EddyHawk's Info List
---
Anti Virus
---
-AVAST!
By: ALWIL Software
Year: 1992 - 2001
V7.70 [2001]
Adv.:
external shell (sortof), TSR virscan & mem/file protor,
chksummer & BS saver/restorer
can add own signatures
scanner can show short info about found virus
can scan inside presed x (atleast PkLite and Diet)
checksummer can check changed files for virs and clean append/prepend/
not-crypt-host virs
Disadv:
no heur
slow signature update
updating = downloads the whole big signature file
big, slow & not unloadable TSR scanner and file protor
fixed chksummer's database name/place (in root directory)
BS util can replace BS on floppy with a new one but it only shows
"Don't leave floppies into diskdrive" message and also destroyed the
bootup code (generated with 'sys a:')
shareware
can't scan archives
doc in PDF format and must be downloaded separately
-AVP (Anti Virus Pro)
by: Eugene Kaspersky / Kaspersky Lab / Central Command (Russia)
variant: Kaspersky Anti Virus V3.5.133.0 [2000/2001]
adv:
almost daily signature file updates, regularly every week an update is
compiled which includes all updates that week, after about 3-4 months
one big update which holds all others is provided
external shell
supports many x presor/protor
can scan inside archives
many options
disadv: rather big
DOS
ZRDX + wc/le
DOS Lite V3.0 b134 [2000]
prog x is x-presed with Diet
last? lite ver
not fully compatible with latest updates
JMT: add even not-yet-known virus
Thomas Monkemeier: high-precision detection
-CPAV (Central Point Anti Virus)
by: Central Point Software
year: 1992?
note:
signature only?
part of PCTools
-Flu Shot
note: old avir
-F-Prot
by: Fridrik Skulason, Vesselin Bontchev/Frisk Software (Iceland)
variant: FSTOPW95
adv:
free for non-commercial use
base price = $1/year
disadv: for updating the whole signature file has to be downloaded
V2.28 [1997]
last 16bit ver
built-in virs encyclopedia
EdH: good doc!
possibility to add own signatures
includes resident scanner
V3.x
CWDX
slower than V2.x
smaller & good heur set
F-Macro's built in
no more vir encyclopedia :(
V3.07
V3.08c [Jan 2001]
V3.09 [Apr 2001]
Adv:
supports many x-presors
the most accurate naming of viruses
built-in shell
Disadv: unregular updates
Note:
the last to have a Win version
since 3.08a SIGN2.DEF is incompatible with ver. 3.08 and earlier so update
archives include a special SIGN2.308 file for previous versions
CyR: the best there is
-F-Macro
By: Fridrik Skulason, Vesselin Bontchev/Frisk Software (Iceland)
Year: 1996-1998
V3.1
Adv: only for macro virs
Disadv: DOS ver is merged into F-Prot
-Doctor Solomon's FindVirus
By: Dr. Solomon Software
V7.82(?)
Adv:
quite fast
few false positives
included both 16 and 32 bit (used DOS/4G) versions
supported some executable compressors and archive formats
Disadv:
shareware
"merged" into McAfee SCAN (a.k.a. discontinued)
rather large
Note:
part of DSAV (Dr. Solomon's Anti-Virus Toolkit)
didn't detect that I had a 386 :(
-McAfee VirusScan (VirScan)
by: John McAfee/McAfee/Network Associates
Year: 1992-2001
variant: for Win32, Unix
V3+
no more vir.dat update for V3.x on 15 Dec 1999
V3.15
V3.2.2 (ScanPM) [17 Dec 1998]
WC/LE executable
V4+
vir.dat can't be used by V3.x (not compatible)
presed/crypted vir.dat
much slower than V3.x
heur
integrity executable check
V4.14.0 for DOS/PM [Jan 2001]
-McAfee VirusShield (VSHIELD)
by: John McAfee/McAfee/Network Associates
Year: 1994-1998
type: TSR, 32kb upper mem, 77kb XMS, 320kb basemem
V3.2.0 [1998]
no longer updated
VSHEML.EXE: polymorphic.vir.emulator
-PC-Cillin
by: Trend Micro Device
-NAV (Norton Anti Virus)
by: Peter Norton/Symantec
-TBAV (ThunderByte Anti-Virus)
By: Thunderbyte B.V. or ESaSS B.V.
Year: 1989-1998
Type: anti-virus toolkit
Desc:
utils to prevent, detect and recover from a virus
attack: runtime scanner, TSR scanner, chksummer, TSR chksum checker,
(disk/mem/file) protor, heur.cleaner, UI, wiper, save/restore MBR/BS/CMOS
and self-check BS/MBR maker
V8.09 [1998]
Adv:
generic TSRs (except the scanner) -> usable even today
world 1st heur.cleaner (?)
CyR: the best doc
scanner explains why a file triggered alarm
TSR scanner can use XMS or EMS
prot against tunneling and ANSI bombs by 'TSRs driver'
can log everything
nice heuristics
BS prot in MBR code which CRC-checking BS
the same code on floppies allows user to boot from HD if no system on
the FD
possible to set which prog can go TSR/modify executables/write to
disk/etc.
Disadv:
I've yet to see it find a Win virus
the TSR scanner doesn't find many viruses by copying (although it finds
them if the infected file is being executed)
cleaner doesn't allow wildcards
not possible to scan and repair at once (but is possible through Inter
Engineering's TBMClean utility which runs cleaner automaticly)
shareware
nag screens
development has ended
Alt: InVircible AV, V-Buster
-VSP (VirScan Plus)
by: Ralph Roth aka ROSE/ROSE SWE (Germany)
V12.50 [Mar 2001]
Adv:
quite fast
many options
can search for mutated/hacked versions of viruses
includes additional utilities like (MBR & BS) cleaner and resident
answerer for virs' "Am I There?" calls
a lot of docs
heur mem scan
Disadv:
in German
if all heurs are enabled then many false positives
shareware
unregular updates
Note: meant for German market
-RHBVS (ROSE's Heuristic Based Virus Scanner)
By: Ralph Roth aka ROSE/ROSE SWE (Germany)
V3.41.1 [17 Feb 2001]
Adv:
heur-based scan
includes a smart file renamer
can explain why file triggered alarm
free
can search for companion viruses
Disadv: no BS/MBR scanning
-F_mIRC
By: Ralph Roth aka ROSE/ROSE SWE (Germany)
V2.11 [11 Mar 2001]
Adv:
for scripts (BAT, VBS, INI, JS, HTML, WBT, CS)
heur
dos/win32 dual-bound-executable (both DOS and Win32 versions in one file) and Linux version
free
-MemScan
By: Ralph Roth aka ROSE/ROSE SWE (Germany)
V6.0.6 [04 Jan 2001]
Adv:
free
(fast & heur) mem scan & MBR/BS/interrupt checker
Disadv: for memory only
-MR2S (Mr. DoubleScan a.k.a. MarxRoth TwoScanner)
By: Ralph Roth aka ROSE/ROSE SWE & GEGA Software
V1.15.01 [18 Feb 2001]
Adv: free
Disadv:
rather slow
logging all scanned files
scanning uses 3 different EXEs
prog's dir must be current (can't be exec-ed via PATH)
Note: includes code from both companies' AV products
-ChkMem
by: martinko aka Martin Otto (slovakia)
year: 1997-1998
v0.5 [Feb 1998]
adv:
heur -> no database -> no need to update
detect heavy polymorphic & stealth virs
fast & small
beerware
disadv:
no database -> can't clean vir
only detect resident.vir
note: prog x is crypted & self-checking
-ChkVir
by: A. Bogdanow/PTS
year: 1991-1992
V8.20 [Dec 1992]
adv:
don't bother user when he formats floppy, copy COM file or compile a file
possess keyboard control
can't be tricked by real int21h vector
note: part of PTSDOS
-MSAV (MicroSoft Anti-Virus)
By: CPS (Central Point Software)
Year: 1992-1993
Adv:
can generate checksums
a special low-level verification technique for stealth viruses
Disadv: signature only
Note: part of MS-DOS 6.x (licensed to Microsoft)
-VSafe
By: CPS (Central Point Software)
Year: 1991-1993
Type: TSR, 7kb memory, 64kB (E/X)MS
Adv:
hotkey to bring up options screen
prot for modification of executables and bootsector, low
level format, residency
Disadv: can't specify which files are allowed to do those things
Note: part of MS-DOS 6.x (licenced to Microsoft)
-AIDSTEST
By: DialogueScience (Russia)
Disadv:
shareware
cmdline driven
discontinued
-Dr.Web for DOS/32 (DrWeb)
By: ID Anti-Virus Lab & DialogueScience (Russia)
V4.19(?): 16bit program with built-in shell
V4.20(?): 32bit version (uses CauseWay extender)
V4.23 [5 Mar 2001]
Adv:
quite fast
supports several x-presors
good heur
frequent new vers
Disadv:
unregular updates
shareware
unregged ver can't disinfect
cmdline driven
Note: successor of AIDSTEST
-NOD32 (NOD Anti-Virus System for DOS)
By: ESET, LCC
V1.75
Adv:
built-in shell
frequent new vers
Disadv:
shareware
trial ver number is often behind the official number
(not every new ver is put out for trial)
32bit (uses CauseWay extender)
---
MISC
---
1 Dec 1997, McAfee merged with other companies to form Network Associates
McAfee/VirusScan/V3.15+/DAT/readme.txt: 300 new viruses are produced
each month