From: rslade@sfu.ca (Robert Slade)
Subject: Exactly 1000 words on Sophos "VACCINE" (PC)
Date: Wed, 22 Jul 92 8:54:48 PDT

PCSOPHOS.RVW   920721
                               Comparison Review
 
Company and product:
 
Sophos Limited
21 The Quadrant
Abingdon Science Park
Abingdon, Oxfordshire   OX14 3YS
UK
(0235) 559933
fax: (0235) 559935
Vaccine-Anti-Viral Software
 
Summary: Change detection and scanning
                              
 
Cost                          
 
Rating (1-4, 1 = poor, 4 = very good)
      "Friendliness"
            Installation      2
            Ease of use       2
            Help systems      1
      Compatibility           2
      Company
            Stability         3
            Support           1
      Documentation           2
      Hardware required       2
      Performance             3
      Availability            2
      Local Support           
 
General Description:
 
The SWEEP program appears to be a very minor component of the package,
suggested only for use to check for existing viral programs before installing
the VACCINE change detection.  VACCINE provides the calculation of the check
value, but the detection of any changes is done by the DIAGNOSE program.  SU is
a utility program which allows examination and some manipulation of disk and
memory areas.
 
                  Comparison of features and specifications
 
 
 
User Friendliness
 
Installation
 
The Sophos VACCINE package is shipped on non-writable disks, both 5 1/4" and 3
1/2" low density media.
 
After having reviewed so many antiviral programs that demand you trust them
with your hard disk (Trust us!), it was refreshing to see that Sophos actually
suggests that you install the program onto a floppy disk!  Unfortunately, this
means nothing, as the installation program refuses to install the package
unless a hard disk is present.  In fact, none of the programs except SWEEP will
work on a floppy-only system.
 
The documentation does give detailed instructions for manual instruction.
 
As the SWEEP program is intended only as an initial check, nothing is said
about updating the program.  However, the documentation does warn that it "has
a limited useful life", and the program itself warns if it is more than four
months old.
 
Ease of use
 
Basic functions of the programs can be accessed reasonably easily.  However,
specification of some of the command line options and "lists" of items to check
would definitely be beyond the grasp of novice users, and likely beyond
intermediate users as well.
 
Help systems
 
Some "online" help systems are provided, but they do not provide much
assistance.
 
Compatibility
 
 
 
Company Stability
 
Sophos is a fairly major player in the system security field, in minicomputer
and communications systems as well as micro software.  It is also the publisher
of the "Virus Bulletin" periodical (and convener of that publications
conference).
 
Company Support
 
Only the address, phone and fax numbers are given: no mention is made of
support.  (If SWEEP detects a virus a message instructs the user to call Sophos
"for advice".)
 
It is noteworthy that my review copy arrived with a note saying that the
related D-Fence program would be dispatched "next week".  In spite of waiting
eight months before committing the review to paper, the program has never
arrived.
 
Documentation
 
There are five "manuals" shipped with the VACCINE package.  Four are packaged
together in a binder: the "Quick Start Manual", "VACCINE User Manual", "Using
VACCINE in a large organisation" and "Sophos Utilities User Manual".  The
fifth, "Data Security Reference Guide", is paperbound separately.
 
The user manuals are definitely technical reference level.  There is a great
deal of information regarding the use of the program for the experience user. 
There is also information regarding the limitations of the program, or best
means of use, but this is often very brief, and one has to be almost looking
for it to find it.
 
The general description of viral programs is extremely limited.  Some of the
points are plainly incorrect.  For example, the description of viral programs
states that "[a]fter some time, all programs on the hard disk will be infected"
thus implying that all viral programs are file infectors, and then goes on to
list a number of viri, the first three of which are boot sector infectors. 
Among the "rules" for avoiding viral programs are the same tired "avoid BBSes,
avoid shareware, buy commercial" themes.  The manual also appears to claim that
a change detection system can prevent damage by trojan horse programs and logic
bombs.
 
The "Data Security Reference Guide" appears to be a separate item.  The name
and separate binding would imply that this is a textbook for security issues. 
Slightly more than half of the book (the last half) is a catalogue of the
security products Sophos sells.  The first part covers general security related
issues, such as choice of password.  Fully half of the pages in this first
section are devoted to a chapter on "Computer Viruses".  This chapter is an odd
mix of the magnificent (helpful diagrams of items ranging from boot sector viri
to write protect tabs) and the useless (BBSes are evil, commercial software is
good).  Overall the reference guide would be a helpful learning tool for
educating users about data security, but only with direction and additional
material.
 
Hardware Requirements
 
None of the programs, except SWEEP, will work on a floppy only system.
 
Performance
 
The documentation admits, albeit briefly and unwillingly, to the weaknesses of
change detection, and even specifically mentions that "stealth" type viral
programs will not be detected if the virus is active.  The ability to
"snapshot" areas of memory, the interrupt table and specific (system) areas of
the hard disk is a valuable plus.
 
The SWEEP programs functions quite well against common viral programs with the
exception that it tends to "find" more than one virus in an infected file (up
to eight in the case of a single "Jerusalem" infection).
 
Local Support
 
None provided.
 
Support Requirements
 
A novice user, installing this on a system after all other software had been
installed, would likely be provided with good protection against viral
programs.  However, it is likely that use of this product in any normal
business operation would require the support of personnel expert in computer
use as well as viral operation.
 
                                 General Notes
 
One would have to say that VACCINE is a product for the use of experts.  The
package seems to tacitly admit this with the additional section of the manual
for use in a large concern.  As a tool for serious support personnel, the
product does provide very significant utilities for protection of computer
systems.
 
copyright Robert M. Slade, 1992   PCSOPHOS.RVW   920721
 
============= 
Vancouver      ROBERTS@decus.ca         | Life is
Institute for  Robert_Slade@sfu.ca      | unpredictable:
Research into  rslade@cue.bc.ca         | eat dessert
User           p1@CyberStore.ca         | first.
Security       Canada V7K 2G6           |