Review of F-PROT

F-PROT is an anti-virus utility developed by the Finnish software company "Data Fellows Ltd.". F-PROT includes a complete set of tools needed for protecting information from an attack of known and unknown viruses, both on a single-user workstation or across a network. Platforms supported to date include Dos, Windows, OS/2 and Novell NetWare; with Win95 and NT versions currently in beta rch strings are stored in a static file, containing all currently known viruses. The second string is used search large blocks of data, located ether at the beginning or the end of the file, detecting any virus which might have been created by modifying an older one. The heuristic analysis on the other hand, attempts to analyze the file using a set of rules, instead of a database of search strings. The purpose is to detect new viruses as well as variants of existing ones. In order to prevent viruses from infecting files before the fact, a utility is included which monitors program activity. The virstop utilities primary purpose is to prevent the execution of programs infected with known viruses. Whenever an attempt is made to run a program, virstop searches the program for known viruses before letting the program run. Since virstop is not as accurate or thorough as F-PROT, it is highly recommend that all new files are run through a full scan (both secure scan and heuristic analysis) before incorporating them into the system.

F-PROT is one of the most widely used anti-virus packages because of it's scanning ability as well as it's networking support. Although there are only two dedicated versions for networks, NetWare and NT, F-PROT does support all windows-aware networks, including MS Lan Manager, IBM Lan Server, Windows for Workgroups, PC/TCP, PC-NFS, SuperTCP, Lantastic and Banyan VINES. The benefit of the network version of F-PROT is that does not need to be installed on any client, but can have a remote copy stored in one location. This can allow an administrator to scan all the workstations over the network from one location. The main networking features include:

Tasks can be distributed to user workstations through the network. This feature can be used for enforcing a simultaneous scan on all workstations in the network. The programs on local workstations automatically load the distributed tasks and add them to their Tasks Lists. When the distributed tasks are no longer needed, they can be removed from all workstations simultaneously.

A Dos shareware version of F-PROT is available, compressed into the file "fp-219.zip" and can be located at ftp://oak.oakland.edu/simtel/msdos/virus/; login as anonymous and use your E-mail address as password. The use of a shareware program as the primary defense against a virus attack is not the best idea, although the shareware version of F-PROT uses PGP to ensure (with Data Fellows public key) that the files have not been tampered with. A copy of PGP is not needed in order to run F-PROT, PGP is only used to check the signature of the zipped file. PGP can be found at PGP Resources http://netaccess.on.ca/~rbarclay/pgp.htm. I installed and ran the utility for a week without any problems on a 486 with various network drivers and memory managers. It's slower then Norton's anti-virus package and it's TSR is 30K larger than Norton's, though most reviews place F-PROT as the leader in virus detection.

Full versions of F-PROT for all the supported platforms can be obtained from the F-PROT Professional Anti-virus Toolkit page located at http://www.datafellows.fi/f-prot.htm. Other popular anti-virus utilities include Carmel, Norton and the McAfee virus scan. Carmel is only available for Win NT and can be reached at http://www.charm.net/cwsApps/95virus.html. Norton anti-virus supports Dos, Windows, Win95 and Macintosh platforms and can be found at http://www.symantec.com/virus/virus.html. McAfee virus scan supports Dos, Windows, Win95, NT and OS/2, and can be reached at http://www.mcafee.com/a-v/a-v.html.