PCDACS.RVW  931110
                               Comparison Review
 
Company and product:
 
Mergent (formerly Pyramid Development Corp.)
800-759-3000 
20 Hurlbut Street, 
West Hartford, CT 06110 
(moved to:)
70 Inwood Rd
Rocky Hill, CT   06067-3441
203-953-9832
Fax: 203-953-3435
PC/DACS 
 
Summary: general PC security program, very rich in features
 
Cost: retail $249.00
 
Rating (1-4, 1 = poor, 4 = very good)
      "Friendliness"
            Installation      
            Ease of use       
            Help systems      
      Compatibility           
      Company
            Stability         
            Support           
      Documentation           
      Hardware required       
      Performance             
      Availability            
      Local Support           
 
General Description:
 
 
 
                  Comparison of features and specifications
 
 
 
User Friendliness
 
Installation
 
Once again, another program that adds the security of a multi-user operating
system to DOS.  And, once again, a package which seems to think that
"installation" is complete once the files are in place, and the program is
running.  Actually, PC/DACS does a bit better, in this regard, than others
tested.  Chapter one of the installation guide suggests a minimal installation,
but chapter two includes a table with security goals and some direction on how
to achieve them.  However, given the extensive feature set of the product, this
chart is quite terse.  Antivirus protection is said to be achieved with "Virus
Prevention Attributes," and, that you can write protect files to protect
against infection.  There is no discussion of the complexity of this task.
 
A tutorial is included, but, again, this is of little use in terms of security
concepts, and deals strictly with the program interface.  There are, indeed, a
couple of weaknesses.  In lesson one, an ID is created, complete with suggested
password.  The ID is deleted in chapter six, but a bored administrator might
not make it all the way, and so leave a vulnerability in the system.  (Check
out PC/DACS installations around you.  Is there an account LOCAL1 with
password, TUTORIAL1?  You now have "local administrator" privileges.)  Lesson
two tells you to check lesson five if you don't see "Administrative
Maintenance" on the Main Menu:  lesson five has nothing to say on the subject.
 
Ease of use
 
The interface is easy to use and the "screen flow" is understandable.  Options
which are used less frequently have extra explanatory detail.  As noted, some
functions may require additional explanation in terms of the implications of
certain choices.
 
The ability to predefine groups and application "views" makes administration
less of a chore.
 
Help systems
 
Help is available for most screens.
 
Compatibility
 
Specifically designed to interfere with, or limit the use of, some utility
software.  May hamper or preclude recovery efforts in the event of disk
problems.
 
Note that the suggested settings for rights access preclude proper operation of
SETVER and other programs which alter their own executable files.
 
Boot protection *cannot* be used if there are non-DOS partitions.
 
Company Stability
 
 
 
Company Support
 
 
 
Documentation
 
 
 
System Requirements
 
 
 
Performance
 
 
 
Local Support
 
 
 
Support Requirements
 
 
 
                                 General Notes
 
 
Cost
 
 
 
Local Suppliers
 
 
Of the documentation stated to be a part of the package, only the "Installation
Guide" and "Administrator Reference Manual" were included with the review
package.  The manuals are well laid out.  Some entries could be clearer.  In a
number of cases, you will have little idea of the operation and functions until
you run the program.  Again, note that the documentation refers to the program
operation only:  security implications are not dealt with.In comparison with other PC security products, PC/DACS contains a wealth of
features.  For the experienced security officer, many of the desired features
of multiuser operating systems are contained within.  Possibly the only missing
features are restriction of hardware and peripherals.
 
The password choice functions are a good example.  Minimum password lengths can
be imposed.  The password can optionally be prevented from being identical, or
an anagram, to the user name.  There can be restrictions on the format of the
password, and a history of up to twelve previous passwords can be disallowed. 
On the other hand, there appears to be nothing against the altering of a single
character in the password.
 
Virus protection appears to be limited to write protection, boot protection and
encryption.
 
There are indications of certain areas of vulnerability.  The system can be
recovered with only a boot disk and the original program disks.  This means
that the hard disk *is* accessible through hardware menus.  The "Time Out"
feature is meant to disable access from the keyboard if the workstation is left
for a period of time, but apparently will not work if any processing is taking
place at the time.  Therefore a PC running a communications session, or doing
processing-intensive computing, will be left vulnerable.  (Such processes can
be started in such a way as to disallow any keyboard access, but this is not
always feasible.)

copyright Robert M. Slade, 1993   PCDACS.RVW   931110

======================
ROBERTS@decus.ca     rslade@vanisl.decus.ca    rslade@freenet.vancouver.bc.ca 
"If you do buy a computer, don't turn it on." - Richards' 2nd Law of Security
Author "Robert Slade's Guide to Computer Viruses" 0-387-94663-2 (800-SPRINGER)