PCMACE.RVW  910524
                               Comparison Review
 
Company and product:
 
Paul Mace Software
400 Williamson Way
Ashland, OR   97520
USA
tech support 503-488-0224
fax: 503-488-1549
sold and supported through:
Fifth Generation Systems, Inc.
10049 N. Reiger Rd.
Baton Rouge, Louisiana
USA   70809
1-800-873-4384 sales and info
504-291-7283 tech support
504-291-7221 admin
telecopier: 504-292-4465
 
Mace Vaccine-Anti-viral software version 3.0, 890505
 
Summary:
 
Activity monitoring software, plus change detection                            
 
 
Cost                          
 
Rating (1-4, 1 = poor, 4 = very good)
      "Friendliness"
            Installation      3
            Ease of use       2
            Help systems      1
      Compatibility           2
      Company
            Stability         3
            Support           1
      Documentation           1
      Hardware required       1
      Performance             2
      Availability            2
      Local Support           ?
 
General Description:
 
SURVEY.EXE is a change detection program which calculates and stores signatures
of files.  VACCINE.EXE monitors attempts to modify system areas of hard disks,
and may use the data from SURVEY.EXE to alert to changes in programs as they
are invoked.  Recommendation limited to *hard disk only* systems in situations
where technical support staff are responsible for system integrity and need to
have records of changes.
 
                  Comparison of features and specifications
 
 
 
User Friendliness
 
Installation
 
The program disk is shipped write protected, but on a writeable disk.  The
first line of the installation instructions, however, do stress the importance
of write protecting the disk before putting it into any drive.
 
The README.TXT file is referred to in the installation documentation, but (with
this version) contains only the note that the documentation is up to date. 
(The fact that this note is dated two years past is not reassuring.)  The
README.TXT file is suggested to be viewed by running README.BAT, but this
requires that the MORE program be in the effective path.
 
Installation consists simply of copying the files.  The files can be renamed,
but the documentation does not note the necessity of keeping the proper
extensions.  (Admittedly, any user who knows how to rename files will likely
also know the importance of extensions.)
 
Ease of use
 
There are two separate programs in the package.  SURVEY.EXE calculates a "check
value" for each file in all subdirectories on the current, or any specified,
disk.  The values are kept in a file called HELP.CRC on the root directory of
the checked disk.  The check value is a four digit hexadecimal code, and the
name of the file would seem to indicate that this is a CRC calculation rather
than a checksum.  Once the "survey" has been done once, all, or specified
individual, files may be checked against it for changes.  If a program has been
altered the user is alerted (but no action is suggested) and any changes are
noted in a file called CHANGES.CRC.  New programs are not noted in the
CHANGES.CRC file.  System areas are not checked: the package relies on the
action of VACCINE to stop any attacks on the boot sector or partition table.
 
The other program, VACCINE.EXE, is a resident program which can be invoked with
a number of switches to allow for three different levels of protection to
direct action against hard disk system areas.  Although the different levels
are explained clearly, the decision as to which level or option to use is not
supported by discussion in the manual.
 
The package gives the initial impression that these functions are integrated,
and that complete protection against viral infection is provided.  Further
exploration, however, reveals that each program must be used indepenently, and
that checks for modification of files or system areas are by no means assured.
 
Help systems
 
There are no help systems.
 
Compatibility
 
The program does not protect against infection by the Stoned virus, or any
other boot virus.  In testing, it did not detect the presence of the infection
on the hard disk, and did not prevent infection of floppy diskettes.  Although
the documentation refers to protection of floppy diskettes (and how to turn it
off), further reading indicates that this refers only to prevention of
formatting of diskettes.
 
Further testing, in fact, reveals that there is almost no protection provided
to floppy disks, and, indeed, that it is *not possible to run the program on a
floppy only system*.  The VACCINE program will not go resident if a hard disk
is not present.  This is nowhere mentioned in the documentation (which states
that it "works on all IBM and compatible machines with DOS 2.0 or higher, and
uses slightly more that 6K of memory."  It is also not noted by the program:
when invoked it merely states that a hard disk is not present.
 
The VACCINE program apparently makes no attempt to prevent changes to program
or other files, but does prevent changes to system areas of the hard disk. 
(Depending upon the level of protection selected, this may only be extended to
the first hard disk.)  Therefore, system management utilities may conflict with
the package.  The documentation specifically warns against the use of disk
testers, defragmenters or sector editors while VACCINE is operating.  The
program can be "turned off" to allow operation of such programs.
 
Also, any programs which alter their own code will generate alerts by the
SURVEY program, or by VACCINE at level 3.
 
Company Stability
 
Unknown.
 
Company Support
 
Unknown.
 
Documentation
 
The documentation is clear and understandable, but quite sparse (only 15 pages
long.)  While directions for operating the program are plain, the implications
of what the program will do are not, even after several readings.  (After
testing, the careful wording fo some of the passages becomes clear. 
Personally, I find the documentation almost misleading in many areas, although
few can be said to be inaccurate when looked at carefully.)
 
Hardware Requirements
 
A hard disk is required, although that is *not* mentioned in the package.
 
Performance
 
Able to detect (manually) changes to previously surveyed program files.
 
Local Support
 
None provided.
 
Support Requirements
 
The package is simple enough for an intermediate user to install.  Given the
current climate of viral activity, naive users would have to have immediate
access to experienced advice to interpret the activity of this package, and any
alerts it would generate.  Intermediate users would be able to use the program
effectively most of the time, but should have access to skilled help for many
situations.
 
                                 General Notes
 
This product has a very high reputation with many as one of the first
commercial antiviral programs.  However, the fact that it has not been updated
in two years is surprising.  Given that fact, however, the weaknesses of the
program may be understandable.  Nonetheless, they are enough to prevent one
from recommending the product in any but the most restricted situation.
 
copyright Robert M. Slade, 1991  PCMACE.RVW  910524

======================
roberts@decus.ca         rslade@vcn.bc.ca         slade@freenet.victoria.bc.ca
       Virtual reality is for those who can't handle the command line
Author "Robert Slade's Guide to Computer Viruses" 0-387-94663-2 (800-SPRINGER)