PCDACS.RVW 931110 Comparison Review Company and product: Mergent (formerly Pyramid Development Corp.) 800-759-3000 20 Hurlbut Street, West Hartford, CT 06110 (moved to:) 70 Inwood Rd Rocky Hill, CT 06067-3441 203-953-9832 Fax: 203-953-3435 PC/DACS Summary: general PC security program, very rich in features Cost: retail $249.00 Rating (1-4, 1 = poor, 4 = very good) "Friendliness" Installation Ease of use Help systems Compatibility Company Stability Support Documentation Hardware required Performance Availability Local Support General Description: Comparison of features and specifications User Friendliness Installation Once again, another program that adds the security of a multi-user operating system to DOS. And, once again, a package which seems to think that "installation" is complete once the files are in place, and the program is running. Actually, PC/DACS does a bit better, in this regard, than others tested. Chapter one of the installation guide suggests a minimal installation, but chapter two includes a table with security goals and some direction on how to achieve them. However, given the extensive feature set of the product, this chart is quite terse. Antivirus protection is said to be achieved with "Virus Prevention Attributes," and, that you can write protect files to protect against infection. There is no discussion of the complexity of this task. A tutorial is included, but, again, this is of little use in terms of security concepts, and deals strictly with the program interface. There are, indeed, a couple of weaknesses. In lesson one, an ID is created, complete with suggested password. The ID is deleted in chapter six, but a bored administrator might not make it all the way, and so leave a vulnerability in the system. (Check out PC/DACS installations around you. Is there an account LOCAL1 with password, TUTORIAL1? You now have "local administrator" privileges.) Lesson two tells you to check lesson five if you don't see "Administrative Maintenance" on the Main Menu: lesson five has nothing to say on the subject. Ease of use The interface is easy to use and the "screen flow" is understandable. Options which are used less frequently have extra explanatory detail. As noted, some functions may require additional explanation in terms of the implications of certain choices. The ability to predefine groups and application "views" makes administration less of a chore. Help systems Help is available for most screens. Compatibility Specifically designed to interfere with, or limit the use of, some utility software. May hamper or preclude recovery efforts in the event of disk problems. Note that the suggested settings for rights access preclude proper operation of SETVER and other programs which alter their own executable files. Boot protection *cannot* be used if there are non-DOS partitions. Company Stability Company Support Documentation System Requirements Performance Local Support Support Requirements General Notes Cost Local Suppliers Of the documentation stated to be a part of the package, only the "Installation Guide" and "Administrator Reference Manual" were included with the review package. The manuals are well laid out. Some entries could be clearer. In a number of cases, you will have little idea of the operation and functions until you run the program. Again, note that the documentation refers to the program operation only: security implications are not dealt with.In comparison with other PC security products, PC/DACS contains a wealth of features. For the experienced security officer, many of the desired features of multiuser operating systems are contained within. Possibly the only missing features are restriction of hardware and peripherals. The password choice functions are a good example. Minimum password lengths can be imposed. The password can optionally be prevented from being identical, or an anagram, to the user name. There can be restrictions on the format of the password, and a history of up to twelve previous passwords can be disallowed. On the other hand, there appears to be nothing against the altering of a single character in the password. Virus protection appears to be limited to write protection, boot protection and encryption. There are indications of certain areas of vulnerability. The system can be recovered with only a boot disk and the original program disks. This means that the hard disk *is* accessible through hardware menus. The "Time Out" feature is meant to disable access from the keyboard if the workstation is left for a period of time, but apparently will not work if any processing is taking place at the time. Therefore a PC running a communications session, or doing processing-intensive computing, will be left vulnerable. (Such processes can be started in such a way as to disallow any keyboard access, but this is not always feasible.) copyright Robert M. Slade, 1993 PCDACS.RVW 931110 ====================== ROBERTS@decus.ca rslade@vanisl.decus.ca rslade@freenet.vancouver.bc.ca "If you do buy a computer, don't turn it on." - Richards' 2nd Law of Security Author "Robert Slade's Guide to Computer Viruses" 0-387-94663-2 (800-SPRINGER)