PCVC.RVW   921212
                               Comparison Review
 
Company and product:
 
Bangkok Security Associates
888/32-33 Ploenchit Road
Bangkok 10330
Thailand
TEL: 662-251-2574
BBS: 662-255-5981
FAX: 662-253-6868
or Delta Base Enterprises
221 - 32853 Landeau Place
Abbotsford, BC, V2S 6S6
TEL: 853-2998
FAX: 853-9164 effective NOV18/92
72137.603@compuserve.com or a682@mindlink.bc.ca
or Computer Security Associates
(803)-796-1935 
Lannatec Associates Inc,
166 Anna Avenue,
Ottawa, Ont. 
K1Z 7V2
(613)-724-5978.
Victor Charlie 5.0
 
Summary: Change detection with "baiting" files and viral signature capture
 
Cost   $99 Cdn
 
Rating (1-4, 1 = poor, 4 = very good)
      "Friendliness"
            Installation      2
            Ease of use       2
            Help systems      2
      Compatibility           2
      Company
            Stability         3
            Support           1
      Documentation           3
      Hardware required       3
      Performance             2
      Availability            2
      Local Support           2
 
General Description:
 
Victor Charlie is a series of batch and data files that generate a number of
programs for trapping of viral infections.  There is also provision for the
capture of viral signatures.  Utilities are included for viewing of boot
sectors and recovery of hard disk system areas.  Version 5.0 no longer requires
DEBUG.COM.
                  Comparison of features and specifications
 
 
 
User Friendliness
 
Installation
 
The product is shipped on writable but protected 720K and 360K floppies.  The
installation procedure outlined in the manual starts "earlier" in the process
than most antivirals.  An initial "Quick Start" section of the manual relies on
an intermediate knowledge of MS-DOS by the user, but this is stated at the
beginning.
 
Installation of VC is not foolproof by any means.  Almost all error messages
are hidden from the user, and a lack of file space or an incorrect assumption
regarding drive specifications will cause the installation to fail to complete. 
This, however, is not communicated to the user, and may not be obvious.  To the
novice this can be dangerous, in that the user may consider that the system is
protected when, in fact, it is not.  Experienced users will be able to custom
tailor the installation to their own needs, since everything is done through
batch files.
 
The product can be apparently installed on floppy drives, but only portions of
the program will actually function if this is done.  Some of the change
detection programs and routines will be set up and run: the VCHECK program, in
particular, will not.  This is nowhere stated, and there are no error messages
indicating this problem, even when using functions of the program which rely on
the files generated by VCHECK.
 
One important factor is missed by the installation, and not mentioned in the
documentation.  The "path" must be entered into the environment space or the
program must be run from the directory the program is installed into.  Because
of the extensive use of batch files, the program recommended to be most
frequently used will fail to find its ancillary files, even if the initiating
program (VC5.BAT) is properly invoked.  The installation program makes no
attempt to either modify the AUTOEXEC.BAT or to point this out.
 
Another area that could use a lot of improvement is in the choice of
"important" files to be checked.  The drive, full path and full filename must
be entered.  The path must be entered even if the file to be checked is in the
directory currently in use.  There is no assistance to the user, even in terms
of a directory listing of program files.
 
Ease of use
 
The ability to use the programs effectively is very much dependent upon the
installation chosen.  With proper installation, occasional virus checks can be
as simple as a single keystroke (Alt-V).
 
The program can, however, give conflicting messages.  When the Stoned virus was
active, it correctly detected that something had happened to the boot sequence. 
On a floppy system it was not able to recover the boot sector, but finished the
sequence with a message that "Right now, you have NO active virus on this
computer."
 
Operation is very inconsistent at times.  When testing it against a very simple
non-resident COM infector, most checks of the system would report that files
had been changed.  However, a number of runs reported a virus active in memory,
one reported a boot sector infection, and one, immediately after a reboot
forced by the report of the boot sector infection, reported no virus presence
at all, even though the system files were still infected.
 
Help systems
 
There is help of various sorts provided for, but in testing the program very
often "lost" its help file, even when installed as directed.
 
In the earlier version 4.0, messages explaining what has been found, what type
of virus this indicates, and what to do about it were very clear and helpful,
even to a novice user.  This has not, unfortunately, carried over into version
5.0.
 
Compatibility
 
Although no part of the package is "resident", it warns against having TSR's
active during installation.  It also warns against any type of disk caching
during system checking, which would basically mean the elimination of disk
caching altogether, as it is suggested to run quick checks frequently.
 
Company Stability
 
The program is produced by Bangkok Security Associates (programmer John
DeHaven, technical writer Alan Dawson, marketing director Simon Royle and
financial director Ramesh Indhewat).  BSA is a Thai company registered in the
British Virgin Islands from Hong Kong.
 
Company Support
 
Support for the product, over the past two years, has had its ups and downs. 
Canadian distribution now seems to be done by two companies: at one point it
was almost a year since I had heard from the local distributor and wondered if
the company was still active.  BSA has been attempting to establish their BBS
on Fidonet: at one time they appeared to be active, only to disappear again.
 
Documentation
 
The earlier "entertaining" aspects of VC's documentation have, unfortunately,
disappeared.  So has much of the material on the general aspects of viral
operation and protection.  The manual is well written and generally clear, but
suffers, as all too many do, from the dedication to "security by obscurity". 
The fear of giving away secrets tends to mean that a great many words are used
to "dance around" functions which the authors have no intention of actually
explaining.
 
While much of the material which made the earlier manual so valuable to the
novice user is gone, the manual should not confuse them.  The novice will be
able to use almost the full power of this system.
 
(A note on this business of directions to novice users.  It may seem like a
"fractal" type of problem, in that no matter how much you explain, there is
still more to do.  For example, TBSCAN's documentation suggests write
protecting diskettes, and explains how to do it on a 3.5" diskette, but not on
a 5.25".  The earlier Victor Charlie did explain that you should put a "...
sticker ... over the notch at the right-hand side of the disk when you look at
it from the front."  However, failing to mention that the notch is *square*, on
the *side* of the disk cover and that you cannot see the magnetic disk through
it might allow some to permanently read *and* write protect the disk by placing
the sticker over the drive head access slot.)
 
There are, however, some omissions which are important enough to count as
errors in the manual.  I have mentioned the problem with the "path" settings. 
Another is the repeated statement that changes to the VC1.CFG file (such as
adding a new program to be checked) require a re-initialization of the Victor
Charlie package.  There is absolutely no mention of how this is to be done, nor
was I able to find such a function in running the various programs. 
 
The tone of the documentation (both hardcopy and on disk) varies between
jingoism ("... ultimate security ... defeat any current or future virus") and
realism, while ultimately falling somewhat short in terms of actual details. 
In testing the system, I came to the conclusion that, while suitable for any
users as a warning system, technical personnel will need more details as to the
ultimate effectiveness, and how far to trust the package.
 
Hardware Requirements
 
MS-DOS 3.0 or higher and a minimum 256K of RAM, 512K if the shell is used.
 
Performance
 
Unfortunately, even at this point, I am unable to state the performance of the
system with confidence.  It will find viral infections of programs, and of boot
sectors.  (In spite of the difficulties encountered in installing the system to
a floppy, it had no difficulty in identifying "Stoned" infections on floppy. 
Further testing revealed that it was, somehow, detecting a change in the boot
sector, rather than memory.  Although the program checks memory and the system
areas of the disk, the "signatures" of the original system are not stored with
program file signatures.)
 
The actions of the package as a whole, regenerating itself from batch and data
files, are quite fascinating.  The program is a radical departure from any
other reviewed system, and should be a valuable extra component for system
security.
 
The program, as it stands, is most useful against memory resident, program file
infecting viri.  Specific identification of sources of infection is not strong.
 
The program is definitely not sufficiently clear in terms of what is checked
and when.  Up to 15 files may be specified as "important", and to be checked on
every pass.  Five of these may be backed up, while the remainder will be
checked only.  Unfortunately, the system appears to assume that "system" files
are to be backed up, but if they are entered to be checked, the backup is not
done.
 
The program does not appear to offer any protection against companion viri.  It
also appears to be ineffective against "stealth" and "FAT" viral program
technology.
 
Local Support
 
Limited.
 
Support Requirements
 
Installation of the program is possible for novice users with standard computer
configurations, but should likely be supported for any non-standard systems. 
Novice or intermediate users will require assistance to identify the source of
infection if a virus is detected.
 
                                 General Notes
 
This package is quite fascinating in its novel approach to virus detection. 
There are numerous shortcomings, but the approach could be a valuable adjunct
to current methods.  While the current implementation has significant
shortcomings, particularly in non-standard configurations, the concept is a
valuable one and, hopefully, future development will make the package more
valuable as a stand alone product.
 
copyright Robert M. Slade, 1991, 1992   PCVC.RVW   921212

======================
roberts@decus.ca           rslade@vcn.bc.ca           rslade@vanisl.decus.ca
Ah! When I were lad, we used to 'ave t'wait 40 milliseconds on noisy channel
 for a network link to come oop--and login both ends! - per Linda Richards
Author "Robert Slade's Guide to Computer Viruses" 0-387-94663-2 (800-SPRINGER)