From: rslade@sfu.ca
Subject: Review of Integrity Master (PC)
Date: Fri, 6 Nov 92 23:42:20 PST

PCIM.RVW   920930
                               Comparison Review
 
Company and product:
 
Stiller Research
2625 Ridgeway St.
Tallahassee, FL  32310
(904) 575-7884 
Advanced Support Group (ASG) at  1-900-88-HELP8 (1-900-884-3578)
or 314-256-3130
72571.3352@compuserve.com
Runway BBS (215) 623-6203  2400 baud
           (215) 623-4897  HST
           (215) 623-6845  V.32
Integrity Master change detection software 1.24
 
Summary: Change detection program with built in signature scanner
 
Cost: $35, licensing available
 
Rating (1-4, 1 = poor, 4 = very good)
      "Friendliness"
            Installation      3
            Ease of use       3
            Help systems      3
      Compatibility           3
      Company
            Stability         2
            Support           3
      Documentation           3
      Hardware required       4
      Performance             3
      Availability            2
      Local Support           1
 
General Description:
 
IM is a change detection program with built in scanner.  SETUPIM is an
installation and tutorial program.  Also included are a file viewer, printer
and utilities to check the efficacy of the system.
 
                  Comparison of features and specifications
 
 
 
User Friendliness
 
Installation
 
Integrity Master is distributed as shareware, and Stiller Research is a member
of the Association of Shareware Professionals.  The distribution files for
Integrity Master are full of files, a large number of which relate primarily to
the distribution and description of the program.  The number of files is
somewhat daunting, as is the size of the README.DOC file.  The file does,
however, start with the suggestion that the novice simply run the SETUPIM
program, and this is worthwhile advice to follow.
 
I received also a version on disk from the developer.  The disks (both sizes,
low density) arrived unprotected on writable disks.  However, a write protect
tab was stuck to the casing of the 5 1/4" disk, and the package did show
evidence of being tampered with en route.
 
Calling SETUPIM an installation program is misleading.  It is less than an
installation program -- and much, much more.  For the novice user, SETUPIM has
some of the most "user-friendly" features of any product yet reviewed.  It
certainly has the best explanations of the antiviral process and the options
for security of any installation program.
 
I have some quibbles with it, but only by virtue of the fact that it is so good
I am surprised that some additional features are not included.
 
The programs (both IM and SETUPIM) have a command line switch that "forces"
monochrome mode with a monochrome monitor on a "colour" adapter.  This is
important, since some of the menu "highlighting" is invisible on a monochrome
monitor.  The programs *can* change to monochrome in "mid-session", so it
should not be difficult to add a short "screen test" for the completely novice
user, rather than making them use the command line option.  (This applies only
to SETUPIM: a proper installation will tell IM which video mode to use.)
 
(If IM is invoked before SETUPIM is run to create the parameter file, IM will
refuse to run.  Three options are presented, including "Abort" which is
described, with an unusual lack of clarity, as "Quit and return".)
 
The SETUPIM program prepares a parameter file for use by IM (which sets up the
various options for running the integrity checks), and produces a suggested
procedure for completing the installation, but it does not actually do the
copying and placement of files, or the invocation of the initial "signature"
calculations.  While readily admitting the value of having a "cold boot" before
this is done, it should be possible to do some more of this for the novice user
before turning him loose with a (softcopy) instruction set.  Alternately, the
installation program could strongly suggest that a "cold boot" and other
security measures are desirable, but offer to proceed with installation if the
user desired, on the clear understanding that this is "second best".  (This
approach is taken with some of the options during the setup.)
 
This is not to say that the instructions in the IMPROC.TXT (the suggested
installation procedure document file produced by SETUPIM) are in any way
inadequate.  The instructions are clear and straightforward.  The file is
displayed to the user at the end of the SETUPIM part of the installation
process, and the user is given the command to invoke the IMVIEW file viewer in
order to review the file later, or the IMPRINT batch file in order to print it
in hardcopy.  (The IMPROC.TXT is unclear at one point, the one where almost
everyone seems to fall down.  The document contains the injunction to "cold
boot" the computer, and it is probably not clear to the novice user that this
does not mean to do it "right now".)
 
The SETUPIM program also contains a tutorial.  Both the operation of the
program, and the conceptual aspects of virus protection, data loss and security
measures are covered.  This is extremely useful, and the only problem I have
with it is to wish that some more of the material from the documentation could
be included.
 
The installation procedure does not address installation of IM in the
AUTOEXEC.BAT file, although use of scheduling software is mentioned in places. 
The installation process does, however, suggest the preparation of a bootable
disk with IM files on it for recovery purposes.  It even prepares a CONFIG.SYS
file to be placed on the diskette.  To my astonishment, I found that this
contained a "DRIVPARM" command necessary for my "aftermarket" 3.5" drive to be
recognized as such, correct down to the proper number of "^A" characters which
have to be inserted.  (When I got the drive, it took me three months to find
the right command for this drive and DOS version.)
 
Ease of use
 
The screens, menus and options are well laid out, and labels are well chosen
with a view to clarity of meaning.  The SETUPIM program is amazingly well
designed with the novice user in mind.
 
The program is not perfect: at one point, while the program checks the drives,
the user is left staring at a blank screen and possibly wondering if he did
something wrong.  (The amount of time this takes, however, varies widely
depending upon the speed of the machine.)  At another, the program is stepped
(or "timed") through a sequence which begins to suggest the possibility of an
infinite loop.  (The "timed" stepping is probably a good idea here; some users
may give up before it reaches the conclusion.)  The tutorial, at certain
points, requests specific keystrokes but accepts anything, not a pedagogically
sound design.  Some minor keystroke "trapping" and a "please press the arrow
key, you can practice later" message would improve it.
 
The tutorial is also somewhat misleading at points.  ESC is described as the
"get outa here" key: in IM it returns to the next higher level, but in SETUPIM
it returns to the previous section of the installation procedure or tutorial. 
Also, the tutorial mentions the "Alt-X" option to abort without pausing.  While
it does mention that this is disabled in SETUPIM, use of the key within that
program may "hang" the computer or cause unpredictable behaviour.  (Likely a
bug, and one that seem limited to XT level machines.)
 
However, the GUI, windows and menus are here used as they are meant to be in
order to make the program useful and quick to operate.  Not only is the label
and option wording well chosen, but each item, as it is selected, pops out a
window with extra explanation about what it does.  Often the window will
contain a brief, but clear, discussion of the pros and cons of using this
particular option.
 
Help systems
 
Help is only partially context sensitive.  The help key, however, brings up
options for help with the operation of the program, the screen display, or a
help index.  (If the index is chosen, the currently "open" menu is "selected".)
 
However, the explanatory "window" beside each selected item seems to largely
obviate the need for any kind of help system.  (On items where the explanation
could be confusing, for example the "Files to iNitialize" options, the help
index is of little assistance, and one would need recourse to the manual.  The
index is, however, very extensive, even covering what the AUTOEXEC.BAT file is,
although with less detail than a novice would need in order to automate
checking.)
 
Compatibility
 
The use of the APPEND, SUBST and ASSIGN commands is recommended against by the
developer.
 
Company Stability
 
The HISTORY.DOC file shows the first release of Integrity Master in late 1991. 
However, membership in the ASP and the provision of independent (if pay-per-
call) support for non-registered users, as well as active participation on
Fidonet (if not so active on Internet) bode well for the future of the product.
 
Company Support
 
As noted, telephone support is available through a pay-per-call number. 
Registered users may call direct for support, and it is available through at
least two BBSes, and the Fidonet VIRUS and VIRUS_INFO "echoes".  Internet
correspondents, through the Compuserve address, have reported dissatisfaction
with the timeliness of responses to requests.  (In the preparation of this
review, I usually had next day response on email.)
 
(Note that ASG is completely independent of Stiller Research.  Stiller Research
does not receive any of the charges for support provided through ASG.)
 
Although distributed through ASP and VIRNet channels, there have been
substantial delays in getting up to date versions at ftp sites.
 
Documentation
 
Integrity Master's documentation is a massive text file, which begins with a
section intriguingly titled "Don't Read This".  This is, in fact, a suggestion
to novice users that they skip the first section, on the workings of I-M, and
just use the installation program.  It also suggests that they *do* read the
second section, which is a general treatment of viral programs and the various
other types of data disasters which commonly occur.
 
The documentation could use a good solid proofreading.  It contains a number of
typos and mistakes of various types.  Not enough to make one question the
"integrity" of the product, but enough to be startling as one reads through it. 
The current printed documentation is basically a hardcopy of the text on the
disk, and shows a similar slightly amateur tone.  However, I am informed that a
new version of the documentation is currently at the printer.
 
The documentation as a whole has a "technical" flavour, but is clear and
unambiguous.  The intermediate user should have no problem with the first
section, but might be well advised to read section two first, in order to have
a clear grasp of the reasons for the various options IM offers.
 
Section two's overview of viral programs and other risks to data contains
excellent information, although the juxtaposition of certain sections is a bit
jarring.  However, it could form the basis of a very useful primer on data
integrity as a whole.
 
Hardware Requirements
 
A minimum of 220K memory and DOS 2.x or higher is required.  Refreshingly, a
hard disk is not.  It appears that IM can be installed on any disk that has
room for the programs and files.  In fact, IM can be installed on a hard disk,
and then the IM.EXE and IM.PRM files copied to a floppy and used anywhere.  IM
does not "demand" the presence of the equipment it was originally installed on.
 
Performance
 
Installation and calculation of signatures for the full hard disk was faster
than for other tested change detectors.  Interestingly, subsequent "check" runs
were not particularly faster on the test machine.  (This was an older XT,
faster CPUs may give IM more of an advantage.)  IM states that its "quick
check" looks only for changes to the file date and size.  It is likely that the
"turbo" mode of other change detectors do the same, without being as honest
about it.
 
(With all the information presented onscreen each time an option is selected,
it is remarkable that IM is extremely responsive.)
 
The storage of "signatures" is a matter of much debate.  IM stores them in each
directory checked.  There is, however, provision for storage of the signature
files on an "offline" diskette, which adds a security factor.
 
IM's virus scanning picked up all common viral programs tested against it, and
a good many that were less so.  Some new viri were detected on the basis of
similarity to known code.  (Note that IM does not "name" a virus if the fastest
option is used.) 
 
Local Support
 
None provided.
 
Support Requirements
 
As with any change detection program, assignment of causes to different types
of alterations may be problematic.  However, the program itself should provide
ample explanation to any reasonably intelligent person, regardless of the level
of "computer" background.  The integrated virus scanner should be of great
assistance with identifying the most commonly seen viral programs.
 
                                 General Notes
 
Recommended as the change detection component of virus detection or protection
for all levels of computer users.
 
The product is still under very active development.  Hopefully the "rough
edges" will be eliminated as time goes on, allowing more of the essential
thoughtfulness of the product to be appreciated.  For a product which is
"officially" less than a year old, Integrity Master shows a remarkable
maturity.  Personally, I hope to see the addition of a "generic disinfection"
feature in the future.
 
As usual, Wolfgang Stiller has had an opportunity to review the draft form of
this evaluation.  His reaction has been very positive, and he suggests that the
issues raised here will be addressed in the near future.
 
copyright Robert M. Slade, 1992   PCIM.RVW   920930

==============
Vancouver      ROBERTS@decus.ca         | Slade's Law of Computer 
Institute for  Robert_Slade@sfu.ca      |        Literacy:
Research into  rslade@cue.bc.ca         |   - There is no such thing
User           p1@CyberStore.ca         |     as "computer illiteracy";
Security       Canada V7K 2G6           |     only illiteracy itself.