The SheepDip Project provides an improvement on conventional systems. Third-party antivirus protection is monitored in real time with another program, to make a more secure sheep-dip. Antivirus is only effective if it is up-to-date, properly configured, and running. These sheep-dips add an extra layer of security by checking antivirus and intervening if necessary. The following tests are made:
- The antivirus definitions must be up-to-date.
- A full scan of the machine must have taken place within the last 24 hours.
- Malicious software must not have been found since the last clear full scan.
- A fake virus is generated and the antivirus software's reaction to it is timed.
This testing enables the SheepDip project to provide a system which can be connected safely to an organisation's office network. Remote management and automatic updating then become possible:
- The system normally has a network connection, but has no access to removable media.
- When media are to be scanned the user must first start an antivirus test sequence.
- If all the tests are passed, then the network connection is deactivated.
- Only at this stage is access to removable media devices allowed.
- The third-party antivirus can be used to scan media as required.
- When the user logs off, removable media access is disabled and the test sequence is repeated.
- The system's network connection is only restored if all the tests are passed.
This approach avoids the usual problems with stand-alone sheep-dip computers which have to be updated manually.