Managing Antivirus Software - Keep the reinstall away

Having an anti-virus on your computer systems is one of the standard best practices for every computer user, regardless of whether you are home user or a business.

Although there are a lot of users (both corporate and home users) that consider the anti-virus a useless weapon, it still provides a very real protective layer on your computers. No anti-virus is 100% effective, but even at 80% effectiveness, it means a whole lot less problems with malware.


Here are some simple guidelines for selecting and managing your anti-virus environments:

Home Environment

Managing an anti-virus in a home environment is relatively easy. Most users have 2-4 computers in the home, and they need to set-up an anti-virus on everyone of them. The most important elements are

  • Regular updating of signatures from the manufacturer
  • Active real-time protection
  • Regular (weekly or monthly) scheduled scan
In order to keep your home anti-virus system in good condition, you need to
  • Set the antivirus to perform automatic cleaning with quarantine (no delete) - this way even if you get a false positive, the file isn't deleted and you can rescue it from
  • Check the update version - check whether updates are still current and there are no issues with updating
  • Review the last scan results - this way you will be alerted if malware is identified
  • Review the quarantine - to find if false positive files were captured by the anti-virus and need to be 'rescued'
Choosing the product
Then it's about the price and functionality. The home user can choose a free product, or they can buy antivirus protection. Here is a sample of criteria to review when choosing the anti-virus:

  • Legitimate antivirus software - What you need to be very careful about when implementing a home antivirus environment is that the product be really an anti-virus. Wikipedia references the SpyWare Warrior that more and more malware masquerades as legitimate anti-virus. In order to avoid these malware decoys, you can reference the Wikipedia list of anti-virus software .
  • Range of malware that you are protected from - Can the engine detect virus, spyware, rootkits, etc.?
  • Behavior-blocking - Does the antivirus monitor system calls with a heuristics engine to prevent vulnerability exploitation attempts and zero day virus breakouts?

Corporate Environment

Managing an anti-virus in corporate environment is a lot more work. There are hundreds, even thousands of computers that need to be protected. In such an environment you need to battle the following battles:
  • Keeping clients up-to-date - when updating hundreds of computers, there will be issues - computers that are off, computers where the antivirus software has failed for any reason, issues in communication with the update server
  • Keeping clients compliant to policy - same as above, updates to policy may fail or be in significant delay
  • Preventing the anti-virus servers from overloading - updating hundreds of systems can cause hogging of the update server or the Internet link.

In order to keep your corporate anti-virus system in good condition you need to
  • Set up updating frequency according to corporate policy - updating the anti-virus in a corporate environment needs to be planned - updates may be needed more then once per day, but if you make the updates too frequent you'll end up overloading the antivirus server with requests.
  • Balancing the load of management and updates in a distributed environment - When you have branches, it is wise do distribute the burden of updates and management to branch servers and administrators.
  • Implement additional policy elements- anti-virus software may also be used to enforce corporate policies of not running some software in certain parts of the day (example - block media player from 9 to 12 and from 2 to 5)
  • Schedule automated scans - similar to the home users, scheduled scans are good for confirming that nothing is sleeping in downloaded documents, unopened files etc.
  • Schedule automatic reports - Your best for keeping the corporate antivirus infrastructure in good condition is an automated report. This way, a report on the number of non-updated

Choosing the product

When implementing a corporate anti-virus solution, the criteria of choosing a legitimate (non-malware) antivirus is not important - there are no malware products designed to operate as a corporate antivirus systems.
And even if someone tries to make such a malware, it will be immediately identified, since corporate anti-virus solutions are constantly evaluated - both by independent technology sites and companies, and by other manufacturers of anti-virus solution - to assess the competition.

But there are other criteria for corporate anti-virus that need to be evaluated. Here is a sample of criteria:
  • Range of malware that you are protected from - Can the engine detect virus, spyware, rootkits, etc.?
  • Behavior-blocking - Does the antivirus monitor system calls with a heuristics engine to prevent vulnerability exploitation attempts and zero day virus breakouts?
  • Expanded functionality - System firewall. Does it provide blacklists and white lists for addresses and domains?
  • Policy control - Does the antivirus provide controls to enforce corporate policies regarding use of certain elements of the computer system? For example, an antivirus system may provide policies to prevent running of certain applications, although they are not malware, or prevent access to usb storage devices etc...
  • Signature Updates - How large and frequent are signature and other updates? This can range from one per day to multiple updates per day. This is a very significant issue - a signature that is updated once per day, it can be quite large, so in a large corporation the update process will hog the central antivirus server.

Conclusion
Depending on whether you are running a home or corporate environment, you face different challenges with antivirus solutions. But regardless of environment and product, you will be very grateful that you are running an antivirus the day someone you know looses data or re installs their computer due to a virus corruption.


Talkback and comments are most welcome

7 comments:

hd surveillance cameras said...

Hmm.. This one seems impressive, but always do R And D

Elizabeth J. Neal said...

If you need Security Equipment services in the Bozeman, Montana area, visit us at Security Solutions, Inc.. VideoVigilancia

Unknown said...

Most of this things active on standard preferences. I am talking about home environment. But when you will faced with real issues anti-virus may not help you. That's why you should be prepared for reading guides on http://removalbits.com/ and using manual removals.

First in Security, First in Service said...

Great and very accommodating for all the security seekers and I should also recommend First in Security, First in Service because it has helped me a lot and I am sure that it will do the same for you!

Getit said...

Lovely blog it is. Download Zapya for PC to share files and folders easily from PC to Mobile

Sunmugam Chidambaram said...


Good post like to Read More Like this
xender for pc

Roshaan Asghar said...

It is continually getting better with time; this is the uniqueness which gives upper Download Showbox apk hands.

Designed by Posicionamiento Web