Computer Video

 BootLog.co.uk

HomeSoftwareArchiveTop TipsGlossaryOther Stuff

INFECTIOUS BEHAVIOUR

 

STANDFIRST

Computer viruses are nasty little things that can really spoil your day... Rick Maybury looks at two anti-virus packages that will hopefully keep infections at bay, and provide emergency first aid if the worst happens

 

COPY

Several times each year the media get their knickers into a twist over some new strain of computer virus. They’re normally timed to go off on a particular day, or triggered by a set of events and promise to wreak havoc on the nation’s PCs. So what happens? Sod all usually. In fact the actual threat to most stand-alone PC users from the 10,000 or so known viruses is relatively small, but that’s cold comfort to those who do get caught out.

 

The chances of infection are at their greatest if you download a lot of files from the internet, receive unsolicited e-mail, load files and programs from discs of uncertain origin or use bootleg software. Within the past three years a new threat has emerged in the shape of Macro viruses. They lurk hidden inside word processor documents and spreadsheet files and are easily spread by swapping discs and e-mail.

 

Even if you’re in a low-risk category the fear of catching a virus, whether real or imagined, is there. If only for your peace of mind it is prudent to take some precautions. If you feel your PC is vulnerable to attack then it is even more important to treat the matter seriously, and that means using anti-virus software.

 

There’s plenty of them to choose from, including demos on magazine cover discs, freebies, down-loadable shareware and high-performance utilities, two of which we’re looking at here. Cheyenne Antivirus and PC-Cillin are amongst the best known anti-virus programs on the market. They have quite a lot in common, including the price (both are currently selling around the £40 mark), and they can both be updated via the internet. However, the presentation, the way in which they work and the impact they have on a system, are different.

 

CHEYENNE ANTIVIRUS

Antivirus is the more elaborate of the two, with plenty of functionality for advanced Windows and DOS users. Cheyenne claim that it can detect 100% of known and unknown viruses. Clearly that’s something that we’re unable to verify (see The Tests) but they are certified by the National Computer Security Association, (NCSA) an authoritative and independent US organisation that checks such things. 

 

The program uses four virus detecting strategies. It checks the integrity of a program, to see if there have been any changes due to virus infection or activity. A rule-based Polymorphic Analyser monitors the behaviour of programs for suspicious activity. Interrupt Monitoring constantly checks the operating system for actions that may indicate a virus is at work, and Signature Scanning checks for known virus codes. Updated signature files be automatically downloaded from the Cheyenne web site.                        

 

Antivirus has Windows 95 32-bit capability. It operates from switch on, checking the master boot sector, before the operating system starts to load. It verifies CMOS RAM information, the partition table, I/O systems, shell file and Windows. This all adds to the time taken to boot up. On one test-bed PC (P133/16Mb) the time taken for the machine to get to the Win 95 desktop increased from one to one and a half minutes, and even then the hard disc was still chuntering away in the background. 

 

Any or all local drives can be scanned at any time. A virtual device driver called Wimmune.VXD operates in the background, checking all programs and files as they’re addressed or executed. Active Monitor looks at all incoming and outgoing files for viruses, including compressed data using .ZIP or .ARJ formats. During installation Antivirus offers the option to create a rescue disc containing Critical Disc Area information.

 

Presentation is very simple. The main desktop has four main functions: scan all local disc drives, create a critical area backup disc, automate the scanning schedule, and download the latest signature update. Once Antivirus has carried out a full disc scan and been configured, it can be left pretty much to get on with the job and you won’t see it again, unless you want to, or it discovers a virus. If an infection is found during the initial scan it offers various options, from deleting the file, virus removal -- when it knows how to -- renaming the file, moving it from its current directory or purging it completely, so that it cannot be recovered. If a virus is detected when the PC is operating the procedure is to close all active applications, switch off the PC, re-boot with the rescue disk then run a disc scan utility from DOS.

 

That all sounds fairly straightforward on paper but the recovery procedures do require some familiarity with the workings of DOS. We suspect those weaned on point and click Windows may well find the instructions tough going. Moreover, Antivirus demands a certain amount of discipline on the part of the user, to regularly update the critical area disc files. Antivirus feels as though it is doing a thorough job and it inspires a good deal of confidence, though it’s not especially friendly and is better suited to more experienced PC users.

 

Advanced virus detection software for high-risk users, who know what they’re doing

Street price                 £45

System req.                IBM PC 486 or higher 8Mb RAM, 8Mb free hard disc space, Windows 95, modem and internet connection recommended

Media                         CD ROM, 3.5-in floppies

Main Features            detects known and unknown boot sector, polymorphic, stealth and macro viruses, scans loading files and internet downloads, on-line updates

Contact                       Roderick Manhatten Group Ltd., telephone 0181-875 4441

 

CV Ratings

Features                     ****

Performance               ****

Ease of Use                ****

Value for money ****

Overall rating            85%

 

 

TOUCHSTONE PC-CILLIN II DELUXE

PC-Cillin  II Deluxe gets off to a good start with a friendly, approachable, manual that gives a good clear explanation about what viruses are, how it finds them, and what it does with them, if it finds any. Like Antivirus it is NCSA certified and claims to be able to detect all known viruses and catch new strains, that have yet to be identified.

 

Installation is a breeze on Windows 95 PCs. It carries out a pre-scan before loading, eliminating the possibility of loading the program into an already infected machine, then it offers to create an emergency rescue disc. PC-Cillin II uses a number of virus detection systems. Virus Instructional Code Emulator (VICE) looks for known virus patterns. An advanced Mutation Virus cleaning engine identifies parts of files that are infected so they can be surgically removed. Rule-Based Technology monitors requests made to the PC’s interrupt table, in particular unexpected calls to write to the boot sector, open executable programs for writing, and changes to resident memory. Files are scanned before they are executed and as they are saved, created or copied, all this happens behind the scenes, without the user having to do anything.

 

A utility called Macro Shield loads at the same time as MS Word, screening against macro viruses, before they have the opportunity to do any damage. In addition to known infections Macro Shield can also detect new strains, and if found, removed. PC-Cillin also scans all internet downloads, e-mails and attachments plus compressed files with PKZIP, WINZIP and LHARC extensions.

 

Smart Monitor sits on the Windows 95 task bar, quietly going about its business. When opened it displays a set of meters showing the current status and activity logs. A ‘threat’ meter shows how many systems are operating, that are vulnerable to attack (modem connection, disc drives etc.). There are also meters showing CPU activity, the level of protection being applied, time since the last full scan and virus pattern file (VPF) update. The main desktop covers scanning operations, configuration and a huge amount of information on known viruses, what they do, and how they’re detected.

 

If a virus is found an on-screen alert appears and PC-Cillin offers users a number of manual options, or the ‘Clean Wizard’, which takes the user gently by the hand through the disinfection process. Affected files can be cleaned or deleted;  if the threat is judged to be negligible it can be left alone. It can renamed, or moved to a ‘quarantine’ directory, where it will do no further harm, until you decide what to do with it. Cleaning removes known viruses from a file, leaving them undamaged.

 

When the cleaning process has been completed a ‘send e-mail’ window appears. This contains a prepared message that can be sent to anyone that you share files or discs with, warning them of the nature of the infection, and what they can do about it. This can be either sent straight away, or printed out and sent using snail mail. Support is available 24-hours a day for the first 90 days and the manufacturers offer an emergency virus removal service, where they can download infected files from your PC, and hopefully clean them up for you.

 

PC-Cillin is very easy to use, even by complete novices, who are arguably the most vulnerable to virus attack, and the least able to cope when it happens. The level of support appears very impressive. There’s not so many rules or things to tinker around with, compared with Antivirus, but it gives the impression of providing the same sort of high-level protection, with the reassurance of regular updates, as and when new viruses appear.       

 

Reassuringly simple virus protection with a good feeling of security

Street price                 £41

System req.                IBM PC or compatible, 386 or higher, 8Mb RAM, 10Mb free hard disc space, Windows 3.1/95/NT

Media                         CD ROM, 3.5-in floppies

Main Features            detects known and unknown boot sector, polymorphic, stealth and macro viruses, scans loading files and internet downloads, on-line

Contact                       Quarterdeck UK Ltd., (01245) 494940

 

CV Ratings

Features                     ****

Performance               ****

Ease of Use                ****

Value for money ****

Overall rating            85%

 

 

BOX COPY 1

WHAT IS A VIRUS

In the broadest sense a computer virus is any program that gets loaded into your system without your knowledge or permission. A lot of viruses do nothing particularly harmful, other than display a message, or muck about with the display, others do real damage, from changing, scrambling or hiding data, to corrupting and erasing the hard disc. 

 

The worst kind of viruses are those that lay dormant, possibly for weeks or months, waiting for a particular event to occur. It could be something predictable, like a certain date -- Friday the thirteenth is very popular --  or a purely random occurrence, such as a combination of keystrokes. Viruses come in very many different forms but there are several readily identifiable characteristics.

 

Master Boot Sector Viruses are amongst the hardest to detect as they reside in a part of the disc that contains software that determines how the PC operates, and is not routinely scanned by disc monitoring tools. Viruses in the boot sector are easily loaded into memory and spread to other discs.

 

Macro Viruses are now the most prolific type. They’re relatively easy to write, using the simple programming language incorporated into many word processor and spreadsheet programs. They can be hidden inside files and once loaded, infect the memory, where they can be transferred to other systems by file transfer and e-mail.

 

Memory Resident Viruses live in the PCs memory. Once activated they take control of the operating system by attaching themselves to particular files, normally executable types with .EXE, .COM or .SYS extensions

 

Stealth Viruses are one of the most sophisticated types as they actively hide or modify themselves to conceal their presence. This includes tricks like deleting bytes from a program, so that the file size remains unchanged after infection.

 

Polymorphic Viruses periodically mutate, changing their ‘signature’ or code by which they can be identified, making them incredibly difficult to detect.

 

BOX COPY 2

THE TESTS

Unfortunately anti-virus software is rather difficult to test in a real-life situation, you should treat magazine reviews that claim to road test various products with a good deal of scepticism. For obvious reasons samples of the latest and most damaging viruses are not that easy to come by, outside of the anti-virus industry. That’s undoubtedly a good thing -- there’s more than enough viruses in the ‘wild’ without clumsy magazine reviewers adding to them -- but it does make our job harder and we have to take a lot of the manufacturers claims on trust. However, we can still comment on the functionality of the programs, what they do and how they do it, as well as how easy they are to use, and what they will do for you, if the worst should happen.

 

---end---

Ó R. Maybury 1997 0408

 

 


 

[Home][Software][Archive][Top Tips][Glossary][Other Stuff]


Copyright (c) 2005 Rick Maybury Ltd.

admin@rickmaybury.com