Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!usc!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: USERQBPP@SFU.BITNET (Robert Slade) Newsgroups: comp.virus Subject: FPROT review (PC) Message-ID: <0005.9101021908.AA04408@ubu.cert.sei.cmu.edu> Date: 23 Dec 90 08:11:24 GMT Sender: Virus Discussion List Lines: 211 Approved: krvw@sei.cmu.edu Antiviral Protection Comparison Review Company and product: Fridrik Skulason Box 7180 IS-127 Reykjavik Iceland frisk@rhi.hi.is F-PROT-Virus detection/protection/disinfection and utilities Summary: Highly recommended for any situation. Best "value for cost" of any package reviewed to date. Installation may require knowledge of MS-DOS. Cost Site license Education $1(US) per computer (minimum $20) Other $2(US) per computer Rating (1-4, 1 = poor, 4 = very good) "Friendliness" Installation 2 Ease of use 3 Help systems 2 Compatibility 4 Company Stability 2 Support 3 Documentation 2 Hardware required 4 Performance 3 Availability 3 Local Support ? General Description: Of the five classes of anti-viral systems, the only one that FPROT does not provide for is encryption. It provides vaccine (F-LOCK), change detection (F-OSCHK, F-XLOCK), operation restricting (F-DLOCK, F-XCHK) and scanning (F-DRIVER.SYS, F-FCHK, F-DISINF, F-SYSCHK) protection. The package also includes various system information utilities Comparison of features and specifications User Friendliness Installation The installation of FPROT is not a one step process, since the package contains a number of different programs for different protective purposes. The user must decide which programs to use, and therefore the installation must be done in stages. There is no installation program, but the documentation does have a separate installation file. This file states that the user should have a knowledge of MS-DOS, and that is likely necessary. The installation process, however, is described clearly, and is quite complete. The package is distributed as "shareware", and therefore any user who obtains it is likely to have the necessary skills for its installation. The installation procedure does "allow" one possible point of infection if the computer is infected when the program is installed, but the program will immediately detect the infection unless it is not found in the signature file. Since the program is "posted" in archived format, the user should be able to clear the infection and start with fresh files. Ease of use All the functions of FPROT are found in different programs, and all are invoked from the command line, so when a user knows what function is desired it is a simple matter to obtain it. Only two of the programs have any "switches" other than file or path specification. Help systems As all packages are invoked from the command line for a single function, there is no need for "online" help. When programs are called without necessary file or path specifications, a message explaining what is needed appears. Compatibility The various programs have been tested on a wide variety of computers, and have not created any problems with hardware, even on systems that have serious problems with TSR programs. The documentation lists a number of "contra-indicated" software packages and systems which may conflict with program operations. However, in six months of testing, no normal character based program or TSR has been found to conflict with any FPROT program. Company Stability Unfortunately, the future of FPROT is currently in doubt. It may continue as a shareware product, or it may be sold to commercial interests. Company Support No problems have been encountered with the program so far. Fridrik Skulason is available through the Internet, and replies to queries can be expected within a week or less. Documentation Being shareware, the package has no printed documentation. The text files included with the programs are very clear and thorough, and provide an excellent primer on virus functions and protection. Novice users may, however, find the USAGE.TXT document to be daunting. Fortunately only the INSTALL.TXT document is required to use the product. The virus listings are comprehensive as to the number of viri, if somewhat less technical and detailed than the Brunnstein and Hoffman listings. Hardware Requirements No special hardware is required. Performance During testing, FPROT has consistently identified more viri than the "current release" of any other product. It has occasionally given a "false positive", but only in the case of identifying a definite virus with two different names, or when scanning another virus scanning product. FPROT is generally slower at scanning, and the separate signature file renders it slower still, but the separate file also allows new signatures to be added without waiting for a product upgrade. The user is in control of FPROT at all times, with the exception that F-DRIVER.SYS will not allow the boot sequence to continue in the case of a boot sector infection at startup. FPROT, in six months of testing, has not given a false positive alarm on any normal program, nor has it interfered with any normal program operation. Local Support Since FPROT is shareware, there are no local dealers to obtain support from. FPROT has fewer users in North America than SCAN, and so local help may be harder to obtain, but the documentation should make up any deficiencies. For users in Europe, FPROT is available as a commercially distributed product. For those in Canada, some support is available through the new SUZY Information Service, through INtegrity, the data security and anti-viral IN (Information Network.) Support Requirements In a situation where technical support is available for the user base, installation may best be performed by the support group. A corporate environment will likely wish to have security policies, and support for the package in addition to installation would best be coordinated by this group. General Notes Because of its "shareware" distribution, FPROT is best compared against John McAfee's SCAN program. FPROT is definitely the more complex package, but that is because of far greater functionality. SCAN, in it's most recent releases, has offered a minor disinfection feature, but for most disinfection one must obtain, separately and at separate cost, the CLEAN and/or the older M-DISK programs. Resident "vaccination" is also available, but again it is in the separate SENTRY or VSHIELD programs. Finally, for use of any of these on a network, NETSCAN is required. None of the SCAN family of programs offers the system information utilities that FPROT comes bundled with. FPROT is kept up to date with regular additions to the signature file, and constant improvements to the program. SCAN versions are released at approximately the same frequency as FPROT, but in a six month trial period from June to November of 1990, FPROT releases consistently identified more viri, and with greater accuracy than did the "same level" releases of SCAN. (During this period, McAfee had to release four "bug fix" versions, Skulason only one.) Fridrik Skulason also publishes the signatures of new viri on the VIRUS-L (Usenet comp.virus) distribution lists, and signature files can be updated between releases. FPROT, distributed as shareware, is free for individual users. For a $15 US fee, Fridrik Skulason will mail out a "registered" copy. The cost of the SCAN program is apparently subject to negotiation, but the "list price" in the documentation, shareware, for home use, is $25 US. For the full set of four programs (SCAN, CLEAN, SENTRY and VSHIELD, not including NETSCAN) mailed on disk from McAfee Associates the cost is $119 US. Site licenses for FPROT are available for $2 US per CPU, $1 for educational institutions. Site licenses for SCAN alone are quoted at $8 US per CPU. copyright 1990 Robert M. Slade