PCVDS.RVW 920911 Comparison Review Company and product: VDS Advanced Research Group P.O. Box 9393 Baltimore, MD 21228 (410) 247-7117 e-mail: tyetiser@ssw02.ab.umd.edu VDS 2.1 change detector and scanner Summary: Change detection with emphasis on hard disk system area protection Cost: $25 for single user, many other options Rating (1-4, 1 = poor, 4 = very good) "Friendliness" Installation 2 Ease of use 3 Help systems 1 Compatibility 1 Company Stability 1 Support 1 Documentation 2 Hardware required 2 Performance 2 Availability 2 Local Support 1 General Description: VDS is change detection software with hard disk boot sequence protection features. VDSFSCAN is a scanner which appears to be merely an adjunct to the change detection program. The installation procedure is obviously concerned with detecting and avoiding pre-existing viral infections, particularly of boot sector viral programs. VITALFIX is an MBR saving/repair program. Comparison of features and specifications User Friendliness Installation VDS was originally announced as shareware. Disks were shipped to me from VDS Advanced Research Group, along with a printed version of the documentation which is shipped with the shareware archive. I initially received a copy of version 2.0, and later a copy of 2.1. Along with the manual, but not bound in, was a single sheet "VDS 2.10 Installation Guide". Some references in this document, and in the manual itself, seem to indicate that the normally distributed shareware version does not have the full set of features of the package, but these passages are unclear and open to other interpretations. In any case, I am not sure of which of the seemingly many possible "versions" (trial, registered, complimentary, personal, academic, charity or business) I have reviewed, nor what the differences were. (In response to the initial draft of the review, I was told I had received a registered version but the differences were not explained.) Installation is a manual process. That it cannot easily be fully automated is obvious from the fact that the system must be "cold booted" at least twice during the process. The procedure is lengthy, but carefully explained. There are some points at which a familiarity with DOS would be of assistance in understanding some options, but this should not present a problem to a reasonably intelligent person. The instructions in the manual are quite clear, but the files presented on-screen at parts of the installation process are less so. At one point the user is directed to re-boot the computer: this is not what is desired. The instruction refers to the re-booting that should have taken place earlier, but this may not be clear to a novice user. Once the last part of the installation starts a windowed screen is presented. There is little for the user to do at this point, so the reason for the interface or display is unclear. Certain parts of the installation instructions seem to indicate, to the knowledgeable user, that the MBR is replaced: this is never confirmed. There is also no "uninstall" procedure listed. At a later point in the documentation, the possibility of saving, backing up or replacing the MBR with the VITALFIX program *is* discussed, but there is still no confirmation or denial of any modification during the installation process. The VDS documentation does state that the drivers installed remove themselves from memory after checking, and this appears to be true. Testing of installation seems to indicate that no modification is made to the MBR. (This was confirmed in the response to the draft review.) Installation should take about half an hour, or perhaps slightly less with practice. The last stage, that of "checksumming" each file, took eight minutes on an XT with a 20 meg hard disk. Installation must be done individually: a driver is customized for each machine, and, presumably, drivers could only be compatible if the BIOS, memory and disk partitioning is identical between machines. Ease of use The VDS program presents a "windowed" interface, but there are, in fact, no user options on it. The only options are in the command line switches used on invocation. About the only useful options in the command line switches are those for either more speed, or more thoroughness in verification. Note that if one wishes to use the "turbo" mode for initial checking at boot time the command line switch must be manually added to the entry in the AUTOEXEC.BAT file. VDSFSCAN, on the other hand, does have menu options, but does not have any command line switches listed in the documentation. (In response to the draft review, I was told that it does have command line switches; these can be listed with the /? switch.) Therefore, there is no possibility of, for example, disabling memory checking, or speeding up the scanning process. Help systems None provided. In fact, VDSFSCAN does tell you that help is available through the F1 key: the F1 key does nothing perceptible. (This is disputed by the developers. F1 is supposed to provide "context sensitive" help. However, in testing it did not.) Compatibility VDS is incompatible with "disk expansion" software, and certain other similar programs. This is seen by the developers as unavoidable. Company Stability Unknown. Company Support For product support, only the postal address is given. Although a phone number is given in the documentation, it is specifically restricted to software orders only. Documentation The original documentation for VDS 2.0 was very flippant, and resulted in a very negative reaction to the product from some quarters. In particular, the version 2.0 documentation made very negative comments about other (unnamed) antiviral products. The version 2.1 documentation is more serious in tone, but some passages are best understood in light of possible reaction to earlier negative comment. There are sections identified as "meant to be funny" and some remarks that "sensitive individuals should skip this section". The "VDS Risk Factor Analysis Test" is one of the sections that has been criticized. I feel this criticism is unwarranted. The test, while not perfect, does give a reasonable measure of risk, and has not been attempted before at this level. The documentation, overall, is best described as "patchy". Although the grammar is improving, and the tone is generally very readable, there is little substantive material. An initial reading left me wondering whether I had missed some section explaining the use of the program. While the manual protests that the information cannot be revealed without jeopardizing the security of the system, this seems to have been taken to extremes. However, there are nuggets of knowledge interspersed throughout the manual. Hardware Requirements MS-DOS 3.x or higher, must be installed on hard disk, and in specified directory, cannot be used with "drive expansion" software. None of the programs, in fact, will run "uninstalled", and so they afford absolutely no protection to "floppy only" systems, or LAN stations with no local hard drive. One of the disk files seems to indicate that VDSFSCAN can be run on any system: this is not true. A possible alternate explanation is that it may work on some of the drives that VDS is not normally compatible with. However, since the programs do not appear to work if not installed as directed, this would seem to be moot. (The developers protest this section, and say that VDSFSCAN will run not only uninstalled, but will run on a "single floppy" system because the entire program can be loaded into memory and other floppy disks can be scanned when the program disk has been removed. This is an advantage, and one which some scanners lack. However, my own observation is that VDSFSCAN will not run unless it has been installed, but that it can then be copied to a floppy and used on a floppy only system. This still means that one must have a hard disk to install the program onto, before it can be run on other systems.) A "known clean" MS-DOS system disk with MS-DOS files is also required for the installation process. Performance The initial verification at boot time adds two minutes to the boot process on an XT with a 20 meg drive. If the "turbo" switch is added manually, the results are significantly faster. VDSFSCAN is able to detect most common viral programs. A fairly large number in the test suite were missed, including all examples of Washburn programs used. A large number of those infections detected were misidentified. However, as disinfection appears limited to erasure, this need not be a problem. (The "cure" option of VDS appears limited to system areas of the disk.) Scanning is definitely only a sidelight for this package. Local Support None provided. Support Requirements The package, while seemingly aimed at the novice user, still would require at least an intermediate level knowledge of MS-DOS. Even at that, a thorough reading of the manual would seem to be in order. General Notes The installation procedure for VDS appears to be directed at the novice user who may already be infected with a virus. The attempt is laudable, and may provide additional security to the process. However, certain aspects of the implementation still require significant work. The program is recommended for intermediate users as having a strong detection component to add to other antiviral measures. Reaction to the draft review elicited the information that some of the problems mentioned in the review are now being addressed, particularly that of being able to schedule checking of the disk. Mention was also made of plans to release a commercial version of VDS. copyright Robert M. Slade, 1992 PCVDS.RVW 920911 ====================== roberts@decus.ca rslade@vanisl.decus.ca Rob.Slade@f733.n153.z1.fidonet.org Just about every computer on the market today runs UNIX, except the Mac (and nobody cares about it). - Bill Joy, 6/21/85 Author "Robert Slade's Guide to Computer Viruses" 0-387-94663-2 (800-SPRINGER)