home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Cream of the Crop 20
/
Cream of the Crop 20 (Terry Blount) (1996).iso
/
virus
/
invb.zip
/
WHATSNEW.TXT
< prev
Wrap
Text File
|
1996-07-11
|
7KB
|
137 lines
Revision 6.11c - July 1996
--------------------------
The IV rescue floppy couldn't be prepared in former versions when the
COMSPEC was pointing to anywhere else than to the C drive. This
condition was fixed in this version and the rescue can be prepared
under all conditions, even when logged to a server.
A new option was added to INSTALL. It is now possible to specify the
directory where to install InVircible right from the command line.
Either INSTALL and IVLOGIN will accept the new command option. The
syntax of the command is "DIR=pathname".
The installation of IV under Windows NT has been modified. The INSTALL
procedure will now detect it is running under NT and proceed
accordingly. INSTALL can be run under NT in either full-screen or
windowed mode. IVLOGIN can be used under NT to install IV to an NT
workstation from a server.
Virus detection through dodgy date or time stamp. Many viruses mark
infected files by setting the year's date to +100 years (i.e year 2096
instead of 1996), or by setting the seconds to a value larger than 59.
The faked date/time stamp are not revealed by the DIR command but are
detected by IVSCAN. IV will indicate "dodgy date or time, possibly
infected". Concurrently, NetZ released a freeware utility named GETDATE
that will let inspect drives for files with dodgy date/time mark and
rename those files on request. GETDATE can also spot files with a
a specified "seconds" setting. Certain viruses use a specific value in
the seconds field to mark infected files, e.g. HD Euthanasia sets the
seconds of infected files to 34. GetDate can be used as a first-aid and
fast disinfector.
Generic macro malware cleaning by IVX was introduced in version 6.11a
Due to the nature of the problem, it is impossible to distinguish
legitimate auto-macros from potentially harmful ones. Customized
templates and forms that use auto-macros can be saved in separate
directories. These directories can be marked to be skipped by the IVX
macro cleaner. To mark a directory to skip, just create a zero length
file named IVX.NOT in it. To create a zero length file, type from the
DOS prompt "TYPE PLAIN_GARBAGE > IVX.NOT", without the quotation marks.
Extended partitions on EIDE drives running in LBA mode will be
corrupted by DOS programs running in a Win-95 MS-DOS shell, if the
partition was created by Windows 95 FDISK. Win-95 introduced new
extended partition types (types 0E, 0F - decimal 14, 15) for EIDE /w
LBA. Other than Win-95 OS do not recognize these partitions and
erroneously reflect the C logical partition into the higher one.
ResQdisk has been upgraded to check whether this problem exists. When
examining a partition with ResQdisk, a warning message will indicate
the presence of partition types 0E or 0F. The user is then advised to
correct the problem, to prevent possible damage.
Revision 6.11b - June 1996
--------------------------
NEW AUDIT FEATURE IN IVB. IVB now provides for the auditing of
specified directories and drives. The audit function is based on the
IVB integrity database and runs concurrently with IVB integrity
checking. New, missing and modified files are reported in the audit
log. Auditing can run either on-demand or automatically.
Auditing can be used in private user and corporate/network environment
to keep track of program inventory. Auditing combined with IVB's
integrity functions and IVX report is useful in spotting the source of
an infection. In the institutional environment auditing can help system
administrators in monitoring software uploads to servers.
Revision 6.11a
--------------
Version 6.11a has a generic "Word Macros" mode added to IVX. The latter
will detect forced macros in Word documents and templates and CLEAN
them on request. IVX can be used in batch mode for handling macro
viruses. INSTALL has been updated to edit the test for macro malware
right into the autoexec (see below).
Attention network administrators! The new Word Macro mode in IVX has
provisions for testing a workstation's integrity right at logging in to
the network. Affected workstations can be spotted now right as they
login and refused access to the network. For details see appendix G in
the DOS online hypertext, or search for "macro" in the Windows IV
manual.
The INSTALL program menus were changed for user's convenience. The main
functions were moved to the first level menu (the default). INSTALL's
default options are now: installation, the preparation of the rescue
diskette, installation or retraction of the license registration,
installation or removal of IVTEST in / from batch files, and removal of
IV related files (*.NTZ and signatures). The on-line registration is
now assigned to F10 and was removed from the menus. On-line help is now
accessed through F1, as is the standard in most software. Where Winword
is found in the search path, the user will be prompted if to include
the Word templates integrity check against macro malware, in the
autoexec. The templates test is extremely fast, it takes just a few
seconds and is highly recommended.
Improved presentation in IVB, IVX and IVSCAN. The scrolling on screen
of the inspected directories and files is progressed now "on-finding"
only. This way, the user is presented only with relevant information
which should help in assessing the problem at hand.
New IVLOGIN /Q switch. When run with the /Q switch, IVLOGIN will query
the workstation whether the daily integrity check (IVB DAILY) did run.
IVLOGIN returns an errorlevel 0 if the test was run and 1 otherwise.
The integrity query switch can be used by network administrators to
refuse access to users that disabled the IV daily integrity check.
The memory stealing alert was modified to a threshold of 7 Kbytes for
drives using dynamic boot overlay (DDO), thus eliminating the nagging
message resulting from this source. The "dynamic boot driver" message
related with Ontrack's DM and MicroHouse EZ-Drive was removed from
IVINIT.
Revision 6.11
-------------
An on-line hypertext user's guide for Windows was added with version
6.11. The file's name is IVMANUAL.HLP and it can be added as an icon on
the Windows desktop, for quick reference. IV's winhelp contains screen
captures and detailed procedures and tips. You can produce a formatted
hard copy of selected topics from the IV manual, through Windows Print
Manager.
Windows 95 enables booting to DOS by swapping and renaming the system
files (IO.SYS and MSDOS.SYS). In result, IVB reported changes every
time the computer was booted to a different OS from the previous one.
IVB now identifies legitimate swapping between Win 95 and previously
installed DOS.
The editing of the Bios Parameter Block (BPB) of logical drives' boot
sector was added to ResQdisk. This facilitates the recovery of hard
drives with non-standard configurations such as Compaq models and
multiple partitions with dynamic boot overlay drives (DDO), as well as
NT servers and workstations.
Batch processing of floppies with the IVX correlator was added. The IVX
correlation-scan parameters need to be entered just once to process
floppies in bulk.