home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
CD Direkt 1995 #6
/
CDD_6_95.ISO
/
cdd
/
avirus
/
vds
/
hilites.txt
next >
Wrap
Text File
|
1995-01-08
|
8KB
|
146 lines
Virus Detection System 3.0
Copyright (c) 1992-1995 by VDS Advanced Research Group
January 1995
WHAT IS VDS?
------------
VDS (Virus Detection System) is a comprehensive anti-virus package for
IBM PC compatible computers running MS/PC DOS 3.0 and higher. It contains
a set of well-designed tools that offer detection and easy removal of PC
viruses. Unlike many other packages, VDS includes many advanced features
such as "decoy launching", active stealth boot sector virus detection,
self-recovery, and real-time anti-virus monitoring to deal with both old
and new viruses in an effective manner.
COMPATIBILITY and NETWORK SUPPORT
---------------------------------
VDS is Novell Netware-aware. It is not confused by dynamic drive mappings.
It recognizes Netware server volumes. What this means is that instead of
creating an integrity database for each mapped drive letter, you can create
one for each volume. Even if the mappings change, you can still use the
database for that volume. Furthermore, you can keep a copy of VDS on the
server and scan each work station as they login; and when you upgrade VDS,
all workstations benefit from the upgrade without any extra effort.
MULTI-LEVEL INTEGRITY STRUCTURE
-------------------------------
VDS implements a sophisticated catalog system to maintain a flexible and
multi-level integrity structure. You can create fingerprints for drives as
well as subdirectories. And if you do not have a database for a subdirectory,
you can still use an upper level database to verify the integrity of programs
in that directory. In other words, if you wish to verify only the files in the
DOS directory and you have created a fingerprint only for the whole drive,
you can simply highlight the DOS directory and choose verify; VDS will do the
rest. This approach makes sense since an upper level database contains all
the integrity info for the programs that reside in the lower levels of the
directory tree. VDS can track up to 32 different integrity databases easily!
If you have some extended memory available, each integrity database can store
up to 16000 fingerprints for programs.
EASY INSTALLATION FOR NETWORKS
------------------------------
We have implemented a simpler installation procedure for networked
environments. System administrators need not be concerned about having to go
to each workstation to install. VDS package can be installed from the server
down onto the workstation during login. It automatically determines the system
parameters needed for a given workstation and loads itself onto the local hard
drive if VDS is not already installed. The system administrator can further
customize the operation of VDS by simply editing the default configuration
file. We supply detailed instructions for network system administrators to
implement an effective anti-virus solution for their PCs using VDS. An audit
log feature is provided to facilitate tracking down an infection, should the
need arise. Sample batch files for Banyan and Netware environments are
provided.
FLEXIBLE CONFIGURATION
----------------------
VDS provides configuration files in the spirit of Windows(tm) .INI files.
This approach facilitates maintenance of several configurations based on
different needs. You can now keep all your integrity data on a floppy
diskette, for example. Furthermore, you can specify which files are to be
checked based on their extensions. VDS 3.0 can be used to verify the
integrity of data files as well as programs. The operation of the scanners
in the package, VDSFSCAN and VFSLITE, are also guided by a configuration
file that you can modify easily. You can designate whether you wish to
copy suspicious/infected programs to a quarantine directory, for example.
OBJECT-ORIENTED USER INTERFACE
------------------------------
VDS sports one of the most functional user interfaces implemented in
any anti-virus we have seen. Judge for yourself and please let us know if
there are any other areas that would help make it even simpler. The main
idea behind this interface is shifting the emphasis from action-oriented
menus to object-oriented menus. No, we are not talking about polymorphism
and all that jazz! It goes like this: There are certain objects to manipulate
such as drives, directories, and files. The user concentrates on those. Then
there are certain actions applied to those objects such as scanning,
verification, and initialization. One-keystroke operations using the function
keys are displayed at the bottom of the screen as a reminder. There is
almost nothing to remember! Learn the concepts, and don't worry about the
trivial details. If you need help, just press the F1 key. By shifting the
focus from actions to objects, VDS provides a more natural interface that
many people seem to prefer. This is in sharp contrast to other multi-level
menu interfaces that hide commonly used options.
UNUSUAL FEATURES
----------------
VDS includes unusual features such as decoy launching. You can launch a
decoy in any directory you wish! We cleaned half of our virus zoo using
this operation. If there is a file infector active in memory, there is a
good chance VDS will capture a sample for you; even if it is a new virus!
VDS also provides reliable generic virus cleaning. This technique allows VDS
to restore infected programs to their original state by using the integrity
information. As the name suggests, the cleaning operation is generic and does
not depend on knowing which virus attacked the file. Overwriting viruses
obviously cannot be removed this way (or any other way besides restoration
using originals). We had good success with most of the appender and prepender
viruses that attach themselves to the programs without destroying the contents
of the original file. After the restoration attempt, VDS double-checks the
recovered program to see that it is exactly as the original. If this is not
the case, it recommends restoration using clean backup copies, which is
always the safest and the recommended solution.
MORE MODERN SCANNING
--------------------
VDS 3.0 implements a modern scanning technique based on the combination of
the Shift-AND technique and hashing. The nice thing about this approach is
that the speed is only slightly affected even if you add many new signatures.
The scanners in the VDS package can be easily updated by obtaining the
latest .SIG file from us and replacing the old one. This way quick updates
become practical.
MEMORY-RESIDENT SCANNER
-----------------------
VDSTSR is a memory-resident virus scanner that checks each program before
execution or copy operation for known viruses. The program weighs in at 30K,
but it can be loaded high easily under DOS 5.0 and later versions as well as
other popular memory managers that provide upper memory blocks.
MORE NETWORK SUPPORT
--------------------
To help out the network administrators, we are providing a utility called
ISVDSTSR (a 17-byte program) that returns a DOS error level depending on
whether VDSTSR is loaded in memory. By checking the error level in a batch
file, the system administrator can implement several solutions to protect
the LAN. For example, he/she can display a warning message and deny access
until the user enables VDSTSR. What's even better is that he/she can load
a copy of VDSTSR from the server at the time of login; this way, even if a
user does not comply with the policy of having VDSTSR loaded on the
workstation, the system administrator can have it his/her way!
COMMITMENT TO QUALITY SERVICE AND PRODUCTS
------------------------------------------
VDS Advanced Research Group is committed to providing you with the
state-of-the-art tools to deal with computer viruses that threaten your
PCs. We develop anti-virus software and provide technical information on
many topics such as polymorphic viruses (ask for a copy of our Polymorphic
Engines paper). However, no solution can be effective unless it is properly
used. We encourage managers to increa
