VFind Security ToolKit | waVe AntiVirus | SafeInternetEmail | Master Price List

VFind® Security ToolKit

VFind Antivirus Engine
CVDL - CyberSoft Virus Description Language
Virus Updates
CIT - Cryptographic Integrity Tool
System Activity Report
Candidate List
CIT to the Rescue
UAD - universal Atomic Disintegrator
Smartscan
THD - Trojan Horse Detector
White Papers Associated with the Product

The VFind Security ToolKit is a suite of four powerful network and computer security utilities that provide flexible and uncompromising protection. The VFind Security ToolKit boasts the worlds first UNIX virus scanner and a unique heterogeneous design that allows for complete protection, even in today's multi-platform networks. The object-oriented design of the VFind Security ToolKit offers an unsurpassed level of flexibility and power that is easily integrated with your operating system and even with other applications.

  • Heterogeneous design simultaneously scans for UNIX, MS-DOS, Windows NT/95, Amiga, Macintosh, and Macro viruses as well as Hostile Java Applets, trojan horses, worms, and logic bombs on your UNIX or Windows system.
  • Multi-Engine architecture interfaces powerful CVDL subsystem to provide the most efficient scanning possible
  • Unique Object-Oriented topology provides unsurpassed flexibility
  • Scans any device or byte stream, locally or remotely, including floppies, CD-ROMs, tapes, and hard disks
  • Does not require the virus to be active
  • Locates migrating classified information

VFind® AntiVirus Engine

At the heart of the VFind Security ToolKit is CyberSoft's own VFind antivirus engine. The VFind antivirus engines open architecture allows you to scan any device or media including floppy diskettes, tapes, CD-ROMs, DVDs, Zip and Jazz Disks, as well as hard drives regardless of their location on the network. The VFind antivirus engine exhibits a powerful heterogeneous design that allows protection from viruses on multiple platforms. Using a unique multi-engine architecture, the VFind antivirus engine can properly handle viral attacks from many platforms on one machine in the most efficient manner possible. The multiple engines are front-ended with a memory management module that allows you to dictate the amount of memory to use at runtime, allowing you to tailor the product to your specific space and speed requirements. The VFind antivirus engines object-oriented topology allows seem less integration with other CyberSoft tools, including the Universal Atomic Disintegrator, the Cryptographic Integrity Tool, as well as future tools from CyberSoft, assuring you will be protected today as well as far into the future.

CVDL - CyberSoft Virus Description Language

The VFind antivirus engine is fueled by the CyberSoft Virus Description Language (CVDL), a robust expression and symbol expansion based modelling system for creating virus models. Some features of the CVDL include forward and backward proximity scanning, boolean operands, quoted strings, case (in)sensitivity, support for international character sets, and escape sequences. Since the CVDL is platform independent, every model is 100% portable to all platforms running the VFind Security ToolKit. This feature allows you to keep all of your computers protected with the latest models without having to switch or maintain separate virus libraries for each machine. Best of all, users have direct access to the full set of features offered by the CyberSoft Virus Description Language. Access to the CVDL modelling system allows direct input of third party scan codes and the integration of user-defined models with VFind. User defined vdl models can be used to monitor the network for sensitive data and stop it from migrating from the designated areas and systems. This ability provides your system administrators and security engineers an unprecedented degree of control over data access and migration.

These powerful features permit the VFind antivirus engine to locate unknown and self-modifying viruses as well as new variations of existing viruses, giving you stability and piece of mind while it protects you today and tomorrow.

Virus Updates

Using the CVDL modelling system, CyberSoft delivers virus updates each month through CyberSoft's Customer Care System located on our web page. Customers can freely download these new vdl models and add them to the ToolKit with ease. CyberSoft's relationship with Joe Wells, founder of the WildList and the Wells Research Labs, allows us to pass on to our customers the most up-to-date protection possible. Contracted as CyberSoft's Director of Virus Research, Joe Wells and the Wells Research Labs identify, research, and document new viruses world-wide. Each month, the Wells Research Labs publishes the WildList, the world recognized authority on viruses in the wild. The WildList, often used by independent labs as a measure of an antivirus products effectiveness, can be viewed at http://www.wildlist.org , home of the WildList Organization International.

CIT - Cryptographic Integrity Tool

The Cryptographic Integrity Tool provides yet another line of defense and protection. It creates a database of MD5 cryptographic signatures, or fingerprints, of each file and directory that you wish to protect. This database serves as a baseline for future executions of the Cryptographic Integrity Tool. Each time you run the Cryptographic Integrity Tool, it exhaustively compares the protected files to the baseline database and reports all changes, no matter how small. Multiple databases can be used to help organize large file systems and single out critical areas such as web pages or system configuration files. Using the Cryptographic Integrity Tool in addition to the VFind antivirus engine, you can detect any change to any file, whether it is a viral, user, or system initiated change. The Cryptographic Integrity Tool creates two reports: a system activity report and a candidate list.

System Activity Report

In addition to providing baseline protection, the Cryptographic Integrity Tool can be employed as a daily report of system activity. Using the system activity report from CIT, the system administrator can quickly and easily get an overall view of all activity on the system. The system activity report is a detailed list of file system modifications sorted into newly created files, modified existing files, and deleted files. This report can assist project managers in identifying an employees productivity, by verifying exactly which files have been created or modified for the project, and by showing which employees spend more time sending email, or using the computer for personal use, than working. By knowing what each employee is doing, security engineers can easily detect suspicious files and possible incidents of data migration or unauthorized data access, assuring that your private information stays exactly that, private.

Candidate List

The Cryptographic Integrity Tool can also interface with the VFind antivirus engine to make scanning even more efficient. Why should you waste time and resources scanning files that you know to be free of viral attacks? The candidate list report from the Cryptographic Integrity Tool answers that question, you shouldn't. In addition to the system activity report, CIT generates a candidate list that can be used with the VFind antivirus engine. The candidate list contains the names of all modified and added files; it is only these files which have changed that could possibly contain a viral attack. Directing the VFind antivirus engine to scan only those files contained in the candidate list increases the efficiency of your security measures, saving time and resources, all the while assuring the full protection of the ToolKit.

Detects virus, hacker, sabotage and baseline configuration violations from any source, using cryptographic change detection. Reduces help desk turnaround time from hours to minutes!

CIT - The system doesn't work. The users claim they didn't change anything and a proposal on the system is due out the door by noon, today. Is it a user error, virus attack or sabotage?

CIT will never lie and can not be tricked!

CIT to the Rescue

  • CIT can protect disks, tapes, floppies, CD-ROMs and removable media.
  • Does not require the virus to be known.
  • CIT will never require a virus database update. One copy lasts a lifetime.
  • Uses Industry Standard RSA Associates' MD5, cryptographic hashing algorithm.
  • CIT Cryptographic Integrity Tool generates a file signature that is compared to prior signatures. Copies of signature databases can even be stored offline for additional protection.
  • CIT locates all files that were modified, deleted or added to the file system by outside personnel, viruses or any other form of attack. Hackers can't get away with anything if CIT is protecting the system! System Administrators can discover and correct back doors installed by hackers or disgruntled employees within minutes.
  • CIT helps maintain baseline configuration integrity. It can be used to reduce help desk turn-around time from hours to minutes when supporting complex systems. Everyone knows that the end user never changes anything but the system is still malfunctioning. Using CIT, the baseline can be verified within minutes and the problem reduced to a modified, deleted or added file. If the baseline is within specifications and the system is still malfunctioning, then the problem is still diagnosed, as a hardware failure!
  • CIT can be used across the Internet, post office, or any other form of transmission to insure the integrity of data. Using CIT, you can be sure that what was sent, was what was received.
  • CIT is the Tape Librarians best friend. Using CIT, the contents of long term storage media can be verified as being uncorrupted.
  • CIT is not a virus scanner. It is an advanced Cryptographic Integrity Tool that detects changes, additions and deletions of files. Once a snapshot of your file system is created, CIT will protect the system by reporting these events. Unlike non-cryptographic integrity tools, CIT cannot be tricked into a false reading.
  • CIT can be used to date and time stamp information by creating associations between files and the date/time in which the association is made. In effect, this can be used to fix the contents and date of email, EDI transactions or any combination of data items into a form which can be proven to have been unchanged from the original at a specific data and time.
  • CIT has thousands of uses. It can be used anywhere in which it is important to prove that data or any combination of data has been unchanged from its original state.

UAD - Universal Atomic Disintegrator

The Universal Atomic Disintegrator is a file disaggregation and identification tool. UAD recursively unwraps and identifies each element of a file until it reaches a terminus point. A terminus point is a known file type such as a script or batch file, a flat text file, or an executable (binary) file. The Universal Atomic Disintegrator can identify a files contents or can operate like an unarchiving or decompression utility and write the file's actual contents to your system, saving you the trouble of running the corresponding unarchiving or decompression utility. The Universal Atomic Disintegrator can process many popular compression and archiving technologies including MIME encapsulated data, Pkzip and gzip files, UNIX tar files, UNIX compress, and uuencoded files.

Smartscan

With the myriad of compression and archiving utilities today, it has become increasingly difficult to find hidden and encoded viral data. Many antivirus products on the market assume that files will be properly named, and they use that fact to dictate what actions to perform when scanning them. In reality this assumption can prove fatal to your system security. For instance, renaming a complex file that contains encoded or compressed viral information can effectively hide the virus from conventional antivirus products and allow it to slip by unnoticed. Rather than relying on the file name, UAD actually scans the content of the file and identifies it so that renamed archives and compressed files will be properly handled. Using UAD and the VFind antivirus engine in SmartScan mode will insure that each file is a flat file before it is scanned for viral information, providing protection from hidden and encoded viruses.

BREAKTHROUGH INTERNET FILE ANALYSIS/UNPACKING TOOL INTRODUCED

The internet today is filled with compressed and archived files (e.g., .tar.gz files) as well as files stored as email attachments.

CyberSoft, the leader in UNIX virus detection, has just introduced a technological breakthrough, Universal Atomic Disintegrator (UAD), that extracts the files within the files and identifies their type. The product was unveiled at the Information Technology Expo at the Valley Forge Convention Center in King of Prussia, PA.

UAD Features Include:

  • Unpacks files to arbitrary depth--e.g., handles a compressed, tar'ed file attached to an email message.
  • Identifies file types based on content, not on file name.
  • Identifies about a thousand different file types--e.g., executable formats for various machines, GIF files, etc.
  • Handles UNIX compress, gzip, PKZIP, tar, uuencode and MIME attachments.
  • Highly portable-works on all UNIX systems, soon on DOS and Windows (3.1, 95 and NT).
CyberSoft called it Universal Atomic Disintegrator because it unpacks a file into its atomic, that is indivisible, components. It's simple to understand and has many applications beyond the obvious. It can also be licensed to companies to add to their own products for universal file conversion.

Example UAD applications include:

  • Virus scanning
  • Generalized file unpacking--the next step beyond todays Web browser plug-ins.
  • Blocking files by type from entering a site.

CyberSoft President Peter V. Radatti calls UAD "extremely important for virus protection, an essential and significant advance in virus scanning." It's essential that virus scanners scan the actual files, not their compressed or encoded versions. File type identification is important as well. For example, there's no point in scanning anything but DOS executables for polymorphic DOS viruses since it is a time-consuming process. To fully exploit UAD for virus scanning purposes, it has a built-in binary interface to CyberSoft's VFind virus scanner.

Like all CyberSoft technology, UAD is available for OEM license. Demo copies are available for members of the press.

More detailed information may be obtained by contacting CyberSoft.

THD - Trojan Horse Detector

One of the most common, effective, and unfortunately ignored attacks on a computer is the chameleon type of trojan horse. Chameleon trojan horses infect a system by having the same name as an existing executable and placing themselves in your path before the real executable. Upon executing that normally innocent program, you inadvertently activate the trojan horse and allow it to deliver its payload. Since chameleon trojan horses do not necessarily have any content, conventional content driven scanning techniques will not protect you. CyberSoft's Trojan Horse Detector can protect you from these elusive chameleon types of trojan horse attacks. Using the knowledge that chameleon trojan horses rely upon filenames to attack a system, the Trojan Horse Detector searches your entire system for files that have the same base name. THD then reports all duplicate base filenames to you with their absolute filename, immediately pointing out the exact location of chameleon trojan horses.

White Papers associated with this Product