Next: Selecting an Access Control
Up: Selecting the Right Tool
Previous: Selecting a Scanner
General purpose monitors
are usually implemented in software;
however, hardware implementations do exist. Hardware versions may be more
difficult to circumvent, but they are not foolproof.
The following questions should be considered when selecting a general purpose
monitor:
- How flexible are the configuration files? Can different parts
of the monitor be disabled? Can the monitor be configured so that certain
executables can perform suspect actions? For example, a self-modifying executable
will still need to be able to modify itself.
- What types of suspect behavior are monitored? The more types of behavior
monitored, the better. A flexible configuration to select from the set of
features is desirable.
- Can the monitor be reconfigured to scan for additional virus techniques?
Are updates provided as new virus techniques are discovered?