Mail*Link¨ SMTP Product Test 14 ****************************************************************************** PT-14 October 1990 ****************************************************************************** 1. Product Description: PC-Vault is software protection program to provide hard disk protection for MS-DOS systems. The program was formerly known as "PC-Lock". 2. Product Acquisition: PC-Vault is a copyright program of Johnson Computer Systems, Inc., 20 Dinwiddie Place, Newport News, VA 23602. The program is available from several sources. The copy evaluated was ordered from Fresh Technology Group, 1478 North Tech.Blvd, Suite 101, Gilbert, AZ 85234, telephone 602-497-4200. Pricing is dependent upon the number of copies obtained. For example, when the evaluation copy was acquired, 1-5 copies cost $30.00 per copy; 100 copies lowered the price to $10.00 per copy. Site licenses are available. 3. Product Testers: Chris Mc Donald, Computer Systems Analyst, Directorate of Information Management, White Sands Missile Range, NM 88002-5030, DSN: 258-7548 or DDN: cmcdonal@wsmr-emh03.army.mil.; Scott Michels, Computer Engineer, White Sands Missile Range; and Dennis Massey, Computer Specialist, White Sands Missile Range. 4. Product Test: a. Several White Sands employees obtained an earlier version of PC-Vault in 1987. At that time the product was known as PC-Lock. Testing determined the product provided effective password and boot protection. We conducted two surveys of user requirements in the summer of 1987 and in the fall of 1988 to determine if such a product would be of value. Favorable user response resulted in the acquisition of a site license in February 1990 for 100 copies of PC-Vault, version 4.2. b. Product tests occurred on the following systems: (1) Unisys PC, Model 3137, MS-DOS 3.10, 512K; (2) Zenith PC, Model 248, MS-DOS 3.30, 640K; and (3) Zenith PC, Model 248, MS-DOS 3.3, 1MB. c. PC-Vault provides for the installation of password and boot protection. There is an option to allow an "Administrator" to be appointed for multiple installations. As an alternative, each user can become his or her own administrator. If one chooses to have a "centralized" administrator, then he or she can modify the PC-Vault main program to customize the features desired and to ensure uniformity. Both options worked without any difficulty. d. A single user installs PC-Vault by copying the file "pc-vault.exe" to the hard drive. At the prompt one then types "pc-vault". The installation program next determines if PC-Vault is already installed on the PC. If not, the user proceeds through a series of menus to complete installation. e. The installation of PC-Vault was easy, quick and reliable. Features supported both a single user/administrator environment as well as an administrator with multiple users. Tests confirmed that all features performed as described. f. The administrator has the option to set the following features: (1) Password length (0-16 characters) (2) Maximum keyboard IDLE time in minutes (3) Maximum invalid logons before a security ALARM (4) Maximum invalid logons before security LOCKOUT (5) Use of user names in conjunction with passwords g. If a keyboard is IDLE for the maximum time specified, then the screen is blanked (optional) and the keyboard frozen until the user enters his or her user name and password. After a maximum number of invalid logon attempts, an ALARM of several repetitions of a two tone signal will occur. When an excessive number of consecutive invalid logons takes place, the LOCKOUT feature disables the system for five minutes. At the end of that time the user may attempt to enter the proper user name and password. h. Tests of all these features confirmed that they worked. Users, who were not "administrators", could not override administrator-defined features with the exception of the IDLE setting. i. Attempts to access the hard drive without supplying a user name and password were unsuccessful. Booting a system from drive A would not allow access to the hard drive. Attempts to access the hard drive resulted in the error message "invalid drive specification". Attempts to view the contents of the hard drive from drive A with Norton Utilities and with Professional Master Key were unsuccessful in those cases of booting the system from drive A. j. Removal of PC-Vault is menu-driven, quick and complete. Selection of the removal option will delete the PC-Vault device driver, will remove the corresponding device statement from the config.sys file, and will delete all other changes to the hard disk. All removal tests were successful. k. If it becomes impossible to boot the system from the hard disk, PC-Vault has a "safety" feature to allow the administrator to bypass boot protection and access the hard disk for necessary repairs. All tests of this feature were successful. 5. Product Advantages: a. PC-Vault provides user identification and authentication for individual PCs at a cheap price. b. The program provides disk protection along with other desirable information system security control measures. 2 c. The administrator's and user's manuals are easy to use and understand. 6. Product Disadvantages: a. PC-Vault does not provide sub-directory protection mechanisms, such as read, write and execute. While an administrator can configure the autoexec.bat file to prevent users from escaping to the DOS prompt or from executing any other program other than that specified by the administrator, this is somewhat clumsy and labor intensive. PC-Vault Plus, a product upgrade to PC-Vault, does offer sub-directory protection. b. PC-Vault does not provide an audit trail of user activity. It does provide a record of unsuccessful attempts to enter a user name, password or combination of the two. However, for a variety of factors this is probably of marginal value. PC-Vault Plus provides audit trails of user actions as well as a record of access denials. c. If the "administrator" password is forgotten or unavailable for whatever reason, removal of PC-Vault may require formatting the hard disk. 7. Comments: The developers of PC-Vault are honest enough to include the following statement in their documentation: "A sufficiently knowledgeable and determined individual will be able to circumvent the system, as indeed any software security system can be circumvented. The level of protection provided is, however, sufficient for most purposes and exceeds that of any similar program known to us". This product test essentially confirmed that PC-Vault does provide protection "sufficient" for most office environments. The ease of use avoids extensive user training. For those environments where there is resistance to software protection for personal computers, PC-Vault may be the ideal solution. Those interested in more extensive software protection programs should refer to the following product tests: (1) PT-2, SecurePC; (2) PT-15, PROTEC; and (3) PT-16, PC/DACS. [The opinions expressed in this evaluation are those of the author, and should not be taken as representing official Department of Army positions or a commercial endorsement.] 3 ------------------ RFC822 Header Follows ------------------ Received: by internetqm.llnl.gov with SMTP;26 Jan 1993 20:39:43 U Received: from icdc.llnl.gov by icdc.llnl.gov (PMDF #12441) id <01GTZKLO1DB4ERWQH4@icdc.llnl.gov>; Tue, 26 Jan 1993 20:39 PST Received: from pierce.llnl.gov by icdc.llnl.gov (PMDF #12441) id <01GTZKL5NTPSERWKRM@icdc.llnl.gov>; Tue, 26 Jan 1993 20:39 PST Received: by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA16077; Tue, 26 Jan 93 20:32:57 PST Received: from WSMR-SIMTEL20.ARMY.MIL by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA16038; Tue, 26 Jan 93 20:29:44 PST Received: from wsmr-emh03.army.mil by WSMR-SIMTEL20.ARMY.MIL with TCP; Tue, 26 Jan 1993 21:28:55 -0700 (MST) Resent-date: Tue, 26 Jan 1993 20:39 PST Date: Tue, 26 Jan 93 21:21:10 MST From: Chris McDonald STEWS-IM-CM-S Subject: Product Test 14 Resent-to: BILL_ORVIS@QUICKMAIL.llnl.GOV To: orvis%llnl.gov@wsmr-simtel20.army.MIL Resent-message-id: <01GTZKLO1DB4ERWQH4@icdc.llnl.gov> Message-id: <9301270429.AA16038@pierce.llnl.gov> X-Envelope-to: BILL_ORVIS@QUICKMAIL.llnl.gov X-VMS-To: IN%"orvis%llnl.gov@wsmr-simtel20.army.MIL" ======================================================================