Date: Wed, 30 Aug 1995 00:53:37 EST From: "Rob Slade, the doting grandpa of Ryan Hoff" Subject: Integrity Master (DOS) PCIM.RVW 950826 Comparison Review Company and product: Company: Stiller Research Address: 2625 Ridgeway St., Tallahassee, FL 32310-5169 Phone: +1-904-575-0920 Fax: +1-904-575-7884 Email: 74777.3004@compuserve.com Other: http://delta.com/stiller/stiller.htm Product: Integrity Master change detection software Summary: Change detection program with built in signature scanner Cost: U$32.50, licensing available Rating (1-4, 1 = poor, 4 = very good) "Friendliness" Installation 3 Ease of use 3 Help systems 4 Compatibility 3 Company Stability 3 Support 3 Documentation 4 Hardware required 4 Performance 3 Availability 2 Local Support 2 General Description: IM is a change detection program with built in scanner. SETUPIM is an installation and tutorial program. (A Windows installation program is included which will set up a program group for commonly used functions.) Also included are a file viewer, printer scheduler and utilities to check the efficacy of the system. Comparison of features and specifications User Friendliness Installation Integrity Master is sold directly from Stiller Research and agents. A fully functional version is distributed as shareware, and Stiller Research is a member of the Association of Shareware Professionals. The shareware distribution archives for Integrity Master are full of files, a large number of which relate primarily to the distribution and description of the program. The number of files is somewhat daunting, as is the size of the README.DOC file. The file does, however, start with the suggestion that the novice simply run the SETUPIM program, and this is worthwhile advice to follow. I received also a version on disk from the developer on a 1.44M unwritable diskette. If a shareware author can do this, there is no excuse for the commercial operations. Calling SETUPIM an installation program is misleading. It is less than an installation program -- and much, much more. For the novice user, SETUPIM has some of the most "user-friendly" features of any product yet reviewed. It certainly has the best explanations of the antiviral process and the options for security of any installation program. Although the program and system, overall, is well designed and has advanced in respect of virus detection technology I was quite surprised to note that the installation procedure has not fixed some earlier bugs. While there is provision for installation to a drive other than C:, there is no option to change the default installation directory. The programs (both IM and SETUPIM) have a command line switch that "forces" monochrome mode with a monochrome monitor on a "colour" adapter. This is important, since some of the menu "highlighting" is invisible on a monochrome monitor. The programs *can* change to monochrome in "mid-session", so it should not be difficult to add a short "screen test" for the completely novice user, rather than making them use the command line option. (This applies only to SETUPIM: a proper installation will tell IM which video mode to use.) (If IM is invoked before SETUPIM is run to create the parameter file, IM will refuse to run. Three options are presented, including "Abort" which is described, with an unusual lack of clarity, as "Quit and return".) The SETUPIM program prepares a parameter file for use by IM (which sets up the various options for running the integrity checks), and produces a suggested procedure for completing the installation, but it does not actually do the copying and placement of files, or the invocation of the initial "signature" calculations. While readily admitting the value of having a "cold boot" before this is done, it should be possible to do some more of this for the novice user before turning him loose with a (softcopy) instruction set. Alternately, the installation program could strongly suggest that a "cold boot" and other security measures are desirable, but offer to proceed with installation if the user desired, on the clear understanding that this is "second best". (This approach is taken with some of the options during the setup.) This is not to say that the instructions in the IMPROC.TXT (the suggested installation procedure document file produced by SETUPIM) are in any way inadequate. The instructions are clear and straightforward. The file is displayed to the user at the end of the SETUPIM part of the installation process, and the user is given the command to invoke the IMVIEW file viewer in order to review the file later, or the IMPRINT batch file in order to print it in hardcopy. (The IMPROC.TXT is unclear at one point, the one where almost everyone seems to fall down. The document contains the injunction to "cold boot" the computer, and it is probably not clear to the novice user that this does not mean to do it "right now".) The SETUPIM program also contains a tutorial. Both the operation of the program, and the conceptual aspects of virus protection, data loss and security measures are covered. This is extremely useful, and the only problem I have with it is to wish that some more of the material from the documentation could be included. The installation procedure does not address installation of IM in the AUTOEXEC.BAT file, although use of scheduling software is mentioned in places. The installation process does, however, suggest the preparation of a bootable disk with IM files on it for recovery purposes. If the installation process is interrupted, a screen message suggests the option of installing via the Windows program, IMWIN. While this does set up a Windows program group, one of the items in the group must then be chosen in order to complete installation. Ease of use The screens, menus and options are well laid out, and labels are well chosen with a view to clarity of meaning. The SETUPIM program is amazingly well designed with the novice user in mind. At a couple of points during installation the user can be left staring at a screen and possibly wondering if he did something wrong. (The amount of time this takes, however, varies widely depending upon the speed of the machine.) The program noted that there was no boot sector on my boot drive since it reads the sector with an interrupt which conflicts with LANtastic server software. At times, the program is stepped (or "timed") through a sequence which begins to suggest the possibility of an infinite loop. (The "timed" stepping is probably a good idea here; some users may give up before it reaches the conclusion.) The tutorial, at certain points, requests specific keystrokes but accepts anything, not a pedagogically sound design. Some minor keystroke "trapping" and a "please press the arrow key, you can practice later" message would improve it. The GUI, windows and menus are here used as they are meant to be in order to make the program useful and quick to operate. Not only is the label and option wording well chosen, but each item, as it is selected, pops out a window with extra explanation about what it does. Often the window will contain a brief, but clear, discussion of the pros and cons of using this particular option. Help systems Help is only partially context sensitive. The help key, however, brings up options for help with the operation of the program, the screen display, or a help index. (If the index is chosen, the currently "open" menu is "selected".) However, the explanatory "window" beside each selected item seems to largely obviate the need for any kind of help system. (On items where the explanation could be confusing, for example the "Files to iNitialize" options, the help index is of little assistance, and one would need recourse to the manual. The index is, however, very extensive, even covering what the AUTOEXEC.BAT file is, although with less detail than a novice would need in order to automate checking.) Compatibility The documentation notes possible problems with file locking under LANs, Windows and OS/2. Potential problems with LANs are noted and recommendations are made for specific operating systems. Company Stability Both the change detection and scanner components of the product are mature and stable. The scanner, although the secondary part of the package, ranks quite well in scanner tests, and has been consistently maintained over the years. Company Support Support is available via fax, phone and email as well as through a pay-per-call third party number. Registered users may call direct for support, and it is available through at least two BBSes. (Note that ASG, the pay-per-callnumber, is completely independent of Stiller Research. Stiller Research does not receive any of the charges for support provided through ASG.) Documentation Integrity Master's documentation is a massive text file, which begins with a section intriguingly titled "Don't Read This". This is, in fact, a suggestion to novice users that they skip the first section, on the workings of I-M, and just use the installation program. It also suggests that they *do* read the second section, which is a general treatment of viral programs and the various other types of data disasters which commonly occur. The documentation as a whole has a "technical" flavour, but is clear and unambiguous. The intermediate user should have no problem with the first section, but might be well advised to read section two first, in order to have a clear grasp of the reasons for the various options IM offers. Section two's overview of viral programs and other risks to data contains excellent information. It could form the basis of a very useful primer on data integrity as a whole. Hardware Requirements A minimum of 260K memory and DOS 2.x or higher is required. Refreshingly, a hard disk is not. It appears that IM can be installed on any disk that has room for the programs and files. In fact, IM can be installed on a hard disk, and then the IM.EXE and IM.PRM files copied to a floppy and used anywhere. IM does not "demand" the presence of the equipment it was originally installed on. Performance Installation and calculation of signatures for the full hard disk was faster than for other tested change detectors. IM states that its "quick check" looks only for changes to the file date and size. It is likely that the "turbo" mode of other change detectors do the same, without being as honest about it. (With all the information presented onscreen each time an option is selected, it is remarkable that IM is extremely responsive.) The storage of "signatures" is a matter of much debate. IM stores them in each directory checked. There is, however, provision for storage of the signature files on an "offline" diskette, which adds a security factor. IM's virus scanning picked up all common viral programs tested against it, and a good many that were less so. Some new viri were detected on the basis of similarity to known code. Local Support None provided. Support Requirements As with any change detection program, assignment of causes to different types of alterations may be problematic. However, the program itself should provide ample explanation to any reasonably intelligent person, regardless of the level of "computer" background. The integrated virus scanner should be of great assistance with identifying the most commonly seen viral programs. General Notes Recommended as the change detection component of virus detection or protection for all levels of computer users. copyright Robert M. Slade, 1992, 1995 PCIM.RVW 950826 ====================== ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733 RSlade@cyberstore.ca Frequent advice to Internet newcomers: State your business, avoid eye contact, leave quietly, and no one gets hurt. Author "Robert Slade's Guide to Computer Viruses" 0-387-94311-0/3-540-94311-0