ANTIHOSTILE SOFTWARE EVALUATION 2# FEB 1993 ΙΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ» Ί "Protect YOUR computer, and you will save a Ί Ί thousand others, who someday will save you." Ί ΘΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΌ NEW! * Files have been added * Files have been updated * See THE FILES BY RATING listing at the end WHY? There is a massive force of "ANTIHOSTILE" software on the market. Most of the programs like to call themselves "ANTIVIRUS". This is absurd and deceptive since the viral threat is only a small part of the entire dangerous array - including your own clumsiness. To help aid the concerned user, who might otherwise throw his hands up in despair and ultimately choose to avoid the issue, this list of software, will, we hope, be of use. This list is neither comprehensive nor complete, but from time to time we hope to add to it. What it will do is define those areas of system protection that must be addressed. Then the individual software packages can be rated on their overall abilities to save a computer under assault. We will assume, for the purpose of this evaluation, the majority of computer users do NOT want to make a career out of yet another software package. If ten separate jobs are needed to protect ten separate system areas, then the jobs will be rated separately and the overall performance of each will be LOW. A software package that combines many ANTIHOSTILE functions with as little interven- tion as possible for the user, will likely receive a high rating. WHAT? These are the areas of your system that must be protected: 1. Master Boot Record. This represents 4% of the system (in terms of importance and proneness to attack.) Some software will "scan" for old virus signatures, but finding none, they will report that "all is well." The surest protection is a FULL COPY of the MBR. 2. The DOS or System Boot Record. This also represents 4% of the system's significance and attackability. 3. The File Allocation Tables (2 copies) are frequently assaulted by Trojans. The idea is that by scrambling the contents, you can no longer locate the files. The ideal solution is an up-to-date copy which can then be restored. The problem is that the FAT will constantly change as new files are added, deleted, or updated. A 15% weight is placed on the importance of the FATs because of the many Trojans that have historically attacked it. 4. The hidden System Files (IBMBIO.COM and IBMDOS.COM, but also known by other names) have an approximate 3% significance rating. 5. More commonly assaulted, especially by virii, is COMMAND.COM. This is why this single file's importance gives it a 15% rating. 6. Next are the common executable files - files with extensions COM and EXE. Since these are the most prolific targets of virii, their significance is weighted at a 40% rating. 7. General path and file structures rate 4% and 5% respectively. 8. Last is System Memory. Viruses that have taken over a system can sometimes be detected in the active RAM, rating 10%. HOW? The following codes are used in discussing the system areas: B=Backup C=checksum S=Scan R=Restore X=Clean BACKUP is the ability of the software to have access to a total copy of the drive area. By comparing the area byte-for-byte, a program can accurately determine data error or infection. RESTORE is the ability to recover the original system area from a backed up copy. CHECKSUM is the act of performing calculations, not necessarily "sums", on the contents of a drive area (BOOT, FAT, file), and storing the results for comparison purposes. If the result has varied the next time the calculation is performed, the area has changed (either by user update or by contamination.) SCANNING is a process of comparing system files and memory to a set of virus "signatures" (strings of hexadecimal code detected in known viruses). The trick is to detect only the virus, but because of the imperfect nature of this technique, false alarms can occur when a string, which has been extracted from a virus, has also been found to reside in a normal and safe file. This happened recently when an earlier version of a major Anti-Virus product (Norton Anti-Virus 2.0) detected a string for the Malta Aboeba virus inside a major archiving utility (PKUNZIP.EXE). CLEANUP is the ability of a program to remove hostile code from an infected original. This is not always a successful operation because cleaning up is usually based on static assumptions. The hostile code will not always contaminate its victim in fashions that are predictable. The ideal solution is to "start over" by erasing the contaminated area and restoring the original. WHO? ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ PROGRAMS WERE CHOSEN FOR THIS RATING BY AVAILABILITY AND ARE CURRENTLY FOUND (OR USED TO BE FOUND) ON A MAJOR NORTH AMERICAN BBS. SOME ARE AVAILABLE FROM COMMERCIAL OUTLETS THROUGH MOST SOFTWARE VENDORS. THIS RATING IS NOT EXPEC- TED TO BE COMPLETE, OR EVEN UP-TO-DATE, BUT IN TIME, MORE RESULTS WILL COME, AND THE LIST WILL BE FURTHER UPDATED AND MADE AVAILABLE TO BBS'S. ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ ALERT!, (1988) Robert W. Reed, 425 Fairgreen Ave, Casselberry, Florida 32707 RATING= 13% The list of files to be checked must be ponderously and laboriously created by hand. The checking procedure is very slow. MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT C=1 C=5 C=7 B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ ASCIICHK (1986) George Dinwiddie 10965 Trotting Ridge Way, Columbia MD 21044 RATING= 1% It displays a list of the Ascii contents of an individual file. ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ ANTV29A (1988) Ioannis Hadjiioannou, c/o Bonn Inc., 5-31 50th Avenue, L.I.C. NY 11101 RATING= 3% It doesn't look for many files and expects IBMBIO.COM and IBMDOS.COM to be the names of the system files, which is a negative if they're known by other names (MSBIO.COM and MSDOS.COM). MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT C=0 C=3 B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ AUTOCRC (1990) IE (UK) Ltd RATING= 1% It displays a CRC rating for a single file. ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ AVSEARCH 2.23 (1990) Detlev Hoppenrath, Tjark Auerbach H+DEDV Datentechnik GmbH Olgastr.4, D-7992 Tettnang, West Germany 1.AVS RATING= 0% System hung while program was scanning the MBR and DOS boots. 2.AVSCRC RATING= 1% The program does a checksum for 1 file only; no automatic comparison ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ BOMB SQUAD (1986), Associated Bulletin Board Services, 1911 Commercenter East, Suite 201, San Bernardino, California 92408 (Shareware) RATING= 0% ASCII checker only ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ BOMBSQAD (1986) Andy Hopkins 526 Walnut Lane Swarthmore, PA 19081 ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ TSR to stop writes by intercepting calls to interrupts RATING= 0% [In spite of this rating, in its own category it is quite good.] The program does not find hostile software, but blocks the activity of active hostile software. ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ CANARY (1991) Compass / New England, Post Office Box 117, Portsmouth, New Hampshire 03802 RATING=16% Checksumming is limited to Command.Com and to its own files. MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT C=15 C=1 B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ CES Saesoft International, Post Office Box: 9179, 3007 AD Rotterdam, Holland PostBank PSTB NL 2A 5506405 RATING= 7% It's difficult to determine what this software intends. This is based on the documentation which resembles double talk and the performance of the program. MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT ?=0 S=2 ?=0 ?=5 B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ CHECKUP Richard B. Levin, 1988, P.O. Box 14546, Phila., PA 19115 RATING=23% Many runs are necessary, 1 for each directory. Produces unnecessarily large report file. MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT C=1 C=7 C=15 B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ CHK4BOMB (1985) Andy Hopkins 526 Walnut Lane Swarthmore, PA 19081 ASCII checker only RATING= 0% ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ CLEAN, 1992, McAfee and Associates, 1900 Wyatt Ave Suite 8 Santa, Clara, CA RATING=3% It "cleans" out virus infections, most of the time, for many viruses. For viruses that have overwritten files, or are new, or combined with other viruses, the surest method is to delete the infected files and restore from backups. MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT X=3 B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ COMMCHK, 1990, Jackson Beebe, Prairie Data Fields, 307 West Jackson, Petersburg IL 62675 RATING=10% It checksums Command.com MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT C=10 B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ CRC_HD RTSoftware, POB 674, Columbia, MD 21045 RATING=14% Checksum results must be verified by hand. MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT C=1 C=3 C=10 B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ CRCTEST Alex Kicelew, Moscow, Russia RATING=38% Does a speedy job of checking files in root directory. MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT C=3 C=15 C=20 B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ DC89SCAN, 1989, Sector Technology, Michael Allen, Integrated Security Management, 6 Skyline Place, Suite 900, 5109 Leesburg Pike, Falls Church, Virginia 22041. RATING= 2% Scans for DataCrime only. (One of many single-virus scanners.) MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT S=2 B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ DELOUSE (1988) Phillip M. Nickell RATING=32% You have to specify the files you want to checksum and verify, this makes the procedure cumbersome. MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT C=2 C=10 C=20 B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ DETECTIVE (1990) PC SOFT-TECH P.O. Box 742 Mequon, Wisconsin 53092 RATING=16% You have to check the results by hand. MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT C=1 C=5 C=10 B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ DYNATRON Virus Interceptor 2.42 (no author/address given) RATING= 0% TSR to stop writes: failed to work. ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ EXPEL 1.1 (1990) Toltech, PO Box 68, St. Lambert, Quebec J4P 3N4 RATING=32% Attractive menu. Slow. MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT C=2 C=10 C=20 B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ FICHECK 4.0 (1988) Gilmore Systems P.O. Box 3831 Beverly Hills CA 90212-0831 RATING-42% Must be run from floppy; complex command line parameters. MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT C=2 C=10 C=30 B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ FILEHAWK 2.2 (1992) 65 Front St.W., Ste.116-32, Toronto, Ontario M5J 1E6 RATING=91% Combines both file comparison and virus scanning. It now scans Memory, and backs up and restores the FAT area. It does everything except backup and restore the SYSTEM files and COMMAND.COM. It has extra scanning capabilites and looks for "keywords" and "trademarks," so it may detect some viruses just released into the public. MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT BR=4 BR=4 CBR=15 C&S=2 C&S=12 C&S=35 C=4 C=5 S=10 B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ FILETEST (1988) L.P. Levine, Univ. of Wisconsin, Milwaukee PO Box 785, WI 53201 RATING= 7% You have to create the filelist by hand. MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT C=1 C=2 C=4 B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ F-PROT Fridrik Skulason, Frisk Software International, Postholf 7180, IS-127 Reykjavik, Iceland RATING=39% One of the best in the scanning class. MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT S=2 S=2 S=2 S=8 S=20 S=5 B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ HMOEXEC (1989) Jack Gostl RATING= 8% You have to build your files to checksum by hand. MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT C=1 C=2 C=5 B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ HTSCAN 1.12 (1990) Harry Thijssen, Zeskant 85, 6412 DV Heerlen, The Netherlands RATING=30% MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT S=2 LS-2 S=1 S=5 S=15 S=5 B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ IMMUNE (1991) David Grant, PCVRF Electorlink BBS RATING=0% Claims to insert code to immunize from viruses. May actually work for a few viruses, but over a thousand more are immune to this technique. ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ INTEGRITY MASTER, Stiller Research, 2625 Ridgeway St., Tallahasee, Florida 32310-5169 RATING=41 Many options requiring much user intervention. MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT C=2 C=2 C=2 C=10 C=20 S=5 B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ M-DAV, Morgan Schweers, McAfee Associates 4423 Cheeney Street, Santa Clara, CA 95054 RATING=1% Cleans up the Dark Avenger virus. There are many more programs of this nature which are single-job specific and of no value as overall security devices. ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ M-DISK, McAfee Associates, 4423 Cheeney Street, Santa Clara, CA 95054 RATING=1% Cleans a limited number of viruses from MBR or DOS boot. A far better system is to restore wholly a backed up copy of the boot sectors, since that would resolve damage caused by all 1600+ viruses and trojans, not by a mere handful of viruses. ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ MFICHECK 4.0 (1988) Gilmore Systems P.O. Box 3831 Beverly Hills CA 90212-0831 RATING= 0% Must be run from floppy; failed to work on 386. ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ MIC 1.0 (1990), Steve Leonard, 260 Dunbar Rd., Hilton, NY 14468 RATING=37% MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT C=2 C=10 C=25 B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ MICHNG (1992) Trend Micro Devices, 2421 W. 205th Street, Suite D-100, Torrance CA 90501 1.CURE RATING=3% Backup and Restore MBR 2.PCCSCAN RATING=6% It does a very fast, limited scan of Memory, Boot, and files in specified directory. ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ PROCRC (1988) S.H. Smith RATING= 10% Simple file comparison program. ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ PROVIRUS (1989) P. Rabergeau (Prodigy Software) 61 East 8th Street, Suite 128, New York, NY 10003 RATING=5% Ordinary scanner, complicated setup. ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ SAFEMBR (1991) Padgett Paterson RATING=1% Revises MBR to self-check (innoculation-style). ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ SCAN (1986) Dr. Bob's Utilities, 444 Maple Lane, St. Paul, Minnesota 55126 RATING=0% An ASCII checker. ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ SCAN (1992) McAfee Associates 3350 Scott Boulevard, Building 14, Santa Clara, California 95054-3107 RATING=28% Very good scanner but requires command line parameters, rather than a menu. But accuracy is highly rated. MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT S=1 S=1 S=1 S=5 S=15 S=5 B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ SECURE 2.29 (1991) Mark Washburn 4656 Polk Street N.E., Columbia Heights, MN 55421 RATING= 1% A TSR that looks for virus-like behavior, but it cannot always distinguish between virus-behavior and ordinary software performance. ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ SENTRY 2.0 McAfee Associates RATING=2% A limited search program that does file comparison. ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ ST0,RT0 Dave Bushong, KZ10, 7 Fremont Street, Concord, NH 03301 RATING= 4% Two jobs, one to store hard drive sector 0 to a floppy, another to restore it. MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT BR=4 B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ TBRESCUE (1991) ESaSS B.V., P.O. Box 1380, 6501 BJ Nijmegen, The Netherlands RATING= 8% Backup and Restore MBR and DOS boot. MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT BR=4 BR=4 B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ TBSCAN (1991) ESaSS B.V., P.O. Box 1380, 6501 BJ Nijmegen, The Netherlands RATING= 18% MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT S=1 S=5 S=12 B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ Turbo Anti-Virus 7.06a (1990) Carmel Software Engineering, Israel also: EPG International, Hans-StieBberger-Str. 3, D-8013, Haar bei, Menchen, West Germany RATING=(31%) Documentation in German. Cannot determine all that it does. MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT ? ? ? LS?=1 LS?=5 LS?=20 LS?=5 B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ UNVIRUS 16.01 (1991) B.R.M. Systems Ltd. RATING=26% A speedy scan of memory and files. MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT S=1 S=5 S=15 S=5 B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ VALIDATE (1992) McAfee Associates, CVIA, 4423 Cheeney Street, Santa Clara, CA 95054 RATING= 1% SIngle file CRC, for purpose of comparing by hand to a list, mostly for CVIA products. ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ VCHECK 1.0 Alchemy Mindworks, P.O. Box 313, Markham, Ontario L3P 3J8 RATING=14% Primitive file comparison program; user updates the list of files to be checked. MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT C=1 C=5 C=8 B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ VIREX 2.5 (1992) Datawatch Corporation, P.O. Box 51489, Durham, NC 27717 RATING=40% Very good scanner. It decompresses archived files to scan them; requires extra memory. MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT S=2 S=2 S=2 S=8 S=21 S=5 ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ VIRUS DETECTER 1.1 (1988) Tim O'Brien, P.O. Box 742, Mequon, Wisconsin 53092 RATING=26% MBR DOS FAT SYSTEM COMMAND COM & EXE PATH FILE MEMORY BOOT BOOT AREA FILES .COM FILES STRUCT STRUCT C=1 C=5 C=20 B=Backup C=checksum S=Scan R=Restore X=Clean B=Backup C=checksum S=Scan R=Restore X=Clean ΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝΝ Other addresses: Central Point Software 15229 NW Greenbrier Parkway, Suite 200, Beaverton, Oregon 97006 McAfee Associates 1900 Wyatt Ave Suite 8 Santa, Clara, CA 95054 Symantec (Peter Norton) 2500 Broadway, Suite 200 Santa Monica, CA 90404 FILES BY RATING ΪΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΒΔΔΔΔΏ ³ FILEHAWK ³ 91 ³ ³ FICHECK ³ 42 ³ ³ INTEGRITY MASTER ³ 41 ³ ³ VIREX ³ 40 ³ ³ F-PROT ³ 39 ³ ³ CRCTEST ³ 38 ³ ³ MIC ³ 37 ³ ³ DELOUSE ³ 32 ³ ³ EXPEL ³ 32 ³ ³ TURBO ANTI-VIRUS ³ 31 ³ ³ HTSCAN ³ 30 ³ ³ SCAN (McAfee) ³ 28 ³ ³ UNVIRUS ³ 26 ³ ³ VIRUS DETECTOR ³ 26 ³ ³ CHECKUP ³ 23 ³ ³ TBSCAN ³ 18 ³ ³ CANARY ³ 16 ³ ³ DETECTIVE ³ 16 ³ ³ CRC_HD ³ 14 ³ ³ VCHECK ³ 14 ³ ³ ALERT! ³ 13 ³ ³ COMMCHK ³ 10 ³ ³ PROCRC ³ 10 ³ ³ HMOEXEC ³ 8 ³ ³ TBRESCUE ³ 8 ³ ³ CES ³ 7 ³ ³ FILETEST ³ 7 ³ ³ MICHNG(PCCSCAN) ³ 6 ³ ³ PROVIRUS ³ 5 ³ ³ ST0/RT0 ³ 4 ³ ³ ANTV29A ³ 3 ³ ³ CLEAN ³ 3 ³ ³ MICHNG (CURE) ³ 3 ³ ³ DC89SCAN ³ 2 ³ ³ SENTRY ³ 2 ³ ³ ASCIICHK ³ 1 ³ ³ AUTOCRC ³ 1 ³ ³ M-DAV ³ 1 ³ ³ M-DISK ³ 1 ³ ³ SAFEMBR ³ 1 ³ ³ SECURE ³ 1 ³ ³ VALIDATE ³ 1 ³ ³ BOMB SQUAD ³ 0 ³ ³ BOMBSQAD ³ 0*³ ³ CHK4BOMB ³ 0*³ ³ DYNATRON ³ 0 ³ ³ IMMUNE ³ 0 ³ ³ MFICHECK ³ 0 ³ ³ SCAN (DR.BOB) ³ 0 ³ ΐΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΔΑΔΔΔΔΩ * N.B. Some software in the Anti-Hostile arena are quite good FOR THEIR INTENDED purposes, despite their low ratings as overall security packages.