MARS is a pretty interesting block cipher designed by a team at IBM, and submitted to the AES contest. It made it to the final group of 5 (out of the original 15), and, in the final vote, ended up taking 4th (just ahead of RC6). Like the other AES candidates, MARS encrypts a 128-bit block under the control of a 128, 192, or 256 bit key. For whatever reason, MARS has far more designers than any of the other AES submissions - 11 people! Included among these is Don Coppersmith, who has been around for ages, and worked on (among other things), the original DES design. And, by the way, no, I don't know why the name is all capital letters, as it is not an acronym as far as I can tell. But the original papers and design specs all use all-caps, so who am I to argue?
MARS uses a lot of different tricks - large(ish) random S-boxes, data dependent rotations, and multiplication, along with the more usual stuff (addition, subtraction, XOR, and fixed rotations). It also has a very interesting structural design, which is to split the cipher into three layers - first an unkeyed mixing layer, then the 'cryptographic core', and then another mixing layer. Whitening is used immediately before the first mixing and after the final mixing, so the operations can't just be stripped off by the cryptanalyst. The idea being that before someone could even look at attacking the inner core, they would have to break the mixing layers - and then they are still stuck trying to attack the inner core, which is by all accounts quite strong.
The disadvantage to MARS comes from the extra complexity of this multi-layered design. MARS is a serious hog in hardware, because its random S-boxes are basically impossible to implement in gates. Thus, one would have to use ROM, with all the extra complexity that involves. In addition, 32-bit multiplications and 32-bit general rotations take up a lot of resources. Now, in the end, we're not talking about much regardless - a few tens of thousands of extra gates is not going to mean much in cost, size, or heat. But since AES will be used in (pretty much) everything, including very low-end stuff, for the next 15-25 years, the smaller and cheaper in hardware, the better off everyone is.
And it is not that much fun in software, either. In particular, the cryptographic core likes to multiply some of it's inputs with key words. To prevent the use of 'bad' key words, which will interact poorly with the multiplication (values like 0, 1, powers of two, etc), MARS defines a special test for each key word, and this test is really tricky to do. You have to create a 'mask', where the bits of the mask are 1 iff the corresponding bit of the key word is part of a run of 0s or 1s that is 11 bits long or longer. Sorry, I know that's hard to parse, but that is as simple as I know how to phrase it. You have to have some serious bit bashing skillz to be able to see how to do it. And of course a 32-bit multiply is not easy on an 8-bit smartcard (this also worked against RC6).