Integrity Checking

Integrity products record information about your system for later comparison in order to detect changes. Just detecting changes is not enough, however; the detection must have some “intelligence” behind it to avoid confusion.

Integrity checking products work by reading your entire disk and recording integrity data that acts as a signature for the files and system sectors. An integrity check program with built-in intelligence is the only solution that can handle all the threats to your data as well as viruses. Integrity checkers also provide the only reliable way to discover what damage a virus has done.

So, why isn’t everyone using an integrity checker? In fact, many anti-virus products now incorporate integrity checking techniques. One problem with many products is that they don’t use these techniques in a comprehensive way. There are still too many things not being checked.

Some older integrity checkers were simply too slow or hard to use to be truly effective. A disadvantage of a bare-bones integrity checker is that it can’t differentiate file corruption caused by a bug from corruption caused by a virus. Advanced integrity checkers that incorporate the capability to analyze the nature of the changes and recognize changes caused by a virus have become available. Some integrity checkers now use other anti-virus techniques along with integrity checking to improve their intelligence and ease of use.

If you choose an integrity checker, be sure it has all these features:

  • It’s easy to use with clear, unambiguous reports and built-in help.
  • It hides complexity, so that complicated details of system file or system sector changes are only presented if they contain information the user must act upon.
  • The product recognizes the various files on the PC so it can alert the user with special warnings if vital files have changed.
  • It’s fast. An integrity checker is of no use if it’s too slow.
  • It recognizes known viruses, so the user doesn’t have to do all the work to determine if a change is due to a software conflict, or if it’s due to a virus. This also helps protect the integrity checker against attacks by viruses directed at it.
  • It’s important that the integrity computation be more sophisticated than a mere checksum. Two sectors may get reversed in a file or other damage may occur that otherwise rearranges data in a file. A simple checksum will not detect these changes. A cryptographic computation technique is best.
  • It’s comprehensive. Some integrity checkers, in order to improve their speed, don’t read each file in its entirety. They read only portions of larger files. They just spot check. This is unacceptable; it’s important to know the file hasn’t changed, not just that some of the file hasn’t changed.
  • It checks and restores both boot and partition sectors. Some programs check only files.
  • For protection, it should have safety features built in (e.g., ability to define the signature information file name and store the information on a external media).

While using an integrity checker is an excellent way to monitor changes to your system, with today’s operating systems so many files change on a regular basis it’s imperative that you also use a good up-to-date scanner along with the integrity checker or for the integrity checker to have that capability built in.

Summary

  • Integrity checking products read the disk and create signature information to determine changes.
  • Coupled with virus identification, using integrity checking should be able to detect most any virus with the bonus of also detecting data corruption.
Up Arrow Virus Protection Up Arrow
Prior Page Next Page
Scanning Interception

Comments from original:

pauline
Said this on 2011-08-25 At 12:24 pm
everytime i play kuma games it always freezes. please fix it.

[Please ask them. I have nothing to do with them. --DaBoss]