Saturday, August 27, 2005

Which Anti-virus software should I choose?

First, is this the right question? Yes, but only partially. Having a good anti-virus solution is not good enough if:
- disabled by the end-user
- not configured properly
- if signatures not up to date
- if not monitored properly
- if not integrated into the right process

It is useful to be able to know if your anti-virus software (hardware) is up to the mark.

There are several site which can provide useful information and insight into some of the best antivirus solutions available today:
- Virus Bulletin
- AV-Test Org
- ICSA Labs
- National Institute of Standards and Technology (NIST)
- Anti-virus Information Exchange Network (AVIEN)

Once and Anti-virus is installed it is good practice to test it. Making sure it is reporting virus correctly. On of the simplest tools to use is the European Institute Anti-Virus Research (EICAR) test file.

When researching an attack or a virus don't forget to check the Anti-virus encyclopedia. Most of the Anti-virus vendors have one. They provide detailed information about each virus and clean-up information:
- Virus encyclopedia
- Virus encyclopedia (multi-lingual)
- About Virus (if you have lots of time)

Please also remember that one of the biggest source of propagating virus is actually via social engineering. Many fake virus are circulating via chain letters and form a big time waster. Some good sources for Virus hoaxes are:
- Virus Myths

0 Comments:

Post a Comment

<< Home