PCVCNWWS.RVW 920401 Comparison Review Company and product: George Davidsohn and Son Inc./The Davidsohn Group (formerly Worldwide Software Inc.) 20 Exchange Place, 27th Floor New York, NY 10005 USA 212-422-4100 Telecopier 212-422-1953 800-999-6031 tech support 212-363-3201 PR - Howard J. Rubenstein Assoc. Inc. 212-489-6900 - Laurie N. Terry warren@worlds.com Vaccine Version 5.00 - Anti-Viral Software Summary: Primarily operation monitoring and restriction with scanning and change detection facilities. Cost Rating (1-4, 1 = poor, 4 = very good) "Friendliness" Installation 1 Ease of use 2 Help systems 1 Compatibility 2 Company Stability 2 Support 2 Documentation 2 Hardware required 2 Performance 2 Availability 2 Local Support 1 General Description: VACCINE operation monitor, PHYSICAL scanner, CHECKUP change detection, SHELTER operation restriction and XRAY CMOS backup. Comparison of features and specifications User Friendliness Installation The program is shipped on writable, but protected, 5 1/4" 360K media. Although a scanner is included in the package, scanning of the system to be protected is suggested only after installation is completed. Manual and automated installations are provided. The manual installation is incomplete in that the necessary final step to have *any* protection at all lies in another part of the manual. The automated installation is performed through a simple batch file which creates a directory and copies the file into it. An environment variable is set and used, so the installation may fail on occasion. A command is prepended to the beginning of the AUTOEXEC.BAT file. Although the documentation specifically states that the INSTALL program will work with a dual floppy system, in fact it will not. The VACCINE program, and operation monitoring, is stated to be the "soul" of this package. Any program which performs any kind of "suspect" functions must be authorized. Once authorized, the program can perform any of the restricted operations without interference. Ease of use The VACCINE program requires a list of programs which are authorized to perform restricted functions. Since "restricted functions" includes such things as any form of deletion, a number of programs will need to be added to the list. The list is a simple ASCII file of program names, one per line. (The "ease of use" of this can be determined by the fact that the documentation suggests EDLIN be used to create or amend it.) The creation of the authorized programs file would not be a simple matter. Likely programs would have to be run "against" VACCINE to see if they trigger the alarms. I was surprised to find that the PHYSICAL scanner triggered VACCINE, since it should only be performing "read" operations. In this light, the file could only be built in an environment guaranteed free from viri ... which somehow seems to defeat the purpose. Help systems Although the manual talks about "online help", this is, in fact, restricted to a list of command line switch options if you use the "-h" switch or improper switch syntax. Since "no switches" is not improper, one must read the manual in order to know that there are switches. Compatibility As of this version, none of the Vaccine programs will function if a network is present. A network version is available separately. Company Stability Unknown. Company Support The package makes no statements regarding support. Documentation The documentation is sufficient to install and run the programs. Its statements and examples are clear. However, it must be said that the claims made for the program, and the discussions of viri in general, border on misrepresentation. There is *no* discussion of boot sector infectors, although the signature list contains strings for several, and the only suggested method for dealing with infections is to "*erase [the infected program] immediately* using the DOS ERASE command". A clever use of the documentation is that the command to "teach" VACCINE to accept new "restricted" programs is buried in the documentation, and is not a part of the online help. Hardware Requirements None stated. Performance PHYSICAL identified about two thirds of the common infectors presented to it. A number of the viri were misidentified, but were, at least, flagged as infected. The choice of signature strings shows, therefore, promise for identifying new variants. Where multiple infections are found, the program will scroll off the screen. The Vaccine package as a whole has serious shortcomings with regard to boot sector infectors. The PHYSICAL program will not, apparently, identify boot sector infectors in diskettes in drive B. VACCINE will not catch a BSI in memory on startup (Stoned was used in testing), and will falsely identify the program that is trying to make a change to the boot sector. (In the test case, this was its own PHYSICAL.) Since most activities that trigger Stoned to infect will also trigger VACCINE, this is of no help at all. (Short of rebooting the computer, VACCINE offers no "protection": it is only an alarm. I would see this kind of interference as being almost worse than Antivirus Plus.) The one bright spot is that the boot sectors of diskettes in drive A, if present, are always scanned for viri. If found, however, the suggested remedial action is "Reinstall DOS": effective against a BSI on a floppy, but perhaps misleading when the diskette is non-bootable and the "system" is on the hard drive. It should be noted that all "restricted" operations are considered together. Therefore, once a program has been "authorized", it is allowed to perform any operations. If an "authorized" program becomes infected, it will be allowed to infect all others. (An authorized program can also "permit" a virus, already resident, to operate.) Local Support None provided. Support Requirements It is unlikely that novice users could obtain significant protection from this package. Intermediate users could likely install it and make suitable decisions regarding "authorized" programs, but in all likelihood advanced support would be required for installation and creation of the authorized programs file. General Notes Although the "multi-layered" approach to protection is good, with this package's reliance on operation monitoring it is difficult to find an environment to recommend it for. Low change, low utility use, no diskette use situations may find it suitable. It is nothing new to find extravagant claims for a product in the promotional literature. The extent to which this is taken with Vaccine! is disturbing. From the press release included with the package: "... first anti-virus software that contains a built-in "stealth bomber" virus detection and prevention feature." "... taking a distinctive CRC code ... allows the original executable code to remain unchanged ..." "Another unique feature of VACCINE 5.0, unavailable from other anti-virus software developers, is the ability to allow the user to add virus fingerprints to its database." copyright Robert M. Slade, 1992 PCVCNWWS.RVW 920401 ====================== roberts@decus.ca rslade@vcn.bc.ca slade@freenet.victoria.bc.ca BEWARE OF GOD Author "Robert Slade's Guide to Computer Viruses" 0-387-94663-2 (800-SPRINGER)