home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Monster Media 1996 #15
/
Monster Media Number 15 (Monster Media)(July 1996).ISO
/
virus
/
fwin311e.zip
/
FAQ.TXT
next >
Wrap
Text File
|
1996-06-16
|
9KB
|
208 lines
Frequently Asked Questions about F/WIN
======================================
I ALREADY HAVE A VIRUS SCANNER. WHY USE F/WIN?
a. F/WIN uses heuristic detection for macro viruses that
infect Microsoft Word documents. That means it can
find known and UNKNOWN macro viruses and trojans, as
well as deliberate acts of sabotage in Word macros.
b. F/WIN can remove known and unknown macro viruses. A lot
of the regular antivirus programs can only detect macro
viruses and of course they only can remove KNOWN
viruses.
c. F/WIN is a passive scanner. That means you don't have
to use Word templates to defend yourself against macro
viruses. These templates are no real safe protection,
and of course, you will need Winword for using them.
F/WIN is a DOS based virus scanner and doesn't stay
resident in memory.
d. F/WIN can detect and remove the only known PE-EXE
(Windows 95 viruses).
e. F/WIN can detect known and unknown viruses that infect
Windows EXE files which use the <Winsurfer> or <Ph33r>
infection scheme.
f. F/WIN is inexpensive, especially when considering the
protection that it provides.
SHOULD I REPLACE MY EXISTING SCANNER WITH F/WIN?
No. F/WIN is a specialized scanner that is intended to
supplement the one you currently have. By now, there are
more than 8500 known viruses for DOS, but only about
30 Windows specific viruses. You will need a normal DOS
antivirus program, of course. However, it's likely that
the number of Windows viruses will increase in the future.
DOES F/WIN DETECT MACRO VIRUSES IN OTHER SOFTWARE LIKE AMIPRO,
WORD PERFECT, ETC.?
At this time it does not. That is a feature we hope to add
to it at a future date. So far, F/WIN only detects macro
viruses in Microsoft Word 6.0 and 7.0 documents. The only
known non-Winword macro virus AmiPro.Green_Stripe isn't
reported in the wild.
HOW OFTEN WILL F/WIN BE UPDATED?
Because of it's heuristic nature, F/WIN doesn't need regular
updates like normal virus scanners. Normally, updates will
be released to provide bug fixes and will appear at least
every two months. Of course customers will be provided with
a new version if they detect a virus which F/WIN missed.
HOW WILL I RECEIVE UPDATES?
Because the FWIN.KEY is valid for every new version, you
just need to download the shareware version from your local
BBS or FTP/WWW site and replace the FWIN.EXE file! The
latest shareware version of F/WIN is available at:
http://www.gen.com/fwin
http://www.valleynet.com/~joe
http://www.cyberbox.north.de (German site)
The program is released as a ZIP archive and will have a
file name like FWIN311E.ZIP (English version) and
FWIN311G.ZIP (German version).
HOW SAFE IS F/WIN? CAN IT DESTROY MY DOCUMENTS?
The cleaning process has proven to be safe in our tests.
But if for some reason it would damage your document, it
makes a backup of it before attempting to remove the virus.
The backup allows you to try a different method for cleaning
or to recover the file if the cleaning process failed.
Because F/WIN can't decode OLE2 objects like Microsoft Word
documents with 100% accuracy, it's possible that it could
destroy infected documents sometimes. If you encounter
problems cleaning macro viruses, you could send us the files
and we will clean them manually. Also, F/WIN has two
options to clean documents. Both remove the virus reliable,
but the second approach (Wipe macro names) makes fewer
modifications to the document, and will work most likely in
every case.
HOW QUICKLY WILL I GET A REPLY TO QUESTIONS?
As we both aren't full-time virus researchers, we can't
always respond at once. We will check our accounts at
least one time a day, so you will get answers within one or
two days. We will do our best to get to you as quickly as
possible. If you are e-mailing us about a current virus
emergency, please put "VIRUS EMERGENCY" in the SUBJECT line
of your e-mail message. Those messages will be given first
priority.
WHY SHOULD I CHOOSE F/WIN OVER OTHER AV PRODUCTS TO PROTECT
AGAINST WORD MACRO VIRUSES?
F/WIN was designed from the beginning by its author (Stefan
Kurtzhals) to be able to detect and remove unknown viruses
and trojans, while at the same time allowing Word users to
go on using WordBasic macros they wanted to use. While most
Word users don't use WordBasic macros, many do. And those
that do, often find these macros to be real time-savers
because they automate repetitive, tedious processes that
would normally have to be done manually.
F/WIN Anti-virus has built into it profiles of how viruses
and trojans "behave". If it finds macros that fit the
pattern, it warns the user so that they can choose whether
or not to remove the macros. These build-in behavior
profiles offer several advantages to F/WIN users:
1. Users can go on using most, if not all of the macros
they currently use without having to deal with endless
false alarms. If a product produces too many false
alarms, users will simply quit using it and leave
themselves with little or no defenses.
2. F/WIN distinguishes between a trojan and a virus. This
can be important for a user to know for damage
assessment purposes, because viruses spread themselves
to other files. Trojans don't.
3. F/WIN doesn't just say it's found potentially dangerous
macros like some products do. It goes a step further
and tells the user exactly what suspicious behavior it
has found. Users can then look up each warning message
F/WIN produced in the FWIN.TXT file and get a more
in-depth explanation of what the message means. This
allows users to make more intelligent decisions about
whether or not to delete the macros, or whether to
investigate them further. It also may help to explain
damage that may already have been done by the virus or
trojan.
4. F/WIN has 3 levels of detection. Each lower level
offers a more thorough search than the level above it.
This allows users to have more control about how
sensitive F/WIN is in it's detection of viruses and
trojans.
F/WIN IS A DOS PROGRAM. WILL IT HANDLE THE LONG FILE NAMES
WINDOWS 95 USES?
Yes it will. We have tested F/WIN in the following
environments:
PC DOS
MS DOS
Windows 3.x
Windows 95 (DOS 7.0)
OS/2 Warp (from a DOS window)
There is an advantage to using a DOS version in Windows 95
and Windows 3.x. If a virus or trojan deletes or damages
critical files that Windows 3.x or Windows 95 uses, you
can't get into those environments to run your virus scanner.
In the case of either Widows 3.x or Windows 95, you could
boot from a floppy (or not), and still be able to run F/WIN
to find the culprit. Most anti-virus programs offer a DOS
versions for situation like this, but there are some that
don't. Remember, if a virus manages to infect your system,
Windows will most likely not start up and you can't use your
Windows based antivirus program. It is strongly recommended
to boot from a DOS bootdisk before trying to remove a virus.
I DON'T HAVE A VIRUS COLLECTION I CAN TEST F/WIN AGAINST. IS
THERE SOME WAY I CAN SEE ACTUAL FULL-COLOR SCREEN PRINTS OF F/WIN
FINDING REAL VIRUSES?
Because the typical person trying out F/WIN doesn't happen
to have a Word macro virus/trojan collection at his/her
disposal, we've added something new to our web page that
will allow you to see what kinds of messages F/WIN produces
for some of the viruses and trojans that have been discussed
on various virus forums. What we've done is to create a
file called FWINSCRN.ZIP that can be downloaded from our web
site. It contains screen prints of F/WIN actually finding
real viruses and trojans. You can then download a shareware
copy of F/WIN, and look up the warning messages in the
FWIN.TXT file for yourself. All the screen prints are in
.GIF format. A text file is also included to explain what's
on each screen.