The Emperor's New Clothes (once more)
Antivirus-Problems under Windows 95
Copyright (C) 10/1996 by Howard Fuhs
deutsche Version
Content:
Introduction
The advent of Windows 95 automatically developed a market for anti-virus products especially developed for Window 95, fitting seamlessly into the Windows user interface and richly profiting from the Windows 95 advantages. Many immediately sensed the end of DOS-based anti-virus products, and the manufacturers were forced to rapidly satisfy this demand from the market, and port their products to Windows 95.After a while users started to experience problems with this new software, problems, which only showed up in cases of emergency, where people were really dependent on their anti-virus software. The types of problems encountered can easily be divided into two categories and described.
First Scenario
Windows 95 was infested by a virus before antivirus software running under this operating system was installed.In this case an unexpected problem occurred in practice. When users after starting their Wirtdows 95 system attempted to install an anti-virus program, the installation was discontinued with the explanation that the computer was infected, thus precluding a perfect and above all virus-free installation. That this happened was in reality a tribute to the quality of the anti-virus products, but it landed the user with the problem that the product he had licensed was unable to be used to remove the virus, which was already present in his system. He first had to purchase another anti-virus product, which would allow the virus to be removed, running under DOS.
In this case the very modern concept of a Windows anti-virus product was overshadowed, and recourse had to be sought in a DOS program in order to tackle the problem. Aside from this, it was necessary to be in possession of a bootable DOS diskette.
Second scenario
Windows 95 was infested by a virus after the Windows anti-virus program had already been installed.In reality, this case led to a number of practical problems. The most common problem was that the virus had damaged some of the Windows 95 files, so that these no longer, or only partly, were functional. This in turn often led to the inability to start Windows 95. Even if the system was able to start, serious faults often made it impossible for the system to function reliably. In some cases the system simply crashed while attempting to load the anti-virus software. In such cases it was necessary to reboot the computer to regain control of it.
In practical terms it is only possible to solve these problems by booting from a bootable DOS-diskette and remove the offending virus from the hard-disk using a DOS-based anti-virus program. Subsequently, it is normally necessary to reinstall Windows 95 from scratch, which most often leads to the loss of personalised information and individual configuration files. These have to be re-established. On top of that, re-installation often leads to the loss of information about, and links to, other installed products, so that these no longer automatically are recognised by Windows 95. Either, ini and registry files, etc, have to be updated manually, or the products reinstalled.
It is also easy to establish the fact that most Windows 95 anti-virus products encounter problems with reliably detecting the viruses, let alone removing them. The cause of this is connected with system specific limitations imposed on programs running under Windows 95, by the operating system.
Fundamental Problems
The fundamental problems associated with running anti-virus software under Windows 95 can be explained by technical limitations and other peculiarities inherent to modern graphical operating systems.Problem number one must be sought in the fact that a graphic operating system because of its size and complexity no longer is able to be started from a diskette. Thus, it is not possible to boot the computer from an uninfected diskette and at the same time obtain the functionality of Windows 95. If a particular virus requires the system to be booted from a diskette in order for the virus to be reliably detected and removed, the user is in fact forced to use the DOS operating system. Because native Windows 95 anti-virus systems do not function under DOS, only a DOS anti-virus system can be used in this case.
The second problem illustrates the limitations, under which Windows 95 places anti-virus programs because of its API interfaces. Whereas the anti-virus programmer under DOS could more or less rely on being in a situation, where 'anything goes', Windows 95 will not allow many of the tricks used to detect, deactivate and analyse viruses, which place DOS-based product in a position enabling them to extremely reliably detect and remove viruses. E.g., certain often used interrupts are not available under Windows 95.
Despite the fact that Windows 95 has been used as an example here, it should not be forgotten that the problems illustrated here are typical of all modern operating systems. That these kinds of problems are not observed as frequently under other graphic operating systems, e.g. OS/2, does not automatically mean that these operating systems are less susceptible to suffer from them than e.g. Windows 95. Just think of the devastating consequences that an infestation by a simple DOS boot sector virus can have for an OS/ 2 Boot Manager partition.
Effective Choice of Products
When switching from DOS/Windows 3.x to Windows 95 emphasis is often placed, both by private users and corporations, on the preference of native Windows 95 applications, irrespective of the advantages or disadvantages this might pose in practical use. In light of the current practical experiences with virus control under Windows 95 is it advisable to choose anti-virus software from the point of view of practical suitability and the security it provides in critical situations, rather than letting the choice be determined by the character of its user interface. This does not exclude using Windows 95 anti-virus software. However, relying solely on this type of software in a critical situation can mean running an unnecessary added risk.A virus-free, write protected DOS diskette with a DOS anti-virus program on it, still belongs in any creditable virus defence system!
Copyright (C) 10/1996 by Howard Fuhs
Thema 00
Realisation
Content