Skip to Content
Skip to Table of Contents

← Previous Article Next Article →

ATPM 3.08
August 1997

Columns

Segments

How To

Reviews

Extras

Download ATPM 3.08

Choose a format:

Review: Virex 5.7.1

by A. T. Wong, atwong@xpressnet.com

excellent

[virex2 graphic] Product Information
Published by: Datawatch Corp.
234 Ballardvale St.
Wilmington, MA 01887
Phone: (800) 847-3982
Fax: (508) 988-0105
E-Mail: sales@datawatch.com
Web: http://www.datawatch.com
AOL: Virex

System Requirements

Virex requires a Mac Plus or better, System 7 or later, 4 MB RAM. Virex is accelerated for PowerMacs and will work over any Appletalk network.

I evaluated Virex 3.7.1 under System 7.1 on a IIsi, on a Quadra 800 running System 7.5.5, and a PowerMac 8600 running System 8 with an ATI XClaim VR. Removable media devices tested included: floppy disk, Jaz and Zip drives.

Viruses and Trojan Horses

Viruses and Trojan Horses are aptly named computer programs that perform exactly what their names suggest. Viruses are small programs designed to infect other programs or files so that those programs or files can be used to make even more viruses. Just as a bad virus infection can make you feel sick or even kill you, a virus infecting your Mac can affect its operation or even delete all your files.

During the Trojan war, the Greeks realized that deception was the most efficient method to breach the defenses of the city of Troy. They built a large wooden horse, filled it with soldiers, and left it outside the city gates. The Trojans, believing the horse to be some kind of gift, rolled the horse into the city. At that point, the Greeks exited the horse and killed the Trojans. In computer terms a Trojan horse is a program that masquerades as a legitimate program, but in reality harbors a program that could damage your files.

Virus Detection Programs

A good virus detection program will detect and hopefully remove a virus or Trojan horse. Each anti-viral (AV) program detects viruses in its own way and one program may be better than another in a given situation. Some important factors to consider when deciding on an AV program is efficiency, number of viruses detected, detection method, and ease of use.

Efficiency is a generic term that refers to the productivity of the AV program. An efficient AV program will quickly scan your drive to locate and remove viruses without giving too many false alarms.

One should be wary about statements that refer to the number of viruses that are detected. Unlike the PC world, where there are several thousand viruses, the Mac world has only a few hundred. Of those, only 20% are responsible for 80% of all Mac virus infections. Therefore, it more important for the AV program to detect all common viruses, rather than missing a common virus and detecting the 10 rarest virus strains.

Ease of use is a catch-all phrase that includes ease of install, ease of installation, ease of virus detection and removal, and the ability to turn on and forget about the AV software. To avoid any possibility of viral infection don’t use a computer. If that’s not a practical alternative then the solution you chose will include a trade-off between security and ease of use. Generally speaking, the easier a program is to use, the less secure it is.

Detection and Prevention Methods

There are three basic types of virus detection and prevention methods: activity monitoring, checksum, and scanning. Each type has its own strengths and weaknesses.

Activity monitors watch for suspicious activity and bring up a dialogue box which asks for confirmation before allowing the suspicious activity to proceed. A request from a game to format your hard drive is a suspicious activity, as is a word processor attempting to add a new code resource to your System file. It is, however, very hard to tell the difference between a program recording your name and serial number information and a virus infecting a file. Activity monitoring programs may be more trouble than they are worth because they continually ask for confirmation of valid activities.

A checksum is a unique number generated from the bytes within a file. Any changes made will generate a checksum different from the one previously calculated. Checksum is one of the most reliable methods of virus detection. However, it has two main disadvantages: viral infections are detected after the fact and checksums must be recalculated after files are changed.

Scanners, as the name implies, scan files for viral signatures, bits of computer code that exist only in specific viruses. Scanners have the advantage of being almost invisible during operation. Their biggest disadvantage is they look for specific bits of computer code, so they can detect only those viruses listed in their databases. Scanners, because of their almost transparent operation, have become the most successful type of AV program on the Mac. To simplify updating the programs’ virus databases, most scanners permit downloading of new databases from the manufacturer’s web site.

Virex 5.7.1

Datawatch Corporation’s Virex is an AV program that uses both the checksum and scanning detection methods. Datawatch has made the checksum and scanning techniques easy to use with a simple and efficient user interface. Scanning has been made easy by allowing user-defined combinations of scanning: at pre-determined times, during file download, while a volume is mounted, or when files are opened.

Installing Virex from its two floppy disks is a very simple procedure: launching the installer; scanning for viruses; and installing the Virex application on your hard drive. Along with the Virex application, the Virex control panel, Virex DropScan, and the Control Strip module are installed. The Virex application is used to create a snapshot (the checksum database) and to scan your hard drive. The control panel works in the background, scanning for viruses when volumes are mounted, during file downloads, and when files are opened. Since files are scanned either before or when they’re opened, your chances of being infected are greatly reduced. The DropScan application works in conjunction with the control panel to provide drag and drop scanning for files, folders or volumes. Finally, the control strip module lets you access common Virex control panel functions from the Control Strip.

[virex3 graphic]

Configuring Virex

The Virex application and control panel are easy to configure. Some of the more useful parameters that can be configured are:

Real World Use

As a general rule, a checksum of your files should be generated as soon as possible after removing any viruses from your drive. Datawatch refers to the checksum process as “generating a snapshot.” Since scanning requires a database of virus definitions, scanning will detect only those viruses known at the time the database was created. A snapshot will help alert you to an infection by an unknown virus. Generating a snapshot is a quick and simple process that creates a checksum for every file on a volume. If, at some later point in time, you suspect a virus infection and scanning doesn’t reveal any known viruses, then you can direct Virex to generate a new snapshot and compare it to the previous one. Files changed prior to the most recent snapshot will be flagged for your attention.

Reviewing an AV program would not be complete without testing with live viruses (on an isolated Mac, of course). I used a collection of over 30 viruses, ranging from the ANTI virus to the ZUC virus, to test Virex in different situations. With the Virex control panel preferences set appropriately, Virex located and, in most cases, eradicated the viruses as soon as I tried to introduce them onto the hard drive. I say, “in most cases,” because I ran across 2 instances where Virex could not automatically eradicate virus infections.

The first case involved viruses in an archive compressed with a rarely-used archiving application. Although the manual states that Virex is able to scan archives, it was not immediately obvious what kind of archives could be scanned. It took awhile to determine that StuffIt and CompactPro archives can be scanned. It was only later that I found a list of compatible archives on the back of the Virex box.

The second case where the Virex control panel could detect, but not delete a virus, involved unstuffing a StuffIt archive. With a few viruses I got a -23 error. Using the Virex application rather than the control panel, I successfully removed the viruses that caused the -23 error.

I was pleasantly surprised by Virex’s ease of installation and configuration. After using Virex for several weeks on 3 different Macs and 3 different versions of the OS, I could not attribute any crashes to Virex itself. The scanning speed on a PowerMac is very high - less than 5 minutes to scan through 12,000 files including several thousand files in several StuffIt archives.

As a final, and admittedly unscientific test, I disabled the Virex control panel and used ResEdit to add a 00 hex byte to the end of some known virus code resources. Re-enabling the control panel and running the Virex application did not reveal any viruses but launching the infected application caused my System file to be infected. This little exercise only proves that no matter how good the AV program may be, one should always practice safe computing.

Just before this article went to press (Aug. 1), Datawatch released the latest virus database containing definitions for 147 new Microsoft Word Macro viruses. Installing the virus update was a simple matter of double-clicking the update program. The ReadMe file for the update indicates it will detect and delete three Word97 macro viruses. Either Datawatch is referring to the PC Word97 macro virus or they have access to a beta copy of Microsoft Office 97 for the Mac. I didn’t have any Word macro viruses handy, so I wasn’t able to test Virex on those.

Conclusion

Aside from a few minor anomalies, I found Virex to be very good at virus detection and prevention, virtually transparent during scanning, and reliable. Virus updates are easy to get and install. In other words, it’s efficient, detects a good number of viruses, and is easy to use. It’s a program that I would have no trouble recommending to my clients.

[apple graphic] Copyright © 1997 A. T. Wong, atwong@xpressnet.com

Reader Comments (2)

ATW · September 15, 2022 - 01:13 EST #1
Does Virex still exist? Just looking....
A. Lee Bennett Jr. (ATPM Staff) · September 15, 2022 - 05:56 EST #2
Google searches only turn up various old reviews such as ours here. Probably a safe bet this product, more than 25 years old, is dust.

Add A Comment





 E-mail me new comments on this article