Definition[edit | edit source]
An anti-virus tool
|“||perform[s] three basic functions. Tools may be be used to detect, identify, or remove viruses. Detection tools perform proactive detection, active detection, or reactive detection. That is, they detect a virus before it executes, during execution, or after execution. Identification and removal tools are more straightforward in their application; neither is of use until a virus has been detected.||”|
Overview[edit | edit source]
There are four critical selection factors that should be considered to ensure that the right tool is selected for a particular environment:
- Accuracy describes the tool's relative success rate and the types of errors it can make. Accuracy is the most important of the selection factors. Errors in detecting, identifying or removing viruses undermine user confidence in a tool, and often cause users to disregard virus warnings. Errors will at best result in loss of time; at worst they will result in damage to data and programs.
- Ease of use describes the typical user's ability to install and execute the tool and interpret the results. Ease of use is concerned with matching the background and abilities of the system's user to the appropriate software. This is also important since computer users vary greatly in technical skills and ability.
- Administrative overhead is the measure of technical support and distribution effort required. It can be very important as well. Distribution of updates can be a time-consuming task in a large organization. Certain tools require maintenance by the technical support staff rather than the end-user. End-users will require assistance to interpret results from some tools; this can place a large burden on an organization's support staff. It is important to choose tools that your organization has the resources to support; and
- System overhead describes the tool's impact on system performance. It is inconsequential from a strict security point of view. Accurate detection, identification or removal of the virus is the important point. However, most of these tools are intended for end-users. If a tool is slow or causes other applications to stop working, end-users will disable it. Thus, attention needs to be paid to the tool's ability to work quickly and to co-exist with other applications on the computer.
References[edit | edit source]
- NIST Special Publication 800-5, at §2.0.
Source[edit | edit source]
- Overview section: NIST Special Publication 800-5, at 3.0.
Community content is available under CC-BY-SA unless otherwise noted.