Viruses modify existing software so that when run, the legitimate program spawns copies of the virus. They also search for software on the local hard disk and across any connected network to find more code to infect. They also contain destructive functions that damage or delete data after a period of time. Worms are similar, but are self-contained programs that remain hidden and propagate via email or duplication. Trojans are worms that don't hide but pretend to be other software. It is common to consider all three types as generic viruses, and anti-virus (AV) software checks for all infections regardless of definition. In this article, virus should be taken as meaning any of the three main types. How does AV software work?
At its simplest, AV software scans executable files or areas of disk for fragments of code called signatures that it knows to be a viral program. Over the ten or so years that viruses have been a problem, virus writers have adopted a number of countermeasures, including encryption, code that rewrites itself in constantly changing way, and code that is disguised as data, so AV software has to do some complex analysis. AV software can also check files at the time they are copied onto a hard disk, arrive via mail or are downloaded from a website; optionally, they can also scan within archive file formats such as zip or even all file formats, regardless of type. It is usual to run AV software in the background at all times to monitor for new files, and to run a periodic scan through hard disks. What should I look for in AV software?
Like all security software, AV programs are to some extent intrusive on normal work. If you expect your users to run the software manually then check usability, otherwise concentrate on its remote manageability. The scanning process shouldn't slow down other software running at the same time, and it should be fast. Updates of new virus signatures -- and where necessary new AV software -- should be included in the price, and should be as automated as possible. When a new infection becomes common, it should be simple to obtain and roll out the new signature very quickly. If you have users connecting to your network remotely via VPNs from home computers, be especially careful that you can provide them with good AV cover. Such computers will also be connected to the Internet for long periods of time and be used by non-technical family members who know nothing about virus infections and care less. They are a major vulnerability in the modern network, and will only become more so. What are the advantages of using a single vendor for all AV software?
Like all software, AV programs can go wrong and a single point of failure can result in a rapid spread of problems across your network and beyond. Having a single AV vendor means a single point of contact for such problems, which can be especially useful in the early days of a rapidly-spreading new infection about which little is known. You'll also typically get a lower total cost of ownership, simplified administration and updates What are the disadvantages of using a single vendor for AV software?
Some virus software targets known AV programs and is engineered to bypass the checks or cripple the protection. By having more than one brand of AV software, you can minimise this risk while also increasing the chances that you'll get protection against new infections as rapidly as possible. You may also find that one vendor's desktop AV software is best for your needs while another's email gateway scanning software copes with that task better. What else should I do to prevent or cure viruses and their effects?
Keep emergency boot disks with the latest AV software on. Maintain a backup strategy with enough depth to roll back past the point of infection. Educate users to spot viruses in suspicious emails, and the consequences of downloading or copying unapproved software onto their work machine. Keep a close eye on the AV software vendors' websites, and know where the emergency alert pages are. Read up on common hoaxes or new developments in virus technology every couple of months or so. Some infections will compromise your security system by scanning for local passwords and data and emailing them to anonymous addresses. In that circumstance, change all passwords that could have been infected.