Antivirus that does NOT require updates !!

Discussion in 'Windows Vista Security' started by Paul_Lucy, Jul 28, 2007.

  1. Paul_Lucy

    Paul_Lucy Guest

    I discovered something that I thought people here might be interested in.

    It's an antivirus program that doesn't use virus-specific information or
    database of virus signatures and hence doesn't require periodic updates. It
    looks at the different ways viruses attack.

    Here's a PDF that describes the software and it's technology (see
    "InVircible's Generic Technology" at the bottom of page 2) :
    http://www.invircible.com/papers/IV4Enterprise.pdf

    What do you think ?
     
    Paul_Lucy, Jul 28, 2007
    #1
    1. Advertisements

  2. Paul_Lucy

    f/fgeorge Guest

    This is NOT the way to go, a program that never needs updating will be
    an easy way for hackers to get around it!
     
    f/fgeorge, Jul 28, 2007
    #2
    1. Advertisements

  3. If it doesn't need updating how is it going to deal with the latest virus
    threats? Even the most expensive anti virus software requires updating to
    keep up with the constant barrage of new viruses. I also noted that the pdf
    file article is 5 years old and the 'last' customer comment came in 2003.
    Hardly a glowing response. It certainly isn't an application I would trust
    my system to.

    --
    John Barnett MVP
    Associate Expert
    Windows - Shell/User

    Web: http://xphelpandsupport.mvps.org
    Web: http://vistasupport.mvps.org

    The information in this mail/post is supplied "as is". No warranty of any
    kind, either expressed or implied, is made in relation to the accuracy,
    reliability or content of this mail/post. The Author shall not be liable for
    any direct, indirect, incidental or consequential damages arising out of the
    use of, or inability to use, information or opinions expressed in this
    mail/post..
     
    John Barnett MVP, Jul 28, 2007
    #3
  4. Paul_Lucy

    Mr. Arnold Guest

    You need to run two AV(s) then. You can run the one you're talking about
    that's playing the role of an AV solution.

    Then you run a real AV solution that has updates to back-up the AV that's
    playing a role of an AV solution.
     
    Mr. Arnold, Jul 28, 2007
    #4
  5. Paul_Lucy

    Peter Guest

    Running two A/V will cause problems. It's Ok for A/S but not A/V.
     
    Peter, Jul 28, 2007
    #5
  6. Paul_Lucy

    Victek Guest

    It's an antivirus program that doesn't use virus-specific information or
    After a brief look at the web site and PDF I'd say InVircible Antivirus is
    similar to CyberHawk, PrevX and other HIPS apps. Host Intrusion Prevention
    Systems protect the computer by monitoring the behavior of software and
    intercepting anything that looks suspicious. This is a valid approach IMHO,
    however it is not necessary to rely on it exclusively. A HIPS type monitor
    can be run along side traditional signature based AV. Also, HIPS
    applications tend to require a lot of user interaction if they do not
    include a database of trusted applications. By "user interaction" I mean
    they pop up a lot of warnings and ask the user to decide if a particular
    program/activity is safe. This can be pretty annoying, and is also
    problematic for users who don't have enough knowledge to make the correct
    choices. There are HIPS apps that include a database of safe applications
    which cuts down the number of warnings/requests. That database needs to be
    updated <g>. Unfortunately, Invircible AV doesn't support Vista so I can't
    install it and confirm my opinion - take it as a "best guess". If you try
    Invircible let us know what you think.
     
    Victek, Jul 28, 2007
    #6
  7. Says nothing about being compatible with Vista - and you are posting in a
    Vista newsgroup.

    --


    Regards,

    Richard Urban
    Microsoft MVP Windows Shell/User
    (For email, remove the obvious from my address)
     
    Richard Urban, Jul 28, 2007
    #7
  8. Paul_Lucy

    Alun Harford Guest

    All modern anti-virus products (since the Fish / Whale polymorphic
    viruses were released into the wild in 1989/1990 (iirc)) have heuristic
    detection of viruses.
    Determining whether a program is a virus is as hard as the halting
    problem. (Google halting problem if you don't know that stuff - every
    good computer person should). Relying entirely on heuristics for
    anti-virus is provably stupid! :)
    They might have some interesting new heuristics that could be integrated
    into other AV products at some point in future, but their buzword-filled
    nonsense whitepaper with no technical details makes me suspect that this
    is not the case.

    Alun Harford
     
    Alun Harford, Jul 28, 2007
    #8
  9. Paul_Lucy

    Mr. Arnold Guest

    I know this. It was a joke. However, I have seen people make posts in the AV
    NG(s) doing just that with no problems too, according to them.
     
    Mr. Arnold, Jul 28, 2007
    #9
  10. Paul_Lucy

    Paul_Lucy Guest

    That's true, the user has to know enough about the system to be able to say
    to this software "yes, what you are pointing out is virus activity, delete
    it".

    It doesn't look like a home user could use it.
    ______________________________
     
    Paul_Lucy, Jul 29, 2007
    #10
  11. Paul_Lucy

    Paul_Lucy Guest

    Oops, sorry. I did take another look at the website and saw only support up
    to XP. I just thought that all anti-virus manufacturers would automatically
    support all windows.
    ___________________________
     
    Paul_Lucy, Jul 29, 2007
    #11
  12. Paul_Lucy

    f/fgeorge Guest

    But most of these types of programs look at registry activity as
    evidence of something bad, Skype, for example, does not touch the
    registry so most 'users' can just add it and run it with no problems.
    We foudn that at work, no Admins just Users, Skype happily running on
    half a dozen pc's with no hint that it was there, except the huge
    bandwidth and ports it was using. We have since blocked it and its
    ports, etc...but the point is nothing that checks the computer for
    suspicious activity that is not upgraded, is worthless.
     
    f/fgeorge, Jul 29, 2007
    #12
  13. Paul_Lucy

    Paul_Lucy Guest

    Out of curiosity, are there other classes of anti-virus programs besides
    HIPS and traditional (ie virus signature database) ?
    _______________________________
     
    Paul_Lucy, Jul 30, 2007
    #13
  14. If you ask me there is only one class, MPS (Malware Prevention
    System). If you ask anti-whatever vendors there are just as many
    classes as they can get away with charging customers for.

    Just look at the guys at Symantec, who just introduced "anti-bot"
    ware. *sigh*
     
    Straight Talk, Jul 30, 2007
    #14
  15. On Sat, 28 Jul 2007 14:59:41 +0300, "Paul_Lucy"
    "In contrast to virus-specific software, InVircible
    uses no virus-specific information or database.
    The methods used by InVircible are generic,
    which means they are effective against groups
    of threats that share a common characteristic or
    behavior. Unlike virusspecific AV, which use
    pattern recognition as their only detection method,
    InVircible implements multiple and mutually
    independent methods, simultaneously"

    Well, I think several av would disagree that "pattern recognition" is
    "their only detection method", though it is their main approach.

    It looks like something that would compliment, rather than replace,
    traditional av. I would not use it "instead of".

    The underlying concepts are whitelisting (specifying what is
    permitted) vs. blacklisting (specifying what is forbidden).


    Traditional av works on the blacklist principle, i.e. it sets out to
    detect known malware, as well as inferring malware behavior
    heuristically (the part that isn't "pattern recognition").

    An approach based on whitelisting would limit the system to a closed
    list of acceptable programs, as befitting the locked-down corporate
    desktop. That would be as popular with consumers and "free" end users
    as a turd in a swimming pool ;-)

    Invincible does both. Some of its generic mechanisms look like
    heuristic black-listing, and to claim this will never need updating is
    to predict that malware will not find new ways to behave. Other
    mechanisms look like whitelisting, perhaps using the same "nag for
    permission" methods as firewalls, PrevX, UAC, etc.

    The trouble is, any "hard" listing approach, be it "white" or "black",
    will require updates. Even if you plan to use nothing but Vista and
    MS Office, you'd still have to accomodate patches that change this
    code base. How will you "know" these are legitimate?


    Tip Of The Day:
    To disable the 'Tip of the Day' feature...
     
    cquirke (MVP Windows shell/user), Aug 2, 2007
    #15
  16. That cannot work!
     
    Mark Schubert, Aug 5, 2007
    #16
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.