How should scanners be evaluated?
Scanning software should be able to identify the largest possible number of viral programs, and should be able to identify variations on the more important sections of code (that is, it should be able to “accept” the removal of text strings and other simple modifications that bush-league hackers might make.) Note, however, the proviso that it is more important to identify some viral programs than others. For ease and speed of updating, the signatures should be stored in a separate file, and there should be a means to add new viral signatures to the file. For security, both scanning software programs and signature files should be renameable. Areas scanned should include not only the identifiable program files, but all files, if necessary. (This has become much more important recently with the advent of successful Windows viral programs coincident with the Windows “embedding” function, and also “macro” viruses.) Scanners should have the ability to search the more common archiving formats
