Network Security: Anti-Virus Do's and Don'ts

Viruses cost businesses money, and the threat is not going to go away any time soon. The interoperability between applications only makes it easier for virus writers to release viruses that can spread quickly and quietly without the user's knowledge.

Understanding anti-virus software

Anti-virus programs (also known as AV scanners) are often misconfigured and out-of-date and do little or nothing to protect the systems on which they're installed.

All AV scanners, including products like Norton and McAfee, work with a database that contains information about viruses; this information is called the virus fingerprint or signature. The database needs to be updated frequently so that it contains the most up-to-date virus information. Did you know that anti-virus vendors generally offer updates well ahead of a mass infection? That's because viruses are often detected and reported several weeks to months before end-users are aware of them. However, because people do not keep their scanners updated, a virus can quickly reach epidemic proportions. Then there is the inevitable mass scramble to get to the vendors' Web sites to download the updated files, which sometimes overwhelms the Web sites and further delays updates.

Of course, some virus epidemics have been due to the fact that the virus exhibited completely new code and behaviors that the scanners did not have in their database. The database is based upon existing viruses and behaviors previously seen. This is a significant weakness of AV products that vendors try to overcome with the use of hueristics — a method of anticipating and examining behaviors.

Following are some basic anti-virus rules to follow:-

·         Do have a written anti-virus policy that details the responsibilities of management and staff, how anti-virus is to be maintained, and specific instructions on what to do in an emergency.

·         Do make sure that anti-virus software is installed on every machine, even if the machine is not capable of running e-mail. Viruses can sit undetected in files on any machine.

·         Do update anti-virus signature files and scanning engines regularly. A weekly update is good, although daily is better. If your company has a central anti-virus server, it can install updates on other machines on the network. However, a computer must be turned on for this to work. If a machine was not turned on at the time of the update, it will have to be updated manually.

·         Do run the anti-virus program in full-time, background, automatic, auto-protect, or similar mode.

·         Do enable scans of the memory, master and boot records, and system files upon start up of every machine. It doesn't take long for an anti-virus program to complete these scans and it's just plain silly not to enable these features.

·         Do configure the anti-virus program to scan all files — not just executable programs. Viruses come in all sorts of files and just scanning executables is not enough.

·         Do enable the anti-virus heuristic controls (if they are available). A heuristic scan takes longer, but not so much longer that it makes much difference to users.

·         Don't allow Windows Scripting Host (WSH) to run on machines that don't need it. Although some Windows programs need WSH to run, most machines can have this removed without harm. WSH controls the Visual Basic Language and many viruses have been written with it. By removing WSH, the virus can't operate.

·         Do enable Macro Virus Protection in all your Microsoft Office programs.

·         Do disable the Preview Pane view in Outlook and Outlook Express. Some viruses can be launched by simply previewing them, even if the message is never opened. Disabling this feature saves you a lot of grief.

·         Do not enable JavaScript for e-mail. Although there are no JavaScript viruses, it's only a matter of time before they appear, too. There are other vulnerabilities in JavaScript other than viruses, so it's a good idea to disable this feature in any case.

·         Don't allow your e-mail programs to "auto open" attachments.

·         Don't open attachments from people you don't know or attachments that seem suspicious.

·         Do configure your e-mail programs to display messages in plain text only if HTML formatted e-mail isn't necessary. This is especially true for Web-based e-mail as there have been a number of vulnerabilities found in using HTML-enabled e-mail.

·         Do educate all your users on the dangers of e-mail attachments and viruses in general. Also educate users about virus hoaxes and how to tell the difference between real and imagined threats.

·         Do use the security features that come with the product. This includes preventing general users from being able to make changes in the program. Some users try to turn off the virus detection and you don't want them to be able to do that.

·         Do educate your users about the anti-virus program you are using and how it works. This helps eliminate confusion, and staff will be less likely to try to disable the anti-virus program on their desktop machines.