Path: utzoo!attcan!utgpu!news-server.csri.toronto.edu!mailrus!accuvax.nwu.edu!acns.nwu.edu!jln From: jln@acns.nwu.edu (John Norstad) Newsgroups: comp.sys.mac.misc Subject: Re: Disinfectant 2.0 vs SAM vs ? Message-ID: <10750@accuvax.nwu.edu> Date: 12 Aug 90 17:03:34 GMT Sender: news@accuvax.nwu.edu Organization: Northwestern University Lines: 91 References:<53318215MES@MSU> <90221.1412203XMQGAA@CMUVM.BITNET> <1990Aug9.221406.14913@midway.uchicago.edu> <8898@ur-cc.UUCP> <8918@ur-cc.UUCP> <1990Aug12.022538.17077@agate.berkeley.edu> I was on vacation for a week in Northern Michigan, and returned to find this interesting thread about my Disinfectant 2.0 vs. SAM. Here's my comments... The main advantages of the commercial anti-viral products are telephone support and upgrade services (the kind of upgrade service where you automatically receive new versions through the mail, for a fee). I cannot offer either of these services. I do most of my work on Disinfectant in my spare time, and I have no secretaries or other support staff. I simply don't have the time to talk to people on the phone, and I can't afford to pay for massive disk mailings. (Somebody mentioned that I have grant money for my work on Disinfectant - this isn't true). Another plus for SAM is that the SAM Intercept protection INIT is much stronger and more powerful than the new Disinfectant 2.0 INIT. SAM Intercept includes a very thorough "general purpose suspicious activity monitor" which sometimes can catch even unknown viruses. My INIT is much, much more modest. I make no attempt at all to catch unknown viruses - I only catch the currently known ones. Chris Johnson's GateKeeper is an excellent freeware alternative to SAM Intercept which also has a thorough general purpose suspicious activity monitor. The advantages of the Disinfectant INIT are that it is very small (less that 1.5K of system heap space, and less than 5K on disk!!!!), it is completely unobtrusive, and it is very efficient. Many people mentioned that SAM Intercept can be configured to automatically scan floppies when they are inserted, and they mentioned this as an "advantage." I don't see this as an advantage at all - I hate that feature! I find it obtrusive, ineffecient, and incredibly annoying! The main purpose of a virus protection INIT is to block attempts by viruses to spread, and to inform the user when such an attempt is made. My INIT does this at the initial point of attack by the virus. There's no need to waste time scanning each floppy as it's inserted to accomplish this basic goal. I refuse to use any INIT or feature of an INIT which significantly slows down my Mac! The main advantages of Disinfectant 2.0 are that it's free, and that it is well-supported. When a new virus is discovered, all of the authors of the major anti-viral utilities (commercial, shareware, and freeware) work together to analyze it and test it. We usually manage to get new versions of our programs ready for release within a few days of the discovery of a new virus. The difference between Disinfectant and the commerical programs is that when I finish a new version, I immediately put it up on the nets for the public. The commercial authors have to send their new versions to their publishers, who then have to prepare a mailing. Customers of the commercial products usually don't actually receive new disks in the mail for a few weeks. The biggest advantage of Disinfectant is for Universities and other organizations who cannot afford huge site license fees for the commercial products. That's why I wrote it in the first place. Individuals can usually easily afford to purchase a single copy of SAM or Virex or Rival or whatever, but Universities cannot usually easily afford the large site license fees. When we (Northwestern University) checked into site license fees before I wrote Disinfectant, we found that it would cost us nearly a third of our yearly software acquisition budget! All of the major anti-viral programs do a good job of scanning, detection, and repair of the known viruses. The Disinfectant manual is by far the very best source of information on Macintosh viruses available anywhere. We've always felt that the manual is at least as important as the program, and we've worked just as hard on it as on the program. Misinformation about viruses is a major problem, and in recent months I've become convinced that in many cases inappropriate reactions to the virus problem are doing more harm than the viruses themselves. I like the Disinfectant human interface better than that of any of my competitors. I tried to keep it clean and simple. In summary: For universities and other organizations strapped for funds, I recommend Disinfectant. For individuals who are active in the electronic Mac community and have access to electronic sources of freeware and shareware, Disinfectant is fine (together with GateKeeper if you want the strongest possible protection INIT). For other individuals, I recommend a commercial product with an upgrade service. I've heard more than once that some companies have decided to use SAM or Virex rather than Disinfectant because their lawyers want to be able to sue somebody if something goes wrong (I'm not kidding). For these people, I strongly recommend one of the commercial products :-) John Norstad Academic Computing and Network Services Northwestern University jln@acns.nwu.edu Q: Why does California have more lawyers than New Jersey? A: New Jersey got to pick first, and they chose toxic waste.