Subject: Review of VirAway (PC) From: p1@arkham.wimsey.bc.ca (Rob Slade) Date: Wed, 12 Jun 91 17:37:07 PDT Comparison Review Company and product: T.C.P. Techmar Computer Products 97 - 77 Queens Blvd. Rego Park, NY 11374 USA 800-922-0015 718-997-6800 718-997-6666 fax: 718-520-0170 VirAway scanner version 1.46 dated 910128 Summary: Non resident scanner Cost $49 US Rating (1-4, 1 = poor, 4 = very good) "Friendliness" Installation 2 Ease of use 3 Help systems 1 Compatibility 2 Company Stability 3 Support 2 Documentation 1 Hardware required 4 Performance 2 Availability 2 Local Support 1 General Description: VirAway is identical to the CURE program shipped with AntiVirus Plus from Techmar. The program is recommended only to "backstop" other systems, and should not be depended upon as the only means of antivirus protection in its current form. Comparison of features and specifications User Friendliness Installation VirAway, as shipped to me, comes completely unprotected. This may not be the usual form, as the disk documentation contains a READ.ME file which states that no changes have been made to the documentation, while I received no documentation with the package. An installation program is provided, which will only install from drive A: to the C: drive in a directory called \VIRAWAY. However, as installation consists solely of copying three files (and one "startup" batch file to the root directory), it is not difficult for the intermediate user to perform a "custom" installation. Ease of use Although VirAway came with no documentation, it responds to the same command line switches as does CURE. (Not terribly surprising: not only are the files identical in size, but CURE, when run, identifies itself as version 1.46 of VirAway.) Again, if no switches are used, the program will present a menu of options. However, command line switches seem to be only able to "add" to the default options. (For example, one cannot turn off the display of final statistics from the command line invocation.) There is an annoying bug in the program when allowed to disinfect: it appears to count both the infection detected, and the cleaning process, as an infection. The final statistics will indicate that 1 file virus was found, and one cleaned, but will show the virus named as having caused two infections. (If two files are, in fact, infected, the display shows only two infections.) Help systems None provided. Compatibility As stated in the review of AntiVirus Plus, VirAway will find most common viri, but will not find the AIDS virus. VirAway will find viri active in memory, and, in testing, rendered them inactive. However, sufficient traces remained in memory to set off alarms from other virus scanners. Company Stability Techmar is the distributor of IRIS products (from Israel) in the United States. Company Support The evaluation copy of AntiVirus Plus was shipped in good time, although Techmar had not properly filled in the customs declaration. The copy of VirAway came unsolicited, which seems to indicate an active marketing group if nothing else. Documentation Not supplied. Hardware Requirements MS-DOS 2.0 or higher, 256K memory. The promotional material states that a dual floppy system is necessary, which conflicts with the installation batch file. Performance Detection of viral programs appears to be sufficient for most situations. Disinfection of memory appears effective, with the proviso noted above about false alarms from other scanners. (According to memory mapping utilities, the memory is also still "reserved".) Disinfection of boot sector viri appears to be effective. Disinfection of program files appears effective as to the virus removal, but may leave programs damaged. During testing, the memory was infected with the Jerusalem B virus (which VirAway reports as "Black Friday #1"). When VirAway was run, the virus was rendered inactive in memory, but it had already infected the VirAway program file. VirAway then disinfected itself, but increased in size from 81835 to 81840 bytes on disk. Subsequent runs with the program against test sets of viri showed some odd behaviour and an inability to identify all previously identified viri. Also, subsequent runs of VirAway in memory showed a lack of ability to remove infections from memory. Local Support None provided. Support Requirements The program, while fairly simple to run, would not necessarily be suitable for novice users. Disinfection of viral infections is probably best left to experienced staff (and possibly other programs.) General Notes As it stands, the program cannot be highly recommended. The number of viri detected are low even by the standards of other (admittedly more expensive) programs. The disinfection ability is somewhat questionable, and therefore undependable. copyright Robert M. Slade, 1991 PCVIRAWY.RVW 910612 ============= Vancouver p1@arkham.wimsey.bc.ca | "If you do buy a Institute for Robert_Slade@mtsg.sfu.ca | computer, don't Research into (SUZY) INtegrity | turn it on." User Canada V7K 2G6 | Richards' 2nd Law Security | of Data Security