Editor's note: 3000 managers do many jobs, work that often extends outside the MPE realm. In Essential Skills, we cover the non-3000 skills for multi-talented MPE experts.
By Steve Hardwick, CISSP
In an allied article I describe the elements needed for any effective virus attack: motive, means and opportunity. A suitable anti-virus program must provide the following capabilities.
- Be able to detect a vast array of malware
- Be able to update the virus definitions as quickly as possible after the virus signature has been isolated
- Provide the capability to quarantine and remove viruses after infection. This must include the ability to prevent any spread of the virus after contamination.
- Run with minimal load on the operating system. This includes both foreground (interactively scanning files as they are downloaded) and background (scanning existing files and computer activity)
- Have plug-ins for the various methods to download the viruses, via web browsers or email applications
The following websites provide ratings for anti-virus products. Some websites' evaluations are are geared towards a consumer user. Others are more aligned to commercial certification of AV products. I've also included a note on how cloud-base AV is changing antivirus options.
Provides a good set of tests that cover all of the five areas outlined above. Updates their reviews on a monthly basis. Covers Windows, Mac and mobile devices. Includes a special section for home users.
Provides a good set of testing that covers all of the five areas outlined above. Provides additional, more detailed testing. Only certain tests are updated monthly. Testing is not broken down by operating system.
Only provides the ability to detect viruses and not provide false positives. Only covers Windows and Linux.
Using cloud AV
One approach that minimizes the impact of running an AV program locally is to run the software in two parts, one locally on the machine and one in the cloud. A new set of cloud-based solutions are being offered. These provide a small scanning application running on the operating system and do the heavy lifting in the cloud. Panda, a provider that scored best in the AV Comparatives evaulations, is one example of cloud AV.
The local application scans files and provides file signatures, then uploads them to the cloud counterpart for analysis. This removes the need to update the local definitions on the computer and increases the ability to react to new threats.
This benefit comes at a price. The capabilities are limited by the lightweight application, the services the operating system provides to that application, and connectivity to the Internet. Many of the rating websites are slow to rate these products, especially those focused on consumers. As they become more popular, this cloud AV will be included in the traditional testing suites.