Shareware Overload

home *** CD-ROM | disk | FTP | other *** search

/ Shareware Overload / ShartewareOverload.cdr / utils / sentry.zip / README.1ST next >

Wrap

Text File | 1989-09-09 | 6KB | 117 lines

SENTRY VERSION 2 This software is distributed as shareware. You may copy it freely and distribute it. If you choose to use it, please send a $15 registration fee to the address below. If you use this product and do not send the registration fee, you will still have the best virus protection product available at any price and you will have little to worry about from computer viruses. However, you WILL have bad dreams and your karma will turn sour. Your girlfriend will leave you for the dweeb next door and the neighborhood children will ridicule you behind your back. You will begin loosing your hair prematurely. Your chances of an audit by the IRS will increase by two orders of magnitude. You will be seduced, in a moment of madness, into buying OS/2 and will convert all of your systems three days before IBM abandons the product. We know this to be true. To avoid all of this and live a long, happy and prosperous life, merely take out a check (yes, do it now before it's too late), fill it out for $15 (cash also accepted), include your name and address and send it to: McAfee Associates 4423 Cheeney Street Santa Clara, CA 95054 OR, quickly jot down your Master card or Visa number and drop it in the envelope. For those of you never write anything on paper - call the Homebase BBS at 408 988 4004 and leave your credit card number in E-mail to the SysOp. Credit card orders please add $3. Believe us, you'll feel better when you've done this. Now that that's out of the way, let's get down to business. THE PRODUCT Sentry version 2 is an updated version of the original Sentry product. It now runs on DOS 4.0 and above, and it has additional checks for partition table viruses. In operation, however, it is identical to the original version. If you currently are running Sentry, the only modification required is to re-install using the new install routine. Everything else is identical. I have designed and marketed an number of antiviral products commercially through InterPath Corporation, some with more success than others. I have also researched and tested every antiviral product available in both the commercial and public domain markets. All of them (including my own) were less than satisfying. They left me with a sense of unease about the security of my system, or alternately, were so difficult to install and use that I would rather suffer the virus than the product. My answer to this problem is Sentry. Sentry uses a unique approach to the virus issue. Prior products have used TSR filters to attempt to trap viruses, or checksums to detect changes in critical files. The TSR approach has numerous weaknesses, primarily because TSRs cannot prevent viruses from directly interfacing with the system I/O controllers. Thus, over half of existing viruses cannot be stopped or detected by such products. The interrupt vectoring techniques of these products are easily circumvented by viruses. The checksum approach, on the other hand is very time consuming and awkward to implement. Both techniques are troublesome to install and execute. Sentry relies on a characteristic of viruses that has been overlooked by other product developers. That characteristic is called the "Positioning Rule". This rule relates to how viruses attach to programs. Very simply, viruses may attach to the beginning, to the end or to the middle of a program, or any combination of the three. They may fragment themselves and scatter virus segments throughout the program. Or they may even keep the main body of the virus unattached to the program, hidden in a bad sector for example. All viruses that have been discovered, however, have modified at least some small portion of the beginning instructions of the program. This is because a virus must be executed first, that is - before the host program to which it has attached. If the virus does not execute before its host program, then the environment in which the virus "wakes up" will be uncertain, and the probability of program failure will be high. The exceptions to this positioning rule are viruses that replace the entire program, such as boot sector infectors, and viruses that attack only specific programs, like known operating system files or other programs that would be commonly found in large numbers of systems. These viruses may gain control at any point, since the structure of the host program is well known and the environment can be predicted at any point in the host program's processing. The implications of this principal are very important. Sentry takes advantage of this characteristic to radically speed up the checking function. If every byte of every program is processed by a checksum or other comparison technique, then scanning the entire system for a virus takes a substantial time to complete (15 minutes to an hour), and it is impractical to perform this function frequently. As a result, previous virus products could not effectively perform this function. Sentry, on the other hand, employs a technique that locates the initial instructions and branch addresses for each generic program in the system and logs critical information about these locations. It is able to scan the entire system for a virus over 200 times faster than global checksum techniques. As a result, it is now practical to check the entire system each time the system boots. This normally takes less than 20 seconds for the average system. Sentry is installed by simply typing the install command. There is nothing else the user ever needs to do. Install automatically logs ALL components of the system that can be hosts to a virus and places an automatic check function in your autoexec. If you ever do get a virus, Sentry will list any and all components of the system that are affected. That's all there is to it. Please read the file SENTRY.DOC for installation and operation instruction.