AV Product Use Guidelines

27 February 2013 by

First, understand how your anti-virus product works. Then, start with a known-clean computer and follow specific steps to assure good virus detection/protection. Do research on specific products before purchase.

Most modern anti-virus products use a combination of techniques. However, they still get almost all of their protection from their scanner component. It’s vital to understand exactly how your product works so that you understand what type of protection you really have (you might want to review the comments about scanning, interception, and integrity checking on other tutorial pages). Here are some rules that will help you make sure that you get maximum protection out of whatever product you have:

  • First, you should check your computer’s setup information to make certain that the boot sequence starts with the floppy drive. If you don’t, and it starts with the hard drive then any boot sector virus on your computer will gain control before you run the anti-virus program(s). To get to the BIOS setup you will typically have to press a key or keystroke combination during the time the BIOS is checking the computer’s memory. Once in setup you can check the boot sequence (one of the techniques used to protect against boot sector viruses on floppy disks is to set the boot sequence to check the hard drive first–but if this is set then you won’t be able to boot from a clean floppy as indicated below; thus, this check).
  • Be sure to cold boot your PC from a write-protected diskette before virus checking, particularly if you suspect you have a virus. Most anti-virus products make this recommendation, but this rarely gets done because the recommendation is often buried in some obscure location in the documentation. If your PC’s memory is infected with a virus that your scanner does not recognize, you could infect all the programs on your disk if you do not boot from a clean disk. Don’t take this chance; boot from a write-protected diskette before you scan. (In some cases, the AV product might come with a bootable CD-ROM instead. If so, then set the BIOS default to boot from the CD and use that disc.)
  • If you are using a product which depends mostly on its scanner component, make sure that you always have the latest version. Scanners are frequently updated (one AV program vendor says they update files on the Internet hourly if needed).
  • Before you execute or install any new software, check it first (yes, commercial software has come from the factory infected). If it comes with an install program, check again after you install the software; an install program will frequently change or decompress executable programs. After you first execute brand new software do an additional check of your system to make sure everything is as it should be.
  • If your product contains a scanner component, check all diskettes and external media brought in from another location; even data diskettes! Inevitably someone will leave a data diskette in their A: drive, potentially spreading a boot sector virus if the diskette is infected (assuming you have not reset the boot sequence back to booting from the hard disk first).
  • If the anti-virus software has a component that installs under Windows in order to scan all files before they are opened by all means install that component. This is a valuable service that is well worth the small amount of slowdown and resource use you will experience.

What’s the best anti-virus product?

The simple answer is that there is no definite answer to the question! For one thing, a “good” anti-virus product integrates well with your particular system and system setup. If you are on a network with diskless workstations, for example, you might want to install the anti-virus software on the server. If you don’t regularly exchange or download files you might find a less intrusive anti-virus product more to your liking. And so on.

Relying on magazine articles is also not the best way to decide upon an anti-virus product. Valid testing requires special setups to make certain products are being tested against real viruses under conditions those viruses might be found (e.g., it would not be a particularly useful test to place boot sector viruses into zip archives and then testing an anti-virus product against that archive).

One measure of anti-virus software is ICSA approval. To obtain this approval a scanner must detect all viruses on the current version of the Wild List in addition to 90% of the full NCSA test suite. You can obtain more information about this at:

http://www.icsa.net/Web Link

If you want to try an anti-virus product, many producers have evaluation versions at their web site.

Summary

  • Understand your anti-virus product and what you can expect from it.
  • Check setup to be certain you are booting from the floppy disk and then cold boot from a known-clean, write-protected diskette.
  • Scan only with the latest version of any scanner.
  • Check all new software and all data diskettes before use and again after the installation.
  • Install any scan-on-use component your anti-virus product may have.
  • Do a bit of research and look for certification when you purchase anti-virus software.
Up Arrow Virus Protection Up Arrow
Prior Page Next Page
Interception File Extensions
Filed Under: VTutor