Integrity products record information about your system for later comparison in order to detect changes. Just detecting changes is not enough, however; the detection must have some “intelligence” behind it to avoid confusion.
So, why isn’t everyone using an integrity checker? In fact, many anti-virus products now incorporate integrity checking techniques. One problem with many products is that they don’t use these techniques in a comprehensive way. There are still too many things not being checked.
Some older integrity checkers were simply too slow or hard to use to be truly effective. A disadvantage of a bare-bones integrity checker is that it can’t differentiate file corruption caused by a bug from corruption caused by a virus. Advanced integrity checkers that incorporate the capability to analyze the nature of the changes and recognize changes caused by a virus have become available. Some integrity checkers now use other anti-virus techniques along with integrity checking to improve their intelligence and ease of use.
If you choose an integrity checker, be sure it has all these features:
- It’s easy to use with clear, unambiguous reports and built-in help.
- It hides complexity, so that complicated details of system file or system sector changes are only presented if they contain information the user must act upon.
- The product recognizes the various files on the PC so it can alert the user with special warnings if vital files have changed.
- It’s fast. An integrity checker is of no use if it’s too slow.
- It recognizes known viruses, so the user doesn’t have to do all the work to determine if a change is due to a software conflict, or if it’s due to a virus. This also helps protect the integrity checker against attacks by viruses directed at it.
- It’s important that the integrity computation be more sophisticated than a mere checksum. Two sectors may get reversed in a file or other damage may occur that otherwise rearranges data in a file. A simple checksum will not detect these changes. A cryptographic computation technique is best.
- It’s comprehensive. Some integrity checkers, in order to improve their speed, don’t read each file in its entirety. They read only portions of larger files. They just spot check. This is unacceptable; it’s important to know the file hasn’t changed, not just that some of the file hasn’t changed.
- It checks and restores both boot and partition sectors. Some programs check only files.
- For protection, it should have safety features built in (e.g., ability to define the signature information file name and store the information on a external media).
While using an integrity checker is an excellent way to monitor changes to your system, with today’s operating systems so many files change on a regular basis it’s imperative that you also use a good up-to-date scanner along with the integrity checker or for the integrity checker to have that capability built in.
Summary
- Integrity checking products read the disk and create signature information to determine changes.
- Coupled with virus identification, using integrity checking should be able to detect most any virus with the bonus of also detecting data corruption.
 Virus Protection |
|
 |
 |
| Scanning | Interception |
Comments from original:
pauline
Said this on 2011-08-25 At 12:24 pm
everytime i play kuma games it always freezes. please fix it.
[Please ask them. I have nothing to do with them. –DaBoss]
