PCFPROT2.RVW 950925 Antiviral Protection Comparison Review Company and product: Company: Frisk Software International Address: Postholf 7180, IS-127 Reykjavik, Iceland Phone: +354-5-617273 Fax: +354-5-617274 Sales: see Command Software, Data Fellows and SafetyNet; German version +49-40-6932033 or percomp@infohh.rmi.de Contact: Fridrik Skulason, Vesselin Bontchev Email: sales@complex.is, support@complex.is Product: F-PROT 2.xx Virus detection/protection/disinfection Summary: scanner, resident scanner and disinfector Cost: free for non-commercial personal use, Site license $1(US) per computer (minimum $20), 25% educational discount Rating (1-4, 1 = poor, 4 = very good) "Friendliness" Installation 3 Ease of use 4 Help systems 3 Compatibility 3 Company Stability 3 Support 3 Documentation 3 Hardware required 4 Performance 4 Availability 3 Local Support 2 General Description: Scanning, resident scanning and disinfection capabilities. The informational utilities present in the earlier (1.xx) versions have been replaced by heuristic analysis scanning. Change detection and operation restricting utilities have been removed and not replaced. Highly recommended for any situation. Best "value for cost" of any package reviewed to date. Comparison of features and specifications User Friendliness Installation Installation is now added as a feature in the main program. Manual installation is still an option, and is likely the one most used by those familiar with the program. Since the program is shareware, and since installation is little more than copying of files, unless VIRSTOP is installed, it is unlikely to present any problems. In the automated installation, VIRSTOP is installed to be invoked from AUTOEXEC.BAT. Those wishing to invoke it from CONFIG.SYS must do the installation manually. Ease of use Except for resident scanning, F-PROT is now invoked from a single program. The user, by default, is presented with a graphical interface, but command line switches are an option for those wanting more speed, or a standard invocation for a large group of users. There is no "help" key, but the options are fairly simple, and explained in text boxes where necessary. Help systems There is no help per se, although a listing of command line switches is available. Compatibility F-PROT consistently maintains the highest ratings in all independent tests of scanning of known viral programs, including my own. In terms of disinfection capability, only Alan Solomon's Anti-Virus Toolkit and now KAMI's Anti Viral Toolkit Pro has similar ratings. Because of an external language file, F-PROT is available in at least six languages, and can be readily translated into others. The heuristic analysis portion of the program occasionally generates a "false positive" alert about a program that is not, in fact, infected. This is to be expected from this type of scanning, and the incidence is much reduced from when this function was first included with the program. The heuristic analysis feature has been generally effective in identifying new and "unknown" viral strains, but is not perfect. (Perfection is, of course, inherently unattainable in this type of program.) Indeed, the documentation for this feature states that it is still to be considered experimental, and is very conservative in its claims. Programs known to cause false positives are listed. F-PROT may be run under Windows, but is not a Windows program. This is planned to be addressed in future, as are improvements for VIRSTOP to make it run with Windows, and to check files as they are copied, to check floppy disks as accessed, and to use EMS memory. Company Stability F-PROT was originally a sideline developed by Fridrik Skulason while he was still employed by the university. The acceptance of F-PROT as a highly accurate scanner and effective disinfector have allowed the growth of Frisk Software to a leading position in antiviral software. The basic technology is licensed by at least three other companies. The most recent addition to the company is Vesselin Bontchev, long considered one of the top independent antiviral researchers. Company Support Fridrik Skulason is available through the Internet, and replies to queries can be expected within a week or less. As the program has become much more popular with the general public, numerous people have requested his Fidonet address. Unfortunately, frisk is not active on either Fidonet or VirNet. Users of the commercial version can obtain the "F-Prot Update Bulletin" from Data Fellows, and may also be able to get text file copies from better antiviral archives. Documentation Being shareware, the package has no printed documentation. The text files included with the programs are very clear and thorough, and provide an excellent primer on virus functions and protection, as it relates to scanning and disinfection. The large single USAGE.TXT file has been broken into smaller "chapter" files, which allows for quicker access to a particular function or feature. As some of the other virus detection and prevention capabilities have been dropped from the package, so the very excellent discussions of the different types of antiviral software, and their strengths and weaknesses, have been dropped from the documentation. It is recommended that interested parties obtain old (1.xx) versions of F-PROT for this material. The virus information files previously contained in separate text files have been included as a virus information feature within the main program. Hardware Requirements No special hardware is required. Performance During testing, FPROT has consistently identified more viral programs than the "current release" of any other product. FPROT is generally slower at scanning because of the multiple signatures being used to check for each virus, but is not the slowest scanner tested. The user is in control of FPROT at all times, with the exception that VIRSTOP will not allow the boot sequence to continue in the case of a boot sector infection at startup. FPROT, in seven years of my testing, has not given a false positive alarm on any normal program, nor has it interfered with any normal program operation. Users have, from time to time, reported false positives but these are generally with less well known programs and are often fixed within a week. The various functions and utilities that have been dropped from the 2.xx version programs still have significant value. Serious virus researchers and consultants would do well to obtain copies of older (1.xx) versions. These have been retained, and are available, at better antiviral source sites. Local Support Since FPROT is shareware, there are no local dealers from which to obtain support. Knowledgeable users are, though, fairly common. FPROT is also available as a commercially distributed product or as part of other security products. Support Requirements Very little support should be needed for this program. On occasion assistance my be needed in disinfection, or in positively identifying a new viral strain, but no product tested deals with this situation better than F-PROT. General Notes Because of its "shareware" distribution, F-PROT is best compared against McAfee's Associates SCAN program. F-PROT is kept up to date with regular additions to the signature file, and constant improvements to the program. SCAN versions are released at approximately the same frequency as FPROT, but in two and a half years FPROT releases consistently identified more viri, and with greater accuracy than did the "same level" releases of SCAN. SCAN also needs to release far more "bug fix" versions than does F-PROT. Fridrik Skulason publishes fewer signatures of new viruses on the VIRUS-L/comp.virus distribution lists than he used to, but some others are supplying appropriate signature strings in his format. F-PROT is significantly cheaper than the SCAN suite as well, and is complete in one package, although the SCAN suite in total now offers some edge in utility. I am personally sorry to see that the former utilities are not included in the current package. However, it is unarguably simpler for novice users to install and use the newer package, free from the confusion of the multiplicity of files contained in the previous version. F-PROT is sold commercially by SafetyNet, under the name VirusNet, and as F-PROT Professional by Command Software and Data Fellows. VirusNet is very similar to the original product, while F-PROT Professional has additional features added by the different vendors. copyright Robert M. Slade, 1990, 1992, 1994, 1995 PCFPROT2.RVW 950925 ================== Vancouver roberts@decus.ca | This space Institute for rslade@cln.etc.bc.ca | intentionally Research into rslade@vanisl.decus.ca | *not* left blank User Rob_Slade@mindlink.bc.ca | Security Canada V7K 2G6 |