Comparison Review
Company and product:
Certus International
13110 Shaker Square
Cleveland, Ohio 44120
USA
216-752-8181
fax 216-752-8188
800-722-8737
Certus LAN version 2.0
Summary:
Scanning, change detection and operation restricting software, particularly for
LANs.
Cost
Rating (1-4, 1 = poor, 4 = very good)
"Friendliness"
Installation 1
Ease of use 3
Help systems 3
Compatibility 2
Company
Stability 2
Support 3
Documentation 2
Hardware required 3
Performance 2
Availability 3
Local Support ?
General Description:
A suite of programs and utilities to provide for security and hard disk
integrity, with special attention paid to compatibility with LAN systems. Most
important are CERTUS, resident change detection and operation restricting;
CERTUSVS, signature scanning; QUICK, program approval/verification and
attribute setting utility; and BOOTLOCK, protection of the hard disk against
password access bypass or boot sector infection from booting off a floppy.
VSRES, stated to be a resident signature scanning program, was not available in
the package received for review. A number of other utilities verify or
safeguard system areas or CMOS, and the system will provide a "Critical disk"
to help recover from hard disk failures.
� Comparison of features and specifications
User Friendliness
Installation
Disks are shipped write protected, but on writable disks. Files on the disk
are marked with read-only attribute.
Directions in the documentation are to give the command INSTALL CERTUS. When
installing to a disk for which the defaults are not appropriate this gives an
error message regarding disk space, along with the injunction to "Press any
key: Install will terminate". The program does not terminate unless the ESC
key is pressed.
Although the system requirements are stated to be only one floppy drive for
installation, the program will not install onto a floppy drive.
The documentation states that "default" installation and operation of CERTUS is
for security level 3, which means that "new or modified" programs will generate
an alert, but the user has the option of allowing them to run. This is not the
case: by default CERTUS apparently runs at security level 1 and will not allow
any "new" program to run, including programs from the Certus package. This
allows the possibility of "locking up" the system on installation.
Although non-standard installation of Certus should not be attempted by other
than experienced personnel, the problem of installation in a large and
disparate user environment has been addressed in the form of a "clone"
installation option, whereby a specialised installation can be made once and
then "copied" to subsequent machines.
The documentation states that installation is possible with as little as 50K
free space available on disk, but details about the specifics about the
operation of each program, and the necessity for each program, are not
sufficiently clear in the documentation to make this a simple operation, even
for skilled personnel.
Ease of use
All programs in the package can be run with command line switches, even those
that are interactive and present windows and menus. This dual access is much
appreciated by experienced users. Options and defaults in the interactive
programs, however, are not always well chosen, and the features and
implications of some choices will not always be clear to naive users (cf the
choice of "Quick" scanning as the default in CERTUSVS.)
Help systems
Onscreen help is available for any interactive program in the package through
the F1 key. Help is context sensitive, but cannot be obtained for the package
as a whole.
Compatibility
The package is said to be compatible with Windows 3, but this "compatibility"
is strictly limited. The resident portion of the program will pass an alert to
Windows, and windows will generate an error message before an infected file is
run, but the message to the user will only state that an unknown error has
occurred before the attempt to run the program is aborted.
Any utility software which attempts any direct disk writing will come into
conflict with CERTUS, and therefore it is suggested, by Certus, that any such
programs be run from batch files which will disable CERTUS operations during
the invocation of the utility program. As protection levels are set "globally"
and cannot be determined for individual programs, this is the only means of
running programs which use direct disk writes or "self-modifying" programs such
as Word Perfect (which would otherwise be prevented from running because of
being "altered".) This leaves a security hole for the infection of such
programs.
One function of the program is "validity checking" of known "good" program
signatures (checksum or CRC is not made clear.) The "Certus Blue Disk"
contains a file of shareware signatures which is said to be updated quarterly.
Of the ten programs I checked for, six were unknown to the program, and of the
remaining four (CED, MS/PC/KERMIT, SCAN and LIST), none of the entries matched
any of the versions I have.
Company Stability
Certus is apparently the successor to FoundationWare. Certus currently has a
significant presence in security/integrity software, particularly in LAN
installations. The company is presently sponsoring research into the size of
the virus problem.
Company Support
Technical support phone numbers are listed for voice, fax and BBS.
Documentation
Certus' hardcopy documentation is well written and uses appealing and effective
layout. While the content and progression should be easily understandable by a
naive computer user, the size of the manual would be daunting. For experienced
users the lack of explanation of certain injunctions and the "delay" in
explaining operations (explanation of the individual program towards the back
of the manual) is frustrating. The necessary "positioning" of commands to call
the various programs from CONFIG.SYS and AUTOEXEC.BAT is never discussed for
some of the programs, and what discussion there is must be searched for under
various locations in the manual. This is a pity, since the strengths of the
package require well informed installation and choice to be most effective.
The disk documentation file (README.CTS) is stated in the hardcopy
documentation to be, variously; special instructions for installation on
infected systems, a "bare bones" installation procedure and the latest
information on the program. The file contained with my version did contain
some changes, but was primarily concerned with omissions from the printed
manual and problems with Windows compatibility.
Hardware Requirements
While the box and documentation state that a minimum of one floppy drive is
required for installation, default installation requires a hard disk with at
least one megabyte of free space.
Performance
CERTUS will not, of course, prevent infection of the computer memory or hard
disk by booting from a boot sector infected floppy disk. CERTUS does provide
checking for direct disk writes, and so in theory is able to prevent spread of
boot sector infectors even when the computer is infected, but in practice this
is, by default, limited to the hard disk. Therefore, CERTUS does not, by
default, protect against spread of infection by such viral programs as "Stoned"
and, in testing, did not do so.
The security "hole" provided by booting from an infected floppy disk is said to
be covered by the use of the CHKBOOT and BOOTLOCK programs. CHKBOOT checks the
boot sector at startup and compares it with a stored copy of the boot sector as
it was at installation. This, of course, does not address the problem of an
existing boot sector infection at the time of installation, nor would it
suffice to catch a "stealth" boot sector infection. The BOOTLOCK program
promises considerably more. It is stated to, once installed, run "before any
other part of DOS or the operating system is loaded, and before any part of the
hard disk boot-up has been performed." This, together with the statement that
BOOTLOCK prevents booting from the A: drive, indicates a replacement of the
partition boot record, and possibly a non-standard formatting of the hard disk
system areas. I must admit that at this point my nerve gave out: BOOTLOCK will
not be fully tested until I have access to a redundant hard drive.
(Certus is not very forthcoming about the dangers inherent here. The closest
they come to admitting that you can be locked out of your own computer is in
the statements "... [if] you lose ... your passwords ... [Certus] will not be
useful in gaining access to your computer ... " (p. 142) and "Losing your
password can be very unforgiving if your system is fully secured with Certus
and BOOTLOCK." (p.148) Caveat emptor.)
The CERTUSVS scanning program is exceptionally slow, particularly when checking
memory. (So much so that during testing several runs were aborted by rebooting
under the mistaken impression that the program had "hung". Scanning 640K of
memory on an original IBM PC will take over 20 minutes.) When an infected
program is detected, the screen is "shifted" up one line, then a second (never
more than two) and never corrected so that it becomes difficult to read.
Also, of the scanning programs reviewed so far, CERTUSVS has the poorest record
for identifying viral infections, identifying just over half of the relatively
common infections presented to it. An unusual feature, in a scanning program,
is that by default it checks only the first and last 2K of any file, and
therefore will only find appenders, prependers or overwriters that happen to be
close to the beginning or end of the file.
CERTUSVS does not provide any disinfection functions other than an overwriting
deletion.
Local Support
None available.
Support Requirements
Basic installation of the program is possible for a naive user, but problems
are likely if the defaults, as initially obtained by the package, are used.
Installation by experienced support personnel will give best results, but even
sophisticated users will require a period of thorough testing of the product
before the system can be used on a trouble free basis. The more advanced (and
secure) features definitely require supported installation to ensure that the
user isn't "painted into a corner" and locked out.
General Notes
The documentation makes many claims which give the impression that the Certus
package is a complete disk and computer management system, and that other
utilities are unnecessary. The problem with running other utility software is
constantly downplayed. The protection provided by the program, while
potentially very powerful, is overplayed to the point of being inaccurate.
(For example, the documentation states that file attributes cannot be set or
altered except through the use of the QUICK program.) Also, the documentation
emphasizes the utility of the "Critical Disk", which will be helpful in
recovering a lost boot sector or MBR/PBR, but will not help in the case of a
"hard failure."
The package potentially provides significant protection against viral program
attacks, but possibly at the cost of functionality of the computer system.
Careful installation should alleviate most problems. A period of testing and
tuning of the installation should be provided for before the installation is
considered complete.
copyright Robert M. Slade 1991 PCCERTUS.RVW 910502
======================
ROBERTS@decus.ca rslade@vanisl.decus.ca Rob.Slade@f733.n153.z1.fidonet.org
If you can tell good advice from bad advice, you don't *need* any advice
Author "Robert Slade's Guide to Computer Viruses" 0-387-94663-2 (800-SPRINGER)