Subject: Review of ViruSafe (PC)
From: p1@arkham.wimsey.bc.ca (Rob Slade)
Date: Sat, 25 Jan 92 00:31:05 PST
Organization: Chez Cthulhu +1 604 983 3546  "Caterers to the Elder Gods"

PCVIRSAF.RVW   920124
                               Comparison Review

Company and product:

EliaShim Microcomputers
520 W. Hwy. 436, #1180-30
Altamonte Springs, Florida
USA
407-682-1587
fax: 407-869-1409
VirusSafe 4.01LAN

Summary:

TSR and manual scanner, change detection, operation restriction,
utilities

Cost                          

Rating (1-4, 1 = poor, 4 = very good)
      "Friendliness"
            Installation      2
            Ease of use       3
            Help systems      1
      Compatibility           1
      Company
            Stability         2
            Support           ?
      Documentation           2
      Hardware required       2
      Performance             2
      Availability            ?
      Local Support           ?

General Description:

Menu or command line driven resident and non-resident scanner and change
detection software.  Operation restricting features remain untested.

                  Comparison of features and specifications



User Friendliness

Installation

The program is shipped on one write protected 5 1/4" disk.  The program
can be run off the disk, or installed on the hard disk through an
installation program.

Ease of use

The menu interface is generally straightforward and simple.  There are
some exceptions; in particular the list of viri that can be dealt with. 
The screen format, and cursor movement keys, of the list and the
resulting information do not match.  However, it is helpful to have this
feature onscreen.

Help systems

Limited.

Compatibility

Additional virus signatures can be added in an external text file.  The
format for the signatures is given in the READ.ME text on disk, and is
not difficult to figure out.  However, the format is not compatible with
the fairly widely used IBM VIRSCAN format.  Also, a maximum of 64
signatures can be added in this way.

Program testing on machines fitting the hardware requirements
occasionally failed.

Company Stability

Unknown.

Company Support

Unknown.  The package, as received from the manufacturer, was somewhat
mislabelled as to the contents and version of the program.

Documentation

The documentation is quite brief.  The first page basically states that
the program can be run without reading the documentation, and the
remainder, while clear, is quite terse and seems to be designed for the
more advanced user.  Much of the documentation is a description of how
the menuing system and command line switches work.  No specifics are
given as to how functions (such as "revealing the presence of" unknown
viral programs in memory) are accomplished.

A very helpful feature is a "latest information" button on the menu
interface which presents the disk READ.ME file.  Thus the latest program
info, helpful hints and the hardcopy errata can be browsed onscreen.

Hardware Requirements

At least two disk drives, one of which must be a floppy, 512K memory and
DOS 3.0 or higher.

Performance

It is gratifying to note the importance that EliaShim gives to boot
sector viri.  The package contains provisions to save and restore the
boot sector and partition records for the hard disk.

Testing of this program was very problematic.  The program would not run
properly on the primary testing machine (a NEC Multispeed).  The system
locked up, repeatedly on most attempts to invoke any of the programs in
the package, including the installation and menuing program.

Testing of the programs is not as complete as I would prefer.  However,
it can be said that the claims made for this package exceed performance. 
The package is able to detect known viral programs, and can deal with
most effectively.  Performance with viral programs not known to the
authors/program indicates that these viri are able to bypass
protections.

Local Support

Not provided.

Support Requirements

Users at any level should be able to run the program without assistance.

                                 General Notes

The package has a multilayered approach to virus detection and
prevention.  It should be suitable for most users in situations of
normal risk.  While the package would effectively deal with the bulk of
infections one would normally encounter, some of its claims would appear
to be overrated.  Nevertheless, its use would significantly reduce risk
of infection.

copyright Robert M. Slade, 1992   PCVIRSAF.RVW   920124
==============
Vancouver      p1@arkham.wimsey.bc.ca   | "A ship in a harbour
Institute for  Robert_Slade@sfu.ca      |  is safe, but that is
Research into  CyberStore Dpac 85301030 |  not what ships are
User           rslade@cue.bc.ca         |  built for."
Security       Canada V7K 2G6           |           John Parks