     PC Dynamics, Inc.
     31332 Via Colinas, Ste 102  Westlake Vlg, CA 91362  818-889-1741


TO:       Evaluators

FROM:     Bruce Clay

SUBJECT:  Evaluation Script and Feature Checklist


PC Dynamics has created the enclosed demonstration files to show how
you might be able to utilize the Menu Works Total Security product
on the enclosed diskette.  These files ONLY work with the enclosed
version (Version 2.2) that is sold directly by PC Dynamics.

The following features of Menu Works Total Security (MWTS) will be
covered in detail during this review:

     MWTS prevents "boot-from-floppy" DOS access to hard disk drives

     MWTS prevents AUTOEXEC bypass via CTRL-C or other keyboard
     actions such as function keys during DOS 6.x boot

     MWTS provides a comprehensive Audit Log of Login and
     Application use

     MWTS provides Directory and File Protection

     MWTS provides security for floppy, local, virtual and network
     drives and directories

     MWTS provides Data Encryption using DES or proprietary
     algorithms

     MWTS provides DOS command line monitoring to prevent execution
     of unauthorized commands, programs or batch files

     MWTS provides DOS "shelling" protection from within
     applications

     MWTS provides for the "launching" of specific applications,
     such as user-customized Windows, other DOS shells, turn-key
     applications, or even the DOS prompt

     MWTS performs file checking for modification or viruses

     MWTS provides an Execute-only feature for .EXE and .COM files

     MWTS includes a full-featured Menu Works Advanced integrated
     access control system with secured screen saver and software
     metering.  Program data base facilitates standards enforcement

     MWTS restricts Environment value modifications and removes
     loaded TSR's, restoring the system to the state as originally
     set at system boot

     High-performance software using minimal amounts of RAM (just
     22K fully configured)

     MWTS is functionally government C2 compliant, and is on the
     Assessed Products List

     MWTS allows up to 250 Login names with passwords, each with
     private security profiles and rights

     MWTS supports Network Single Signon to all major Network
     Operating Systems, offering superior centralized single-point
     administration

     MWTS supports Automatic Windows Personalization with Windows
     .GRP and .INI files being set/reset for each user prior to
     running Windows.

And there are many additional "operational" facilities demonstrated
during this evaluation script.  These "features" are:

     Ease of installation - with the exception of a few steps,
     installation can occur from a file server.  The configuration
     process is perhaps the most difficult part, and it becomes far
     easier with product familiarity.  As this demonstration script
     installation shows, the installation of a fully configured
     security environment can be accomplished by copying a
     configured system from the server to each client machine.

     Documentation - the documentation is divided into two sections,
     one for the menu component, and one for the security component. 
     This documentation is provided with the delivered product in
     printed and bound form.  During this evaluation, the
     documentation is available in an on-line form.  For the
     purposes of this review, you should not need manuals.

     User Interface - the interface is designed for system
     administrators.  The administration is accomplished from the
     DOS prompt through the access control interface.  This
     interface is clean, and is very simple to use.  Your end users
     should be able to use the system in minutes, usually without
     instruction.

     Compatibility - MWTS is fully compatible with DOS versions 3.x,
     4.x, 5.x and 6.x, works with all major network operating
     systems, and functions with all versions of Windows operating
     under DOS.  There were no modifications needed to this product
     to support any versions of DOS 6.x when it was released,
     although DoubleSpace support was added as a convenience.  The
     system is very problem-free, with no user-reported bugs in over
     two years.  In a security system, where the code controls user
     data access, stability is vital.

     Useful Tool - our security system offers something of obvious
     value to the end user organizations, rather than to just be
     another barrier to getting their work done.  In general, our
     product has received rave reviews as being a superb user
     productivity tool.  In some cases, offering this tool makes the
     difference between having the security system accepted or
     fought by the users.

     Cost - our product is priced to fit the budget of almost any
     company.  Unlike our competition that offers pricing that makes
     security painful, our product is priced with DOS and other
     system-class utilities.  If you can buy DOS or Windows for a
     reasonable price, why pay much more for security? 

Menu Works Total Security consists of two parts: the security shell,
and the Menu Works Advanced access control mechanism.  These
portions communicate with each other to form a lock-down security
environment.  This architecture offers significant flexibility in
the ability to customize security by user, and is a particular
strength of the system.

This script has been designed to take only a few hours to complete,
with [BREAK] locations identified.  Without a break, it is possible
to complete this review in under three hours.  

The script is also planned to be somewhat informative about PC
security considerations, and thus would be an excellent choice for
"first product reviewed".  I think you will then agree that,
compared to Menu Works Total Security, other products are generally
inferior, cost more, and are harder to implement and use.

As always, please make sure that your machine has been
backed-up.  PC Dynamics cannot guarantee that you do not have
some strange-and-wondrous software or hardware on your system
that might render your system inoperable once security is
installed, although we have taken care to work around such
instances in our software.  PC Dynamics cannot be responsible
for data or availability loss.  Also, prior to installing any
new security software products, be sure to completely remove
any prior security products.  In the case of an update to our
Menu Works Total Security, simply remove the security shell
prior to installing this version.  If you have any questions,
please call us!
Several evaluators have requested a draft "evaluation checklist" for
making a written product recommendation.  I have included a sheet at
the end of this document with instructions for your use in keeping
track of important features.  It is intended to be used to
facilitate the comparison of multiple products.  Please use it as
you deem fit.  It is provided solely for your convenience.  Prior to
beginning the demonstration, it might be useful to review the
CRITERIA section from that draft.  I have cross referenced the
demonstration items with the appropriate [Criteria letter] whenever
appropriate.  An evaluation form has been provided on the floppy as
file 'EVALFORM.PCL'.  Simply copy this form to your HP Laserjet
('copy evalform.pcl prn /b') or Postscript Command Language
compatible printer and complete the form as you progress through the
evaluation.  Note that some evaluation form items will be
demonstrated in part at different times during this evaluation, and
that the overall item rating would therefore be the composite of
these script items. 

Please follow these steps in their presented sequence:

1.   The distribution diskette should be installed using normal
installation instructions.  These instructions are simply to execute
"{a:|b:}\install" as appropriate.  However, the installation
directory must be 'C:\MENUWORK' since several of the menus that have
been configured for the demo require that directory name.  You
should allow the system to modify your 'AUTOEXEC.BAT' file.  The
resulting system will be loaded with all security features disabled.

When the software is installed, you will be presented with a DOS
menu.  This is not an implemented security system.  The Menu Works
Total Security product has many operating modes designed to gain
end-user acceptance of security as a useful tool.  A menu is but one
of those tools.  As the evaluation progresses, you will see how to
suppress this menu entirely.

2.   The distribution floppy contains a DOS directory with several
files used in the demonstration.  There are two DOS batch files:
DEMO_IN.BAT (installs demo files), and DEMO_OUT.BAT (removes demo
files).  

After you have installed the evaluation software using normal
installation instructions, please enter the command 'A:\DEMO_IN'. 
Note: if the target system does not have a 'c:\windows' directory,
there will be a few errors during execution.  These errors will not
impact the execution of this demo.  As you can see, installation of
the software is easy.

3.   Validate that your AUTOEXEC.BAT file will automatically launch
Menu Works Total Security.  If your batch file started Windows or
another shell program, please make sure that you have removed these
invocation commands from your AUTOEXEC.BAT file.  Also, make sure
that there are no commands in the AUTOEXEC.BAT file that require
keyboard or mouse input.  

There is a way to allow such actions if necessary using the below
command:

     C:\MENUWORK\RUN <yourpgm> <parms>

Note that if you determine that you want to lock the keyboard (as is
done later in this demo) and your virus checker detects a virus in
the future, unless you modify the AUTOEXEC.BAT file to "RUN" the
virus checker, the keyboard will not respond to virus checker
messages.  This also applies to some other programs that may exist
in your environment.

4.   REBOOT your computer.  The computer will process all commands
normally until the Menu Works shell is presented with the Logon
screen.  There should not be any need for keyboard or mouse
intervention prior to the Menu Works Logon Screen.  Please scroll
down the screen past the bottom entry (the screen scrolls to 250
users) to 'ZMANAGER' and press Enter.  The passwords for all users
are normally hidden, but I have intentionally made them appear in
brackets{} for this demo setup.  After entry, your computer has the
access control portion of security installed.  Also, there is a
parameter to suppress this list and just provide a formatted logon
prompt that is discussed later.

The security system is not yet fully installed, and may be removed
by simply deleting the \MENUWORK directory and removing the program
invocation lines in \AUTOEXEC.BAT.  However, once the security shell
is installed, this process will leave the system unusable.  If you
have installed the security shell as described in subsequent steps,
you have a secured system.  Only the security program can be used to
remove the security shell!  This is an easy process, and is fully
described later.

5.   At this point, some demonstration security values are defined
but not all are installed.  Press the '<F2>' function key.  The
values that are able to be configured are fully described in your
on-line manual, but these notes will highlight some specific items
that you will want to review.

[BREAK]

GUIDED TOUR:

I will discuss these parameters by walking you through the keystroke
sequence that you would use to set these values.

5.A.1     Your screen should show a series of "pull-down" menus,
with 'CONFIGURATION' already selected.  'Company Name' should be
chosen.  Press Enter.  Each dialog box offering options has an
action list across the bottom, in this case you may 'Edit',
'Accept', or 'Cancel'.  Select 'Edit' by moving the cursor with the
"arrow keys" and press enter.  Place your company name in the
provided area and press Enter.  Select 'Accept' and press Enter.

In general, to "Select" any Menu Works item, you would use the
"cursor keys" to highlight the desired item, then press Enter.  This
"Select" process is used throughout the remainder of the script.

5.A.2     Move the selection to 'Screen Saver Delay' and press
Enter.  Select the 'Edit' Action and change to '5'.  Press Enter and
'Accept'.  This screen saver is secured with a password.  During
this demonstration the screen saver may be invoked.  You will need
to remember the passwords associated with each Logon ID in order to
resume execution.  For your convenience, they are:  BRUCE
{BRUCECLAY}, DODUSER1 {DODUSER1}, GUEST2 {GUEST002}, POWER
{DOSPOWER}, and ZMANAGER {MANAGER1}.  There will be a discussion of
Corporate Equity later in this script.

5.B.1     Move the pull-down menu to 'SECURITY' by using the Right-
Arrow cursor key.  Review each item.  You may 'Edit' each later.

Menu Works allows user to have clearance levels from zero to ninety-
nine.  The higher the level, the more rights the user will have.  In
this demo the '<F2>' key requires a 99 level clearance level.  You
may use '<F4>' or '<F10>' with a 90 clearance level.  Passwords
would also be required if a value were entered into the password
field.

5.B.2     Proceed to the 'User ID Maintenance' section and press
Enter.  Select the 'Edit' Action.  Select the Logon ID of BRUCE.  As
you can see, BRUCE is a 99 level user.  Press '<F2>' to get 'User
Specific Configuration Settings'.  Many of these items allow
specific user settings over and above the default system settings. 
Review the values.  Select 'Esc' or 'Accept' as appropriate until
you have returned to the list of users.

Select the 'Edit' Action and then select Logon ID GUEST1.  Note that
'<F5>' and '<F6>' have been selected as denoted by ">>" to the left
of each line.  Press '<F5>'.  This user cannot write/read to LPT2
through LPT4.  Also, this user cannot write/read to COM2 through
COM4.  Selecting Logon ID DODUSER1 shows that all LPT and COM ports
are disabled.  Note: some devices (such as busmouse mouse devices)
require access to all COMn ports in order to be used with a security
system.  If you have such devices, you may need to change COMn
restrictions later in this script.  Select 'Esc' or 'Accept' until
back to the pull-down menu ('User ID Maintenance' should still be
selected).

5.B.3     Select 'Access Control Maintenance' and press Enter. 
Press '<F2>' for Master Enable for Dir and Command Access Control. 
Note that it "toggles" on and off.  Please leave it selected as
shown by '>>' to left of the '<F2>' label.

Press '<F3>'.  I have specified several directories to be read-only
or excluded.  Note '\WINDOWS\SAVE.INI' and the C: root directory are
marked read-only.  You can play with this later - for now please
select 'Esc-Done'.  

Press '<F4>'.  I have specified some DOS Commands to be excluded
from execution at the DOS Prompt.  You may add native commands or
any .COM, .EXE, or .BAT names in this list.  Select 'Esc-Done'. 
Select 'Cancel'.

5.B.4     Select 'Virus Detection Mnt' and press Enter.  This option
will allow you to check specific programs at system boot.  Items
specifically checked are file dates, file times, file sizes, and
data checksums.  It is strongly recommended that you check all
programs, device drivers, memory managers, and virus detection
software that occur in the execution stream (CONFIG.SYS and
AUTOEXEC.BAT (including called .BAT files)) prior to starting your
virus software.  This will assure the user that there are no virus
infected programs being automatically started at boot.  We would
also check the programs in the virus scanner directory to make sure
that they have not been replaced with a virus infected trojan horse.
(One of the worst disasters that you might see is a virus that
renames itself to be your virus scanner, so that at system boot you
actually intentionally start the virus instead of the scanner.  Of
course, it would present messages and behave just like the real
thing.)  Press '<F3>' to view the demo list.  You may modify this
list now, and rebuild the checksum file, prior to returning to the
pull-down SECURITY menu. [Criteria N]

It is our belief that virus prevention is superior to virus
detection.  Most virus scanners will warn you as soon as a virus can
be detected as present.  Our approach is to prevent a virus from
ever being present.  It is a little like a smoke detector - it goes
off when smoke is detected in the house.  Our product makes sure
that nothing that can cause a fire can get into the house in the
first place.  Of course, the safest course of action is to have both
products.

For instance, we can disable the floppy drives at all times,
allowing them to be selectively enabled only during the execution of
specific applications.  We can protect directories as read only.  We
can disable direct disk read and write commands.  And we can
selectively run virus scanners should you want one.  We also provide
security before the virus scanner is active, as well as allow you to
protect the virus scanner directory.

As an aside, the press has had evaluation reports that have stated
that no one virus scanner product can detect 100% of the known
viruses, with the best being about 95%, and that to be complete, the
user would need at least two products.  It seems that if this is
true, then our PREVENTION is possibly more valuable than DETECTION
if you need to save your system from viruses.  And to do both is
always preferred.

5.B.5     Select 'Other Options' and press Enter.  Note that I have
disabled drives A: and B: for all non-supervisor (clearance 00-98)
users (99 level administrator always gets everything).  A
significant option would be to disable the login network drive (such
as F:) so that even your DOS-level power users could not get to the
network without going through the menu.  

There are several other significant security items specified or
selected here.  Items of note are that drive letters A: and B: are
disabled for all non-supervisor users, that passwords expire each
365 days by default (can also be set on a user-by-user basis), that
DOS shelling from within applications is disabled (protected), that
the menu system will only display applications that the user is
entitled to execute (as determined by clearance levels), and that
.COM and .EXE files are protected from modification.  Select
'Cancel' until back at the pull-down menu. [Criteria H and U]

5.C.1     Move the pull-down Menu to 'MENUS'.  Under normal
circumstances, you would only use the top three items.

Quick Program Add:  Allows a rapid addition of a program to the main
menu when you know only the executable program name.  Providing a
program name, this function will locate all occurrences of the
program on the disk, and will allow you to select the occurrence to
add to the menu.  Subsequent editing would be done with Menu
Selection Maintenance.

User Menu Maintenance:  Creates an empty menu.  For instance, GAMES
can be created with an optional password and minimum clearance
level.  But this menu still won't have any programs added to it. 

Menu Selection Maintenance:  Adds, deletes, or changes things in a
menu or sub-menu.  This is how you would put a game onto the game
menu, or would alter any existing menu entry.

Select 'Menu Selection Maintenance' and press Enter.  Select
MAINMENU.  You can use a mouse, cursor, or type the name until
qualified.  When correct entry (MAINMENU) is selected, press Enter.

You have a list of items on the MAINMENU.  Note that this shows a
'N' (No) in the 'P' (Password) column, and also shows the various
clearance levels needed to run the programs.

Select the 'Edit' Action item.  Move cursor to 'Windows 3.x' and
press Enter.  Press '<F5>' to edit the script.  Note that some
security parameters are selectively altered.  For instance, COM1 is
enabled for all users, but only for this program.  It will also copy
in protected .INI files from '\WINDOWS\SAVE.INI' directory.  (The
directory was marked Read Only in step 5.B.3 (F3).)  If the user is
not an administrator (clearance other than 99), then the script will
also add the "[Restrictions]" section to the PROGMAN.INI file. 
Select 'Esc-Done' or 'Cancel' until back at the menu item list for
MAINMENU.  Note that floppy drives remain disabled for non-99 level
users.

Select the 'Edit' Action item for ## = 01 (Login...).  Press '<F5>'
to view script.  Note that you can perform complex steps as shown in
lines two through six.  These lines, if not remarks, would eliminate
the floppy devices while on the network, and perform a virus check
of your local hard drive before allowing network login.  For this
script to work completely you would install a copy of the MENUWORK
directory on your server.  You would want to configure the server
copy for 'No Login Required' (Maintenance Menu (F2) then pull-down
menu SECURITY), and to configure the menu for network applications. 
The easiest way to do this would be to run the install process
again, specify 'F:\APPS\MENUWORK' for the install directory, do not
modify AUTOEXEC.BAT, and you should scan drives F through Z. 

Select 'Esc-Done' or 'Cancel' until returned to the Main Menu item
list.  'Edit' the entry for WordPerfect.  We will be using this DOS
application later in the demonstration, so make any directory
changes.  If you do not have WordPerfect but do use another DOS
application that allows DOS shell processing from within that
application, please change this entry to that other application now. 
Simply 'Edit' the entries until correct.  Feel free to 'Add' other
applications (like Lotus 123) to the system at this time.  Select
'Esc-Done' or 'Cancel' until returned to the pull-down menu. 

Select EXIT on pull-down list.  You should be back to the main menu.

6.   The security manager cannot be installed on a system running
some versions of the disk compression utility STACKER without some
additional steps.  It may be installed onto a disk that is not
compressed, or onto a disk compressed with DOS 6.x Double Space
ONLY.  If there are any questions, please call PC Dynamics technical
support at 818-889-1742.

7.   REBOOT your computer.  Please logon as 'ZMANAGER'.

At this point, the security shell is not installed.  The following
steps will install that shell.  The removal of the shell is
described later.  

NOTE: Please perform the following steps in the order presented,
including specified reboot sequences.  This is the only way to
detect BIOS and strange and wondrous hardware situations that would
require additional steps.  Should you encounter any problems (you
shouldn't), please call PC Dynamics at 818-889-1742 and identify
yourself as an evaluator.

8.   On the main menu is an entry called 'Security Menu'.  This is
the program that installs the detailed security shell.  Select that
item.  On the Security sub-menu, select the 'Menu Works Security
Manager' program.  Continue after reading the welcome message.

9.   The Security Shell is the heart of the security system.  It is
a bootable operating system that takes its place outside of DOS,
manages all hard disk encryption (if any), and manages the secured
environment.  When Boot Protection is installed, the system will
automatically encrypt the File Allocation Table (FAT), will
randomize the blocks, and will hide this data in several newly
created bad spots on your hard disk.  Obviously there needs to be a
high level, totally secure manager in place or DOS will not be able
to boot.

Install the security manager by selecting 'Install Security
Manager'.  You will be prompted to enter a security password.  This
is a new password needed to install, modify, and un-install just the
security manager software.  Enter "TS22DEMO" as this password.  At
confirmation message, select 'Accept'.  Select 'EXIT' from the pull-
down menu.  Place a blank formatted diskette into drive A: and YES -
 PLEASE CREATE A RECOVERY DISKETTE. (We will use this disk later). 
When done, the system will reboot.  (Remove the floppy.)  NOTE: this
system has a secured screen saver that activates across DOS
applications once the security manager is installed.  Remember the
password for the then current Logon ID in order to re-enter the
system.

10.  REBOOT your computer.  Please logon as 'ZMANAGER'.

11.  Select 'Security Menu' from main menu.  Select 'Menu Works
Security Manager'.  You will now be prompted for the "TS22DEMO"
Security Manager password.  Note that the security shell may be
totally removed by selecting 'Remove Security Manager'.  This is one
of the cleanest installation and removal processes on the market.

Select the 'KEYBOARD' pull-down menu.  Select 'Disable Keyboard'. 
As mentioned in item 3 (page 4), the keyboard will lock during the
boot sequence.  If you have any need to enter keyboard or mouse
commands as part of CONFIG.SYS or AUTOEXEC.BAT processing, then they
will not get answered and the system will hang.  If everything is
ok, select 'Accept'.

Select 'EXIT' from the pull-down menu.  You will be prompted to make
a recovery diskette.  Replace the recovery diskette created in item
9 above into the A: drive and re-make the recovery diskette.  The
system will then reboot.

[BREAK]

12.  REBOOT your computer.  Please logon as 'ZMANAGER'.  Select
'Security Menu' from main menu.  Select 'Menu Works Security
Manager'.  You will now be prompted for the "TS22DEMO" Security
Manager password.  

13.  Boot Protection:  There are three main ways to enable boot
     protection.

A.   Alter CMOS Setup to boot from drive C: before A:.  Place a
password on CMOS Setup to match the password on the Security Manager
as specified in step 9 above.  If this occurs, then the boot
sequence will be somewhat hardware protected and will always boot
using our security software.  This will not protect against a user
that attempts to gain access through another CMOS without a password
by either removing the disk to another computer, or by shorting out
the battery causing CMOS to lose setup information. Only you can
determine if these are likely threats in your environment.

B.   Re-cable the floppy drive to be B: instead of A:.  This will
eliminate A: as a bootable device.  However, this is not feasible if
you already have a B: drive.  This will require a hardware cable
change and a CMOS modification for floppy drive designations.  This
is generally the least desirable method of obtaining boot
protection.

C.   Enable Menu Works 'Boot Protection'.  With this option, the
user can boot from a floppy placed into the A: drive. This would
simplify the running of disk diagnostics from the A: drive, but
would still protect data on the C: drive.  If the user booted from
A:, then entered the 'C:' command, they would receive an "Invalid
drive specification" message and the data partition will not be able
to be referenced as a valid DOS volume.  However, a user can use a
physical disk editor to scan the drive since such tools do not mount
the DOS partition.  Such access is best avoided with encryption as
discussed later.

You can do all three.  However, for your convenience, do not select
'Boot Protection' unless option 13.A (above) cannot be easily
accomplished and assured.  If you choose to install boot protection
in addition to altering CMOS settings (always an option), follow the
instructions as in step 10 above, then enable boot protection.  The
system will reboot.

14.  As in 12 (above) logon and enter the security manager.

Review disk encryption.  Encryption is not necessary for this demo. 
If you want to encrypt, we recommend FAST (default).  The encryption
process on an 180mb IDE 15ms drive will take about the same amount
of time as a disk format, or almost one hour, and once started you
cannot interrupt the process without damaging the data to the point
of requiring a reformat of the hard drive.  We are proud of the
speed of our FAST algorithm, and would encourage you to use this
high performance mechanism.  This step will require a password. 
This password will be requested from any and all users upon system
boot prior to loading DOS.  Please make the password different from
others used, but easy to remember.  Perhaps a motto, like
"SERVICE1ST", would be a good choice.  This password will be needed
to allow the system to boot.  This password cannot be used to logon
to the system, so it cannot grant access to the data if the system
is booted from floppy.  The password is mostly a deterrent to
intruders.  Encryption is a guarantee against intruders who use
physical disk editors on systems where boot from A: is allowed (as
discussed in step 13.C). 

The ability to protect encrypted data, specifically encrypted files,
involves a comprehensive object-reuse capability for the PC itself. 
For instance, if the Windows swap file is not automatically
encrypted, then there may be a clear-text copy of files maintained
on the hard disk, unknown to the file owner.  Correctly addressing
this problem requires more than just another encryption program, it
requires a comprehensive TCSEC criteria product with integrated
encryption. [Criteria E].

Corporate equity is a very important concept when dealing with
security in general, and encrypted files specifically.  Users
sometimes forget their passwords, and they may not be able to be
visited by a system administrator to regain access to their system. 
When not using Network Single Signon there are two methods of
allowing Corporate Equity access to a system:

1.   A company can "brand" their own master installation disk(s) to
     provide a Master Password for all systems installed from that
     installation disk.  As a result, the corporation can install
     their own "back door" into their private systems.  This
     password is not for encrypted files, but is for emergency
     system access.  Since all machines use the same password, it is
     NOT to be given to any user (EMERGENCY access only).

2.   Any system with a supervisor name in the login list, that is
     also defined as a level 99 user on that system, and that has a
     challenge/response token defined on that system, may be called
     for a one-time password for that system.  It is up to the
     administrator to assure that the user is who they claim to be,
     but the user can be given a password to gain their appropriate
     access with this technique.  Since this is a challenge/response
     password, it cannot be used on other systems, or again on the
     same system.  If there are multiple administrators defined
     appropriately in the list, then any of them can be contacted
     for remote access.  [Criteria F, Q]

Assuring corporate equity for individually encrypted file access is
more complex.  This access requires a site-specific and site-
"branded" encryption utility with a challenge/response token to gain
access.  Nobody outside of the corporation will know the password,
and only the holder of the token can utilize the utility.  Since
this is a challenge/response password, it is only good for one time
use.

If a user forgets the password for an encrypted file, the
administrator must use the above encryption utility with the
matching appropriate challenge/response token to un-encrypt the
file.  Then the user must re-encrypt with new password.

Exit the security manager and reboot the system.

[BREAK]

15.  REBOOT your computer.  If you installed encryption, you will be
asked for the access password ("SERVICE1ST" in step 14 (above)). 
Note that this occurs prior to the DOS boot sequence.

At this point the security shell is installed.  DO NOT delete the
contents of the \MENUWORK directory prior to removing the security
shell or you will need to contact technical support to use your
system.  

ONLY if you must remove the security shell, repeat step 12 (above). 
Select  'Remove Security Manager' and follow prompts.  The process
may request that certain functions be removed with a reboot
sequence.  Once the system has removed the security manager, then
the product may be removed from the system.  The removal process is
comprehensive, and no lingering hidden files or modules will be left
behind.  Simply remove the \MENUWORK files and directory, and remove
the MW invocation commands from \AUTOEXEC.BAT and the system is no
longer installed.

The Feature-Set Demo Begins.

You begin at the logon screen.  There are a few items that need to
be demonstrated as working:

A.   Boot Protection.  If Boot Protection was installed in step 13
(above), attempt to boot from floppy.  If options 13.A or 13.B were
used, this should not be successful.  If successful, enter 'C:'
command at the 'A>' prompt.  If Boot Protection (described in
section 13.C above) was installed, then this command will fail.
[Criteria A]

B.   Keyboard lock.  Reboot the machine.  While the boot is in
progress, attempt Ctrl-C, Ctrl-Break, F5, F8, or anything else.  The
keyboard will have no effect on the boot sequence. (Note:
continuously depressing Right-Shift key during a complete power-
cycle boot sequence will drop straight to a DOS prompt, but we will
leave the keyboard locked.  Not all products offer this protection.)
[Criteria B]

C.   Logon Messages.  Logon as 'ZMANAGER'.  Note message on bottom
of screen for last login date and time.  Press '<F9>' key now. 
Logoff can be accomplished from any menu by pressing the '<F9>' key. 
Enter series of invalid passwords.  All will fail.  After 6 failing
attempts, the CPU will reboot. [Criteria F, S, and T]

D.   Directory Protection.  Logon as 'ZMANAGER'.  Press '<F4>' for
DOS Shell.  Type the command 'CD \BRUCE' at the DOS prompt.  You
will, as supervisor, succeed.  Type 'copy con \ABC' at the DOS
prompt.  Type your name followed by function key '<F6>' and press
Enter.  You should receive a "1 file(s) copied" message.  Insert
your recovery floppy into drive A: and enter 'DIR A:' at  DOS
Prompt.  It will read and display the files correctly.  
Remove the floppy.  Enter the DOS command 'Format A:'.  Press a key
to continue (but do not place a floppy into drive A;).  You will get
a "NOT READY" message as is normal for this situation.  Respond 'N'
to "format another" prompt.

Type 'EXIT' at the DOS Prompt and press Enter.  Press '<F9>'.  Logon
as 'POWER' with password 'DOSPOWER'.  Press '<F4>' to get to DOS
Shell.  Type 'copy con \efg' (or \abc).  Type your name followed by
'<F6>' and Enter.  You will receive an "Access denied - c:\efg, 0
files copied" message.  The root directory had been marked as read
only in step 5.B.3(F3). [Criteria D]

E.   Directory Hiding.  Type 'cd \BRUCE' at the DOS prompt and press
Enter as in step D (above).  You will get an "Invalid Directory"
message.  It appears to the user as though the directory doesn't
exist which we feel is more secure than just saying that it is
empty.  Type 'md \BRUCE' at the DOS prompt.  You will get an "Unable
to create directory" message.  This is the same message as received
when trying to create a sub-directory when the parent directory does
not exist. [Criteria D]

F.   Maintenance Protection.  Type 'EXIT' to return to Menu Works. 
Press '<F2>' to enter Menu Works Maintenance.  You will receive an
"Insufficient Clearance" message. [Criteria L]

G.   Dynamic Menu Configuration.  From the Main Menu, select the
"Manuals..." item.  You will receive a listing of available items
that includes the Menu Works Advanced Manual but not the Menu Works
Total Security Manual entry (User POWER does not have sufficient
clearance to view this manual).  It is common that, as an
administrator, you will be at a user system without printed
documentation.  We provide on-line documentation so that this
usability problem cannot exist.  Press '<F9>' when complete.
[Criteria L and W]

[BREAK]

H.   Menu Item Protection.  Logon as 'GUEST1'.  Notice that this
user has a different look and feel to the menu.  Press '<F4>' for
DOS Shell.  The key has been disabled on this menu, thus any user of
this menu will not have access to the DOS Shell.  There will not be
an "Access denied" message in such cases since access is denied by
menu, not by clearance.  Also notice that most menu items have been
removed due to the low clearance level of this user.  Press '<F9>'.
[Criteria L]

I.   Floppy Protection.  Logon as 'POWER'.  Press '<F4>' for the DOS
Shell.  Place the recovery diskette into drive A:.  Enter 'DIR A:'
at the DOS prompt.  You will get an "Invalid device specification"
message.  For this user, there is no such device at this time.
[Criteria C]

J.   DOS Command Protection.  While still the 'POWER' user, enter
'FORMAT C:' at the DOS prompt.  You will receive an "Access denied"
message showing that the command has been blocked.  At the DOS
prompt, enter the 'DATE' (or TIME) command.  It will also receive an
"Access denied" message.  Note that protecting the date and time
does not protect the data since the hard disk could be moved to
another computer without protection for CMOS setup routines. 
However, the ability to invalidate DOS commands when booted from
this hard disk is a major capability.  'EXIT' back to the main menu.
[Criteria J]

K.   DOS Shell from Applications.  Run an application that utilizes
the DOS Shell as an application option, such as WordPerfect on the
demo Main Menu.  Select 'Ctrl-F1' option for the WordPerfect DOS
Shell (or appropriate sequence in another application).  Select the
'GO TO DOS' option.  You will get an application message indicating
that you "Can't find COMMAND.COM".  Shell access has been denied. 
Exit the application to return to the Main Menu. [Criteria I]

L.   Secured Screen Saver.  Simultaneously press the Left-Shift and
Right-Shift keys.  This screen saver will operate during DOS
applications as well as from the menu, and requires the password of
the current user to return to the system.  Press a key to get the
Password prompt.  Wait over 15 seconds and the screen saver will
resume.  Provide a password for another valid user (such as the
'ZMANAGER' password) and it will fail.  Provide the correct password
for 'POWER' (DOSPOWER) and it will resume wherever you were when the
screen saver began.  From any menu, press '<F9>'. [Criteria G]

[BREAK]

M.   Autolaunch.  Autolaunch is designed for cases where you wish
certain users to run only one specific application each time they
logon.  One such use is to invoke Windows (as shown in the demo), or
to launch an alternate menuing system such as WordPerfect Office. 
While we believe our menuing system to be superior in security
environments because of the security scripting capabilities, we do
support other turnkey menuing systems.

This is an option that will require a change to your AUTOEXEC.BAT
file.  Logon as 'ZMANAGER' and press '<F4>' for the DOS Shell.  Edit
the \AUTOEXEC.BAT file to add the run-time parameter "/LAUNCH:15" to
the end of the Menu Works invocation command.  This should be the
last line in the file, beginning with "mw".  Save this changed file
and reboot your computer.  

At the Logon screen, select the user ID of 'TURNKEY'.  You reviewed
the Windows Menu earlier in step 5.C.1.  Exit Windows.  You will
return to the Logon screen.  [Criteria X]

N.   Logon Processor.  This demonstration includes a Department of
Defense Warning Banner program.  Using this program as an example,
whenever the appropriate clearance level user enters the system,
they will be presented with the banner prior to the Main Menu.  This
could be any program that you choose for all or some users.

Select Logon ID 'DODUSER1'.  You will get the banner.  Respond "Y"
to the prompt, and the system will continue with the appropriate
menu for that user.  Note that I have changed the color for the Menu
Title area to be orange.  Press '<F9>' to exit.  

Logon as ID 'ZMANAGER' and then press '<F2>' for Menu Works
Maintenance.  Select the Menus pull-down menu, and enter 'Menu
Selection Maintenance'.  Press Enter while selecting the '$SCRIPTS'
menu name.  Select the 'Edit' action for item 'LOGON'.  Press '<F5>'
to view this script.  In this case, all users with a clearance level
of exactly 80 will be presented with the banner.  It can be easily
changed to present any program to all users, or within a range of
clearance codes, as an example.  You might also wish to review the
'LOGOFF' script for some Object Reuse capabilities.  Select 'Esc-
Done' or 'Cancel' until back at the Main Menu. [Criteria V]

It may also be appropriate to change the look and feel of the login
screen to not be a user list, but instead to be a name prompt.  This
may be accomplished by adding the "/LOGIN2" invocation parameter. 
This parameter must be added to the '\AUTOEXEC.BAT' file as a new
command: "SET MENUWORK=/LOGIN2", that should occur prior to the "MW"
command at the end of the file.  The "/LOGIN2" parameter may
optionally be added to the MW invocation line.

Menu Works Total Security also offers native support for the
CRYPTOCard hand held User Authentication Card with full
challenge/response capability.  This control is integrated into the
logon function and is controlled by a specific execution parameter. 
The user may specify a minimum clearance level at which a CRYPTOCard
response is required.  For instance, a level of 00 (zero-zero)
indicates that all users need a token challenge, 70 indicates only
those at or above seventy need a token authentication, and 99
indicates that ONLY the system administrator will be token verified. 


Token use is always specified by clearance level, but the use of a
token is specified on a machine by machine basis.  For instance,
require all users dialing into your business to have a token (modem
machines have a 00 level specified), but all locally accessed
systems may not require a token (no parameter specified, or level
99).  Or perhaps only finance and accounting need a token.  This
option has been designed to be totally flexible.  If you do not have
a token, do not attempt to demonstrate this feature.

NOTE: if dial-in security is important in your environment, please
contact PC Dynamics to discuss the implementation of this security
with challenge/response devices.

G.   Dynamic Menus (Continued). Looking in the lower left corner of
the screen, validate that you are Logon ID 'ZMANAGER'.  Select the
"Manuals..." item.  You may now review the Menu Works Total Security
Manual.  When finished, press '<F9>' to return to the Logon screen.
[Criteria L]

O.   Object Reuse.  Menu Works will map the memory and environment
space after the system initially boots.  Any changes to environment
space variables or values, or the addition of TSR's, or junk left
behind by terminating programs, is cleaned-up at the end of each
menu script line invocation.  Logon as 'DOSPOWER'.  Select Main Menu
item 'DOS Utilities'.  Select 'Make Changes to Environment'.  Note
that all environment variable changes are allowed across batch file
steps, but are reset after each script step.  TSR's loaded during a
step will be removed after the step.  In some cases, where it is
vital that all DOS and Windows data areas be flushed between users,
the system will allow a $SCRIPTS LOGOFF processor to be created that
will automatically scrub disk areas and reboot the computer after
each user.  [Criteria O]

We have some higher security options that may be invoked with the
"/HS" invocation parameter.  This parameter must be added to the
'\AUTOEXEC.BAT' file as a new command: "SET MENUWORK=/HS", that
should occur prior to the "MW" command at the end of the file.  The
"/HS" parameter may NOT be added to the MW invocation line.  These
options will specifically:

1.   Enhance the Disk Wipe utility to do a Department of Defense
     standard triple pass, one pass with all 0's, then one pass with
     all 1's, and a final pass with a random character.
2.   The disk swap file will be specifically encrypted prior to
     writing it to disk.
3.   All passwords maintained in memory for the use of Menu Works
     menus and security features will remain encrypted at all times.
4.   All conventional memory used by menu-launched applications will
     be overwritten with 0's after the application terminates.  This
     will supplement our standard object re-use capability.  

The use of this option is recommended if you deal with confidential
information that needs to be protected from other authorized users
on this computer.

P.   Data Cleaning.  Select 'Security Menu' from the Main Menu. 
Select 'Scrub Unused Disk Sectors'.  This program will run a while,
much like the encryption process, so only run it if time is
available.  To run it, select 'C:' and press Enter, otherwise press
Escape.  This application is a program that can be placed into any
other script, which includes making it into a $SCRIPTS LOGOFF
option.  [Criteria O]

Q.   Memory Usage.  From any menu other than Logon, press '<F4>' to
get to the DOS Shell.  Enter the DOS memory command (mem /c |more). 
Note that the MW program (Menu Works Access Control shell) takes
about 1.7K of conventional memory.  At the DOS prompt, type 'Exit'
and press Enter to return to Menu Works.  Also note that DOS has
only 620K available as conventional memory.  The additional 20K is
occupied by our security shell outside of the addressable range of
DOS, thus DOS utilities cannot access our code (an additional
security level).  Note, if you have a memory manager such as QEMM or
NetRoom, please use their memory utility instead of the DOS Mem
command to get a comprehensive memory map.  The DOS Mem command will
not show other than conventional memory usage with security
installed. [Criteria K]

R.   Audit Log.  While still 'ZMANAGER', press '<F2>' for Menu Works
Maintenance.  Select the Security pull-down menu.  Select 'Tracking
Log Maintenance' to view the log.  Note that the log may be exported
for later import into a data base application, or spreadsheet, for
user custom reports.  One possible report could be to report only
exceptions (violations), or to report on just software metering
items.  Although not specific security items, our product does
provide for Project Tracking and Software Metering as standard
product features.  There is also a .LOG script command to allow the
user to add user-defined log messages from menuing scripts.  Escape
back to the Main Menu.  [Criteria M]

S.   Data Management.  From the Main Menu, or any sub-menu, press
'<F3>' for the File Manager.  This program offers information about
disks in a familiar format that is generally able to be used easily. 
Press Escape to activate the pull-down menus.  Browse around.  Note
that under Files, that you can handle specific file encryption
needs.  This is a full-featured manager, and you might choose to
restrict access to only power users.  Also, hidden directories will
not appear for that user, and read-only directories are
appropriately noted.  When done, press 'Alt-E' to exit. [Criteria Y]

T.   Network Single Signon.  There has been a lot of discussion
about the need for Single Signon among our evaluators.  Many have
called and asked how our admittedly powerful scripting language
could optimally handle the use of network passwords and specific
application launching.  Specifically:

     "What I want is for my users to start their computers, get
     a login screen, be prompted for their network password,
     and then selectively launch either the network menu for
     DOS users, or Windows for non-DOS users.  When the user
     exits these applications I want the system to
     automatically return to your login screen.  I want to
     administer all passwords, expiration dates, concurrent
     signons, time-of-day restrictions, and to disable login
     id's from my server using normal network commands [such as
     the NetWare SYSCON utility] in real-time.  And I want to
     have full discretionary access control for local hard
     drive directories and floppy/serial devices for each
     unique user, and all of your other security features as
     shown in your demonstration.  And I want my network menu
     or Windows to be automatically customized for the current
     user."

Well, we can do this as well!

We offer a very powerful scripting language in this product.  To
demonstrate this option you will need to add an existing valid
network user login-name to be a valid Logon name in Menu Works.  Or
you may wish to add "test user names" (such as NSS-1 and NSS-2 as
provided in our script) to your network.  While still 'ZMANAGER', to
add the selected network user login-name as a valid Menu Works logon
name, proceed to the Menu Works '<F2>' Maintenance function, select
the pull-down menu SECURITY, and select the 'User ID Maintenance'
section and press Enter.  Select the 'Add' Action.  Select 'Edit'
when presented with a blank entry dialog box.  Create a user with
the network user login-name in the  'Logon Id' field.  Do NOT assign
a password to this name in Menu Works.  The network name should have
a password on the file server.  Assign a clearance level of 8. 
Press 'Escape', 'Accept', and 'Esc-Done' to record this new user. 
Press '<F9>' to return to the Logon Screen.

This new logon name, when selected, will invoke the provided
Autolaunch script.  This script will request your network login
prompting for a valid network password.  If the user is not valid
for this file server, number of simultaneous login's, time-of-day or
day-of-week periods, or has an expired or terminated login account
or password on the file server as administered by the NetWare SYSCON
utility (or comparable for other network systems), the script will
reject the login and revert back to the Menu Works Logon Screen.  If
this station cannot connect to the server for any cause, then this
user will not be able to logon to the client.

Our system will accommodate 250 user names.  All of these user names
that have been configured to have a clearance level of less than the
'/LAUNCH:nn'  clearance level will invoke the Autolaunch script. 
But be sure that there are some login names with a clearance 99 that
can enter the system without the Autolaunch effecting them.
[Criteria F].

After login occurs, the Autolaunch script will validate the
existence of a network version of Menu Works (Advanced) in directory
'f:\APPS\MENUWORK', and if present, it will invoke that menu.  If
absent, it will invoke Windows from your local hard drive.  However,
you could just have easily used '.if' script commands so that
clearance = 6 started DOS menuing, clearance = 7 started Windows,
and clearance = n started other turn-key applications. [Criteria X].

Since this script uses standard network commands and is controlled
by standard network authorizations, it will now automatically
support network-capable token and biometric devices such as the
Veritel Corporation voice recognition system when run as command-
line programs.  Such products can now be used to extend local
client/workstation functional C2 discretionary access control where
extreme security conditions exist.  The product has native support
for Litronic SmartCard devices and CRYPTOCard challenge/response
products. [Criteria S].

Which leads us to the topic of Central Administration.  Menu Works
Total Security uses a single client-resident security-protected file
to determine valid user-id, password, and clearance information. 
This file is not maintained as an open file except for the few
seconds during our login process.  It is common for this list to be
administered in a file server directory by the administrator, and
copied to the local drive during logoff processes.  This is usually
accomplished by the LOGOFF script in the $SCRIPTS menu.  Basically,
the administrator maintains a single user file, and the workstations
copy it to themselves between users.  Password administration may be
accomplished for local access at the same time, but passwords would
be the responsibility of the server administrator.  [Criteria S].

Where Network Single Signon is used, the password and all access-
limiting controls are maintained at the server.  For the purposes of
this administration, the user cannot utilize their local PC if they
cannot login to the file server.  This is much more than an intruder
prevention mechanism.  One possible use of this capability is in
user departments that do not want service staff to have unlimited
access to their systems.  Simply have all service staff defined as
NSS users in the user list for all systems.  When a technician is
rendering service at a secured system, have the technician network
account activated, assigned a valid password on the server only for
a specific node address, and limit the number of concurrent login's
to one.  When the technician is completed, change their valid node
address and disable their account.  In this way, the user department
has their needed protection, and the service staff has their
appropriate access.

U.   Automatic Windows Personalization.  One additional capability
of our product is to facilitate the customization of the Windows
environment for each user.  When 'BRUCE' uses a computer in the
accounting department, he should not automatically have access to
the accounting department groups.  Program Manager [RESTRICTIONS]
should travel with the user.

If the administrator has created a secured directory on the file
server with sub-directories for each user that contains their
personal .INI and .GRP files, then our Windows launching script can
copy these files to a local drive Windows directory prior to
starting Windows.  In that way, each user can move freely from
machine to machine, and all users will have their personalized
environments (as far as initialization and group files are
concerned).  Of course, some local customization might be required,
but that too is easily handled in our scripting language.  [Criteria
L and S].

To view an example of how the scripting language could be
implemented to support this feature, please logon as 'ZMANAGER' and
press '<F2>'.  Move the pull-down Menu to 'MENUS'. Select 'Menu
Selection Maintenance' and press Enter.  Select MAINMENU.  You can
use a mouse, cursor, or type the name until qualified.  When correct
entry (MAINMENU) is selected, press Enter.

Select the 'Edit' Action item.  Move cursor to 'Windows 3.x' and
press Enter.  Press '<F5>' to edit the script.  Please review the
script comments where Windows Personalization is described. 


The evaluation script is complete.  Normally evaluators will modify
our scripts and configuration to make them more real world to their
environment.  It is hoped that the scripts contain a basic
configuration for your environment that helps you in your set-up process.

If you are finished with our product, please invoke the security
manager, and remove the security shell, as described step 15 (above,
prior to item A).  Once this has completed, to finish removing our
product, remove the Menu Works program invocation command from the
end of AUTOEXEC.BAT and delete the files in the c:\MENUWORK
directory.  This is just about a five minute process.

There are many more features that are more difficult to demonstrate
without changing the demo configuration.  For instance, we will
process values from environment variables in our scripts, even
performing '.if' logic on the variables. 

I hope that you saw that ours is a very simple and intuitive system
to use.  The cost of a security system is much more than the cost of
the software - it must be easy to use or training and support is
expensive.  Also, if it is not intuitive and beneficial for users,
then they will fight the implementation and security thus fails. 
Although unspecified, this is one of our most important features.  


Feature Summary

While some products in the menuing arena claim to offer security
features, they are easily bypassed by educated users.  Only a
security system offers security, all others provide access control. 


PC Dynamics has and will develop specific interfaces to hardware
tokens and biometric systems. Of particular note is the Smart Card
(token) interface, a standard part of the Menu Works Total Security
system.  This interface is useful when token protection for stand-
alone processors is appropriate.  Additional token and biometric
support for networks is discussed earlier (Section T) in this
script.  For environments requiring a few hardware tokens, but
needing discretionary access control, we now offer an excellent
solution.

Our Menu Works Total Security is the best software security system
on the market.  The integration of Menu Works Advanced provides a
very robust access control capability that offers the ability to
customize the secured environment to meet the needs of the users. 
Menu Works Advanced is a product that is very feature rich, meeting
the needs of any user, be it home or network usage.

We have great reviews and references from sophisticated users of all
of our products.

Press:

SECURE Computing (The International Journal of Computer Security) -
October, 1994, First Place Winner, Worldwide Security Product
Review, & Editors Choice Award.  SECURE Computing does not accept
advertisements from vendors in order to maintain total impartiality. 
They stated that Menu Works Total Security is the "Best of the
best".

PC Computing - "Several DOS menus beat Program Manager at supporting
groups within groups (submenus) and password-protected menu items. 
Windows zealots can get those functions by replacing Program Manager
with the Norton Desktop for Windows, but even that's no match for a
multiuser menu like PC Dynamics' Menu Works Total Security". 
 
PC Sources - "This security package is not only extremely effective,
but easy to use...Menu Works Total Security offers real peace of
mind.  Menu Works Advanced...can provide novices with an easy
interface custom-tailored to their level of knowledge."

San Francisco Chronicle - "Menu Works is a superb tool in the right
hands.  If you have even a rudimentary knowledge of DOS, you can use
its menu and screen design features to create a powerful and
efficient PC command post.  The program is particularly useful in a
corporate setting, where multiple users may share a PC and security
is important."

The New York Times - "You can have a menu system working in 15
minutes after you strip the shrink wrap off the box. ...a powerful
tool for computer literate supervisors or, in bigger companies,
system managers, support specialists and network administrators. 
This is the kingdom of custom menus, scripting and macros, disk
management, security and time and project tracking."

PC World - "With Menu Works Total Security you get bank-vault
protection in a friendly menu shell..."

Computer Buying World - "Menu Works Advanced is an intelligent,
automatic menu-building application and PC front end.  A particular
strength of Menu Works is its wealth of features for multiple or
networked PC users and administrators."

Federal Computer Week - "Menu Works great strength is still its
zero-time learning curve... the type of simplicity a new user or PC
manager whose support efforts are spread too thin may want."

Infoworld (Networking January 13, 1992) - "Chronically paranoid PC
users will be relieved to hear about [Menu Works Total Security]. On
peer-to-peer networks, the product can be used to secure all
networked drives." 

Computer Shopper - "No other DOS-menuing system packs as much into
one program as Menu Works Advanced.  Feature for feature, it beats
better-known software such as Direct Access and Automenu.  Not only
is it easier to set-up ... but in day-to-day use, Menu Works
Advanced takes demon DOS and puts it in its place."

Compuserve (Online, GO OLT-5320) - "... especially liked the [Menu
Works Advanced] program's flexibility and wide range of security
features, ...appropriate for both individual users and for
standardizing an entire office." 

PC Today - "Becoming familiar with Menu Works is remarkably simple. 
Within a few minutes of entering the program for the first time, I
was able to figure out how to add new programs, create new menus,
edit existing program menus, and delete items or menus.  And all of
this was done without even opening the documentation."CRITERIA


I suggest that the following features be considered mandatory:

A.   Boot-from-floppy protection for local disk drives.  A user
     booting from a floppy diskette cannot be allowed access to the
     hard drive partition.  This security feature must prevent a
     user from booting from floppy, thus bypassing the programmed
     hard disk boot sequence, to gain access to confidential data on
     local hard drives.

B.   Ability to prevent interruption during boot processing
     (keyboard lock).  A user cannot be allowed to bypass the
     programmed hard disk boot sequence by breaking out of the
     startup file.  The system must make sure that the system
     completes the planned startup sequence and that the user
     identification and authentication process (logon) occurs, thus
     the system remains secured and always functions as intended.

C.   Selective hardware access.  The system must provide selective
     access to COMn and LPTn ports, and all devices A: to Z:.  These
     restrictions must be able to be controlled by application and
     user (both).  This will prevent a user from using any serial or
     parallel device to gain access to system resources, or from
     writing secured information to media (printed, modem, parallel-
     port attached tape devices, etc.).  It must also prevent a user
     from using the "A:" drive (etc.) except when running authorized
     programs.  This capability will block the ability to run virus-
     infected programs in most cases.  It will also block access to
     network drives for unauthorized users.  For instance, drives F:
     to Z: must be able to be disabled until the correct network
     logon procedure is used.

D.   Directory-level data protection.  The product must include the
     ability to make the ROOT and critical directories fully read-
     only.  It also allows for the complete hiding of directories so
     that DOS 'CD' commands will not succeed to hidden directories. 
     Therefore, the product must allow or prevent, as needed, a
     users access to data contained in sensitive directories. With
     the average PC containing thousands of files, the product must
     allow directory control instead of just file level control
     since the latter is too tedious to administer.  

E.   DES and high performance data encryption for local disks or
     selected files.  For additional file level security, specific
     file encryption with user passwords must be available.  In
     higher security need areas, entire hard drives must be able to
     be encrypted and un-encrypted without constant user
     intervention.  This renders access to the drive with physical
     disk editors useless, and maintains data security.

F.   Login and password for 250 users (Network user limit).  The
     product must require one or both of the user identification
     (name) and authentication (password) for all system users.  The
     product must require at least name if security is not
     important, but must require both whenever desired.  Additional
     authentication via biometrics, tokens, or challenge/response
     systems must be supported.  On networks, single signon should
     be a standard product feature.

G.   Password protected screen saver with time-out and hot-key
     invocation.  A user that leaves their station unattended for an
     extensive (user defined) period of time does the equivalent of
     locking the car and leaving the windows open.  Any passerby can
     assume their identity and potentially access confidential data,
     even on a network.  A "hot-key" or time-out screen saver must
     be available that requires the re-entry of the password of the
     current user in order to resume execution.  This will prevent
     the use of the computer during short periods where the system
     must be unattended.  

H.   Execute-only file protection for .EXE and .COM files.  The
     product must prevent the accidental or unknown modification to
     application program files, thus preventing potential security
     breaches via "Trojan Horse" mechanisms and viruses.

I.   DOS shell blocking across applications, including WordPerfect
     and Lotus 123.  The product must prevent users who are not
     allowed to access the DOS prompt from accessing the DOS shell
     from within ALL applications.

J.   DOS command line filtering to deny access to user-defined
     commands for DOS-level users.  The product must prevent a user
     who is allowed DOS prompt access from entering and using
     dangerous commands.  A user, for instance, can be prevented
     from accidently formatting their hard drive.

K.   Compatible and minimal memory usage.  The security system must
     take a minimal amount of memory (30K or less) while executing
     applications.  Also, the product must assure compatibility in
     Wide and Local Area Networks.  All major network operating
     systems and versions of MS/PC DOS must be supported.  The
     product must peacefully co-exist with all major memory
     managers.  Where the user interface must be consistent, and
     where data protection and reliability are important, platform
     independence is important.

L.   Two customization operating modes: 1) A fully integrated and
     security sensitive DOS menuing system with custom menus by
     user, and 2) a feature providing automatic Windows
     personalization with rights, controls, and Windows groups by
     user.  For maximum discretionary access control, this is
     mandatory.   Within the provided DOS menuing system, DOS access
     and available functions must be controllable by user security
     permissions.  Users will not be allowed to view any application
     selections that they do not have permission to execute. 
     Prevents a casual user from gaining unprotected access to the
     secured items, thus blocking potential security breaches. 
     Menuing scripts must be supported by user to allow custom
     prompts for additional data or parameters, add information to
     the audit log, query clearance codes, deny access to menu
     items, and to provide user-defined help screens.  Also, all
     security options must be able to be selectively changed during
     a specific program invocation, such as enabling COM1 during
     only Windows execution.  This must also support the control of
     network logon procedures.  This significantly increases the
     ability to have the system solve the user's problems, rather
     than causing the user to adjust to the security system.  The
     ability to provide security as a useful tool is vital to user
     acceptance of any PC security program.

M.   Logon and usage audit logs.  Complete access logs must be
     maintained by the security system.  Logon attempts and program
     access must be recorded for each user.  Also, the system must
     allow us to enforce and track DOS software usage (software
     metering), insuring compliance with software licenses.  This
     audit log must reside on local hard drives and be exportable to
     networks for centralized analysis.

N.   The security system must work with and also protect existing
     Network and Virus Protection software.  Although most virus
     scanners are generally acceptable, the security system must
     perform a CRC check on critical applications during the boot
     process.  The system must validate that critical files invoked
     prior to starting the virus scanner, such as network drivers,
     device drivers and the virus scanner itself, are virus-free.

O.   Object reuse (computer memory, environment and disk surface
     cleansing between users) must be a standard part of the system. 
     Memory areas cannot contain changed environment variables or
     loaded TSR applications that might compromise data security. 
     These areas must be restored to their condition prior to
     program invocation.  The system must allow for the "cleaning"
     of erased sections on hard disk drives.  A process must be
     available to require a disk cleaning and system reboot after
     each user should such security be necessary.

Any product evaluation must identify and prove that the above
mandatory features are achieved.  In addition to these mandatory
features are several economic constraints:

P.   Per unit price must allow for computers under company control
     anywhere that they may be located, regardless of network
     connection or physical location.  The pricing must accommodate
     notebook and laptop usage, thus must function in portable
     environments.  The license must be "Enterprise Wide", not server-
      or location-based.

Q.   The installation must be economical.  It is assumed that the
     installation of security software into user environments will
     not be labor intensive.  The company must be able to configure
     one system to meet company security needs, and to copy that
     system to each user machine, install the software, and validate
     the installation in fewer than 10 minutes per machine.  If
     whole-disk encryption is necessary, then a longer installation
     time is mandatory under all circumstances.  Where possible,
     network installation must be supported.

R.   The software must be commercially available through dominant
     retail channels.  It is generally the rule that such systems
     are designed for novice users and thus will require a minimum
     amount of training, intervention, and user support once
     installed.

There are several important but not mandatory capabilities that
should be present in the selected product:

S.   Password retention for last five passwords to avoid reuse and
     possible security problems.  Each password must be eight to
     sixteen characters in length.  Random entry via password
     guessing is much more difficult than with shorter passwords. 
     An extension supporting a hardware token such as a Smart Card
     or challenge/response device (what you have) or biometric (who
     you are) verification mechanism must be available for ultra-
     secure situations where passwords (what you know) are not
     sufficient.

T.   Display of the last logon date and time after successful logon. 
     The user will be able to view the last usage, thus detecting
     when others might be using their access name and password.

U.   Password expiration intervals that can be set for each user. 
     Regular modification of passwords is necessary to prevent
     intrusion.  Passwords may be changed by the user at any time
     within the above constraints.

V.   System should allow for the administrator to specify one or
     more programs that MUST be executed as a part of the logon,
     program execution, and/or logoff sequence.  This would allow
     the inclusion of security warning banners, automatic virus
     scanners, and disk and memory cleaning agents.

W.   Product documentation must be available as an integrated on-
     line menu selection item.  All major system functions must have
     standard F1 (Help) documentation available.  User menu items
     must allow for user help screens to be defined by company. 
     This will allow the user to define and display custom help
     screens.  This capability greatly enhances the power of the
     menu item scripting language to the point of making the menu
     and program launching appear seamless.

X.   The system must have the ability to launch a specific (turn-
     key) application, and only that application, for a group of
     users.  Upon termination of that application for any reason,
     the system must return to the logon process.  In the case of
     Windows, the customization (personalization) of key .INI and
     .GRP files based upon user should be automatic.

Y.   Data file management must be simplified with a security-
     sensitive file management tool.  This tool must allow the user
     to easily manipulate files and directories.  The tool should be
     security sensitive, allowing the user to easily encrypt files
     for transfer to other company facilities.  Provides an
     integrated disk management tool having the look and feel of
     common programs.

Z.   The vendor must have been in the security business for several
     years, and have an established clientele including major
     military and commercial accounts.  The product references must
     be "strongly recommend" by respected sources, including
     published editorial staff recommendations in notable
     periodicals.

The above "A to Z" feature list describes items that are important
to the successful protection of company data resources.
Completing the Security Evaluation Report

The Security Evaluation Report is designed to facilitate the
comparison of multiple products in your review.  Or to just track
the overall impression of any one evaluated product.

As you have gone through the script, you will have encountered many
[Criteria A] symbols.  These refer to items in the above criteria
list, and correspond to items on the attached evaluation report.

As you encounter the criteria items in the evaluation, please
indicate, in pencil, your rating of the product on that particular
criteria.  The higher the number, the better the feature rating. 
You will have sometimes encountered several items during the
evaluation that relate to the same criteria item.  These features
should collectively strengthen (improve) the rating on that item. 

At the lower right hand corner of the evaluation report is a section
for producing an overall evaluation summary based upon a maximum of
300 points.  The first entry in this section is the total of the
numeric values for the A-Z criteria.  The maximum value possible is
26 times 9, or 234 points.  In this section are three other
categories that weight to twenty-two percent of the overall points
available.  The items in this section to be rated are:

    Product Use is Intuitive/Easy - This is a rating of the product
     from zero to twenty-two points where zero is very poor, and
     twenty-two is very excellent.  The ranking is somewhat
     subjective, as it is your reaction to your ability to utilize
     the product without documentation (intuitive) in a straight
     forward, easy manner.

    Tool End Users Will Accept - Your users will want to have some
     utility out of the security system.  It has to be beneficial or
     they will consider it a hindrance.  This item is also
     subjective and has the same point spread as above.  The zero
     would correspond to a hindrance with no useful value as viewed
     by your users, and twenty-two relates to helpful, with users
     wanting the product.  In general, do your users think that the
     product, as a useful tool, is acceptable and beneficial.

    Cost / Value - The value of a product is based upon the
     benefits and features versus the cost.  If the cost is average,
     and the benefits and features are average, then the value is
     average.  If the cost is very low and the benefits and features
     are high, then the value is excellent.  If the cost is very
     high, and the benefits and features are high, then the value
     may well be below average.  While this may be subjective,
     simply taking the points already granted divided by the per
     unit price in your appropriate license size may be useful. 
     Clearly, if there are two products and the computed value of
     one is greater than 15, and the other is less than 5, there
     will be a strong influence on your final point ranking.  There
     are twenty- two possible points for this category.

Note that the final ranking in some companies is strictly based upon
Cost/Value, while some are concerned with just feature set, and some
utilize the total percentage as presented on our form.  The final
call is always yours.