White Papers

This is a collection of technical white papers written on the subjects of viruses, anti-virus, Linux, UNIX, computer security, and malware. The White Papers discuss how these topics relate to CyberSoft products. Many documents on this page are stored in PDF format and will require a PDF reader in order to view them. Click here to download Adobe Reader.

Why CyberSoft's VFind Security Toolkit

The CyberSoft Operating Corporation VSTK product line is relevant and necessary to protect you in these modern times. Old thinking of monolithic protections is unable to keep up with the changes. VSTK is not monolithic, it is an entire tool kit!

Special Attributes of the VFind Security Toolkit for 2012

CyberSoft has been in the business of supplying computer antivirus tool kits since 1988. We invented many of the tools that seem common today and we are still innovating. Our primary product is the VFind Security Tool Kit (VSTK) family of products. As the name implies this is not just virus scanner but an entire tool kit of computer security products that lets you fit the tool to the problem.

Optimizing VSTK Performance

Historically, virus scanning and pattern recognition were dependent on two things: disk I/O performance, and processing power. Essentially, how fast can you read the data, and how fast can you process it. Because of this, tuning and optimizing VSTK for performance applications is very much hardware dependent. However, there is still opportunity to improve performance by optimizing how system resources are utilized, and VSTK gives you the flexibility to adapt the product to many different environments for optimal virus scanning.

Archived White Papers

CyberSoft VSTK-P Configuration for NERC STANDARD CIP-007-1

Use of the CyberSoft VSTK or VSTK-P computer security tool kits for Unix/Linux will insure that cyber security test procedures are implemented according to the authorized test plan. The primary tool for TEST RESULT ANALYSIS is the CIT tool. Use of the CIT tool prior to test plan implementation will insure the validity of the system baseline test bed and use of the CIT tool after the implementation of the test plan will insure that the baseline system was maintained and that any changes to the system are in accordance with the authorized test plan.

How can I use UAD for a special archive file?

To work with an archive file, UAD needs an expander/decompresser to decompress/open it before reading its contents. UAD already included many of common expanders in its module by default, whose codes are customized and optimized to the whole structure of UAD. For example, unzip for zip and unrar for rar codes are optimized and embedded in UAD.

How can I exclude files from VFind scanning?

You can exclude some files from VFIND scanning through many ways as follows. Especially, the information in section 2.2 will be very useful if you run scanning with VFIND and UAD under smartscan mode (-s -ssw options for UAD and -ssr options for VFIND), because the --noscan/--noscans option is ignored under smartscan mode.

Analysis of the VSTK/P Product Line In Fulfilling US Federal Requirement DCID 6/3

This document is a technical analysis of CyberSoft VSTK and VSTKP tools for use with the U.S. Federal DCID 6/3 Directive, which establishes security policy and procedures for storing, processing and communicating classified intelligence information in computers.

How To Be A Hero To Your Employer And Customers While Increasing Computer Security

One of the biggest problems in computer security is that standardized requirements, customer actual needs, and their very important perceived needs normally are very complex and there may not be any single product that fulfills all of these. Normally, it may take half a dozen different products from the same number of vendors to resolve most of the needs and requirements. These programs are not easy since none of them were ever intended to interact with each other.

A Subjective Analysis of the Survivability of CyberSoft Operating Corporation in a Market Targeted by Microsoft

Everyone may not remember but the first widely sold home and small office word processor was called Word Star. Their position was taken by a product called Word Perfect. Today, other than open-source, very few people consider any word processor other than Microsoft's Word. This trend has been repeated many times.


The CyberSoft SmartScan format is a method of encapsulating a group of files, file names, and types, into a single stream. This format is utilized by the CyberSoft products such as UAD and VFind. This release of SmartScan documentation and source code is being made available to the public as a service to the community to promote interoperability. Using the source code provided here, you can develop your own programs to read and write SmartScan format, for example to provide a custom front-end to VFind.

Non-Technical Cost Justification for CyberSoft's VSTK and VSTKP Products

One of the hardest tasks for a computer security professional to do is cost justification. It is often not part of the training but it is always part of the job. This paper answers some of these questions for the VFind Security Tool Kit (VSTK) and the VFind Security Tool Kit Professional (VSTKP).

Optimal Queueing Strategies for E-mail Virus Scanning

Optimal queueing strategies are derived for an e-mail virus scanning system consisting of multiple queues of varying message size limits running in parallel. The general VirScan system is described, a queueing model is defined, and expressions are derived for the overall average time that messages spend waiting in the queues. By Richard J. Perry and Mark G. Thomas, presented at the March 2002 Conference on Information Sciences and Systems, Princeton, NJ (CISS 2002).

Secrets of the VFind Security Tool Kit Professional Plus

The purpose of this paper is to help our customers more fully utilize the VFind Security Tool Kit Professional Plus. As many of our customers have come to realize, it is more than just a antivirus scanner, but rather an entire security toolkit. By Peter V. Radatti, February 2000.

Use of Avatar on a Honey Pot System

How to set up security for a high visibility web site using Avatar. Includes scripts and examples. By James A. Roach, Jr., May 11. 2001.

Environmental Impact: Microsoft Operating Systems and the Computer Virus Threat

This paper describes how computer viruses and antivirus software are forced to operate under environmental pressure. In this case the changing environment of Microsoft operating systems from MSDOS to Windows 3.1, Win-95, Win-98, Win-NT and Windows 2000. By Joseph Wells September 9, 1999.

Open Letter

CNET's September 21, 2000, review of antivirus products betrayed their readers' trust. Moreover, it did antivirus product users a major disservice. Although this review was presented as being fair and professional, the evidence demonstrates that it was neither. Signed by 20 experts in the field of Antivirus. As a side note, CyberSoft's products were not part of the review. By Joseph Wells, Warlab.

Security Problems Caused by Aggregate Data of Client/Server Connections on the Internet

This paper reveals some of the little known problems of maintaining privacy on the Internet. By Peter V. Radatti, September 1998.

Take on the Barbarians on the other side of the wall

This paper is the first independent product review of the VFind and CIT tools. The paper was written by Roger Harmston and appeared in the SunServer monthly magazine - September 1996 Volume 10 Number 9. Roger is with Strategic UNIX Networks Corporation in Victoria, British Columbia. He can be reached at roger.harmston@strategic.Victoria.BC.CA (work) or rogerh@dynamis.bc.ca (home).

Special Attributes of the VFind Security Toolkit

This paper reveals some of the special attributes of the VFind Tool Kit that our customers have used to solve problems other than anti-virus. VFind really is a complete security tool kit and has been used for many purposes.

Why VFind

This paper reveals the design secrets behind the development of the world's first anti-virus program for UNIX, VFind. This is the paper the anti-virus industry didn't want published. It completely removes the mystery of anti-virus technology. If you are considering the purchase of an anti-virus product for UNIX you need to read this paper! Written in an easy to read, first person, narrative by the designer of VFind, Pete Radatti.

National Software Testing Laboratories CyberSoft VFind Report #1, June 1996

NSTL is an independent, well respected, software testing laboratory. They reviewed VFind Version 5 Release 1 in April, 1996. The purpose of the test was to independently verify the functionality of the product and to identify areas where CyberSoft could improve the product. The test accomplished both of these goals, demonstrating that the product fulfilled and exceeded its requirements. The NSTL report concludes, "CyberSoft's utilities are more than anti-virus utilities... CyberSoft's utilities are of a unique and versatile kind in the market".

Extensions to CVDL, the CyberSoft Virus Description Language

This report documents extensions made recently to the original CyberSoft Virus Description Language (CVDL), and also provides a complete summary of the current language. By Dr. Rick Perry, August 11. 2001.

CVDL - CyberSoft Virus Description Language

This is a historical and technical paper on the CyberSoft Virus Description Language (CVDL) and how it performs to detect viruses in source code by providing forward reference proximity scanning. CVDL also enhances virus scanning by searching for keywords using case insensitivity and proximity testing.

Consideration of Targeted Hostile Software in Homeland Security

Computer security today is a failure. It gets in the way of getting the job done; therefore, it is normally bypassed or weakened. Even if security systems are implemented correctly, they are often bypassed for mission or operational reasons or are inadequate.


These are a collection of stock presentations that use VSTK anti-malware software, that is designed for UNIX/Linux computer systems. A substantial part of these presentations is verbal and is not contained in the slides.

Why CyberSoft: The 30 Second Presentation

A easy to understand, straight to-the-point presentation on why CyberSoft is your best anti-virus solution.

Consideration of Targeted Hostile Software in Homeland Security (GOVSEC 2006)

This is the companion presentation to the white paper of the same name.

Reference Library

A number of reference articles pertaining to IT security including a complete hacking lexicon.

US Government Accounting Office Report on the Internet Worm

This is the official United States Government Accounting Office report on the internet worm.

NIST Threat Assessment of Malicious Code

Threat Assessment of Malicious Code and Human Threats (NISTR 4939) by the United States National Institute of Standards and Technology.

The Helminthiasis of the Internet

Infestation with, or disease caused by parasitic worms of the Internet. RFC 1135 written by J. Reynolds of the Network Working Group.

NISP Operating Manual (NISPOM)

The United States National Industrial Security Program Operating Manual (NISPOM). Per Executive Order 12829 on behalf of the Secretary of Defense, Secretary of Energy, Chairman of the Nuclear Regulatory Commission and the Director of Central Intelligence. Replaces the Department of Defense Industrial Security Manual for Safeguarding Classified Information, dated January 1991.

US DOD Trusted Computer System Evaluation Criteria

The United States Department of Defense Trusted Computer System Evaluation Criteria DOD 5200.28-STD (ORANGE BOOK)