****************************************************************************** PT-5 December 1989 ****************************************************************************** 1. Product Description: VIRUS BUSTER, v1.10, is a public domain program to detect and to disinfect 15 known MS-DOS viruses. The authors are Yuval Tal and Uzi Apple from Israel who initially released the product as ANTIMIX1. This program evolved into the commercial program VIRUCIDE (reference PT-12, Revised December 1992). 2. Product Acquisition: VIRUS BUSTER is available on several public bulletin boards. It resides in the following path on the Information Systems Command host simtel20 at White Sands Missile Range: pd1:vb_110.arc.1. 3. Product Tester: Chris Mc Donald, Computer Systems Analyst, Directorate of Information Management White Sands Missile Range, NM 88002-5030, DSN 258-7548 or DDN: cmcdonal@wsmr-emh03.army.mil 4. Product Test: a. I obtained a copy of VIRUS BUSTER in December 1989 from the MS-DOS repository on the USAISC-WS host simtel20. The repository manager obtained the copy directly from the authors. b. I ran the current version of VIRUSCAN against the VB.EXE with negative results for the detection of any known viral signatures. I then ran VB.EXE against VIRUSCAN with negative results. Neither program alarmed against the other. [NOTE: The authors have consciously considered the problem of "false positive" alarms based upon a review of the documentation available with the program.] c. I examined the VB.EXE program with "nu" from NORTON Utilities and saw nothing unusual or suspicious. d. The program does a self-checking at execution to determine if it has been modified. [NOTE: I modified the program and the self-checking mechanism detected the change.] A logo then appears which prompts the user for the drive and directory to be scanned. It is also possible to designate the drive/ directory on the command line. For example, the command "vb c:\virus" instructs the program to scan the Virus directory on drive C. The command line is not case sensitive. e. The program provides the user with a running and cumulative count of .EXE and .COM files actually scanned as well as the number of directories checked. There are also counters for the number of infected files and a display of the percentage of infected files measured against the total number of files scanned. f. If the program finds an infected file, the user will be shown a window with several options: (1) Disinfect the file (2) Leave file as is and go on scanning (3) Leave file as is and stop scanning When the user chooses to disinfect, the program will provide a message at the end of the procedure to advise if the disinfection was successful and to provide the user with the size of the file compared to its infected state. 5. Product Advantages: a. The product is "free" as a public domain program. b. The authors have technical credibility based upon their INTERNET submissions, their previous anti-viral work, and their professional associations. c. The various counters are attractively displayed and useful. 6. Product Disadvantages: a. The product only checks for 15 MS-DOS viruses at this time. In comparison VIRUSCAN, Version 52, checks for 56 known MS-DOS viruses as well as the CYBORG trojan horse. VIRUSCAN is a shareware program which now has a one year registration fee of $25.00 (reference Product Evaluation PT-3, November 1989). b. The 15 viruses, with the exception of the Jerusalem and its variations, do not represent the significant viruses reported in the United States as major infections. VIRUS BUSTER identifies only 1 out of the top 4 viruses identified in the United States. While the source of these statistics is John McAfee, the distributor of VIRUSCAN, there is no evidence to discredit his information. The top four reported viruses as of October 1989 were: (1) Jerusalem, Version B; (2) Cascade (1701/1704); (3) Ping Pong (Italian); and (4) Stoned/ Marijuana. c. The authors admit to certain "bugs" which appeared in earlier versions. While these problems no longer exist, this raises questions as to their overall approach to quality control. There is also the matter of continued product support and customer assistance. 7. Comments: Although "detection" of viruses is typically rated at the low end of the protection scheme, VIRUS BUSTER is another tool for the establishment of a credible anti-virus protection program. The authors promise a Version 2.0 in January 1990 which will detect and disinfect 25 MS-DOS viruses. [NOTE: This program is no longer available as freeware.] [The opinions expressed in this evaluation are those of the author, and should not be taken as representing official Department of Army positions or a commercial endorsement.] 2 ======================================================================