Antivirus that does NOT require updates !!

[Paul_Lucy]

I discovered something that I thought people here might be interested in.

It's an antivirus program that doesn't use virus-specific information or
database of virus signatures and hence doesn't require periodic updates. It
looks at the different ways viruses attack.

Here's a PDF that describes the software and it's technology (see
"InVircible's Generic Technology" at the bottom of page 2) :
http://www.invircible.com/papers/IV4Enterprise.pdf

What do you think ?

 

[f/fgeorge]

I discovered something that I thought people here might be interested in.

It's an antivirus program that doesn't use virus-specific information or
database of virus signatures and hence doesn't require periodic updates. It
looks at the different ways viruses attack.

Here's a PDF that describes the software and it's technology (see
"InVircible's Generic Technology" at the bottom of page 2) :
http://www.invircible.com/papers/IV4Enterprise.pdf

What do you think ?

This is NOT the way to go, a program that never needs updating will be
an easy way for hackers to get around it!

 

[John Barnett MVP]

If it doesn't need updating how is it going to deal with the latest virus
threats? Even the most expensive anti virus software requires updating to
keep up with the constant barrage of new viruses. I also noted that the pdf
file article is 5 years old and the 'last' customer comment came in 2003.
Hardly a glowing response. It certainly isn't an application I would trust
my system to.

--
John Barnett MVP
Associate Expert
Windows - Shell/User

Web: http://xphelpandsupport.mvps.org
Web: http://vistasupport.mvps.org

The information in this mail/post is supplied "as is". No warranty of any
kind, either expressed or implied, is made in relation to the accuracy,
reliability or content of this mail/post. The Author shall not be liable for
any direct, indirect, incidental or consequential damages arising out of the
use of, or inability to use, information or opinions expressed in this
mail/post..

 

[Mr. Arnold]

I discovered something that I thought people here might be interested in.

It's an antivirus program that doesn't use virus-specific information or
database of virus signatures and hence doesn't require periodic updates.
It looks at the different ways viruses attack.

Here's a PDF that describes the software and it's technology (see
"InVircible's Generic Technology" at the bottom of page 2) :
http://www.invircible.com/papers/IV4Enterprise.pdf

What do you think ?

You need to run two AV(s) then. You can run the one you're talking about
that's playing the role of an AV solution.

Then you run a real AV solution that has updates to back-up the AV that's
playing a role of an AV solution.

 

[Peter]

Running two A/V will cause problems. It's Ok for A/S but not A/V.

 

[Victek]

It's an antivirus program that doesn't use virus-specific information or

database of virus signatures and hence doesn't require periodic updates.
It looks at the different ways viruses attack.

Here's a PDF that describes the software and it's technology (see
"InVircible's Generic Technology" at the bottom of page 2) :
http://www.invircible.com/papers/IV4Enterprise.pdf

What do you think ?

After a brief look at the web site and PDF I'd say InVircible Antivirus is
similar to CyberHawk, PrevX and other HIPS apps. Host Intrusion Prevention
Systems protect the computer by monitoring the behavior of software and
intercepting anything that looks suspicious. This is a valid approach IMHO,
however it is not necessary to rely on it exclusively. A HIPS type monitor
can be run along side traditional signature based AV. Also, HIPS
applications tend to require a lot of user interaction if they do not
include a database of trusted applications. By "user interaction" I mean
they pop up a lot of warnings and ask the user to decide if a particular
program/activity is safe. This can be pretty annoying, and is also
problematic for users who don't have enough knowledge to make the correct
choices. There are HIPS apps that include a database of safe applications
which cuts down the number of warnings/requests. That database needs to be
updated <g>. Unfortunately, Invircible AV doesn't support Vista so I can't
install it and confirm my opinion - take it as a "best guess". If you try
Invircible let us know what you think.

 

[Richard Urban]

Says nothing about being compatible with Vista - and you are posting in a
Vista newsgroup.

--


Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)

 

[Alun Harford]

I discovered something that I thought people here might be interested in.

It's an antivirus program that doesn't use virus-specific information or
database of virus signatures and hence doesn't require periodic
updates. It looks at the different ways viruses attack.

Here's a PDF that describes the software and it's technology (see
"InVircible's Generic Technology" at the bottom of page 2) :
http://www.invircible.com/papers/IV4Enterprise.pdf

What do you think ?

All modern anti-virus products (since the Fish / Whale polymorphic
viruses were released into the wild in 1989/1990 (iirc)) have heuristic
detection of viruses.
Determining whether a program is a virus is as hard as the halting
problem. (Google halting problem if you don't know that stuff - every
good computer person should). Relying entirely on heuristics for
anti-virus is provably stupid!
They might have some interesting new heuristics that could be integrated
into other AV products at some point in future, but their buzword-filled
nonsense whitepaper with no technical details makes me suspect that this
is not the case.

Alun Harford

 

[Mr. Arnold]

Running two A/V will cause problems. It's Ok for A/S but not A/V.

I know this. It was a joke. However, I have seen people make posts in the AV
NG(s) doing just that with no problems too, according to them.

 

[Paul_Lucy]

That's true, the user has to know enough about the system to be able to say
to this software "yes, what you are pointing out is virus activity, delete
it".

It doesn't look like a home user could use it.
______________________________

 

[Paul_Lucy]

Oops, sorry. I did take another look at the website and saw only support up
to XP. I just thought that all anti-virus manufacturers would automatically
support all windows.
___________________________

 

[f/fgeorge]

After a brief look at the web site and PDF I'd say InVircible Antivirus is
similar to CyberHawk, PrevX and other HIPS apps. Host Intrusion Prevention
Systems protect the computer by monitoring the behavior of software and
intercepting anything that looks suspicious. This is a valid approach IMHO,
however it is not necessary to rely on it exclusively. A HIPS type monitor
can be run along side traditional signature based AV. Also, HIPS
applications tend to require a lot of user interaction if they do not
include a database of trusted applications. By "user interaction" I mean
they pop up a lot of warnings and ask the user to decide if a particular
program/activity is safe. This can be pretty annoying, and is also
problematic for users who don't have enough knowledge to make the correct
choices. There are HIPS apps that include a database of safe applications
which cuts down the number of warnings/requests. That database needs to be
updated <g>. Unfortunately, Invircible AV doesn't support Vista so I can't
install it and confirm my opinion - take it as a "best guess". If you try
Invircible let us know what you think.

But most of these types of programs look at registry activity as
evidence of something bad, Skype, for example, does not touch the
registry so most 'users' can just add it and run it with no problems.
We foudn that at work, no Admins just Users, Skype happily running on
half a dozen pc's with no hint that it was there, except the huge
bandwidth and ports it was using. We have since blocked it and its
ports, etc...but the point is nothing that checks the computer for
suspicious activity that is not upgraded, is worthless.

 

[Paul_Lucy]

Out of curiosity, are there other classes of anti-virus programs besides
HIPS and traditional (ie virus signature database) ?
_______________________________

 

[Straight Talk]

Out of curiosity, are there other classes of anti-virus programs besides
HIPS and traditional (ie virus signature database) ?

If you ask me there is only one class, MPS (Malware Prevention
System). If you ask anti-whatever vendors there are just as many
classes as they can get away with charging customers for.

Just look at the guys at Symantec, who just introduced "anti-bot"
ware. *sigh*

 

[cquirke (MVP Windows shell/user)]

On Sat, 28 Jul 2007 14:59:41 +0300, "Paul_Lucy"

It's an antivirus program that doesn't use virus-specific information or
database of virus signatures and hence doesn't require periodic updates. It
looks at the different ways viruses attack.

Here's a PDF that describes the software and it's technology (see
"InVircible's Generic Technology" at the bottom of page 2) :

http://www.invircible.com/papers/IV4Enterprise.pdf

"In contrast to virus-specific software, InVircible
uses no virus-specific information or database.
The methods used by InVircible are generic,
which means they are effective against groups
of threats that share a common characteristic or
behavior. Unlike virusspecific AV, which use
pattern recognition as their only detection method,
InVircible implements multiple and mutually
independent methods, simultaneously"

Well, I think several av would disagree that "pattern recognition" is
"their only detection method", though it is their main approach.

It looks like something that would compliment, rather than replace,
traditional av. I would not use it "instead of".

The underlying concepts are whitelisting (specifying what is
permitted) vs. blacklisting (specifying what is forbidden).


Traditional av works on the blacklist principle, i.e. it sets out to
detect known malware, as well as inferring malware behavior
heuristically (the part that isn't "pattern recognition").

An approach based on whitelisting would limit the system to a closed
list of acceptable programs, as befitting the locked-down corporate
desktop. That would be as popular with consumers and "free" end users
as a turd in a swimming pool ;-)

Invincible does both. Some of its generic mechanisms look like
heuristic black-listing, and to claim this will never need updating is
to predict that malware will not find new ways to behave. Other
mechanisms look like whitelisting, perhaps using the same "nag for
permission" methods as firewalls, PrevX, UAC, etc.

The trouble is, any "hard" listing approach, be it "white" or "black",
will require updates. Even if you plan to use nothing but Vista and
MS Office, you'd still have to accomodate patches that change this
code base. How will you "know" these are legitimate?

-------------------- ----- ---- --- -- - - - -

Tip Of The Day:
To disable the 'Tip of the Day' feature...

 

[Mark Schubert]

That cannot work!