Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!wuarchive!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: Michael_Kessler.Hum@mailgate.sfsu.edu Newsgroups: comp.virus Subject: Virus protection (PC) Message-ID: <0004.9012201846.AA05875@ubu.cert.sei.cmu.edu> Date: 20 Dec 90 18:18:00 GMT Sender: Virus Discussion List Lines: 41 Approved: krvw@sei.cmu.edu I can't say that we have tested all the products on the market, nor done a side-by-side test of better known products, although we are intending to set up a test site in January (during the break when some time will be available for all concerned). Nonetheless, here is a preliminary report, which represents my impressions and should not be construed as an official position in any way, shape or form. One lab was constantly plagued with Yankee Doodle even though they used Scan and Vshield. The problem was that the start volumes (3Com LAN) could not have Vshield installed on them. Once F-Prot's F-DRIVER.SYS was installed (it can be installed on start volumes), the problem disappeared. The lab has been virus free for two weeks, whereas before there were daily occurences of infections. Another lab reported that F- Prot identified an infection of the Stoned virus while Scan did not (I suspect that the person using it may have forgotten the /M in the command line). There was also a complaint that VShield slows down the boot up process considerably, while F-DRIVER.SYS is hardly noticeable. For institutions, the McAfee product is expensive. For educational institutions F-Prot costs $1 per station. From our last discussion on the matter, it appears that F-Prot will be our first line of defense, (we are considering a site license rather than having each lab invest in the product) with a suggestion that various individual labs may want to invest in other products such as Scan or VI-Spy (the ethics of a single copy user for multiple stations has not really been addressed). The one negative comment about F-Prot is that the updates appear to be less frequent than one might wish. One final comment about individuals checking their disks. I installed a Virus Check menu item on hard disks (visible on the first screen that comes up) and on the network menus for those machines without hard disks. Nonetheless, the hard disks periodically get "stoned", in part because students use their own programs and therefore tend to boot up from their disks, but also because they neither believe that they are the ones carrying the infection, nor wish to spend the time to check their disks. They will do so only if they are warned that a program is infected. May this prove useful to others. MKessler@HUM.SFSU.EDU