|IBM AntiVirus Version 2.5||- by George Penzenik|
The review of this product was conducted on an MCC EISA VL-BUS 486/DX2, upgraded to an Intel 83Mhz Pentium Overdrive. System Memory is 32 Megs. The video adapter is a TSENG ET4000 with 1 Megs VRAM. DTC 3290 SCSI host Adapter BIOS Rev. 3.2, attached is a 1.0 Gig Fujitsu and a 2.2 Gig SeaGate hard drives, partitioned as follows:
|Size||Operating System||File System
|Drive 1||C: 500 Meg||Windows 95||FAT
|D: 500 Meg||OS/2 Warp Connect||HPFS
|Drive 2||E: 1.0 Gig||Windows NT 4.0||NTFS
|F: 1.2 Gig||none||HPFS|
Additional peripherals are Sound Blaster CD 16, and Madge Smart 16/4 EISA Ringnode.
Operating System Software
The operating system for this test was Warp Connect (Blue) with Fix Pack 17 applied. Additionally the system runs the OS/2 Requester for Netware version 2.11. Workplace shell add-ons are Xit 2.1 and Siegfried Hanisch's ScreenSaver 2.0.
What is in the box?
IBM AntiVirus (GIF, 4.6K), to say the least, has the most extensive platform coverage available today. If you run more than one OS this is the package to get. IBM AntiVirus Desktop Edition includes IBM AntiVirus for DOS and Windows, IBM AntiVirus for OS/2, and IBM AntiVirus for Windows 95. They are provided on three sets of installation diskettes. IBM AntiVirus also includes IBM AntiVirus for Windows NT and IBM AntiVirus for Netware, which are distributed with IBM AntiVirus Enterprise Edition. IBM AntiVirus is also available on CD-ROM.
What is new in this addition?
Protection from macro viruses has been improved. The Concept virus, currently one of the most prevalent in the world, can now be verified and disinfected extremely reliably, and is shielded on all platforms. The macro viruses Boom, LBYNJ, and Wazzu are detected and shielded. Verification and disinfection have been added for the Majo-1644 Werewolf-1500B and Tentacle virus. The System Shield has been enhanced to find viruses before they infect your system. This was done by extending the "Check files when opened" function to "Check files when accessed." Files are now scanned for common viruses when they are created, modified or read on your system. Protection from new macro viruses will be available as part of our regular virus signature file updates, published on the WWW.
An Uninstall program is now included. Why you would want such a feature for AntiVirus software, is beyond me, however it does work well. One note of warning, if you put the AntiVirus program on the Launch Pad and then run the uninstall program, you will get one of those cute little green question mark objects.
Installing IBM AntiVirus
Installing IBM AntiVirus is straightforward. By default, the System Shield will be loaded in DOS sessions, and automated checking will be done weekly. If you do have a previous release of IBM AntiVirus installed, then your current settings will be kept and your PC will be upgraded to this release. You may change any of the settings (GIF, 13.4K) during installation by choosing "Custom" installation, or at any time afterwards by launching the IBM AntiVirus program and selecting "Setup" from the menu. If you frequently access programs or documents via a network, you should enable the "Check files when accessed" function of the System Shield. The software does a complete system scan after the installation. On the test machine the software found 4763 objects to scan and completed the scan in just under 14 minutes. You also have the option to do a system scan without installing the software.
Updating Virus Signatures
The most important feature of any AntiVirus program is the ability to keep it current. The little dweebs that write viruses put in lots of late hours trying to make your life miserable. (If you ever want to check out one of these losers home page, just do a search with almost any Web search engine on the keyword "virii." You will see lots of disclaimers that these files are for research purposes only.)
Fortunately for you and me, the people at IBM put in lots of late hours too, keeping up to date on what these little goons are doing, continually collecting and analyzing new viruses, and periodically publishing new virus signature files for IBM AntiVirus on the Internet. To ensure that your PC is protected against newer viruses, you should obtain these files and update IBM AntiVirus with them.
The IBM AntiVirus has a "nice" nag feature and reminds you if your signature files are out of date.
So, tell me how does it work really?
In a nutshell, pretty darn well. Over the years as a network administrator, I have taken a few viruses prisoner. Since I found these in "the wild" I used them for my "live" testing. The FORM virus is probably the most common boot sector virus in the wild. When a floppy disk that is infected with a boot sector virus is accessed, IBM AntiVirus pops up a warning message that the disk is infected. The software will not stop you from doing anything but it gets its message across loud and clear that you are doing something very bad.
I tried to leave the disk in the A: drive and do a shutdown so I could reboot and attempt to infect the system with the FORM virus and the "Scan Diskette on Shutdown" worked like a champ. In order to infect the system with the FORM virus I had to shutdown the system without the disk in drive A: and then insert the disk and reboot. The system attempted to boot from A: but because it was not a system disk I got the "non-system disk" error. I removed the floppy and hit the reset button. When my desktop came back I was greeted by a message that said the C: drive was infected with the FORM virus. The system then took me to the dialog for removal / disinfection. I clicked a button and a few seconds later, no more FORM virus. The system also brought up another "nag" dialog that suggested a complete system check. Similar success was achieved when the AntiEXE virus was used.
So how about file infectors?
If you try to run most virus droppers in a DOS session under OS/2, you very quickly find out that 90% of then do not work. Of those that do run, most do not work like the jerk who created them expected them to. So to test file infectors I placed 8 droppers that I know work under DOS on a floppy and did a scan of the disk. The scan hit on 8 out of 8. Then I tried to copy the droppers to the hard drive. The system shield prevented access. It is, however, worth mentioning that the system shield only works in DOS sessions. The theory behind this is that there are no native OS/2 viruses, at least not in the wild, so any infected program would have to be run in a DOS session.
What is missing in this version
Still missing is the ability to scan a single file from the GUI. It is possible to scan a single file from the command line, however. This feature will appeal to the crowd that has Preditor configured to simulate VI.
The bottom line.
For what this program costs, if it only saves you once, it will have paid for itself. If you run more than one OS, you can't beat this package. The interface is clean, the on-line help is very good and most important it works. Technical support is available via e-mail and telephone. In using the e-mail support option I found that it takes a little longer to get an answer; IBM has a robo mail that acknowledges your request and says that you should have a reply in about 24 hours.
IBM AntiVirus for OS/2 requires an IBM PC, IBM PS/2, or 100% compatible system, and OS/2 version 2.0 or higher. IBM AntiVirus requires a minimum of 4 megabytes of disk space on each PC where it is installed, and may use up to 4 megabytes of space on the C: drive temporarily during installation.
IBM AntiVirus v2.5
George Penzenik is a Senior Network Engineer for Compuware Professional service in Minneaplois, MN. When he isn't supporting Novell Netware and Lotus Notes servers, you can find him drowning worms in one of Minnesota's 10,000 lakes. Stop by and visit his web site.
[Our Sponsor: House of Technology, Inc. - Your Canadian Source For OS/2 Applications.]
This page is maintained by Falcon Networking. We welcome your suggestions.
Copyright © 1996 - Falcon Networking