PCSCAN.RVW   950921
                               Comparison Review
 
Company and product:
 
Company: McAfee Associates
Address: 2710 Walsh Avenue, Suite 200, Santa Clara, California,
         95051-0963
Phone:   +1-408-988-3832
Fax:                                   +1-408-970-9727
Email:   mcafee@aol.com, mcafee@netcom.com, support@mcafee.com,
         scott_gordon@cc.mcafee.com
Other:   BBS +1-408-988-4004, mcafee.com is IP 192.187.128.1
Product: Scan suite
 
 
Summary: scanning, disinfection and resident scanning modular suite
 
 
Cost: $25 - $35 US per program
 
Rating (1-4, 1 = poor, 4 = very good)
      "Friendliness"
            Installation      2
            Ease of use       3
            Help systems      2
      Compatibility           2
      Company
            Stability         3
            Support           3
      Documentation           2
      Hardware required       3
      Performance             2
      Availability            3
      Local Support           1
 
General Description:
 
SCAN is a boot sector, memory and file scanning program, with some
disinfection and change detection capabilities.  Disinfection is now
accomplished by a switch in the SCAN program.  VSHIELD and SENTRY are
resident file infection and activity checking programs.  A Windows
interface is also available.
 
FSHIELD, Sentry and VCOPY have been discontinued and are no longer
supported.
 
 
                  Comparison of features and specifications
 
 
 
User Friendliness
 
Installation
 
SCAN does not require installation as such.  All programs, however, are
distributed in .ZIP format and use PKUNZIP version 2.04G for unpacking
with authenticity verification.
 
VSHIELD is distributed in two, mutually exclusive, versions.  One
version requires the use of SCAN's /AV or /AF option, which adds an
authentication CRC check onto programs.  A second level of protection is
added in one version with file infection checking for known viral
programs.  The programs can also be used to prevent the running of
unauthorized programs.  VSHIELD must be installed "manually" by the user
in the AUTOEXEC.BAT file with all desired options and switches. 
(Installation utilities are separately available from certain dealers.)
 
The distribution of SCAN as shareware has led to the "release" of many
"trojan" versions of SCAN.  McAfee Associates has attempted to deal with
the security problem in two ways: the use of the "authentic
verification" envelope on ZIP archives, and the VALIDATE program
produced by McAfee Associates itself.  Unfortunately, both methods have
problems.  The "-AV" codes have been "spoofed" by copies of PKZIP which
will add a code, not necessarily that of McAfee Associates.  More
recently, the security of the PKZIP "-AV" codes has been broken: it is
now possible to duplicate any code.  The VALIDATE code is more secure,
(although it has been cracked) but requires a knowledge of the
validation code from a "trusted source".
 
Ease of use
 
The SCAN program is fairly simple to execute, but provides for a very
large number of options in the form of software "switches".  These can
complicate the use of the program, but probably will not be used by most
users.  The base scanning function is simple to operate, and novice
users will probably not use any other functions.  (The one major
exception is the /AV option.  If used on a program that is already "self
checking" it will likely cause the program to terminate, and so must be
identified and removed.  The program has therefore added an /AF option
which will store the change detection information to a file rather than
appending to the program.)
 
Help systems
 
If SCAN is invoked with no specifications, it gives three "screens" of a
listing of the "command line switches".  This can also be obtained with
the /?, /H or /HELP switches.
 
Compatibility
 
SCAN and the other programs in the suite are updated frequently, and the
latest version should be able to handle almost all viruses that a user
would encounter.
 
Unfortunately, recent versions have seen a major decrease in the
accuracy of virus identification.  A number of scan strings have become
"generic", and will identify a number of viral strains.  Some of these
have been so identified (as "Gen_"): a number still report the name of a
specific virus regardless of the actual strain found.  Along with this,
there has been a corresponding decline in the ability of /CLEAN to
disinfect programs and disks.
 
Company Stability
 
McAfee Associates has been producing versions of SCAN for a number of
years, updating on a frequent but somewhat irregular basis.  SCAN is
probably the most widely used virus scanner in North America at present. 
The company has recently "gone public" in order to expand into the
shareware utilities market, and is buying programs from other shareware
authors.
 
In the past year there have been major changes to both the corporate and
support structure of the company.  McAfee Associates now appears to be
concentrating on a position as a leading provider of network and
corporate utilities.
 
Company Support
 
The company appears to be trying to promote support through CompuServe
rather than other sources.
 
Documentation
 
The directions for use of the programs are restricted to listings of the
"command line switches".  They are clear in all cases, if somewhat
concise.  Novice users will find little conceptual information about
viruses, or specific information about the various viral programs that
SCAN will deal with.  The list of viral programs, VIRLIST.TXT, is no
longer included in the archive.
 
The documentation, while not quite alarmist, certainly strongly suggests
that the user, if any virus is ever found, should retain the services of
McAfee Associates or an authorized Agent.  Also, outside sources (such
as the Hoffman virus list) often state that viri can be dealt with by,
for example, using the "SCAN /D" option, without warning that this
merely deletes and overwrites the existing file.
 
Hardware Requirements
 
The only stated requirement is DOS 3 or higher.
 
Performance
 
SCAN now ranks as one of the slower scanners reviewed.  Note also the
loss of some accuracy in identifying individual viral strains.
 
Note that /CLEAN has come under increasing criticism for its performance
in removing infections, particularly in the area of BSI and MBR viral
strains.  Versions of the earlier CLEAN program tested (and MDISK) have,
in my own experience, occasionally left the computer or disk in a worse
state than the virus.
 
Local Support
 
Because of the very wide use, local support of SCAN is more generally
available.  The available version, however, is not always the latest, as
many users, in my experience, tend to use the one version they obtain
for at least a year before seeking another.
 
There are also a number of shareware products that "enhance" the use of
SCAN, such as menuing "front ends" or programs to assist in checking
archived files.
 
Support Requirements
 
If at all possible, it would be best if knowledgeable users assisted
with the use of SCAN.  The programs are simple enough to be operated by
a novice user, and no harm should result, but best results will be
obtained with the program if someone aware and informed of virus
operation is involved.
 
                                 General Notes
 
Version numbering, which has been problematic in the past, is now
standardized and explained in a file in the distribution archive.
 
copyright 1991, 1992, 1994, 1995 Robert M. Slade   PCSCAN.RVW   950921

======================
ROBERTS@decus.ca,   rslade@cln.etc.bc.ca,   rslade@freenet.vancouver.bc.ca
     "Information Superhighway" anagram - "When forming, utopia's hairy."
Author "Robert Slade's Guide to Computer Viruses" 0-387-94311-0/3-540-94311-0