PCVDS.RVW   920911
 
                               Comparison Review 
 
Company and product: 
 
VDS Advanced Research Group
P.O. Box 9393
Baltimore, MD 21228
(410) 247-7117
e-mail:  tyetiser@ssw02.ab.umd.edu
VDS 2.1 change detector and scanner
 
Summary: Change detection with emphasis on hard disk system area protection
 
Cost: $25 for single user, many other options
 
Rating (1-4, 1 = poor, 4 = very good) 
      "Friendliness" 
            Installation       2
            Ease of use        3
            Help systems       1
      Compatibility            1
      Company 
            Stability          1
            Support            1
      Documentation            2
      Hardware required        2
      Performance              2
      Availability             2
      Local Support            1
 
General Description: 
 
VDS is change detection software with hard disk boot sequence protection
features.  VDSFSCAN is a scanner which appears to be merely an adjunct to the
change detection program.  The installation procedure is obviously concerned
with detecting and avoiding pre-existing viral infections, particularly of boot
sector viral programs.  VITALFIX is an MBR saving/repair program.
 
 
                  Comparison of features and specifications 
 
 
 
User Friendliness 
 
Installation 
 
VDS was originally announced as shareware.  Disks were shipped to me from VDS
Advanced Research Group, along with a printed version of the documentation
which is shipped with the shareware archive.  I initially received a copy of
version 2.0, and later a copy of 2.1.  Along with the manual, but not bound in,
was a single sheet "VDS 2.10 Installation Guide".  Some references in this
document, and in the manual itself, seem to indicate that the normally
distributed shareware version does not have the full set of features of the
package, but these passages are unclear and open to other interpretations.  In
any case, I am not sure of which of the seemingly many possible "versions"
(trial, registered, complimentary, personal, academic, charity or business) I
have reviewed, nor what the differences were.  (In response to the initial
draft of the review, I was told I had received a registered version but the
differences were not explained.)
 
Installation is a manual process.  That it cannot easily be fully automated is
obvious from the fact that the system must be "cold booted" at least twice
during the process.  The procedure is lengthy, but carefully explained.  There
are some points at which a familiarity with DOS would be of assistance in
understanding some options, but this should not present a problem to a
reasonably intelligent person.  The instructions in the manual are quite clear,
but the files presented on-screen at parts of the installation process are less
so.  At one point the user is directed to re-boot the computer: this is not
what is desired.  The instruction refers to the re-booting that should have
taken place earlier, but this may not be clear to a novice user.  Once the last
part of the installation starts a windowed screen is presented.  There is
little for the user to do at this point, so the reason for the interface or
display is unclear.
 
Certain parts of the installation instructions seem to indicate, to the
knowledgeable user, that the MBR is replaced: this is never confirmed.  There
is also no "uninstall" procedure listed.  At a later point in the
documentation, the possibility of saving, backing up or replacing the MBR with
the VITALFIX program *is* discussed, but there is still no confirmation or
denial of any modification during the installation process.  The VDS
documentation does state that the drivers installed remove themselves from
memory after checking, and this appears to be true.  Testing of installation
seems to indicate that no modification is made to the MBR.  (This was confirmed
in the response to the draft review.)
 
Installation should take about half an hour, or perhaps slightly less with
practice.  The last stage, that of "checksumming" each file, took eight minutes
on an XT with a 20 meg hard disk.  Installation must be done individually: a
driver is customized for each machine, and, presumably, drivers could only be
compatible if the BIOS, memory and disk partitioning is identical between
machines.
 
Ease of use 
 
The VDS program presents a "windowed" interface, but there are, in fact, no
user options on it.  The only options are in the command line switches used on
invocation.  About the only useful options in the command line switches are
those for either more speed, or more thoroughness in verification.  Note that
if one wishes to use the "turbo" mode for initial checking at boot time the
command line switch must be manually added to the entry in the AUTOEXEC.BAT
file.
 
VDSFSCAN, on the other hand, does have menu options, but does not have any
command line switches listed in the documentation.  (In response to the draft
review, I was told that it does have command line switches; these can be listed
with the /? switch.)  Therefore, there is no possibility of, for example,
disabling memory checking, or speeding up the scanning process.
 
Help systems 
 
None provided.  In fact, VDSFSCAN does tell you that help is available through
the F1 key: the F1 key does nothing perceptible.
 
(This is disputed by the developers.  F1 is supposed to provide "context
sensitive" help.  However, in testing it did not.)
 
Compatibility 
 
VDS is incompatible with "disk expansion" software, and certain other similar
programs.  This is seen by the developers as unavoidable.
 
Company Stability 
 
Unknown. 
 
Company Support 
 
For product support, only the postal address is given.  Although a phone number
is given in the documentation, it is specifically restricted to software orders
only.
 
Documentation 
 
The original documentation for VDS 2.0 was very flippant, and resulted in a
very negative reaction to the product from some quarters.  In particular, the
version 2.0 documentation made very negative comments about other (unnamed)
antiviral products.  The version 2.1 documentation is more serious in tone, but
some passages are best understood in light of possible reaction to earlier
negative comment.  There are sections identified as "meant to be funny" and
some remarks that "sensitive individuals should skip this section".
 
The "VDS Risk Factor Analysis Test" is one of the sections that has been
criticized.  I feel this criticism is unwarranted.  The test, while not
perfect, does give a reasonable measure of risk, and has not been attempted
before at this level.
 
The documentation, overall, is best described as "patchy".  Although the
grammar is improving, and the tone is generally very readable, there is little
substantive material.  An initial reading left me wondering whether I had
missed some section explaining the use of the program.  While the manual
protests that the information cannot be revealed without jeopardizing the
security of the system, this seems to have been taken to extremes.  However,
there are nuggets of knowledge interspersed throughout the manual.
 
Hardware Requirements 
 
MS-DOS 3.x or higher, must be installed on hard disk, and in specified
directory, cannot be used with "drive expansion" software.  None of the
programs, in fact, will run "uninstalled", and so they afford absolutely no
protection to "floppy only" systems, or LAN stations with no local hard drive. 
One of the disk files seems to indicate that VDSFSCAN can be run on any system:
this is not true.  A possible alternate explanation is that it may work on some
of the drives that VDS is not normally compatible with.  However, since the
programs do not appear to work if not installed as directed, this would seem to
be moot.
 
(The developers protest this section, and say that VDSFSCAN will run not only
uninstalled, but will run on a "single floppy" system because the entire
program can be loaded into memory and other floppy disks can be scanned when
the program disk has been removed.  This is an advantage, and one which some
scanners lack.  However, my own observation is that VDSFSCAN will not run
unless it has been installed, but that it can then be copied to a floppy and
used on a floppy only system.  This still means that one must have a hard disk
to install the program onto, before it can be run on other systems.)
 
A "known clean" MS-DOS system disk with MS-DOS files is also required for the
installation process.
 
Performance 
 
The initial verification at boot time adds two minutes to the boot process on
an XT with a 20 meg drive.  If the "turbo" switch is added manually, the
results are significantly faster.
 
VDSFSCAN is able to detect most common viral programs.  A fairly large number
in the test suite were missed, including all examples of Washburn programs
used.  A large number of those infections detected were misidentified. 
However, as disinfection appears limited to erasure, this need not be a
problem.  (The "cure" option of VDS appears limited to system areas of the
disk.)  Scanning is definitely only a sidelight for this package.
 
Local Support 
 
None provided. 
 
Support Requirements 
 
The package, while seemingly aimed at the novice user, still would require at
least an intermediate level knowledge of MS-DOS.  Even at that, a thorough
reading of the manual would seem to be in order.
 
                                 General Notes 
 
The installation procedure for VDS appears to be directed at the novice user
who may already be infected with a virus.  The attempt is laudable, and may
provide additional security to the process.  However, certain aspects of the
implementation still require significant work.  The program is recommended for
intermediate users as having a strong detection component to add to other
antiviral measures.
 
Reaction to the draft review elicited the information that some of the problems
mentioned in the review are now being addressed, particularly that of being
able to schedule checking of the disk.  Mention was also made of plans to
release a commercial version of VDS.
 
copyright Robert M. Slade, 1992   PCVDS.RVW   920911

======================
roberts@decus.ca   rslade@vanisl.decus.ca  Rob.Slade@f733.n153.z1.fidonet.org
 Just about every computer on the market today runs UNIX, except the Mac (and
                 nobody cares about it).  - Bill Joy, 6/21/85
Author "Robert Slade's Guide to Computer Viruses" 0-387-94663-2 (800-SPRINGER)