Subject: Review of Eliminator (PC) From: p1@arkham.wimsey.bc.ca (Rob Slade) Date: Tue, 14 May 91 16:26:37 PDT Comparison Review Company and product: International Computer Virus Institute 1257 Siskiyou Boulevard, Suite 179 Ashland, OR 97520 USA 503-488-3237 503-482-3284 BBS 503-488-2251 British Computer Virus Research Centre 12 Guildford Street, Brighton, East Sussex, BN1 3LS, England Tel: 0273-26105 Joe Hirst Eliminator/Virus Monitor/Virus Clean, version V1.17, Oct. 1990, Rel B, also Virus Simulation Suite Summary: Resident and manual virus scanning and disinfection, also demonstration virus simulators. Cost: range from $190 (single copy with updates) to volume $8.50/CPU (US) Rating (1-4, 1 = poor, 4 = very good) "Friendliness" Installation 2 Ease of use 3 Help systems 1 Compatibility 2 Company Stability Support Documentation 3 Hardware required 4 Performance 3 Availability Local Support General Description: Virus Monitor is a resident scanning program which checks disks as accessed, and programs when invoked. Virus Clean is a manual scanner and disinfector. The programs are suitable for intermediate users in the average computing environment. The suite of virus characteristic simulator programs are interesting, and may be useful in boosting attention in virus awareness training. Comparison of features and specifications User Friendliness Installation The programs are shipped protected, but on a writable disk. There is no installation program, as installation consists merely of copying the files to the system they are to be run on. Virus Monitor (VM.COM) is a resident checker, and the user is instructed to add it as the first line in the AUTOEXEC.BAT file, but no direction is given as to how this is to be done. The package comes with a printed manual. There is also a file on disk (MANUAL.TXT) which is the same information in softcopy. The disk label directs the user to type "ICVI" to get information. Doing this presents a menu which offers to list onscreen or print out the manual (as well as the documentation for the virus simulators.) The documentation is brief, but fairly clear aside from the lack of installation instructions. There is no discussion of dealing with pre-existing infections. Ease of use The resident scanner, VM.COM, has no options and, the documentation suggests, should be started at boot time. When invoked, it will examine memory for viral infections, and then go into the background. (If any infection is found, the program will disable it.) As disks are accessed, VM will examine the boot sector, and will alert the user to known virus code. No other action is taken or suggested, the user is merely prompted to "Press any key to continue." If an infected program is called, the program will alert the user and refuse to run the file. The Virus Clean program (VC.COM) accepts command line switches to check only boot sectors, check only files, check files with specific extensions, check all files, list files checked, pause when the screen has filled, output to a file, delete infected files or remove infections. The removal option has five sub-options, boot sector only, .COM ONLY, .EXE only, all and none. The default settings are stated to be to check boot sectors, .COM and .EXE files, not to list checked files and to remove only boot sector and .COM infections. (This is suggested by the documentation because of the possible overwriting of overlay portions of .EXE files.) However, in testing the program did not attempt any removal of infections. When removal is attempted on a write protected disk, the program will generate an error message. The virus simulator programs that come with the disk are amusing, and can be useful in demonstrating to users the type of activities that viral programs *may* demonstrate. I have found that they stimulate great interest in seminars, but must be used with caution so as not to suggest that all viral programs demonstrate these, or similar, characteristics. (Joe Hirst is to be congratulated on the TSR expertise that allows Cascade, Ping-Pong/Italian, Oropax and Yankee Doodle to play simultaneously. Note that attempts to run Cascade on 386 systems have not been successful.) Help systems None provided. Compatibility Given the old release date (as supplied), the program finds a significant number of common viral programs. Of interest is the fact that the program checks for variation in known viral strains, and alerts the user to keep a copy for forwarding to the distributor for study. Company Stability Unknown. Company Support Unknown. Documentation The documentation is brief, in terms of program operation, but clear. Over two thirds of the documentation is given to a description of the operation of the viral programs that the program will detect. This section has about the same level of detail as that supplied with FPROT, but with fewer viral programs listed. Hardware Requirements No special hardware required. Performance Although the program does not match the number of viral programs detected by some others, the speed of operation ranks with the fastest scanners tested. Local Support Unknown. Support Requirements Although the program is not very complicated, the lack of automated installation, the lack of detail in the installation section of the documentation, and the command line switches used by VC.COM suggest that novice users will need some assistance. copyright Robert M. Slade, 1991 PCELMNTR.RVW 910514 ============= Vancouver p1@arkham.wimsey.bc.ca | "If you do buy a Institute for Robert_Slade@mtsg.sfu.ca | computer, don't Research into (SUZY) INtegrity | turn it on." User Canada V7K 2G6 | Richards' 2nd Law Security | of Data Security