4. The Decoy Launcher (IVTEST).

As was explained in the section about InVircible's self-checking
algorithms, most programs from the package use simple decoy
launching (of 6-byte long COM files) to detect whether a virus
might be resident and active in memory. As noted there, this
algorithm will fail to detect slow viruses that do not infect COM
files or that infect only COM files larger than 6 bytes.

In attempt to improve this situation, InVircible provides a
separate program - IVTEST - which performs a somehow advanced decoy
launching (using the AdvancedDecoyLaunch algorithm, explained in
section 2.3.4). The documentation suggests the user to include
invocations of this program in the often used batch files.

The "improvements" in IVTEST's algorithm consist in additionally
creating 8 Kb long COM decoys and also in creating EXE decoys with
the length of 516 bytes. Unfortunately, avoiding to infect those is
just as trivial as the "simple" decoys, and therefore does not
provide any significant increase in the protection offered to the
user.

Bookmark/Search this post with:

delicious | digg | reddit | newsvine | furl | google | yahoo | technorati