In order to build this scheme there are some evaluation criteria for antivirus need to be tested
The Internet now are growing as well as the security threats. Day by day many new security threats had been created such as BotNet, and intelligent viruses. The new security threats are more complex and difficult to detect and remove. A very strong antivirus is needed to overcome these problems. This antivirus can defend the computer from being attacked by malware such as viruses, spywares, and Trojan horses.
But, a good antivirus cannot be created and established without a good evaluation. As the result, a good evaluation and examination scheme of antivirus should be created and embedded in the antivirus. This is very important in order to make sure that the antivirus has worked effectively and efficiently.
According to these issues, we had created an evaluation scheme for antivirus. The evaluation scheme of antivirus is as following below:
Part A: Detection
The most important criteria are to detect the virus. The best antivirus should have very high detection rate which means it can recognizes many viruses. The antivirus also must be able to detect the viruses in a network, email, or even if it already running in memory.
Part B: Technology
The other criteria that must be included in the antivirus are technical features. The technical features that should be considered are as follows:
Compatibility of antivirus with the hardware and software.
The antivirus should be compatible with the hardware and software configuration. For example, the antivirus could support all Windows Operating Systems, Linux and other operating systems because some organizations use variety of operating systems so the antivirus can protect the whole system of the organizations.
Antivirus integration with third party solutions.
The antivirus should be able to integrate with third party solutions such as Cisco NAC. Network security is another area of focus when selecting an antivirus solution. The ability of a solution to integrate with third party solutions such as Ciscoâ€™s Network Admission Control is an important feature. Because the vast majority of the network at Rutgers is controlled by Cisco equipment, it is vital that any possible solution be able to integrate with the existing network infrastructure.
On-Access or Real-Time scanner.
This technical feature gives the ability to catch viruses as soon as they try to infect a system. All areas of the systems, including the file system, boot record, master boot record and memory could be scanned using On-Access scanner.
On-Demand scanning is scanning the files on the system manually to make sure that they are not infected by any viruses. It is recommended to do On-Demand scanning after the virus definitions have been updated to ensure there are no viruses has gone undetected.
Heuristic technology will give you protection against basic unknown viruses.
Ability to scan all types of files extensions.
The antivirus should be able to scan all types of files extensions and not only some specific extensions. Previously, the only way to spread the virus was executable programs. However, now the virus also can be spread by attaching it to files such as an image. Therefore, all the types of files extensions need to be scanned in order to make sure that are virus free.
The VBScripts and Jscripts should be recognized by the scanning engine of the antivirus in order to detect and stop those malicious scripts. Some examples of scripts-based viruses such as the mass-mailing script worms I Love You and Anna Kournikova are more common.
Ability of scanning email attachment
The antivirus software should be able to scan email attachment. That is because now a lot of viruses spread through email. Some of them can be spread on a vulnerable system without requiring the user to access the attachment, such as KAK worm.
The email scanning ability should be able to monitor the processes attempting to send or receive e-mails and may block traffic upon detection of a virus.
Ability to scan within compressed files.
Although a virus is not active when is compressed, it is better for the antivirus to detect the virus before the file extracted.
Ability to detect Trojan, malicious active-X controls and Java applets
The antivirus software should be able to detect all kind of malware including spyware, Trojan horses, ActiveX controls and Java applets, and not just virus and worms. The antivirus will produce audit record with suitable information so that user and administrator could perform and sorting audit data. The stored audit records will be protected from unauthorised deletion, modification or loss.
Unified client features
One of the high requirements of the client antivirus software list is to provide antivirus, anti-spyware, SPAM filtering, and firewall support in a single package. Packaging all of these features together under a single client reduces desktop and system tray clutter as well as takes up fewer system resources in terms of CPU and memory typically.
When a new antivirus is introduced in your environment, it should not open any security holes.
Part C: Maintenance
Viruses definition updates
The virus definition database of the antivirus should be kept up to date. The virus definition should be easily updated and the new definition databases must be available frequently.
Also the mechanism used to update virus definitions should be considered. Some of them available on a website and some of them can be downloaded directly from the product.
When antivirus software needs to be updated, we need to check if updating the anti-virus software requires uninstalling the older version before installing the new one. This is might be an issue, if numbers of operating systems used in the system.
Part D: Performance
One of the most important criteria to evaluate the antivirus is the impact of antivirus software on the system performance. It is needed to check if the antivirus slow down the boot process, if it increases the time required to access a file, and the impact on the memory and CPU usage.
Part E: Manageability
Deploying new virus definition updates, verifying the protection on clients and server, viewing alerts, reports and logs, and establishing policies and enforce them. All of these solutions are available from the central management of the antivirus software. It is recommended to ensure that these management features is scalable in the environment established in, and that is not impose heavy extra traffic on your network.
Availability of hardware
In order to evaluate the operating system, Users must be able to run the operating system on any hardware they buy. And they must be able to use their peripherals with that operating system. So users need to be sure that their hardware is compatible with the operating system. For example Linux supports some architectures, which are used for desktop computing (such as ARM) which MS Windows does not support.
Integration with product
The operating system should be able to integrate with all type of products. For example, the Linux operating system cannot integrate with wireless adapter Atheros. They need some adjustment to make it integrating between each other. The ability to integrate with all products are important to make sure all the products can be integrated with all type of operating system.
Operating System upgrade
When operating system needs to be updated, there are some questions need to be solved. Does updating the operating system require uninstalling the older version before installing the new one? If you donâ€™t need to uninstall the old OS, will you lose your data in the computer after you install the new version?
These questions need to be answered in order to evaluate the operating system.
Another criterion to evaluate the operating system is the impact of operating system on the system performance. It is needed to check if the operating system slows down the speed and time of accessing files. The operating system also needs to be examined about the impact of the operating system on CPU and memory usage.
Deploying and establishing the policy in the operating system are one of the most important things in the scheme. It is to make sure the operating system run smoothly and effectively. The purpose of this policy is to prevent network and virus related problems related to the inability of illegal copies of a computer operating system to keep a computer current with the latest critical updates and security patches provided by the manufacturer. This policy will allow the operating system to install new system and application software and maintaining and monitoring them. It is also will help the administrator to view and manage reports and logs in the operating system.