ViGUARD

ViGUARD is a software of Computer security for Windows targeting the companies and private individuals. Sold as being a Anti-virus software, they are in fact a software which makes it possible to detect amendments to a file, independently a base known viruses.

Principle of operation

Indeed, the antiviruses function with on the one hand a database of virus and a discovery method “to guess” the unknown viruses. Technically, ViGUARD functions in a quite different way, even opposite, since, instead of detecting a criminal, it detects a modification (while resting on a Somme of control carried out at the time when the computer is clean). By some summary short cuts (ViGUARD is not interested in the viruses but in the integrity of the files), one can deduce from it that the software detects all the viruses passed, present and to come, and thus is sold the software by its distibutor.

This principle is also used by Cisco which markets SCUMS (Cisco Security Agent) for the protection of the machines Windows, Linux and Unix. One also finds the Tripewire solution which proceeds in the same way and is installed by large integrators, or is taken again by large manufacturers. The comparison of a print of a file to its original is very effective for the real-time applications, because much faster than the comparison with files of signatures of hundreds of thousands of virus.

Another solution of control of integrity very much used is that of TripeWire.

ViGUARD is a variation of this principle for PC under Windows and thus acts as Antivirus without base of signatures.

Guillermito business

In 2005, a researcher in biology of the university of Harvard in the United States, of pseudonym Guillermito, disassembled the software. Dismantling is prohibited by the law of its country and, like decided it the business leading to the judgment of Guillermito, the educational objective or of security (or confirmation of the allegations of safety) an exception does not constitute.

According to the dires of the researcher, the results of his study are that the ViGUARD software is not protected under the operating system Windows 98 and consequently that the allegations of the editor are untrue. The study used intrinsic Windows 98 weaknesses which made it possible to corrupt of very many files and thus to decontaminate ViGuard. The PC was then vulnerable following the desactivation of Viguard.

Other research had already shown that the controllers of integrity could be circumvented and the theorem of Fred Cohen had shown that no antiviral solution can be perfect, thus aiming work of Guillermito inserted an open door.

The demonstration of the same weaknesses of Viguard under Windows XP was not made. Windows 98 is classified today as being obsolete by Microsoft and no weakness of ViGuard was published under Windows XP.

“The Guillermito business” was relayed on the French-speaking Internet. Justice condemned Guillermito for counterfeit of the Viguard software to carry out its demonstration. The business caused a sharp polemic taking into account the known activities of this person to be presented publicly like developer of virus, in particular in a television program animated by comic the Stephan Collaro.

See too

External bonds

ViGUARD Official site
Guillermito2.net - Ticket of Guillermito about the business (blog personal of Guillermito)
analyzes of ViGUARD by a Net surfer-->
the “Guillermito business” under the eye of a lawyer penalist

Random links: