Lines of Defense

I personally use three antivirus packages concurrently. The first is viruscan from Mcafee Associates. I use it mainly because when my company started to become virus-conscious we wanted to get a comprehensive package to guard against them. Everybody we knew seemed to use Mcafee so that's what we bought. I must tell you that after seeing what some other products can do I am not that impressed with Mcafee anymore. One reason is that Mcafee tends to mis-diagnose some viruses. This is a problem because if your computer is infected with virus A, but Mcafee thinks it's virus B, it will attempt to disinfect a virus that's not there, which can badly mess things up on your system. I will say that if you are a casual computer user, Mcafee is probably all you'll ever need because it is easy to use and it does a good job disinfecting most common viruses. I still use Mcafee just because it's there, but I never take its word as gospel.
The second program I use is called f-prot from Frisk Software. I like f-prot quite a bit because it uses two different methods to scan for viruses. It uses signature-based scanning like all other programs, but it also uses heuristics. What the hell does that mean? All antivirus scanners check for viruses by checking your files for certain search strings called signatures. Each virus that is recognizable by the program has a signature associated with it, along with data to disinfect the virus if possible. F-prot goes a step further. In addition to detecting known viruses through the use of search strings, it also analyzes your files to see if they contain virus-like code. It checks for things such as time-triggered events, routines to search for .com and .exe files, software load trapping so that the virus can execute first and then start the program, disk writes that bypass DOS, etc. heuristics is a relatively new, but effective way to find viruses that do not yet have a search string defined for them. From tests that I have run, f-prot seems to make the most accurate diagnoses of viruses.
The third program I use, and my main line of defense is called Thunderbyte from Thunderbyte B.B. Thunderbyte is a complete set of utilities that, when used together, protect your computer against virtually any kind of attack. Thunderbyte's scanner also uses signatures and heuristics. It is also able to decrypt encrypted viruses to determine what they are. As I stated earlier, f-prot makes more accurate assessments, but Thunderbyte does not have to rely on its' assessments to be able to clean a virus off of your system. This is because Thunderbyte generates a file in each of your directories that contains a detailed record of each executable file, (the vehicle by which viruses are spread), so that if your programs are hit by a virus, no matter which one it is, it can rebuild them back to their original, uninfected state. Of course, this doesn't fix the problem I discussed earlier about viruses that encrypt data, but the program also has a defense against this. Thunderbyte comes with a set of memory-resident utilities that monitor the activity of your system so that you can stop a potential problem before it starts. These utilities scan your programs for viruses upon execution, as well as whenever you download, copy, or unzip a file, warn you about disk writes that bypass DOS, attempts to modify the code of your programs, attempts by programs to remain in memory, and a myriad of other operations that would require pages and pages of technical explanation. In short, these utilities give you complete control of your computer, and any suspicious action that a program tries to take can only be done with your permission. Mcafee and f-prot also contain memory-resident monitoring programs, but they can only stop known viruses from executing. Finally, Thunderbyte also contains a utility that will store your master boot record, partition table, and CMOS data on a floppy disk, and restore them if they become corrupted.
All three of these programs have shareware versions. In fact, f-prot's shareware version for DOS is fully functioning and free to private users. Thunderbyte's shareware version is also free to private users, but if you have the memory-resident utilities installed, the program will beep at you and remind you to register and make you press a key to continue during bootup. This can be scary for a speech user whose screen reading software has not yet been loaded because there's no way to tell if the program is beeping because it found a virus or it just wants you to register.
Shareware versions of these programs can be downloaded from just about any bbs. I encourage you to try them out for yourself. If you want to read reviews of these programs, as well as many others, you can telnet to:
freenet.victoria.bc.ca
Log in as "guest" and type "go virus" from the main menu.
Another great source of virus information is the virus-l discussion group, which is echoed in the newsgroup comp.virus. To subscribe to virus-l, type the command:
SUB VIRUS-L John Doe
(substituting, of course, your own name for 'John Doe') in the BODY of an emessage, and send it to:
LISTSERV@LEHIGH.EDU A listing of additional sources of virus and antivirus information, including the virus-l/comp.virus FAQ, can be found at the end of this document.