Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Should an organization\'s anti-virus policy specify that anti-virus applications

ID: 3568855 • Letter: S

Question

Should an organization's anti-virus policy specify that anti-virus applications will be configured to quarantine infected files instead of deleting them automatically? Why or why not?

In your response, address the potential impacts of false-positives (incorrect identification of malware where none exists) and the potential risks of leaving malware infected files on the computer system where they were detected.

Provide at least one example of potential harm (from quarantine or automatic deletion) as part of your answer.

Explanation / Answer

Antivirus is essential tool that most people need to protect their Windows operating system from Viruses, Trojans, and other bad stuff.

Unfortunately, most Antivirus companies goes too far with their Virus/Trojan protection, and in many times they classify completely legit software as Virus/Trojan infection.

One good example is my own password recovery tools.

Most people need these tools to recover their own lost password. These password tools, like many other utilities out there, can also be used by hackers for bad purposes.

The attitude of many Antivirus companies is very tough in this subject -If it's a tool that can be used by bad guys, it's classified as Trojan or Virus, even when most users need it and use it for good purposes.

Antivirus companies don't care that they block their own customers that want to recover their own passwords, and they don't care that they may cause their customer to think that I'm a Virus distributer.

I must say that some Antivirus companies are a little more gentle, and classify these tools as "Security Threat" or "Riskware" which is much better than classifying them as Virus or Trojan, but they still prevent the user from running them - by deleting them or by putting them in quarantine.

Also, many users don't know what is difference between Virus and Riskware, and when they get these "Riskware" alerts, they still think that my tools are infected with a Virus named "Riskware".

My password-recovery utilities are not the only victims of the "over protection" made by Antivirus software. Some other tools, like ProduKey, RegScanner, WebVideoCap, NirCmd, and others that don't recover any password, are still constantly targeted by Antivirus companies, without any known reason.

Other developers also have "False Positive" problems.

Other small developers also constantly experience false alerts made by Antivirus software, here some examples:

Related Questions

Should a t-dist, or a z-dist be used? The problem clearly states that the standa
Question #1179427
Should a user be able to unlock his own account after being locked out? Typicall
Question #659251
Should accounting include more than monetary units? Throughout your textbook add
Question #2511590
Should all professors be paid the same? he following graphs show the supply of a
Question #1131680
Should an observer conceal (covert) or disclose the fact (overt) that observatio
Question #3487924
Should any overhead cost be added to Job W at year-end? If so, how much? Explain
Question #2611280
Should be a fairly simple question, 5 stars to the most elaborate answer. Figure
Question #3533898
Should be answered by building an n=10-period binomial model for the short-rate,
Question #2744850

Navigate

Previous
Should an observer conceal (covert) or disclose the fact (overt) that observatio
Next
Should any overhead cost be added to Job W at year-end? If so, how much? Explain