Home » Anti-Virus » Papers » "Vircing" the InVircible

"Vircing" the InVircible: 0. Annotated Table of Contents.

Submitted by dmuth on Fri, 2006-02-24 12:21. 
0. Annotated Table of Contents.

Yes, we know. This is a very long paper. But it is not our fault
that InVircible contains so many bugs and security holes which need
to be described. Reading the whole document is strongly advisable,
but if the reader nevertheless does not feel like doing it, here is
an annotated table of contents. Users who are in a hurry can use it
to locate the parts of particular interest and read them first.

0. Annotated Table of Contents. You are reading it.

1. Introduction. Describes what InVircible is and why we felt
       compelled to write this paper.

2. The Self-Checking Capabilities. Explains what self-checking is,
       why is it used, and how (un)reliable it is.

2.1. Bypassing the Self-Check. Five trivial ways to bypass
       InVircible's self-checking capabilities.

2.2. Damage to the User's Data. How the different programs from
       InVircible are damaging the user's data.

2.3. The Self-Checking Algorithms Outlined. Detailed description
     of the self-checking algorithms used by inVircible's programs.

2.3.1. Algorithm HeaderCheck.
2.3.2. Algorithm CheckSum.
2.3.3. Algorithm DecoyLaunch.
2.3.4. Algorithm AdvancedDecoyLaunch.

2.4.  Usage  of the Self-Checking Algorithms by InVircible's Programs.
       Lists which of the above algorithms are used by each
       particular program and in what order.

2.5. Summary. A summary of the "effectiveness" of InVircible's
       self-checking capabilities.

2.6. Testing the Self-Checking Algorithms with Real Viruses.
       Descriptions of some tests using existing viruses to
       demonstrate how InVircible's self-checking techniques fail.

3. The Scanner (IVSCAN). Test results showing the weak performance of
       the known-virus scanner provided with the package.

4. The Decoy Launcher (IVTEST). Describes what the decoy launcher
       does in addition to the other programs and why it is just as
       ineffective.

5. The Disk Editor (RESQDISK). Explains what the so-called "SeeThru"
       technique consists of, how ResQdisk uses it, and how it can
       destroy the user's data.

6. The Automatic Scan String Extractor (IVX). Lists some tests of
       the so-called "hyper-correlator", demonstrating how it can
       cause both false positives and false negatives and just
       confuses the user.

7. The File Integrity Checker (IVB). Mentions briefly what an
       integrity checker is, what the proper way to test it is,
       and how far such programs can be relied upon.

7.1. Stealth. Explains what the anti-stealth techniques are and how
       stealth viruses defeat IVB's anti-stealth techniques.

7.2. Fast Infection. Describes what fast infection is, how IVB tries
       to avoid it, and how it fails to do so.

7.3. Companions. Explains what companion viruses are.

7.3.1. Extension-Priority Companions. Describes this typical kind of
       companion viruses and shows that IVB is unable to detect them.

7.3.2. PATH Companions. Describes a more sophisticated kind of
       companion viruses - viruses which IVB does not detect either.

7.3.3. Alias Companions. Describes yet another kind of companion
       viruses that IVB is unable to detect.

7.4. Infection of Unusual Executable Objects. Lists which file
       extensions are protected by IVB. The next sections describe
       several kinds of infectable files, the infection of which IVB
       does not detect.

7.4.1. Macros.
7.4.2. Libraries.
7.4.3. OBJ Files.
7.4.4. PIF Files.
7.4.5. GRP Files.
7.4.6. DLL Files.
7.4.7. AVR Files.
7.4.8. BAT Files.
7.4.9. Device Drivers.

7.5. Kernel Infectors. Describes yet another kind of viruses which IVB
       is totally unable to detect.

7.6. Deleting the Database(s) of Checksums. Explains why the checksum
       databases used by IVB are poorly designed, what their format is,
       and how easy it is to fool the program by deleting the actual
       checksum databases.

7.7. Diskette-Only Infectors. Demonstrates that InVircible is unable
       to detect even such an old and well-known virus like Brain.

7.8. Slow Viruses. Lists some tests with yet other kind of viruses
       which completely bypass IVB's detection algorithms.

7.9. Unusual File Infection Techniques. Lists some ways used by some
       viruses to infect files - ways that are not detectable by IVB.

7.10. Windows Viruses. Explains why InVircible is unsuitable for
       protection of Windows applications.

7.11. Direct Attacks. Explains how viruses can be easily written to
       attack this particular anti-virus program and what flaws in
       its design let it happen.

8. The Bootstrap Integrity Checker (IVINIT). Describes how IVINIT
       works, how it can be bypassed easily by some viruses, and
       how it can make the user's disk non-bootable.

9. The User Interface. Describes some frustrating quirks in
       InVircible's user interface.

9.1 No Flexibility to Select on Which Drives to Install. Explains why
       InVircible cannot be installed on some machines.

9.2. Disk Space Wasting. Points out how wasteful of the user's disk
       space InVircible is.

9.3. Critical Error Handling. Lists situations in which InVircible
       just hangs.

9.4. Inflexible Report and Data Files. Describes how InVircible uses
       files with fixed names in particular directories and why this
       is a bad idea.

9.5. Clumsy AUTOEXEC.BAT Manipulation. Describes how the installation
       program can install the product improperly, disabling some of
       its detection capabilities and hindering its performance.

9.6. Peculiar Line Editing, Menus and Beeps. Lists many other small
       but annoying problems of InVircible's user interface.

9.7. The Rescue Diskette. Describes how sloppily InVircible handles
       the important task of creating a rescue diskette.

9.8. Corruption of the Database of Checksums. Points out a bug in IVB
       which makes it corrupt the databases of checksums if there are
       too many files in the directory.

9.9. Documentation. Lists a huge number of real gems of stupidity and
       incompetentness from inVircible's documentation.

9.10. Unstable Distribution and Prices. Shows that in just a couple
       of years four different companies in the USA alone have tried
       to distribute the product at several different prices.

10. Conclusion. Contains our final conclusion about InVircible after
       its careful examination and testing.

11. Acknowledgments. Expresses our gratitude to the few people who
       helped us to do those tests.

12. References. Contains bibliographic references to the papers
       quoted in this material.
‹ "Vircing" the InVircibleup"Vircing" the InVircible: 1. Introduction. ›
Bookmark/Search this post with:
delicious delicious | digg digg | reddit reddit | newsvine newsvine | furl furl | google google | yahoo yahoo | technorati technorati
» login or register to post comments