4" disks.)
 
An explanation of "resident" viri is given, and directions for booting from the
original system floppy are given.  The directions do assume that you have
original IBM equipment and operating system disks, but should be clear for most
systems, even for novice users.
 
The documentation is written with the novice user in mind, and is, in places,
excellent.  Some "obvious" steps are missing in the directions, but by and
large they are very clear, and cover ground often missing in the documentation
of other products.
 
Ease of use
 
As the product has evolved, a number of command line switches have been added. 
The default settings, however, are very well chosen, and novice users should
not need to know the various options.  Advanced users will be able to use them
without problems.
 
One possible problem is that by default the scan proceeds to conclusion even
when the screen has filled with warning messages.  This should not be a problem
in normal operation, but may be of concern in scanning a heavily infected
system.  (The "-Z" switch will, however, cause the program to pause at each
signature found and this may be an acceptable alternative.)
 
Help systems
 
Two levels of help are available from the command line, called by switches. 
(Somewhat counterintuitively, the "?" switch gives more extensive and
complicated assistance than does the "??" switch.)  As the program is run from
the command line only, "onscreen help" is not an issue.
 
Compatibility
 
VIRSCAN will run under both DOS and OS/2, and will examine drives with both
DOS/FAT and HPFS file structures.
 
The structure of the signature file is outlined in the manual, and at least one
other scanning program obtained for evaluation (Thunderbyte Scan from Frans
Veldman) uses this same file format as a standard.  This allows the use of
additional signature information with the program, and also allows users to add
new signatures to update the package, or their own signatures if a new virus is
found.
 
Mention is made in the documentation of a switch to disable "high memory"
checking, which appears to indicate that the program will check high memory by
default.  The extent of this is not, however, clearly specified in the
documentation.  In a communication from David Chess, it was explained that
"high memory" is defined as the area between 640K and 1 meg.  No scanning is
done above 1 meg.  (Note that when run from OS/2, the program does *not* check
system memory.  Memory is only checked when the program is run from DOS or the
DOS compatibility box.)
 
Company Stability
 
They'll probably be around for a while.
 
Company Support
 
Those on the Internet and Usenet who receive VIRUS-L/comp.virus will have
access to David Chess' postings and email address.  IBMLINK subscribers will
have access to upgrades and information.
 
Documentation
 
The documentation is available only in softcopy on the disk.  While sections
are excellent, the presentation and order of the manual (VIRSCAN.DOC) would
likely be daunting to the novice.
 
A major strength is the discussion of the weaknesses of the program, and a
warning against trusting it too far.
 
Hardware Requirements
 
The documentation does not state any minimum requirements for operation.
 
Performance
 
While VIRSCAN does not search for as many viri as FPROT or SCAN, it catches all
common viri.  Speed of operation is neither the slowest nor the fastest tested,
and is quite acceptable.
 
Note that VIRSCAN makes no attempt to disinfect or delete infected files.
 
Local Support
 
Local support, even from IBM staff, is unfortunately undependable.  There are
numerous instances of those staff who should, presumably, be familiar with the
product being unaware of its particulars and availability, or even giving out
false information.  (I was twice contacted by IBM staff who *offered* to get me
copies of the program for evaluation, and then were unable to find it
themselves.)  There have been a number of cases of IBM local representatives
giving versions intended for internal use only to outside clients.
 
Support Requirements
 
The program should be suitable for any user.  Support staff will find
additional functions that novice users would not use.
 
If, however, an infection is detected, additional support will be required.  It
is likely that only advanced users would be able to take effective action, and
even then would likely require other antiviral packages to correct the
situation.
 
                                 General Notes
 
This product is an excellent value for any company.  It is easy to see that IBM
could lose control over the integrity of the product if it were to be
distributed as shareware or "freeware".  It is also reasonable that IBM be
allowed to make some return on the resources devoted to this product.  That
said, I still could wish for some attempt to make the product more available to
the general user community.
 
The lack of support available through IBM representatives is disturbing. 
Against, while it is understandable that not all staff can be expert in all
products, the lack of support for a product of such universal importance is to
be regretted.
 
In comparison to other scanners, the lack of disinfection would tend to make
this product an adjunct rather than the only tool used.  It is still, though, a
high quality tool, and could easily be chosen as the primary virus alert
product.
 
copyright Robert M. Slade, 1991   PCIBMSCN.RVW   910617
 
====================== 
roberts@decus.ca    slade@freenet.victoria.bc.ca    Rob_Slade@mindlink.bc.ca
             "No passion in the world is equal to the passion to 
                   alter someone else's draft" - H. G Wells
Author "Robert Slade's Guide to Computer Viruses" 0-387-94663-2 (800-SPRINGER)