From: Rob Slade Subject: Review of Virus Buster (PC) Date: Thu, 3 Oct 91 10:47:08 PDT PCVRBSTR.RVW 910919 Comparison Review Company and product: Leprechaun Software Pty Ltd PO Box 134 Lutwyche Queensland 4030 Australia (07) 252 4037 fax: (07) 252 4071 BBS: (07) 252 4104 Leprechaun International 2284 Pine Warbler Way Marietta Georgia 30062 USA 404 971 8900 fax 404 971 8988 Roger Thompson <70451.3621@CompuServe.COM> Virus Buster v. 3.75, Sep. 91 Summary: Very complete range of antiviral protection programs, including change detection, resident and non-resident scanning, activity monitor and operation restriction. Cost Rating (1-4, 1 = poor, 4 = very good) "Friendliness" Installation 3 Ease of use 3 Help systems 3 Compatibility 3 Company Stability 3 Support 2 Documentation 3 Hardware required 4 Performance 3 Availability 2 Local Support General Description: Virus Buster offers a very wide variety of antiviral protection, and is suitable for both novice and experienced users. BUSTER and WATCHDOG/PROTECT are non-resident and resident change detection software, respectively. In addition, WATCHDOG provides activity monitoring and operation restriction. FIDO/Phideaux allows WATCHDOG to run under Windows. DOCTOR and VBSHIELD provide non- resident and resident signature scanning. DISKLOK provides access restriction to the hard disk and detection/disinfection of boot sector viri: KEYLOK restricts access to the computer if left unattended. VBCOPY checks files for viral signatures during copy operations. VBSAVER provides other Virus Buster programs with the ability to detect stealth viri. A file browser, LIST, and a task scheduler, ONCEADAY, are also included. Comparison of features and specifications User Friendliness Installation The package is shipped on dual media. The 360K disks are non- writable, the 720K disk is writable, but protected. The manual is dauntingly thick, but the first page provides information on installation, and clearly outlines the "Standard" and "Default" methods for installation. Installation is quite intelligent. Time to install will vary greatly depending upon the options chosen. As is indicated in the manual, default installation can be quite lengthy. Ease of use Most of the programs run with a mouse sensitive menuing interface, but there is also an option to use command line switches for those, more familiar with the system, who wish faster and more direct control. Menu and mouse use is well explained in the manual, and should present no difficulty to anyone. It is, however, not quite standard for those used to a CUA interface. Help systems A number of help systems are available, and help for menu items is context sensitive. It is, however, fairly brief in most cases. A very nice feature is the fact that some characteristic information is given about any virus detected, rather than merely a name. Compatibility The programs appear to be well behaved. Provision has been made for the WATCHDOG TSR to work under Windows. The PROTECT program is one which adds information to program files in order to detect any changes made to the files. As has been noted with other, similar, programs in the past, this practice may conflict with programs which already have internal self checks. However, a number of such programs, modified by PROTECT, showed no problem in subsequent runs. Company Stability The company has apparently enjoyed sufficient success as to open an office in the United States this year. Company Support The documentation lists numbers for voice, fax and BBS in Australia, and the manual stresses the use of the BBS for support. A small window in the lower right hand corner of the screen continually scrolls through the phone and fax numbers for the North American office (which I received my copy from), as well as the serial number: a nice feature when calling for support. Documentation Although the printed documentation is the size of a significant novel, the arrangement of the material is thoughtful and well presented. Chapter 1 is a single page, which explains how to install the program. Subsequent chapters explain: how the manual works, how the program works, how the interface works, how installation works and so forth. (If I may be permitted a small "peeve", the typeface is awful.) Much information is duplicated in many chapters as many of the programs have common options. Chapter 18 is a good description of the virus situation - with the one proviso that it overemphasizes the value of "buy only commercial" as a defence against viri. The statement that "no professional software house releases virii ..." may be syntactically correct, but is misleading in terms of the actual safety of commercial software. (Although I had received version 3.75 of the software by the time this review was complete, I had not yet received the latest version of the documentation.) Hardware Requirements None stated. Performance The DOCTOR scanning program is fairly slow in terms of the current generation of scanners. It also "triggered" falsely on a number of other antiviral programs, although it did not give any false postitives on 80 meg worth of other software. Although it was able to find the BRAIN and Stoned viri on disk, it was unable to find them in memory. Stoned was removed from the hard disk with no problems, but remained active and infectious. The description of VBSAVER's operation is very short, although perhaps understandably so in view of the battle for security technology between virus writers and antiviral developers. The documentation seems to imply that VBSAVER is ineffective until invoked, and in tests it was unable to assist in identification of stealth boot viri, although the DOCTOR program did state that a stealth virus might be operating, and recommended rebooting. DISKLOK is unusual among hard disk access restriction programs in that it stores copies of the original system areas and restores them if any change is detected, thus defeating most boot sector viri including Stoned. DISKLOK can be bypassed, but the manual is quite clear about possible dangers and what to do about them. WATCHDOG was effective in preventing writing to disks during testing. Any attempt to write to a protected area generates an alert window. The menu allows the user to allow or disallow the operation, and, optionally, provides information on the action detected. Local Support None provided. Support Requirements Virus Buster can be almost fully utilized by a novice user. Expert help in installation should provide a very high level of protection. General Notes Virus Buster provides one of the most complete defences against viral attack yet reviewed, ranking with pre version 2.00 FPROT in the range of protection provided. The help systems, interface and manual should allow it to provide a high level of protection to even naive users. A weakness in the area of detection of memory resident viral programs should be addressed, but the combination of defences does not seriously weaken the overall protection delivered by the package. copyright Robert M. Slade, 1991 PCVRBSTR.RVW 910919 ============= Vancouver p1@arkham.wimsey.bc.ca | "If you do buy a Institute for Robert_Slade@mtsg.sfu.ca | computer, don't Research into CyberStore | turn it on." User (Datapac 3020 8530 1030)| Richards' 2nd Law Security Canada V7K 2G6 | of Data Security