Generic Anti-Virus Network Defence Solutions On-line Real Time Protection
Multi-tiered Security Solution
Defence Network Home Company Profile Support Downloads Solutions News Articles Enquiries
  Reduces legal liability
Blocks First Strike of Viruses
 
Finjan
InVircible

Product Range

InVircible Overview

InVircible Single

InVircible Corporate
     
MailMarshal
SnapGear

InVircible General Description

 

Key functions of the INVIRCIBLE Defence Network system are:

  • To provide a solution that is not signature database dependent to substantially reduced software maintenance otherwise required to provide weekly signature file database updates
  • A solution that will consistently remove all virus code from infected files and is equally effective against known and unknown viruses.
  • The software does not need to archive infected files; instead they are cleaned on the fly.
  • For normal Defence Network there is no action required by the PC user.
  • The software does not interfere with day to day business operations.

In Summary

  • INVIRCIBLE provides much more secure Defence Network as it is effective against known and new virus immediately
  • Maintenance and support resources is absolutely minimal because no need for ongoing Signature database updates

What are the features and benefits?

The technology and approach to the virus problem used by InVircible is Generic, completely different to that employed by most anti virus software - for example InVircible does not use pattern/signature file matching used by most other AV products.

InVircible acts in detecting non standard behavior because the software understands what modification is required in files for Viruses to replicate. Running in background realtime, it checks incoming files from the Internet and all other external sources, and discovers and removes viruses where they reside, both known and new.

Once the software is set up correctly, InVircible offers complete protection against known and new Viruses with the absolute minimum need for software updates.

This complete protection and minimal maintenance will translate into considerable cost savings in resource time to perform these functions, and the time otherwise spent in resolving minor or major Virus problems because your existing software is not protecting you against new viruses not in their signature files.

InVircible uses technology that has its roots in a defence environment where the original versions were used to protect aircraft and logistic computer systems against manipulation.

A single version of the software covers multiple operating environments, including NT, NetWare, Citrix and Windows where viruses and trojan/worms exist, and cost savings are available compared to traditional anti-virus software because of this.

As InVircible does not carry a signature file database it has a small footprint taking up around 3Meg of disc and about 2% of CPU resources for the online VXD facility.

A suite of unique software engines are used to tackle each type of virus and this is summarised in the White Paper "InVircible and Computer Viruses"

Within the current release are all the engines required to detect all known types of existing or new viruses, variants as well as Trojans /worms, and the software has been fully tested in the Microsoft Windows and Office 2000 environments.

Users of InVircible are fully protected against the newer VBS worms including all variants of the "Love Bug" as well as Life_Stages.shs.

Updates which generally occur only every 3-6 months, relate to improvements in software operation or performance, and as Invircible does not use signature file matching, the daily or weekly signature updates for this type of software is not required with Invircible.

How does it work?

Some of he detailed techniques used by InVircible are proprietary and have been developed and refined over a number of years.

However basically Invircible is looking for non standard behavior in files, for example when looking for Viruses which may have infected executable files, the Batch and WindowsVXD/ NT Service engines are looking for such things as uniform file size increases, changes in executable program pointers, and code within an executable which is attempting replication.

There are a range of inference rules, which are held within the software and applied when checking files depending and the type of files ability to support the various Virus/Trojan and Worm types.

InVircible will take action if the file fails a series of tests for Viral activity and will either bar the running of an infected executable if found on action, allowing it to be removed and if required, replaced with a clean copy or restored to its original clean version if detected during a sweep using the Integrity batch process.

There are separate detection software engines for each type of Virus/Trojan and Worm as well as Word and Excel where the software is able to detect Macro viruses and generally remove them on the fly without effecting the opening of the document or spreadsheet.

With Macro Viruses the software basically tests Macros to determine whether they are Viral or not. A complex set of specific inference rules tests are applied to each file type depending on whether it is an Word, Excel or PowerPoint infection or all three.

Such things as "kill" and other malicious statements, code which is attempting to open and change other files is checked.

In the event of a file been determined as infected, InVircible will remove the macro Virus on the fly, providing user messages, and or reports sent to the administrator.

InVircible never Quarantines or deletes data files, but takes action when detection occurs.

A similar process occurs when reviewing VBS code to determine whether the code is performing illegal functions. Normally VBS infected files are barred from being opened by the software.

Invircible will however allow normal Macros to run and will let traditional formatting and Excel formulae macros pass unaffected.

The core of the InVircible defence system is a real-time Interceptor, VXD or service, which runs on the Desktop or portable PC. The Interceptor interrogates all files moved or opened by any application from any location. It has a choice of interrogation techniques to deploy depending on the type of file being accessed. For example, the detection and removal techniques for a Word infected file is different to that of an infected Windows executable file.

As stated above the Interceptor is applying a set of relevant inference rules dependant on the file type to determine if the file is behaving as it should or is attempting illegal actions. Such things as "kill" statements and files attempting to open and then insert code into other files under certain circumstances would be considered as suspicious.

Using these behavioral inference rules in very rare cases it is possible that a clean file fails these tests and is seen as Viral.

InVircible caters for this by providing a Global "File Exclude List" which will allow the software to accept a particular file. The software is installed with a small set of excluded files such as disc defrag programs and Year 2000 fixes, however it is a simple process to add a file should a false alarm occur.

The other key facility active on start up is SAM Startup Application Monitor, which has been designed specifically for defence against trogans/worms by detecting the introduction on the desktop in background, of files, malicious executables and backdoor hacking tools.

The Startup Application monitor is also resident in memory at Start up and learns what is autoloaded on Startup.

It constantly monitors these registers so that in the event of a Trojans output file being introduced in background, the monitor will immediately advise the user of its presence and its current location. Another part of the software will bar these output files from running so the Trojan is rendered harmless.

Also available are batch processing server and desktop scanning software, which can be automatically scheduled at suitable times daily or weekly.

The Macro sweeper is looking for unopened files with macro virus infection and the Audit and Integrity sweeper primarily for executable viruses.

The Integrity function is comparing a previous snapshot of key files with the current view, and will detect and correct executable Virus infections. The Audit facility will provide comprehensive reporting on new software introduced to the desktop or server since the last time the batch process was run. This information can be used to determine possible entry points for viruses detected by the on-line or batch processes.

Also included is RESQDISK a full suite of disc recovery facilities, which will provide a secure way of recovering, damaged disc files.

Interceptor's Class Module virus detection and removal will remove all virus code from all CMI infected files regardless of when the virus is written. The same applies to the Windows PE detection and removal and all other host environments.

Virus infection programs are specific to the application they are designed for; Boot viruses for the generic PC boot sequence; DOS file viruses are specific to DOS executable files; Word Macro to Microsoft Word 6, 7 & 8; Class Module Viruses including Tristate are specific to Microsoft Office 97, and so on.

Obviously a computer that does not run Microsoft Office or Windows does not require any virus protection for viruses that are written for replication in the Microsoft environment.

The only impact viruses have, is in the environment that they are written for. All Word viruses for example, replicate via the Normal or Global Template. All Excel viruses replicate via the XLStart directory.

For InVircible Corporate Edition pricing,
click here to complete our enquiry form, or

Telephone (09) 414 0789

 

Site Extras...
 

to keep Network Defence near by
     
 

Home | Company Profile | Support | Downloads | Solutions | News Articles | Enquiries
© Network Defence 2006  Email support@defence.net.nz   Tel +64 09 414 0789