Member ID
  
 
Password
  
INCORPORATE YOUR BUSINESS
MyCorporation.com can assist you with forming your Corp or Limited Liability Company (LLC's) in any state without any Legal Fees! It's easy & affordable.

Choose Anti-Virus Software

Fortunately, most PC users don't come across viruses every day of their working life. The average PC support person will, typically, spend more time fixing problems than dealing with viruses. However, any user who has suffered from a virus outbreak will appreciate just how important it is to be aware of how viruses work and the methods available to minimize infection.

TYPES OF ANTI-VIRUS PRODUCT
These can be in the following forms: On-Access, On-Demand and Hardware.

On-access scanners check for viruses when files or floppy disks are "accessed". They are designed to run transparently in the background. When well implemented, they should be invisible to the user - they shouldn’t even realize they are running an anti-virus product until it intercepts a virus. It has been our experience that on-access scanners are the most popular types of anti-virus products.

On-demand scanners only execute when the user tells them to execute. In other words, they only scan for viruses when the user tells them, for example, to scan the floppy disk they have just inserted. The drawback with this method is that users have to remember to scan files and disks for viruses.

Hardware anti-virus products tend to be unpopular. The reason is that it is considerably harder to install a hardware card into hundreds of PC’s than it is to install computer software. Furthermore, difficulties may arise if the hardware anti-virus needs to be updated to deal with new threats (macro viruses for example). These three forms of anti-virus product can be further broken down into the following categories: Scanners, Integrity Checkers, Behavior Blockers, Heuristic Analysis and Access Control.

Scanners

Good Points

  • Very few false alarms
  • ‘Play second’ (and some scanners can also partially "Play first")
  • Can be very fast
  • Can usually disinfect infected files

Bad Points

  • Need updating
  • May have problems with polymorphic viruses if not properly engineered

Comments:
A virus-specific scanner needs to be updated to find the latest viruses. Researchers estimate that approximately 400 new viruses are being released each month. This isn't necessarily anything to get worried about - the majority of these new viruses are extremely unlikely to become widespread. The problem, however, is that no-one knows which virus will be the next one to ‘get lucky’.

It should be noted that there is a difference between On-Access and On-Demand scanners. Not all On-Access scanners find as many viruses as their On-Demand counterparts (this is in particular true of DOS TSR on-access scanners). Also many On-Access scanners do not include a disinfection capability.

Integrity Checkers

Good Points

  • Shouldn’t need updating

Bad Points

  • ‘Play first’ (but not very well)
  • Cannot find viruses, only changes
  • Many false alarms
  • Cannot find some viruses (including the two oldest!)
  • Needs to be supported by a scanner to be effective
  • Ineffective against macro viruses

Comments
An integrity checker (also known as a checksummer) is a program that determines whether another program has been altered or changed. For a virus infection to occur, executable code needs to have been altered by the virus. An integrity checker searches for such changes and flags them as suspicious.

However, an integrity checker can only flag a change as suspicious, it cannot determine whether it is a genuine virus infection. This is the major drawback of integrity checking.

Furthermore integrity checkers cannot recognize all known viruses, let alone the future viruses they might claim to detect. It is impractical to use integrity checkers against floppy disks. There have also been viruses written which are specifically designed to evade integrity checkers. It should also be recognized that integrity checkers are ineffective against macro viruses. Integrity checkers find it difficult to determine when such files changes legitimately, and when it changes because of a virus infection. Because macro viruses are now the most common type of virus, it is hard to recommend integrity checkers.

Behavior Blockers

Good Points

  • Shouldn’t need updating

Bad Points

  • Many false alarms
  • Some viruses missed
  • "Play first"
  • Needs very high level of technical support
  • Ineffective against macro viruses
  • No disinfection capability

Comments:
Behavior blockers work on the following principle: There is a list of rules which legitimate programs follow, and there is a list of rules which viruses follow. If a program breaks a legitimate rule (or follows one of the virus rules) then the user is alerted.

The problem is that a virus is simply a program that copies itself. A virus can do anything that a normal program can do. To determine what the rules are is extremely difficult. Since behavior blockers can be a nuisance there is often a documented way to turn them off. Unfortunately the virus authors are also aware of the methods which can be used to turn behavior blockers off and some viruses use them. Because behavior blockers know nothing about the virus themselves - only the behavior that viruses exhibit - they cannot reliably disinfect virus infections.

Heuristic Analysis

Good Points

  • No updates needed

Bad Points

  • Tendency for false alarms
  • May miss a number of viruses
  • ‘Play first’

Comments
Heuristic analysis is the technique of scanning a file for suspicious code and techniques. It is very difficult to determine what code is suspicious. The code that might be innocent in one program might be suspect in a virus infected file. For this reason, it is necessary for heuristic analyzers to calculate how suspicious a file appears. Typically, a scoring system is implemented, and any file which has enough suspicious elements (a high enough score) is flagged as being a possible virus.

There are two major problems with this technique. Firstly, heuristic programs are prone to false alarms. A false alarm is nearly always significantly more trouble and time-consuming than a genuine virus infection. Secondly, heuristic programs are unable to detect every existing virus.

Virus authors are aware of what anti-virus researchers consider to be "suspicious code". Some anti-virus researchers have even released documentation detailing how their scoring system works! With such information it is relatively easy for the virus author to write their virus with this information in mind, thus avoiding detection.

Access Control

Good Points

  • Limits possible virus entry points
  • No updates required

Bad Points

  • No virus discrimination
  • ‘Play first’
  • Ineffective against viruses spread via email and the Internet
  • No disinfection capability

Comments
Access control describes a variety of different methods to avoid unauthorized programs being installed on a PC, unauthorized disks being accessed, or unauthorized personnel from using a PC. Through this control the chances of a virus being allowed onto the computer are reduced.

Since access control methods cannot discriminate between viruses and non-viruses another type of anti-virus product has to be incorporated into the system. Access control systems provide an extra degree of security to the PC user, but this can be at the expense of flexibility. If a virus manages to get past the access control system then it can be more difficult to control its future spread.

 



10100, Suite 207, Coral Springs, FL 33065, Phone: (954) 757-2525, Fax: (954) 757-2534
Toll Free: (877) 411-6691, E-Mail: Info@4smallbusiness.com

© 2003 4smallbusiness.com, Inc. All rights reserved.