How should change-detection software be evaluated?
There are numerous implementations of change-detection software. Some versions of this software run only at boot time; others check each program as it is run. Some of these programs attach a small piece of code to the programs they are protecting, and this may cause programs which have their own change-detection features, or nonstandard internal structures, to fail. Some programs only protect system software; others only protect program files. Some change detectors keep the signature file in the root directory; some in the “local” directories. Some allow you the option of keeping the file on a diskette offline and out of the reach of viral programs that might try to damage it. A major factor in judging change-detection systems is installation and operation time. Since the system will be calculating signatures of all (or all selected) programs on your system (sometimes with very sophisticated algorithms), it may take some time to install, and to update each time you make a change to you
Related Questions
- If the software process of our company or agency is evaluated using the SCAMPI method, is it possible to compare the results with those obtained by the rest of the industry?
- Why should I use Download Director for Common Criteria evaluated Software downloads?
- How should change-detection software be evaluated?
