Network Security Fundamentals [Electronic resources] نسخه متنی

Antivirus Software

A computer virus can be best described as a small program or piece of code that penetrates into the operating system, causing unexpected and negative events to occur. A well-known example is a virus, SoBig. Computer viruses reside in the active memory of the host and try to duplicate themselves by different means. This duplication mechanism can vary from copying files and broadcasting data on local-area network (LAN) segments to sending copies via e-mail or an Internet relay chat (IRC). Antivirus software applications are developed to scan the memory and hard disks of hosts for known viruses. If the application finds a virus (using a reference database with virus definitions), it informs the user. The user can decide what needs to happen next. Figure 3-7 illustrates the action decisions that can be made using McAfee Antivirus software applications.

The user can choose from three options: delete the file, clean the file, or place the file in a so-called quarantine folder.

Before making a decision on what antivirus software package to purchase, it is important to understand which solution best protects your organization and which antivirus software features match your needs. The following list can be used when making a comparison matrix for different solutions:

• Purchase price

• Ease of use

• Identification of viruses and worms: real-time scanning, manual, and scheduler

• Activity reporting mechanism

• Actions: deleting, cleaning, and quarantine

• Virus definition update mechanism: auto or manual definition updates

• Central management

• Operating system support

• Technical support

With the introduction of new viruses almost every day, it is hard to tell which antivirus package is best suited for your needs. Also, the installation of antivirus software should be seen as only part of your overall security solution and does not guarantee complete protection.