Computer Virus Guide


Virus Software Deployment

A wide range of virus defence software is available, ranging from off-the-shelf packages to more highly specialised, technical solutions.

Factors such as company size, nature and activity will have a bearing on the type of software that you choose, and how you deploy it within the organisation.

In this section you can read more about:

Virus defence software deployment on:

Types of virus defence software:

  • Scanners
  • Checksummers
  • Heuristics

Virus Defence Software Deployment

There are three main points where it makes sense to deploy virus defence software:

  • Internet gateway
  • Servers
  • Desktop workstations and laptop PCs

Internet Gateway

The Internet gateway is the point that connects the Internet and internal company networks. It is a good place to install virus defence software, ensuring that all incoming and outgoing e-mail attachments are checked.

The main advantage of using virus defence software on the gateway is that incoming infected attachments sent to multiple e-mail addresses will generate a single virus alert (on the gateway), instead of multiple ones if the infected e-mail is allowed through to desktop workstations.

Servers

Using virus defence software on servers to scan centrally held files has two main advantages over trying to scan the servers from a workstation.

  • Network traffic is minimised since the scanning process uses resources on the server
  • Any virus stealth mechanisms are not effective since the virus is never ‘active’ on the server

Most organisations deploy virus defence software to scan their servers at regular intervals, usually during periods of low user activity.

Desktop and Laptop PCs

Virus scanning on the desktop is probably the most important aspect of the three-point scanning strategy.

Even if a virus penetrates the Internet gateway scanner by arriving in an encrypted e-mail, and is not caught by the server scanner, it will have to be caught by the desktop before it is allowed to infect.

Keeping virus defence software up to date on desktop PCs is one of the hardest tasks faced by system administrators. This is especially the case on machines that are not permanently connected, such as laptops with docking stations.

Virus Defence Software Types

Scanners

Scanners remain the most popular type of virus defence software used today. They contain detection and disinfection information for most known viruses.

Scanners tend to be easy to use and are capable of identifying a virus. You can scan (for example) all drives and folders on a computer, and/or incoming and outgoing e-mail messages.

The main disadvantage of scanners is that they need to be kept constantly updated with the latest virus information in order to remain effective.

Checksummers

Checksummers rely on detecting change. When a virus infects a file, that file will change, and this is picked up by the checksummer.

Checksummers will detect both known and unknown viruses, as long as the virus changes a file monitored by the checksummer.

The main difficulty with using checksummers is distinguishing between legitimate and viral changes. Results from checksummer reports need expert interpretation, which is not always readily available.

Also, checksummers can only detect a virus once an infection has occurred; they cannot be used to prevent an infection.

Heuristics

Heuristics are ‘rules of thumb’, strategies, methods or tricks used to provide solutions to complex problems.

In the context of virus defence software, it is used to describe software that applies rules to distinguish viruses from non-viruses. Heuristic software is attractive for users since it is often presented as not requiring updates.

Unfortunately, heuristics are not problem-free. The virus writing community learns the rules used by heuristic software very quickly and starts writing viruses that circumvent them. Virus defence software companies then reformulate the rules and reissue the software.

Heuristic software also tends to label objects as viruses when they are not. Because of this, heuristics have to be constantly tweaked to make sure they remain effective.

This information based on Crown Copyright 2003
1 2 3 4 5 6 7 8 9 10

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>