Previous Next Index Thread
Previous Next Index Thread
AVREVIEW.FAQ 960624 Antiviral Software Evaluation FAQ maintained by Robert M. Slade (beta release) This list of questions is intended to provide a framework and background information for review, evaluation and decisions regarding antiviral protection software and systems. The companion files "Antiviral contacts listing" (CONTACTS.LST) and "Quick reference antiviral review chart" (QUICKREF.RVW) provide additional related information. All three files are available in the Computer Virus SIG of the Victoria (BC, Canada) Freenet (telnet://guest@freenet.victoria.bc.ca and give the command "go virus"). (This file is prepared from Chapter Six of "Robert Slade's Guide to Computer Viruses".) This document is *not* intended to be an introduction to the study of computer viral programs. It is expected that you already know the relevant concepts and terminology. For general background information on computer viruses, please see the VIRUS-L/comp.virus FAQ (ftp://cs.ucr.edu/pub/virus-l/vlfaq200.txt) which is also available at the Victoria Freenet site. Contents 1) Why can't I get 100% protection? 2) Why isn't there any one "best" antiviral? 3) What is an activity monitor? 3a) What are the strengths of activity monitors? 3b) What are the weaknesses of activity monitors? 3c) How should activity monitors be evaluated? 4) What is authentication/change-detection software? 4a) What are the strengths of change-detection software? 4b) What are the weaknesses of change-detection software? 4c) How should change-detection software be evaluated? 5) What is a scanner? 5a) What are the strengths of scanners? 5b) What are the weaknesses of scanners? 5c) How should scanners be evaluated? 6) What is resident software? 7) What is heuristic scanning? 8) What is a false negative? 9) What is a false positive? 10) How does disinfection work? 10a) What is "generic" disinfection? 10b) What is "heuristic generic" disinfection? 11) Can I get hardware antiviral protection? 12) Why can a "so-so" antiviral actually be harmful? 13) What aspects of an antiviral are important? 14) What aspects of an antiviral are *not* important? 15) What about "number of viruses detected"? 16) Why isn't disinfection very important? 17) Why should I support "free" software? 18) What about published reviews? 19) Where can I find published reviews? Questions and answers 1) Why can't I get 100% protection? An easy answer can be seen by noting that computer viruses are programs, and they only do things that "real" programs do. There is no magic secret that viral programs use. Therefore, there is no single distinctive or characteristic that can be used to identify a viral program. A more rigorous explanation is found in Fred Cohen's ground breaking work on the theoretical study of computer viruses between 1983 and 1986. Using mathematical and logical models of the nature of computers and computation he determined that the problem of accurately identifying a viral program, as opposed to one which is not viral, is "undecidable". A program to identify