IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Hardware & Software Remarks
____________________________________________________________________ .........................................
S 4.3 Periodic runs of a virus detection program
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Administrator, IT users
Different courses of action can be taken to afford protection against computer
viruses. Programs which scan IT systems for known viruses have proven to be
the most effective means of combating viruses. The advantage here is that
newly-procured software and data media can be checked before they are used
for the first time. Infection by known computer viruses can thus be prevented
in principle. Another advantage of virus scanning programs is that they
provide details on each virus detected. Known viruses have been analysed by
specialists, who have ascertained whether these viruses have any damaging
effects. Consequently, a good virus scanning program must not only be able to
detect a large number of viruses, but also identify them as precisely as
possible.
It must be noted that virus scanning programs become less and less effective
in the course of time, as they are only able to detect viruses known up to the
inception of the programs, and are usually not able to identify any viruses
created subsequently. For this reason, it is necessary to update virus scanning
programs on a regular basis, at least four times a year.
Virus scanning programs have various settings which, through
parameterisation, allow users to specify which files should be tested and how
thorough the test should be. It is the task of the IT security management to
determine the suitable settings and inform the users of them or pass them on as
pre-settings.
Like other programs, virus scanning programs can be invoked when required
(transient) or run in the background (resident). The operating mode of the
scanning program has a decisive influence on user acceptance and, thus, on
the actual degree of protection achieved.
In transient operation, the user must start the virus scanning program and
explicitly specify which data media are to be scanned. In this way, infections
can only be identified afterwards. In principle, virus protection is possible, but
its effectiveness depends on how careful the user is.
In the resident mode, the virus scanning program is loaded into the main
memory when the computer is started, and remains active there until the
computer is switched off again. It operates without requiring any intervention
by users, who can continue to perform the activities assigned to them, such as
writing texts. Of late, this operating mode has gained in importance as the use
of Windows programs has spread. In the case of Windows, the memory
management operates more efficiently than under MS-DOS, which was used
mainly in the past. Rapid technical developments, accompanied by an
expansion in the size of computer main memories have supported the trend
toward memory-resident programs. Under MS-DOS, memory-resident virus
scanning programs were often designed to have a lower performance than
transient programs, in order to save memory space. The most important
advantage of memory-resident operation is that the security measure (virus
scanning) is implemented regardless of user action, thus increasing the level of
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000