Block Computer Viruses with Dr Solomon's Anti-Virus Toolkit Jerry Isaacson

Computer viruses can cause extensive damage - if the file erased was the only 
copy of your thesis, or the disk contained non-reproducible research data, the 
impact can be very serious. But even if a virus is only a nuisance, it still 
requires time and effort to remove. Whether large or small, these setbacks are 
unnecessary. You can prevent almost all virus attacks by keeping up-to-date 
anti-virus software on your computer.

For several years, MIT has licensed F-PROT as anti-virus software for 
DOS systems. With the increased use of Windows and Windows 95 and the growing 
number of Netware and NT local area networks, PC users on campus require broader 
protection.

MIT's Information Security Office (ISO) has selected Dr Solomon's 
Anti-Virus Toolkit as its supported product, and has signed a site license with 
the Toolkit's vendor, S&S International. The Toolkit received a high rating in a 
recent comparative review of 15 anti-virus products. This review is online at
  
http://web.mit.edu/security/www/iso3.htm
  
Site License Terms
Under the terms of the site license agreement, Dr Solomon's Anti-Virus Toolkit 
is available free of charge for installation on any computer systems owned or 
administered by MIT or MIT authorized users - that is, MIT faculty, students, 
staff, and consultants engaged in MIT business.

The Toolkit comes in different versions for different platforms. The MIT site 
license includes support for DOS, Windows, Windows 95, Windows NT, IBM OS/2, 
Novell Netware, and SCO UNIX systems. In the near future, MIT will add a Toolkit 
version for the Macintosh. However, the freeware program, Disinfectant, remains 
a viable option for Macintosh users.

Toolkit Components
Dr Solomon's Anti-Virus Toolkit is a collection of programs that can 
detect and disinfect almost all virus attacks. Components include FindVirus, 
Guard, ViVerify, and Scheduler, among others.

FindVirus 
This component identifies and repairs known viruses in partition 
sectors, boot sectors, and files. More specifically, FindVirus

* Finds and repairs even complex encrypted and polymorphic 
viruses using its Generic Decryption Engine

* Looks for virus-like code using advanced heuristic analysis

* Scans recursively inside compressed and archived files. (It 
supports most widely used compression formats, with new compression formats  
added regularly.)

FindVirus is written in 32-bit code, so its scans are extremely fast. 
Scans are initiated by the user. 

Guard (WinGuard for Windows, VirusGuard for DOS)
Guard intercepts virus attacks before they can do damage. It provides constant 
background protection by checking every file and disk accessed, including files 
being downloaded from bulletin board systems or the Internet.

Guard remains completely transparent until it detects a virus. 

ViVerify
ViVerify adds an extra measure of protection by creating a fingerprint database 
of all the programs on your hard disk. It warns you if it detects any suspicious 
changes in a program's fingerprint, which could indicate a virus infection.

Scheduler
This component lets you run a virus scan at a specified date and time, including 
times when you are not at your computer. You can set scans to run constantly, 
hourly, or daily, whichever is most convenient. 

Memory Issues
Many users, particularly those on DOS/Windows machines, are reluctant to tie up 
memory on already overloaded computers. The use of a Terminate and Stay Ready 
(TSR) scanner to monitor for virus attacks is often ignored in an effort to save 
low memory resources. Dr Solomon's Toolkit uses only 10K for Guard, its resident 
scanner, and Guard can be loaded into High Memory if it's available. The Toolkit 
also uses Extended Memory for processing if it's available.

WinGuard, the Windows version of Guard, uses a virtual device driver to provide 
constant background monitoring and interception without using "real" memory.

Distribution at MIT
You can download the Toolkit for DOS, Windows, Windows 95, or OS/2 from the ISO 
Web page at

http://web.mit.edu/security/www

You can also download it from the net-dist server. The Toolkit for the Macintosh 
is due out in the next month or two and will be distributed the same way.

The Toolkit for Windows NT and Novell Netware will be provided directly to LAN 
managers, who should contact the ISO at x3-1440 for more information.

What Happens to F-PROT and Disinfectant?
MIT's F-PROT license expires in August of this year. Until then, the ISO will 
continue to make the updates available via the net-dist server and the PC PASS 
server in the MIT Computer Connection (W20-021). After August, as a courtesy, 
the ISO will continue to provide F-PROT updates on the PC PASS Server, and the 
updates will continue to be available as shareware from several mirror sites on 
the Internet.

Disinfectant will continue to be available via net-dist and on the Macintosh 
PASS Server at the MIT  Computer Connection.

Additional Information 
To learn more about Dr Solomon's Anti-Virus Toolkit, come to a free 
presentation being held on April 19 from noon to 1pm in E40-302 (repeated on May 
29). You can also find out more about the software through the Dr Solomon's Web 
page at

http://www.drsolomon.com/

If you have questions about the Toolkit or about computer viruses, contact Jerry 
Isaacson of the ISO at x3-1440 or <gii@mit.edu>.