                                                          August, 1995
 Product upgrade, 6.02B
 ----------------------
 Online backup of IVB signatures. Existing IVB signatures were usually
 overwritten every time a new signatures file was created. From this
 version, the current IVB signature is backed up before a new one is
 written, by renaming the existing file with the extension *.000, and by
 changing its attribute to 'read only'. The back up is done when IVB
 renews a signature (because it found new files in a directory, or
 because of tampering with one of the signatures, or more) in the
 current file. The back up signature can be used with the /X switch
 (user defined filename). No backup is created when new signatures are
 purposely rewritten.

 Improvement in IVX: A new feature was added to IVX, enabling the
 selection of the offset past the entry point, to look for the
 extraction of a signature string. This option improves IVX capability
 as an automatic signature extractor. Look in Appendix C, in IV's
 manual for details how to use this feature.

 IDE hardware access fix. InVircible uses hardware access to overcome
 stealth boot viruses. IV's hardware access is usually well behaved, yet
 there are controllers and 32 bit access drivers with which IV had
 problems. This is taken care of by timing out the hardware access if
 unsuccessful. If timed out, then SeeThru will not be available with the
 specific hardware or driver. This will be indicated in IVinit, IVtest
 and in ResQdisk. Usually, the unavailability of SeeThru on 32 bit
 hardware should not constitute a problem, as boot virus stealth is
 disabled when 32 bit disk access is present and these viruses are then
 detected by other IV features, i.e sector analysis and memory stealing.

 Improvements in FixBoot. The FixBoot utility was added to IV since
 version 6.02. It's purpose is to clean the boot sector of floppies in
 bulk processing, by the replacement of the boot sector. The new
 additions to FixBoot are: a prompt to process another floppy, and the
 detection of which operating system is present on the diskette, to keep
 it bootable. The default boot sector is MS-DOS. An IBM boot sector
 (PC-DOS/DR-DOS) will be installed instead, if IBM system files are
 found on the floppy.

 ResQdisk Professional. ResQpro is an extremely powerful tool for
 recovering lost hard drives and its professional version, ResQpro, has
 already saved users thousands of dollars, by recovering data that was
 considered total loss. The ResQpro features are now available in
 ResQdisk, to users that purchase the professional license. The Pro
 version is recommended to data recovery specialists, computer servicing
 labs, to institutions and organizations, and to power users with
 special needs for data recovery. The Pro version license is available
 through a special distribution floppy only, available from authorized
 IV vendors. ResQpro upgrades are identical to IV's, via the Internet
 and the major nets.

 ResQdisk single session authorization. ResQdisk can restore access to a
 hard drive, on condition that the cause is not a hardware failure. Yet
 the full advanced features of ResQdisk and ResQpro are available only
 to licensed users of IV. The new version enables an authorized dealer
 of IV to authorize ResQdisk over the phone, for the present session.
 The authorization is done through the exchange of a password pair
 (press ^F10 when running ResQdisk to generate the password), while in
 a hotline support session.

 Handling the boot sector through DOS - new feature in ResQdisk. There
 are instances when the active partition's boot sector needs to be
 addressed through DOS instead of interrupt 13h. Such is the case when
 special boot drivers are used such as Disk Manager or EZ-Drive. The
 edit functions (^E) of ResQdisk were duplicated under the ^B (boot)
 command. The active boot sector of drive C: is then handled through DOS
 interrupts 25h (read) and 26h (write). Note that the designation under
 DOS is the logical drive C:, rather than hard drive # 1, with BIOS
 interrupt 13h. The options are: read sector to clipboard, write
 clipboard to boot sector, read from file, write sector to file, and SYS
 (the equivalent of refreshing the boot sector with the command SYS C:).

 Detection of signature killer. InVircible has proven that it's possible
 to anticipate viral technologies and counter them, before they become a
 real threat. Although such threat didn't yet materialize, it's possible
 to write a virus that could target InVircible's database to destroy its
 files. To prevent such possibility, the new version detects the
 presence of a signature killer and will alert on its presence.

 Random signature filename. Use the IVLOGIN /RANDOM switch to select a
 random signature filename.

 Enhanced rescue floppy procedure. Users may wish to have their favorite
 utilities such as an ASCII editor on the rescue diskette. To do so,
 just copy the additional files to a newly formatted floppy before
 starting the rescue disk procedure, run INSTALL/R and answer "no" to
 whether to wipe the floppy clean or not.

 Product upgrade, 6.02A
 ----------------------
 IVX major upgrade. New features were added to IVX, enabling automatic
 signature extraction and signature scanning. IVX now creates its own
 signatures database from sampled files. The extraction of the
 signatures is automatic and does not require any special skills. The
 signatures can then be used to scan for their presence in other files.
 IVX also accepts user defined signatures by editing the database with
 an ASCII editor. An average user can now easily generate a signature
 for a new virus and announce it on the net or else. IV user can now
 scan for the presence of new viruses announced on the net. The new
 features of IVX reduce the response time to new virus alerts.

 The algorithm of IVX in statistical mode was refined and its detection
 capability improved, especially against some of the more difficult
 polymorphs, such as MtE viruses.

 IVB history file. The IVB.RPT file is overwritten when a new report is
 created. In a networked environment, the current daily report will be
 appended to the IVB.HIS (history) file. The implementation is through
 the AUTOEXEC file, by adding a couple of lines after the IVB daily
 command. The appropriate lines are added automatically by the INSTALL
 program when installation from server is detected (or selected, in
 INSTALL's main menu). To add this feature in an existing installation,
 add the following lines in the autoexec, after IVB DAILY:

    IF EXIST \IVB.RPT COPY \IVB.HIS+\IVB.RPT \IVB.HIS
    IF EXIST \IVB.RPT DEL \IVB.RPT

 Licensing for OS/2 and Win 95. In version 6.02, InVircible's license
 reverted to Sentry when in Windows' or OS/2's DOS shell. Version 6.02A
 fixed that problem. Yet, you will need to run IV once in real DOS in
 order to upgrade your license from a former version, to 6.02A. This
 procedure does not apply to new licensed users, since the license can
 be installed to disk only in REAL DOS mode.

 Detection of PKLITE'd droppers and Trojans. During the last year,
 several droppers and Trojans were found, that used PKLITE in order to
 conceal the gen-1 file. Gen-1 is the designation of the first
 generation of a virus, usually the one used to launch the virus. While
 scanners usually find the offsprings, the gen-1 file will not be
 suspected, as many times it isn't recognized to be a compressed file,
 as the PKlite marks were removed, or disguised. The most recent case
 that used the PKlite method is related to the Big Caibua virus. The
 detection of potential droppers was added to IVscan, as the default.
 This feature should help SysOps and network administrators to keep
 their board and systems clean.

 Improved IVB signatures. Functional changes were made in order to
 improve IVB's discrimination between non-viral and legal modification
 of program, as well as to improve their immunity to dedicated viruses
 attacks. The new signatures are no more compatible with the lower
 versions of IVB. To avoid confusion, or the loss of the former
 database, the default filename of the signature files was changed to
 IVB.NTZ. Note that there is a trailing character 255 (it looks like a
 space, but it is not!) between the IVB filename, and the .NTZ
 extension.

 No escape in Sentry mode. System administrators asked to disable Sentry
 users from escaping IVB's daily full check. Adding the /ESC switch to
 the command line re-enables the Esc key when scanning daily. This
 change applies only to the Sentry mode.

 IVB exceptions list. There are instances when you may want to exclude a
 file from IVB's list of files to process. IVB has now provisions to
 exclude up to 5 filenames. Edit IVB.INI in the IVB.EXE directory with
 an ASCII editor, or create a new file with the above name, if it
 doesn't exist yet. Add a line for each file to exclude as follows: SKIP
 = EXCLUDE.BIN

 The CMOS "Restore" option was removed from IVINIT in Sentry mode.

 Product upgrade, 6.02
 ---------------------
 The major change in version 6.02 is the handling of large capacity IDE
 drives. These drives appeared on the market in mid 1994 and they are
 now quite common. Several enhancements to handle the large capacity IDE
 were already introduced in version 6.01D. The new drives present
 technical challenges in the area of disaster recovery and vulnerability
 to boot and mbr viruses, that were unforeseen by both the drive's
 producers, and the AV industry. Version 6.02 consolidates the former
 enhancements and lays the grounds for further improvements, especially
 in the disaster recovery area of these drives. Read also in UPGRADE.TXT
 how to upgrade your licensed copy of InVircible.

 Licensing of large capacity IDE. The installation of the license record
 to large capacity IDE, was impossible with earlier versions, if the
 Ontrack extended boot driver (DM 6.03+) was used. It could be done only
 with plain FDISK partition, using the LBA (logical block access) option
 in the setup. Version 6.02 will allow the licensing of these drives
 too.

 Version 6.02 consolidates changes done to the hardware access routines,
 used in InVircible, to suit the newer fast access hard disks and boards
 (100 mhz and higher). Hardware access is sensitive to timing, and new
 industry standards were introduced in the last year. Therefore, we
 recommend that InVircible copies earlier than 6.01D are upgraded.
 Version 6.01B and 6.01C still have some slow routines that won't work
 properly with the newer fast disks. Also, versions earlier than 6.01D
 still have a routine that conflicts with a defect in design of some
 older models of Maxtor hard drives. The problem has been identified by
 NetZ Computing and acknowledged by Maxtor. From version 6.01D and on,
 there should be no problem anymore, all models of Maxtor included.

 ResQdisk improvement, fixing the boot sector via DOS, the ResQdisk ^B
 function. There are instances when the boot sector of hard drive #1 is
 infected, and it cannot be accessed via regular int 13 functions. Such
 is the case with the newer large capacity IDE drives. The active
 partition's boot sector can then be refreshed through the ^B key
 combination. The ^B function operates on the boot sector, the same way
 that does FDISK/MBR on the mbr - it refreshes the bootstrap code,
 without affecting the BPB data. The ^B function should only be used
 when booted from the hard drive.

 Product upgrade, 6.01D
 ----------------------
 Daily inspection for companion virus. The companion virus verification
 was added to IVB, since IVB runs daily. The same routine is retained in
 IVscan, for operational redundancy.

 The user interface in ResQdisk was improved further. The newer features
 were grouped in three menus, Edit (accessible by pressing ^E), Track
 Zero maintenance (^Z) and Analyze sector (^A). Also, the new ^B
 function was added. The latter will refresh the boot sector of drive C:
 while accessing via DOS instead of the BIOS, and is the equivalent of
 the SYS C: command. The ^B function is helpful in removing boot sector
 viruses such as Da'Boys, Boot-437, Form etc.

 Improved editing features in ResQdisk. Additional editing features were
 added to resQdisk. The sequence ^E ^F will read a file into the sector
 clipboard, while ^E ^D drops the content of the displayed sector into a
 file. The combination ^E ^Y will decrypt an encrypted sector into the
 clipboard and display it on screen. The later is especially useful for
 the recovery of damaged hard drives, like from the Monkey virus. It is
 indispensable for rescuing hard drives lost to inappropriate
 disinfection procedures, like with fdisk/mbr, or inadequate antiviral
 products. The above further improve ResQdisk as the best disaster
 recovery and boot-antiviral utility.

 Improved "track 0" maintenance features. ResQdisk is used in the rescue
 diskette for backing up track zero of the hard disk to floppy and for
 restoring track zero from file to the hard drive. The "track 0"
 functions are now available on-line, with the visual inspection of
 ResQdisk, in both SeeThru modes (backup only, recovery is always done
 with SeeThru off). The track 0 functions are started by the ^Z keys
 combination, followed by ^B for backup to file or ^R for restore from
 file.

 Compatibility with large capacity IDE. IVTEST was corrected to ignore
 the dynamic boot loader of large capacity IDE disks.

 Revision 6.01c was compatible with only Ontrack's Disk Manager extended
 bios drivers (XBIOS.OVL). The new revision is also compatible with
 other brands, recently introduced into the market - e.g. MicroHouse's
 EZ-DRIVE.

                                                           January, 1995
 Product upgrade, InVircible 6.01C
 ---------------------------------
 Improved performance in networked environment: Revision 6.01C has
 further improvements for the operation of InVircible in the networked
 environment. All the scanning modules; IVB, IVscan and IVX were revised
 to avoid Novell's Netware files. The verification of Netware files
 under DOS created errors because of the special attributes of Netware's
 system files. IV's current revision avoids these files.

 Automatic IV version upgrades in network: IVLOGIN can now be used for
 both the automatic installation of InVircible to workstations in a
 networked environment, as well as the upgrading of an older IV version
 to a newer one. IVLOGIN checks whether its own version is newer than
 the current one installed on the hard drive. An older version will be
 automatically replaced by a new one, by just invoking IVLOGIN. It is
 recommended that the IVLOGIN command should always be included in the
 users login script, in networks.

 Improved piggybacking detection: Revision 6.01C has higher sensitivity
 of piggybacking detection. The detection threshold has been lowered to
 detect piggybacking within few affected files. The improved sensitivity
 has no effect on speed since the loss in speed was compensated for with
 a better search algorithm.

                                                           December 1994
 Product upgrade, InVircible 6.01B
 ---------------------------------
 Installation of InVircible on networked PC: Revision 6.01B has an
 additional file, IVLOGIN.EXE. As its name implies, its use is from the
 user login script in networks. When a workstation connects to the
 network, IVLOGIN verifies whether it has a hard drive, and if
 InVircible is installed on that disk. If not, INSTALL/FAST is invoked
 to install IV to the hard disk. The LAN administrator is required to
 install IV to the server and add the IVLOGIN command to the user login
 script. The rest is done automatically.

 Install upgrades: The French version of InVircible configures now the
 rescue diskette to start with a French keyboard. Install also takes
 care to REM out the Thunderbyte TSR in the autoexec, at the
 installation of IV. The TB TSR intercept IV initialization checks and
 may crash the system. Also, Install will now install the IV
 registration key to hard drives having the Compaq configuration (see
 ResQdisk, above).

