734 Anti Virus Technologies Without control of the human element and proper

734 anti virus technologies without control of the

This preview shows page 204 - 206 out of 325 pages.

perhaps after the user has left the organization. 7.3.4 Anti-Virus Technologies Without control of the "human element" and proper implementation, anti-virus software alone cannot provide full protection. However, it is still the critical element in the fight against viruses. As stated before, non-virus problems may appear to be virus related, even to sophisticated users. Without anti-virus software, there is no conclusive way to rule out viruses as the source of such problems and then arrive at solutions. Effective anti-virus software must be capable of performing three main tasks: Virus Detection, Virus Removal (File Cleaning) and Preventive Protection. Of course, detection is the primary task ad the anti-virus software industry has developed a number of different detection methods, as follows. Five Major Virus Detection Methods: Integrity Checking (aka Checksumming) - Based on determining, by comparison, whether virus-attacked code modified a program's file characteristics. As it is not dependent on virus signatures, this method does not require software updates at specific intervals. Limitations - Does require maintenance of a virus-free Checksum database; allows the possibility of registering infected files; Unable to detect passive and active stealth viruses; Cannot identify detected viruses by type or name. Interrupt Monitoring - Attempts to locate and prevent a virus "interrupt calls" (function requests through the system's interrupts).
Image of page 204
195 195 Limitations - Negative effect on system resource utilization; May flag "legal" system calls and therefore be obtrusive; Limited success facing the gamut of virus types and legal function calls. Memory Detection - Depends on recognition of a known virus' location and code while in memory; Generally successful. Limitations - As in Interrupt Monitoring, can impose impractical resource requirements; Can interfere with valid operations. Signature Scanning - Recognizes a virus' unique "signature," a pre-identified set of hexadecimal code, making it highly successful at virus identification. Limitations - Totally dependent on maintaining current signature files (as software updates from vendor) and scanning engine refinements; May make false positive detection in valid file. Heuristic/Rules-based Scanning - Faster than traditional scanners, method uses a set of rules to efficiently parse through files and quickly identify suspect code (aka Expert Systems, Neural Nets, etc.). Limitations - Can be obtrusive; May cause false alarms; Dependent on the currency of the rules set. All five techniques can usually perform on-access or on-demand scans, for both network servers and work-stations. On-access scanning is analogous to a building'' automatic sprinkler system –virus scanning is automatically initiated on file access, such as when a disk is inserted, a file is copied or a program is executed. On-demand scanning is more like a fire extinguisher - requiring user initiation (but may also be set up to continue scanning at regular intervals or at system startup).
Image of page 205
Image of page 206

You've reached the end of your free preview.

Want to read all 325 pages?

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes