User`s guide

ManualsBrandsAMSTRAD ManualsComputer equipmentPC-ECD

/90/$0.00+2.50 This bulletin is available only to qualified subscribers. No part of this publication may be reproduced, stored in a retrieval system, or transmitted

by any form or by any means, electronic, magnetic, optical or photocopying, without the prior written permission of the publishers.

Page 27

VIRUS BULLETINAugust 1991

security loophole with this program is that even viruses that it

‘knows’ about can be introduced into the processing stream

and once they gain control of the system, Virus Guard

provides little protection against them. Inadequate self-

checking mechanisms make it essential that a thorough initial

integrity check using proven scanning programs is undertaken

before Virus Guard is installed.

It should also be borne in mind that users will generally install

software of this type within its own subdirectory. Under these

circumstances, GUARD.COM is likely to be amongst the last

files to be infected. Thus the fall-back self-test detection (if it

can be called that) will only occur after most of the files on

the disk have become infected.

Regarding load, execution and copying overhead (which was

not a problem under normal operating circumstances) it seems

that Virus Guard uses some method to analyse the files it is

checking internally. When presented with files other than

straightforward program code (e.g. executables packed with

dynamic decompression utilities such as DIET, LZEXE or

PKLITE), this analysis imposes noticeable overhead. With

Virus Guard running from the hard disk, copy overhead for

packed files was measured at an average of 120% - a figure

which rose to an average 1008% when Virus Guard was

invoked from a floppy drive.

No major problems were encountered with Windows 3

compatibility when operating in an uninfected environment.

However, in 386 enhanced mode, the machine froze when

Virus Guard checked virus infected files during multiple

Windows sessions.

Finally, Virus Guard behaved very well in the company of

commonly used TSR programs.

Virus Guard Version 1.3

Virus Guard is the latest addition to Dr. Solomon’s

Anti-Virus Toolkit (version 5.11).

The developer and vendor of the program is S&S

International, Berkley Court, Mill Street,

Berkhamstead, Hertfordshire HP2 4HB, UK.

Tel 0442 877877, Fax 0442 877882.

A review of Dr. Solomon’s Anti-Virus Toolkit ap-

peared in VB, June 1991, pp. 18-19.

signatures (from GUARD.DRV). This made the EMS version

less intrusive than the non-EMS version which had to refer

frequently to its disk-based signature file.

Overhead

The conventional memory-only version (Virus Guard) adds

approximately 25 percent to the time taken to copy ordinary

files or load and execute programs - this increases to approxi-

mately 1000 percent if Virus Guard is loaded from diskette.

I suspected that not all program loads were being checked -

this was confirmed by loading a DOS services ‘spy’ TSR

program before Virus Guard which was loaded from a floppy

diskette. From the results, I concluded that Virus Guard

checked less than half of all the programs I ran. It randomly

did not check every invocation of Xtree, The Norton Utilities,

the text editor used to prepare this review and the Windows

files WIN.COM and WIN386.EXE, among other programs.

Virus Alerts

When Virus Guard does detect a virus, a pop-up window

displays the name of the virus; this is accompanied by a

continuous wailing noise from the speaker. Pressing either of

the Control keys stops the alarm and restores the screen. The

screen message can be customised to suit user requirements -

this could provide the name and extension number of a

company’s technical support department, for example.

I tested the TSR in most screen modes, both graphical and

textual, up to and including VGA (640 x 480) and noticed no

nasty glitches. I did notice that on several occasions, Virus

Guard allowed DOS to retry the copy operation with the result

that the warning screen was redisplayed, requiring a second

(and sometimes, a third) press of the Control key.

TSR Compatibility

Virus Guard coexists well with Borland’s Sidekick - both the

popular original as well as later versions - and with the Simon

TSR text editor. The EMS version was less well behaved

when QEMM (v5.1) was used to provide the EMS services,

but I suspect that it was QEMM that was the guilty party as I

have noticed similar curious interactions concerning that

particular version of QEMM and other products. In Virus

Guard’s case, this manifested itself in a curiously high

number of false positive alarms - where there were none with

other EMS drivers - which suggests that Virus Guard’s

expanded memory block had become corrupt.

Conclusions

Overall, Virus Guard will prove an acceptable product for use

in low risk areas - that is to say, by non-networked users

running standard applications who do not use modems and

have limited exposure to ‘foreign’ diskettes. The main

Evaluation Hardware

An Apricot Qi 486-25-320. This is a 25 MHz 486 MCA PC fitted

with 16 MB of RAM and a 320 MB SCSI hard drive which was

partitioned into 10 logical drives. Part of the extended memory was

configured as a RAM disk thus providing drives A to M inclusive.