PCVCNWWS.RVW 920401
Comparison Review
Company and product:
George Davidsohn and Son Inc./The Davidsohn Group
(formerly Worldwide Software Inc.)
20 Exchange Place, 27th Floor
New York, NY 10005
USA
212-422-4100
Telecopier 212-422-1953
800-999-6031
tech support 212-363-3201
PR - Howard J. Rubenstein Assoc. Inc.
212-489-6900 - Laurie N. Terry
warren@worlds.com
Vaccine Version 5.00 - Anti-Viral Software
Summary:
Primarily operation monitoring and restriction with scanning and change
detection facilities.
Cost
Rating (1-4, 1 = poor, 4 = very good)
"Friendliness"
Installation 1
Ease of use 2
Help systems 1
Compatibility 2
Company
Stability 2
Support 2
Documentation 2
Hardware required 2
Performance 2
Availability 2
Local Support 1
General Description:
VACCINE operation monitor, PHYSICAL scanner, CHECKUP change detection, SHELTER
operation restriction and XRAY CMOS backup.
� Comparison of features and specifications
User Friendliness
Installation
The program is shipped on writable, but protected, 5 1/4" 360K media. Although
a scanner is included in the package, scanning of the system to be protected is
suggested only after installation is completed.
Manual and automated installations are provided. The manual installation is
incomplete in that the necessary final step to have *any* protection at all
lies in another part of the manual.
The automated installation is performed through a simple batch file which
creates a directory and copies the file into it. An environment variable is
set and used, so the installation may fail on occasion. A command is prepended
to the beginning of the AUTOEXEC.BAT file. Although the documentation
specifically states that the INSTALL program will work with a dual floppy
system, in fact it will not.
The VACCINE program, and operation monitoring, is stated to be the "soul" of
this package. Any program which performs any kind of "suspect" functions must
be authorized. Once authorized, the program can perform any of the restricted
operations without interference.
Ease of use
The VACCINE program requires a list of programs which are authorized to perform
restricted functions. Since "restricted functions" includes such things as any
form of deletion, a number of programs will need to be added to the list. The
list is a simple ASCII file of program names, one per line. (The "ease of use"
of this can be determined by the fact that the documentation suggests EDLIN be
used to create or amend it.)
The creation of the authorized programs file would not be a simple matter.
Likely programs would have to be run "against" VACCINE to see if they trigger
the alarms. I was surprised to find that the PHYSICAL scanner triggered
VACCINE, since it should only be performing "read" operations. In this light,
the file could only be built in an environment guaranteed free from viri ...
which somehow seems to defeat the purpose.
Help systems
Although the manual talks about "online help", this is, in fact, restricted to
a list of command line switch options if you use the "-h" switch or improper
switch syntax. Since "no switches" is not improper, one must read the manual
in order to know that there are switches.
Compatibility
As of this version, none of the Vaccine programs will function if a network is
present. A network version is available separately.
Company Stability
Unknown.
Company Support
The package makes no statements regarding support.
Documentation
The documentation is sufficient to install and run the programs. Its
statements and examples are clear. However, it must be said that the claims
made for the program, and the discussions of viri in general, border on
misrepresentation. There is *no* discussion of boot sector infectors, although
the signature list contains strings for several, and the only suggested method
for dealing with infections is to "*erase [the infected program] immediately*
using the DOS ERASE command".
A clever use of the documentation is that the command to "teach" VACCINE to
accept new "restricted" programs is buried in the documentation, and is not a
part of the online help.
Hardware Requirements
None stated.
Performance
PHYSICAL identified about two thirds of the common infectors presented to it.
A number of the viri were misidentified, but were, at least, flagged as
infected. The choice of signature strings shows, therefore, promise for
identifying new variants. Where multiple infections are found, the program
will scroll off the screen.
The Vaccine package as a whole has serious shortcomings with regard to boot
sector infectors. The PHYSICAL program will not, apparently, identify boot
sector infectors in diskettes in drive B. VACCINE will not catch a BSI in
memory on startup (Stoned was used in testing), and will falsely identify the
program that is trying to make a change to the boot sector. (In the test case,
this was its own PHYSICAL.) Since most activities that trigger Stoned to
infect will also trigger VACCINE, this is of no help at all. (Short of
rebooting the computer, VACCINE offers no "protection": it is only an alarm. I
would see this kind of interference as being almost worse than Antivirus Plus.)
The one bright spot is that the boot sectors of diskettes in drive A, if
present, are always scanned for viri. If found, however, the suggested
remedial action is "Reinstall DOS": effective against a BSI on a floppy, but
perhaps misleading when the diskette is non-bootable and the "system" is on the
hard drive.
It should be noted that all "restricted" operations are considered together.
Therefore, once a program has been "authorized", it is allowed to perform any
operations. If an "authorized" program becomes infected, it will be allowed to
infect all others. (An authorized program can also "permit" a virus, already
resident, to operate.)
Local Support
None provided.
Support Requirements
It is unlikely that novice users could obtain significant protection from this
package. Intermediate users could likely install it and make suitable
decisions regarding "authorized" programs, but in all likelihood advanced
support would be required for installation and creation of the authorized
programs file.
General Notes
Although the "multi-layered" approach to protection is good, with this
package's reliance on operation monitoring it is difficult to find an
environment to recommend it for. Low change, low utility use, no diskette use
situations may find it suitable.
It is nothing new to find extravagant claims for a product in the promotional
literature. The extent to which this is taken with Vaccine! is disturbing.
From the press release included with the package:
"... first anti-virus software that contains a built-in "stealth bomber" virus
detection and prevention feature."
"... taking a distinctive CRC code ... allows the original executable code to
remain unchanged ..."
"Another unique feature of VACCINE 5.0, unavailable from other anti-virus
software developers, is the ability to allow the user to add virus fingerprints
to its database."
copyright Robert M. Slade, 1992 PCVCNWWS.RVW 920401
======================
roberts@decus.ca rslade@vcn.bc.ca rslade@vanisl.decus.ca
"Lucien, you got some 'splainin' to do!" - Double Exposure
Author "Robert Slade's Guide to Computer Viruses" 0-387-94663-2 (800-SPRINGER)