Developed for the Israeli military in the early 1990s, NetZ Computing's InVircible is unique in its way of functioning. It does not work solely on definition files, but purely on behavioral analysis and heuristics. It is able to analyse a script or macro's code to determine whether it shows a virus-like behaviour, and works on heuristics. Most present-day antivirus vendors claim their software performs heuristic scans, but InVircible make it work most effectively and efficiently. This characteristic makes the software independent of the definition file on the database so, in turn, it does not require constant updates. Apart from this uniqueness, InVircible provides network management tools as required in corporate antivirus software and the team assists in installation.
The main modules of the program are the Audit and Integrity Expert System, the IV Interceptor, the Macro Sweeper and the Scheduler.
The Audit and Integrity Expert System maintains the database of signature files and uses it to secure, authenticate and restore executable programs from virus infection. The IV Interceptor provides real-time monitoring and blocks intrusion, particularly on Microsoft Word and Excel documents and templates, as well as PE EXE files. The Macro Sweeper scans the macro commands for any dubious activity. The scheduler performs periodic scanning of the system.
All these tools empower InVircible to check all scripts irrespective of their entry point, and add weight to each script to determine whether the code is malicious. All scripts and macros are checked thoroughly, and if a script tries to access an address book it is immediately stopped. By nature of its way of functioning, InVircible does not attempt to clean an infected file, as it will stop any dubious activity at the entry point on the basis of the behaviour of the script or program, so it simply denies access, deletes or renames the file and logs the suspect user off the network if required. It also sends a broadcast of its activity and reports all its action, but overall reporting is minimal. The Audit and Integrity Expert System restores the file on the basis of scanning the signature file.
Invircible does not have good documentation, but you do get full on-site assistance. The client software is deployed using logon scripts. Different scripts may be used to determine what access, if any, clients can have with the local Interceptor utility. The administration utility can run on any version of Windows, and provides a comprehensive management interface to view protected systems, check on viral activity, remotely run commands or programs on other systems and download and deploy software updates.
Author Michaela Forbesdate added 2009-09-07 12:29:19