PCSOPHOS.RVW   931220
                               Comparison Review
 
Company and product:
 
Sophos Limited
21 The Quadrant
Abingdon Science Park
Abingdon, Oxfordshire   OX14 3YS
UK
(0235) 559933
fax: (0235) 559935
Vaccine 4.28, Sweep 2.41 and D-Fence 2.01
 
Summary: Change detection, scanning and "quarantine" software
                              
 
Cost: Vaccine pounds 99.50, Sweep pounds 295/yr, D-Fence pounds 195/10 units
 
Rating (1-4, 1 = poor, 4 = very good)
      "Friendliness"
            Installation      2
            Ease of use       2
            Help systems      1
      Compatibility           2
      Company
            Stability         3
            Support           1
      Documentation           2
      Hardware required       2
      Performance             3
      Availability            2
      Local Support           
 
General Description:
 
The three products are each sold separately.  Vaccine is a change detection
program, and when purchased separately comes with Sweep for an initial check of
the system.  Sweep is a scanner.  (A version which runs under VMS and will
check MS-DOS files on a VAX fileserver is also available.)  D-Fence is a
program which renders disks used within a specific workgroup unusable outside
that group and vice versa.  The packages are reviewed here together rather than
in separate reviews since Vaccine is the major product and the others appear to
be adjunct to it.
 
                  Comparison of features and specifications
 
 
 
User Friendliness
 
Installation
 
The Sophos VACCINE package is shipped on non-writable disks, both 5 1/4" and 3
1/2" low density media.
 
After having reviewed so many antiviral programs that demand you trust them
with your hard disk (Trust us!), it was refreshing to see that Sophos actually
suggests that you install the program onto a floppy disk!  Unfortunately, this
means nothing, as the installation program refuses to install the package
unless a hard disk is present.  In fact, none of the programs except SWEEP will
work on a floppy-only system.
 
The documentation does give detailed instructions for manual instruction.
 
Ease of use
 
Basic functions of the programs can be accessed reasonably easily.  However,
specification of some of the command line options and "lists" of items to check
would definitely be beyond the grasp of novice users, and likely beyond
intermediate users as well.
 
Help systems
 
Some "online" help systems are provided, but they do not provide much
assistance.
 
Compatibility
 
No problems were evident in testing.
 
Company Stability
 
Sophos is a fairly major player in the system security field, in minicomputer
and communications systems as well as micro software.  It is also the publisher
of the "Virus Bulletin" periodical (and convener of that publication's
conference).
 
Company Support
 
Only the address, phone and fax numbers are given: no mention is made of
support.  (If SWEEP detects a virus a message instructs the user to call Sophos
"for advice".)  The company is available on the Internet.  Although I have
never called about a specific problem with the product, the company has never
returned a phone call or email message in two years.
 
It is noteworthy that my first review copy arrived with a note saying that the
D-Fence program would be dispatched "next week".  In spite of waiting eight
months before committing the review to paper, the program never did arrive for
the first round of testing.
 
Documentation
 
The manuals are much changed from the first version.  The "Quick Start Manual",
"VACCINE User Manual", "Using VACCINE in a large organisation" and "Sophos
Utilities User Manual" are included with the Vaccine package; the others have
much smaller manuals.  The "Data Security Reference Guide", which was primarily
a catalogue of other products available from Sophos is no longer included.
 
The user manuals are definitely technical reference level.  There is a great
deal of information regarding the use of the program for the experience user. 
There is also information regarding the limitations of the program, or best
means of use, but this is often very brief, and one has to be almost looking
for it to find it.
 
The general description of viral programs is limited.  Some of the points are
plainly incorrect.  For example, the description of viral programs states that
"[a]fter some time, all programs on the hard disk will be infected" thus
implying that all viral programs are file infectors, and then goes on to list a
number of viri, the first three of which are boot sector infectors.  Among the
"rules" for avoiding viral programs are the same tired "avoid BBSes, avoid
shareware, buy commercial" themes.  The manual also appears to claim that a
change detection system can prevent damage by trojan horse programs and logic
bombs.
 
Hardware Requirements
 
None of the programs, except SWEEP, will work on a floppy only system.
 
Performance
 
The documentation admits, albeit briefly and unwillingly, to the weaknesses of
change detection, and even specifically mentions that "stealth" type viral
programs will not be detected if the virus is active.  The ability to
"snapshot" areas of memory, the interrupt table and specific (system and/or
sector) areas of the hard disk is a valuable plus.
 
The SWEEP programs functions quite well against common viral programs with the
exception that it tends to "find" more than one virus in an infected file (up
to eight in the case of a single "Jerusalem" infection).  Users should note
that a scan of memory is a separate option with SWEEP: unlike most other
scanners which scan memory by default but allow you to turn off the memory
scan, with SWEEP you must specify a memory scan if you want one.
 
Local Support
 
None provided.
 
Support Requirements
 
A novice user, installing this on a system after all other software had been
installed, would likely be provided with good protection against viral
programs.  However, it is likely that use of this product in any normal
business operation would require the support of personnel expert in computer
use as well as viral operation.
 
                                 General Notes
 
One would have to say that VACCINE is a product for the use of experts.  The
package seems to tacitly admit this with the additional section of the manual
for use in a large concern.  As a tool for serious support personnel, the
product does provide very significant utilities for protection of computer
systems.
 
copyright Robert M. Slade, 1992, 1993   PCSOPHOS.RVW   931220

======================
roberts@decus.ca           rslade@vcn.bc.ca           rslade@vanisl.decus.ca
   "Ignorance is never out of style.  It was in fashion yesterday, it is the
      rage today, and it will set the pace tomorrow." -- Franklin K. Dane
Author "Robert Slade's Guide to Computer Viruses" 0-387-94663-2 (800-SPRINGER)