PCUNTUCH.RVW   920912
                               Comparison Review
Company and product:
 
Fifth Generation Systems, Inc.
P.O. Box 83560
Baton Rouge, Louisiana
USA   70884-3560
10049 N. Reiger Rd.
Baton Rouge, Louisiana
USA   70809-4559
800-677-1848 or 800-365-3186
1-800-873-4384 sales and info (number invalid?)
504-291-7283 800-766-7283 tech support
Business Phone: (504) 291-7221
FAX:            (504) 295-3268 or 504-292-4465
Clivedon Office Village
Lancaster Road, High Wycomb
Bucks, HP12 3YZ, England
Business Phone: +44-(0)-494-442224
FAX:            +44-(0)-494-442225
Sales/Support:  +44-(0)-494-442223
3715 Sun Hung Kai Centre
30 Harbour Rd.
Waichai, Hong Kong
Business Phone: (852) 827 6977
Fax:            (852) 824 3200
Untouchable 1.1, a renaming of V-Analyst by B.R.M. Technologies, Israel
 
Summary: Change detector with resident and manual scanning, also "generic"
disinfection
 
Cost                          
 
Rating (1-4, 1 = poor, 4 = very good)
      "Friendliness"
            Installation      2
            Ease of use       2
            Help systems      1
      Compatibility           2
      Company
            Stability         3
            Support           2
      Documentation           2
      Hardware required       2
      Performance             2
      Availability            2
      Local Support           1
 
General Description:
 
UT change detection program and "generic" disinfection, UTSCAN manual scanner,
UTRES resident scanner.
                  Comparison of features and specifications
 
 
 
User Friendliness
 
Installation
 
The product is shipped on a writable but protected 3 1/2" (720K) disk.  A
return card is available to order the program on 5 1/4" media.  My copy arrived
with a physically damaged disk in that the "gate" was dislodged and moved
around on the diskette.  The spring for the gate was missing.  (When
replacement disks did arrive, the 720K disks were writable but protected: the
360K disks were unwritable.)
 
The package provides for both automatic and manual installation.  Both require
the use of the installation program, as changes are made to the UT program to
enable it to run.  There is really no difference between the methods, except
for a false sense of control promoted by the "manual" method.  The manual
method does allow the user to "leave out" some parts of the installation, but
it would be foolish to do so in any case.
 
Although "automatic" and "manual" installation is possible, and a "custom"
setup, there is really very little that can be done to customize the
installation.  The manual speaks of "subsets" of files to be checked, but there
are only two subsets, "system" and "full".  The "contents" of these subsets can
be modified, but, again, it would be foolish to do so.
 
Installation takes about an hour on an XT, considerably less on machines with
faster CPUs.
 
In order to "invoke" the changes made during installation, the computer must be
rebooted after installation is complete.  This is not mentioned either in the
manual or by the installation program (although it is mentioned in the READ.ME
file on disk).
 
Ease of use
 
Although there is a graphical user interface, with windows and menus, the
structure and layout of the program is not easy to follow.  Some of the menu
choices are positively misleading: "Program Configuration" has no option to
change drives, "Edit Database" does.  Menus do not behave consistently
throughout the program.  At a number of places in the program it is possible
for a user well familiar with the vagaries to stumble through a series of
keystrokes that might get to the desired goal; for a novice, it might be
impossible.
 
Even with the automation and lack of choice in the program, it is impossible to
say that it is really "easy to use".  Menus and screens are not well designed,
and certainly not intuitive.  One might say that some of the most basic
functions are presented more easily than some of the more advanced, but this is
only relative to the excessive difficulty of finding the advanced functions.
 
The "GUI" is not well designed or used.  In addition, screen redrawing of these
very simple menus is so slow as to compare unfavourably with full window
redrawing within, say, Windows itself.
 
The more advanced options are, actually, relatively few in number.  There are
command line switches to invoke them: they seem to provide so little control as
to hardly make them worth the effort to learn.
 
The primary use of the system, however, seems to be in the automated change
detection.  The program is set up, by default, for a series of daily, weekly
and "every 21 days" checks of increasing sophistication and invasiveness.  The
schedule is well chosen, and should provide for significant detection
capability.
 
Help systems
 
Context sensitive help is available, but is very seldom useful.  If you can't
figure out the menu choices from the names, the help screen for that screen is
unlikely to help you.  Context sensitivity is limited to screens, rather than
fields, and even then, a subordinate menu or screen is likely to display the
same level of "help" as the next "higher" level screen.
 
Compatibility
 
While no conflicts were found during testing, the UT program appears to require
much more memory than stated.
 
Company Stability
 
Fifth Generation has recently been purchased by Symantec.  Callers were
immediately told that previous Fifth Generation supported products were no
longer supported and offered an "upgrade" to the Norton AntiVirus.  BRM has
stated that Untouchable will still be available in some form.
 
Company Support
 
My experience was with Fifth Generation.  My copy of the package arrived with a
physically damaged disk.  The "800" number for sales appears to be out of
service.  The "800" number for technical support, however, even works from
Canada and Puerto Rico.
 
I was asked for my "shipping number", which nowhere appeared in the package.  I
offered the serial number, but that was apparently of no use to the operator,
who asked for my name instead.  She was apparently able to find it, but while
she was doing so was carrying on an unrelated conversation with a co-worker,
which was plainly audible to me (and somewhat disconcerting).  I was told a
replacement disk would be shipped, but via mail, so to allow seven to ten days
wait.  (There was apparently no option on this.)
 
Ordered on July 22, the replacement had not arrived by August 29th.  I called
again and, three days after Hurricane Andrew, they were not yet back in
operation.  I was told that an agent would call me back on Monday, but no one
did.  I called again on September 1 and was told that another copy would be
sent.  No explanation was given for the delay.  (Interestingly, when I called
back to speak to a supervisor and had to leave a message, I was asked for the
serial number of the product.)
 
The supervisor was unavailable, and I left a message.  The supervisor called
back the next afternoon while I was out, and left a message that he would call
again.  He never did.
 
Due to press of other reviews I did not get around to calling before a package
finally arrived on September 8th.  The package had been shipped airmail, but
the postmark was September 2nd.  Obviously, this had been shipped after my
third call.  It contained three diskette mailers, one with the replacement 720K
disk, one with two 360K disks and one which was supposed (according to the
shipping slip) to contain a 1.2M diskette, but instead contained two 360K disks
of version 1.0.
 
I called again and spoke with the supervisor.  He was disturbed by the report,
and most apologetic.
 
(After the extensive dealings I had had with the company, I made extra efforts
to ensure the draft review was made available to the company.  In spite of
extending the response period to 14 days from the usual seven, I have not
received any response from the company at all.)
 
The recent acquisition by Symantec and the subsequent treatment of customers
cannot, of course, have any bearing on the product itself, nor on future
support should BRM be successful in finding another American distrubutor. 
However, overall it reflects poorly on all three companies.
 
Documentation
 
The Untouchable printed documentation is initially very clear, well laid out
and readable.  The one quibble one might have is that the installation section
doesn't start until well into the book, but the installation program itself is
quite explicit and gives clear directions.
 
It is absolutely refreshing to find a manual which not only lists shrink
wrapped software among the possible vectors of virus transmission, but also
lists bulletin boards last on the list of transmission agents.  It also
correctly states that the *most* common means of virus transmission is via
floppy disk.  Unfortunately, the "Virus Infection Symptoms" are not quite as
good: they still list long program load times, slower system performance and
unusual disk access, which seldom appear in the more common viral programs.
 
However, as one gets into the "guts" of the program, the manual degenerates
rapidly.  There are errors such as the omission of "labels" or titles beside
descriptions of what certain keys should do.  In a number of sections, the
explanation of certain functions is unclear and open to many interpretations.
 
Hardware Requirements
 
A hard disk is specified as necessary to operation.  The automatic installation
will not install to a floppy disk (giving an erroneous message about something
not being mapped), but some sections of the program will operate on a system
without a hard disk, thus providing some protection to non-standard systems. 
DOS 3.x or higher is required.
 
Performance
 
Identification of viral infections appears at some points to be very
sophisticated, but less so in others.  A virus (Vengeance) "new" since the file
date of the UTSCAN program was identified as "similar" to "535a".  A file which
had been infected three times with the Jerusalem virus was identified as having
that infection and 5424 extra bytes.  The extremely rare "Halloween" virus was
identified as such, but the "Amilia/i99i" strain of Murphy, very similar to the
HIV strain, was instead identified as a variant of "Dark Avenger Virus"
(presumably "Eddie").  (Naming is very close to that of VIRx.)
 
When a viral infection is "known" by UTSCAN it offers to remove, disinfect all
files, erase the file, continue or abort; when the infection is "similar" the
options are only to erase, continue or abort.  When an infection is "similar",
you are requested to forward a copy of the infected file to Fifth Generation
and the "default" option is continue.  If the virus is known, and an overwriter
the default option is erase.
 
(Identification of the "Dbf", "Piter", "Mlt1" or "Polish" viral programs
identified them as such, but requested a copy be sent in order to perfect a
disinfector.)
 
Identification of known viral strains is often accompanied by lengthy disk
accesses to the original program.
 
The ability of UTSCAN to scan files within compressed archives is one that is
long overdue.  The ability to scan "archives within archives" is interesting. 
It is not perfect, however.  Some files within archives are simply not found
and in some infected files within archives infections are not found even if the
infected file can be identified outside of the archive.  Encrypted ZIP files
cannot be scanned.
 
In tests of the ability to detect changes, UT was able to detect changes to
AUTOEXEC.BAT, infections with unknown viral programs and deletions of
directories.  (Interestingly, the default choice for dealing with any changes
detected is only to alert the user: the "suggested" option therefore seems to
be "not to decide".)  Movement of files was seen as deletion of the "originals"
and "new files installed".  (Default options in the case of "new" or "deleted
old" files is to accept the changes.)  Although considerable information was
retrieved on the changes to AUTOEXEC.BAT, the file was considered
unrecoverable.  A "quick check" of a 20 meg hard drive on an XT required
between two and six minutes.
 
Numerous attempts to use the "generic" disinfection on files (which UT stated
were recoverable) resulted in consistent failures due to memory shortfalls. 
Subsequent attempts, after removing TSRs and rebooting, resulted in the same
file now being shown as unrecoverable.  Eventually, after all TSRs and
environment variables had been removed, a recovery (of COMMAND.COM) was
successful.  The file compares perfectly with the original, with the exception
that an "end of file" character has been added (so that COMMAND.COM no longer
shows "slack space" at the end of the file).  (In pursuit of this test, a
number of efforts were made to "check" a single file, or to add it to the data
base.  I am still unclear as to how successful this was: in the end it seemed
the only way to check for the files I had deliberately infected was to check
the whole disk -- at up to six minutes per run.)
 
Local Support
 
None provided.
 
Support Requirements
 
A novice user should be able to install the program, which should then provide
significant detection capabilities.  However, dealing with an infection once
detected would still be problematic.
 
                                 General Notes
 
My initial reaction to the program was very positive.  However, the confusion
of the more advanced options of the program, and the failure of the "generic"
disinfection in testing, call some of the utility of the program into question.
 
Fifth Generation market and support a number of products purchased from other
developers.  They previously marketed Mace Utilities and Mace Vaccine (see
PCMACE.RVW).  In conversation with the support supervisor, he indicated that
the Mace products are no longer marketed by Fifth Generation, but that some
resellers are still selling them.  Fifth Generation is continuing to support
the products as best it can.  (Mace Utilities are still listed in the manual as
being in the "Fifth Generation Systems Family of Utility Products".)
 
copyright Robert M. Slade, 1992   PCUNTUCH.RVW   920912

======================
roberts@decus.ca           rslade@vcn.bc.ca           rslade@vanisl.decus.ca
  "Internet, the information network you _can't_ outgrow."  - Ido Dubrawsky
Author "Robert Slade's Guide to Computer Viruses" 0-387-94663-2 (800-SPRINGER)