10. Conclusion.

As we have seen from the above, InVircible has an awful lot of
problems and security holes - holes that make it too vulnerable
both to generic virus attacks against non-virus-specific anti-virus
programs and to direct attacks targeted against this particular
product. As we have also noted, there are anti-virus products which
do not have those problems and are, therefore, much more secure and
reliable than InVircible. Most of the security problems mentioned
above have been described in specialized literature a long time
ago. Additionally, in most cases they are relatively easy to fix.
Everybody would benefit if the author of InVircible, instead of
bashing his competition, would concentrate his energy onto
improving his product and fixing the security holes in it. Those
holes have been pointed out to him long time ago and multiple times
by the author of this paper and by several others - but he doesn't
seem inclined to listen. Hopefully, public pressure from the part
of his users and/or potential customers will make him to decide
otherwise.

The general idea behind InVircible is correct - integrity checking
is indeed inherently a stronger line of defense against computer
viruses than scanning or behavior blocking. However, several
attacks against this kind of protection exist, and they ought to be
taken into account. Also, integrity checking alone does not provide
adequate protection. A sound anti-virus protection scheme must be a
multi-level one - providing both scanning and integrity checking,
and probably even monitoring, with accent on integrity checking. And
all the three parts of the defense must be as good as possible -
providing an integrity checker, even if it is a good one (which, as
we saw above, the one provided with InVircible is not), is by no
means an excuse to provide a bad scanner or no scanner at all. In
case the author(s) of the anti-virus product are unable to create
and maintain a good scanner (this is by no means a trivial task),
they should license the scanner from one of the best performers in
the field, instead of making their users' security a victim of their
own (inadequate) anti-virus product.

The bottom line is - InVircible is a very bad, insecure, and plain
dangerous product. Avoid it at any price, and use something better -
something that is secure and works. InVircible isn't and doesn't.

Bookmark/Search this post with:

delicious | digg | reddit | newsvine | furl | google | yahoo | technorati