A discussion of antivirus software sounds more like it belongs in a doctor's surgery or hospital ward than in a computing environment. Just as personal hygiene is paramount with the increasing risk of infection, the number of viruses with the potential to corrupt systems is also increasing daily, along with the opportunity for infection through the use of online methods of communication. ARN's Durelle Fry took a look at the latest moves in the industry . . .
Macro viruses are the most common form of virus infection and both users and administrators are demanding multi-platform virus protection. Antivirus software is being developed with heuristic technology to search for new and existing viruses. These are "sanitised" before information can be passed on to the user or through the network.
Issues which discriminate one product from another include: the degree of protection from all forms of incoming viruses, the effect of the software on the speed of operation of the server, the degree of administration control, the use of multiple scan engines, the provision of a virus report to administrators, and whether updates are available, how often, and at what price.
A range of antivirus products has been included on the following pages to reveal the diversity of brands currently on the market and what they can do.
ViruSweep 97 version 1.0
This product from Quarterdeck is targeted primarily at Internet users in SOHOs and the home. Quarterdeck claims that ViruSweep protects against all virus carriers, e-mail attachments, downloaded files, floppy disks and "trojan horse" programs that may come attached to e-mail or downloaded.
ViruSweep is certified by the National Computer Security Association (NCSA), a US body which independently tests products against a large library of viruses, and is backed up by the Quarterdeck Antivirus Research Centre which identifies new viruses -- free updates are provided over the Internet for one year. Quarterdeck guarantees protection with ViruSweep and offers a money-back guarantee if it fails to detect a virus. (Perhaps this is small compensation!)ViruSweep's key features are: it comes with a virus handbook and descriptions of over 11,000 viruses; and it claims to stop all forms of viruses, including macro, stealth, polymorphic, and encrypting.
System requirements are an IBM PC or compatible (386DX or higher, 486 recommended). For DOS/Windows 3.1: MS/PC DOS version 5.0 or higher, 4MB RAM (580KB of free conventional memory is required). For Windows NT: 12MB RAM is required for Windows NT Workstation, and 16MB RAM is required for Windows NT Server.
Quarterdeck sees its major competitors as McAfee's VirusScan and Symantec's Norton AntiVirus.
The ESP of ViruSweep 97 version 1.0 is $69.95 plus a $10 rebate coupon.
Tel (02) 9545 4072
Fax (02) 9545 4069
Vet Anti-Virus Software
The two products from the Vet antivirus range, produced by Melbourne-based Cybec, are the NT Server and the NetWare Server. Both are said to auto- matically detect and clean conventional file viruses as well as macro viruses, which infect Word documents and Excel spreadsheets. The software also offers protection against Internet and e-mail-borne viruses.
The NT Server, designed for the systems administrator, allows an e-mail to be sent to the administrator when a virus attack occurs anywhere on the network.
Other features include efficient use of the server resources and the ability to preset multiple virus checks at times of low server use such as overnight or weekends. Vet NT Server is suitable for NT Server 3.51 and 4.0.
Vet NetWare Server is a Novell NetWare-loadable module. It offers three modes of operation: a periodic scanner for pre-scheduled virus checks; an "on demand" scanner which can be initiated any time a virus is suspected; and automatic or "on access" checking so users are protected without having to run the software. Cybec claims each option is highly configurable, giving the administrator the flexibility to set it up according to their conditions and system. Vet NetWare Server is suitable for Novell NetWare3.x and 4.x.
Both products receive free local support via phone and e-mail for one year from registration.
Features of Vet NT Server and Vet NetWare Server are: they are highly configurable; a scheduler enables pre-set virus checks on chosen drives and systems (on NT Server); a periodic scanner enables pre-set virus checks on chosen drives and systems (on NetWare Server, automatic protection is provided via virtual device drivers; the software allows virus checking at low-traffic times; on-demand scanning may be initiated at any time; a centralised reporting feature enables tracking of virus incidents; and infected files are automatically cleaned.
Vet NetWare Server has been certified by NCSA, and both products are year 2000-compliant.
The Vet NT Server and Vet NetWare Server are both sold at an RRP of $595 which includes the 12-month licence for unlimited technical support and free cross grades.
Vet Anti-Virus Software
Tel 1300 364 750
Fax (02) 9807 7577
Secure Anti-Virus Systems
This product for DOS, Windows 3.1x and Windows 95 has been described by Secure Antivirus Systems as an antivirus utility toolkit. Its detection techniques include heuristic and decryption engines to detect new and unknown viruses, while dealing with boot sector, MBR, file, encrypted, polymorphic, stealth, macro and "all other types of viruses".
The user can set protection levels to suit their needs, and regular updates are received free of charge from the company's Internet sites and support bulletin boards.
The user requires a 3.5in floppy diskette drive and 2MB of available disk space.
The RRP of ThunderByte Antivirus is $99.
AVP (AntiViral Toolkit Pro). Used worldwide by education, government and commercial institutions, as well as corporate and home users, this software is Russian in origin and is now available in Australia. It was rated as the world's number one antivirus program by Hamburg University's Virus Test Centre in 1994 and 1995, and by Virus Bulletin in 1995 and 1996. According to Rod Fewster, managing director of Secure Antivirus Systems, AVP beat every major scanner in the world by a substantial margin in Secure Computing's full collection test on over 10,000 live viruses. Fewster claims that AVP detected over 100 more viruses than the number two scanner.
AVP operates on DOS, Windows 3.x, Windows 95 and NT, and Novell Netware.
The RRP of AVP is $55 for a single PC, with site licences from $150 and an educational licence (unlimited PCs) for $950.
Secure Antivirus Systems
Tel (07) 3204 5000
Fax (07) 3886 0500
Dr Solomon's Anti-Virus Toolkit for Windows NT (workstation and server)Aimed at both personal and corporate computer users, this product is made up of three main programs.
The first is FindVirus, an on-demand scanner that detects, identifies and safely repairs viruses in files, and partition and boot sectors. The generic decryption engine (GDE) is said to find and repair complex encrypted and polymorphic viruses.
FindVirus scans recursively inside compressed and archived files. It supports most widely used compression formats, including LZExe, LZH, DIET and CryptCom. Formats are constantly being added.
An advanced heuristic analyser looks for a virus-like code to detect unknown viruses.
The second program is ViVerify which finds viruses, including new and undiscovered ones, by scanning for changes made in executable code.
ViVerify creates a fingerprint database for all of the user's programs, and warns of any suspicious changes. The program offers a user-defined level of checksumming -- from a simple file- size check to a complete DES algorithm.
The third program is the Scheduler, which allows the user to schedule programs so that FindVirus and ViVerify can be run without user intervention. Scheduler runs checks constantly according to the convenience of the user.
The RRP of Dr Solomon's Antivirus-Toolkit for Windows is $175.
Dr Solomon's Software Australasia
Tel (02) 9959 1961
Fax (02) 9959 1986
VirusBUSTER, distributed throughout Australia and New Zealand by Manaccom, is an Australian product which was first released in 1988, and is now sold worldwide. It is designed to alert the user to any virus infection (whether new or known) as soon as possible and to provide a means of removing the virus and restoring the program to its pre-infected state.
Operating on Windows 95 and NT, these are the features of VirusBUSTER:
A "hand crafted" 32-bit assembler search engine for pattern matching speedProprietary matrix algorithm scans for "thousands of virus patterns in a single pass"Viruses are detected as soon as they enter disks and systems, before any damage can be done or the virus is passed onA macro VirusBUSTER module which detects and removes all macro viruses, including new ones, from Internet documents before they can infect the user's documents and PCs. An automatic option is availableLess than five minutes of installation timeThorough checking of every file access, every Internet transfer and every diskette accessVirusBUSTER incorporates e-mail and network virus incident notifications, allowing administrators to be informed about viruses on remote PCs before their usersIn addition to the standard scanning techniques for macro viruses, VirusBUSTER includes add-in programs to provide online protection from macro viruses.
The RRP of VirusBUSTER is $79.
Manaccom Pty Ltd
Tel (07) 3870 4900
Fax (07) 3870 9440
InocuLAN from Cheyenne is aimed at all business users from small businesses to large enterprises, and is intended to operate across a network. The software runs on NetWare and Windows NT server.
Behind the development of this product is Cheyenne's belief that users must scan every device on the LAN full-time for viruses, as this is the only way to create an effective antivirus strategy. The company believes scanning should take place full-time on the desktop, server, messaging system and the Internet connection.
InocuLAN for the desktop is free to purchasers of Cheyenne's server product for Windows 95, NT, 3.1, DOS and Mac OS. The software is free and is available for download from www.projectmedia.com.au/clients/cheyenneInocuLAN for the server is available for Windows NT and NetWare. The software quarantines infected desktops from the rest of the network and creates a single antivirus console from where other servers' InocuLAN installations can be administered. Floppy disks are scanned in real time when accessed and a "virus wall" prevents infected files over-writing clean versions of the same file. Compressed files can be scanned and logging features make it possible to see exactly where viruses infect a network.
InocuLAN for the messaging server is in the form of antivirus agents for Notes, Exchange and GroupWise. These agents are aware of the unique file types and directory structures of each of the groupware suites. The software scans every incoming and outgoing message for viruses at the client and the server (even in file attachments) to prevent virus penetration by e-mail, and to ensure the integrity of the messaging server.
InocuLAN for the Internet operates via Cheyenne's free Browser Helpers which scan all incoming http and ftp traffic full-time, and can inspect .exe and .zip files for viruses as they are downloaded.
To ensure that backups of critical data are not infected by viruses, Cheyenne offers Protection Suites for Lotus Notes and Microsoft's Exchange and Internet Information Servers.
The ESP of InocuLAN starts at $1395 for a single server version for Windows NT or NetWare.
Tel (02) 9937 0800
Fax (02)9937 0822
Trend Micro Antivirus Products
Trend Micro Incorporated is a developer of server-based virus protection, with products designed for file servers, Internet and intranet gateways, and e-mail servers. The company's emphasis is on making security products that are robust but convenient to use.
There are six products in Trend Micro's current antivirus range:
InterScan VirusWall. InterScan protects the user's internal LAN from e-mail and Internet-borne viruses by scanning e-mail, downloads and uploads from web sites, and ftp file transfers including compressed and encoded formats. Central management and flexible options aim to give the administrator total control.
InterScan Virus Wall for 100 users is $3295 RRP.
E-Mail VirusWall. Using technology similar to that produced in InterScan VirusWall, E-Mail VirusWall detects and eliminates e-mail- borne viruses on the Internet.
The RRP of E-Mail VirusWall is $2307 for the e-mail module alone, for 100 users.
InterScan WebProtect for Microsoft Proxy Server. This product is an integrated extension of Microsoft Internet Information Server and Microsoft Proxy Server which provides protection from virus infected files, files not signed with Authenticode technology (ActiveX controls, Java applets, and Win32 executables and CABinet files), and Java applets.
ScanMail for cc:Mail, Lotus Notes and Microsoft Exchange. ScanMail eliminates viruses attached to mail messages. The RRP of ScanMail for 100 users for any e-mail platform is $2587.
ServerProtect for Windows NT and NetWare Servers. Trend Micro believes the most advanced virus technologies prevent viruses from propagating and spreading, while keeping the network overhead to a minimum and reducing management effort.
ServerProtect comes in two packages; one with a with a single server licence at RRP $1295, and the other with a five-server licence at RRP $4795.
PC-cillin 97. PC-cillin 97 is a workstation-based antivirus solution that scans files as they come in from the network. The product's Smart Monitor guards "every possible" virus entry point.
The RRP of PC-cillin 97 is $89.95.
Trend Micro Incorporated
Tel (02) 9959 1970
Fax (02) 9959 1016
F-Secure Antivirus from Data Fellows is distributed by Open Systems in Australia. It has been described by Data Fellows as: "The first line of antivirus software to combine multiple virus scanning engines into a single framework." The pro-cess, named F-Secure Antivirus CounterSign "is a revolutionary departure from traditional antivirus utilities". The idea behind the process is "what one virus scanner will miss, another will find".
Data Fellows argues the CounterSign technology allows seamless integration of the capabilities of different antivirus technologies, as well as several scanning engines to be plugged in side-by-side to achieve maximum current and future protection against virus threats.
The three products in the F-Secure Antivirus product family are:
F-Secure Antivirus for Workstations, available for DOS, Windows 3.1, Windows 95, NT Workstation and OS/2F-Secure Antivirus for Servers, available for NT Server, Novell NetWare and OS/2F-Secure Antivirus for Gateways, which is split into Antivirus Mail Gateway and Antivirus for Firewalls.
The Data Fellows family of anti-virus products is two-tiered, is aimed at the corporate market and comes with network management and centralised distribution features such as:
Automatically installs desktop versions to multi-platform environments from a single workstationSends updates to users with a single mouse clickReceives reports from workstations when a virus is foundReceives copies of infected files from workstations automaticallyReceives copies of suspicious files from workstations automaticallyMandates workstations to perform a scan from a central location.
An additional feature of Data Fellows antivirus solutions is the Data Fellows Web Club which delivers instant product and virus signature updates via the Internet.
Future versions of the F-Secure Antivirus framework will use heuristic analysis to detect previously unknown viruses.
The RRP of the F-Secure Antivirus for workstations (Windows 95, Windows 3.1, Windows NT, OS/2 and DOS) is $94 for a single copy and volume discounts apply.
Tel (02) 6261 4900
Fax (02) 6257 9800
Symantec Norton Antivirus (NAV) Gold Edition Version 4.0Offering automatic and comprehensive virus protection for Windows 95, Windows NT, Windows 3.1, and DOS workstations, NAV Gold 4.0 protects entry points such as shared floppy disks, the Internet, e-mail attachments and networks. The product also incorporates Norton Safe on the Web.
Users are provided with protection and repair of in-the-wild viruses, as well as unknown viruses through Symantec's heuristic technology -- the Bloodhound system. This system detects unknown or new viruses and enables the user to repair the infected file immediately.
Nav Gold 4.0 also features LiveUpdate which keeps users up-to-date with the latest virus definitions and can be scheduled in advance. The updates continue for the life of the product and are free of charge, automatically delivered and fully tested. The product introduces a new e-mail feature for LiveUpdate.
Advanced Internet security and encryption technology is provided with Norton Safe on the Web and Norton Secret Stuff. Norton Safe on the Web denies access to all protected files and to all uncertified programs.
The product also includes Repair Wizard which simplifies system cleanup after a virus infection. This feature walks the user through the step-by-step cleanup of an infection and removes viruses automatically without damaging files.
NAV Gold 4.0 is backed by the Symantec AntiVirus Research Centre (SARC) in Sydney.
The RRP of the Norton AntiVirus Gold edition including Norton AntiVirus 4.0 is $99. Norton AntiVirus 3.0 for Windows 3.1 and DOS, Norton AntiVirus 2.0 for Windows 95, and Norton AntiVirus for Windows NT are sold separately for an RRP of $89.
Norton AntiVirus for Lotus Notes. Just released by Symantec Australia and New Zealand, this product works in real time to scan, detect and repair viruses found in Notes databases, and mail file attachments including pervasive macro viruses in Word and Excel documents. NAV for Lotus Notes includes Symantec's heuristic Bloodhound technology to detect and repair unknown viruses automatically.
A feature of NAV for Lotus Notes is a quarantine database. The database holds notes or messages whose attachments cannot be repaired or contain suspect components, so that infectious documents are isolated and cannot spread to other files.
NAV for Lotus Notes runs on all Notes 4.5 servers using Windows NT 3.51 or 4.0.
The RRP is $1195 per server for 25 users. Site licences are also available.
Tel (02) 9850 1104
Fax (02)9850 1001
Norman Virus Control
A new version of Norman Data Defense Systems' Norman Virus Control (NVC) version 4.35 is being released to the Australian market this week. The new version is a bug upgrade.
NVC is aimed at the education, government and corporate markets as well as the home user. Of interest in Norman Data's product is the way the company approaches the cleaning of macro viruses. April Weiss, PR consultant for Norman Data, told ARN that initially NVC, upon finding a virus in a macro, would remove all macros in the document or spreadsheet. Now NVC only removes the infected macros and leaves the rest alone.
New to the product is a real-time scanner for NT servers. This service continues to run even when the administrator logs out from the server console.
Features of the multi-platform NVC software include the patented Smart Behaviour Blocker; heuristic scanning and generic removal; Cat's Claw macro virus protection; a rescue disk; and a boot area protector.
The Smart Behaviour Blocker uses high- speed artificial intelligence to continuously examine the behaviour of any executed program.
Cat's Claw constantly monitors all documents that are likely to contain a macro virus, including e-mail attachments, and automatically detects and removes any virus as the document is opened.
Versions of NVC are available for single or networked users of DOS/Windows, Windows 95, Windows NT, OS/2 and Novell Netware. The RRP of Norman Virus Control is $99.
Norman Data Defense Systems
Tel (03) 9558 9011
Fax (03) 9558 9144
VirusScan, by Network Associates (formerly McAfee Associates), uses an array of scanning features to keep systems virus-free. It scans all system areas including local and network drives, CD-ROMS, floppies, boot sectors, file allocation and partition tables, folders, files and compressed files to detect and remove viruses without damaging data.
VirusScan is a component of Network Associates' VirusScan Security Suite, a robust suite of products that offers complete desktop protection by eradicating viruses; blocking destructive Java and ActiveX applets; preventing system and application crashes; encrypting sensitive data; backing up important files and automatically pushing new virus signature files; and diagnostic updates to users.
The RRP of VirusScan is $69.95 and the VirusScan Security Suite is $99.95.
Tel (02) 9437 5866
Fax (02) 9439 5166
Receive no evil
Integralis Asia-Pacific has released a content security product called MIMEsweeper. The product scans e-mail for profanity, sexism and racism to prevent the likelihood of legal action arising from internal or external e-mail that may be sexist, racist or defamatory. According to Integralis, legal opinion in Australia indicates companies that take steps to try and prevent offending e-mail may fare better in the courts than companies without e-mail policies. Integralis believes "this makes content security an important add-on to any corporate antivirus and security policy".
Integralis Asia Pacific
Tel (02) 9413 1444
Fax 02 9411 3025