Requirements for an anti-virus protection system
Employing an anti-virus as the sole means of PC protection is a common error. An anti-virus removes harmful files, but it can only eliminate virus threats known to its database or threats that can be detected with a heuristic analyser. The anti-virus won't be able to detect or remove an unknown threat until it receives a corresponding update for its database.
A present-day anti-virus solution is quite different from yesterday's file anti-virus.
To prevent infection with an unknown threat, an anti-virus should be equipped with additional features to expose and eliminate malware:
- Self-defence system which does not allow malware unknown at the time of intrusion to disrupt operation of the anti-virus.
- Collection of information about new threats to quickly forward materials to the anti-virus laboratory for analysis and a prompt release of an update.
- Updating system
- Controlled by the self-defence component, such a system should not use services provided by the operating system since the latter may be compromised.
- It enables instant delivery of updates to cure active infections upon a corresponding command from the Control Center.
- Active infections curing for PCs and servers to eliminate previously unknown threats.
- Restrict access to resources available on the local network and to removable media to prevent infection through flash drives and other removable devices.
Common mistakes when establishing anti-virus protection
- Unrestricted use of removable data storage devices paths way to infection via flash drives.
- Employees' personal devices and home computers, from which they often access the corporate network are left unprotected and often become sources of malicious files and serve as a springboard for hackers to penetrate the local network and bypass all of perimeter protection.
- Unrestricted access to the Internet from computers inside the corporate network enables latest viruses to freely enter the network and greatly simplifies the task of criminals seeking to take control of the company's online banking system.
- No anti-virus protection for email servers and gateways in the local area network, which allows malware, unknown to the anti-virus at the moment of intrusion, to penetrate into the local network and freely proliferate over the corporate environment and get into employees' mailboxes.
- Without means of centralized control employees can locally change settings and even disable certain anti-virus components, discard updates and regular system scans.