Viruses cost businesses money, and the threat is not going to go
away any time soon. The interoperability between applications only makes it
easier for virus writers to release viruses that can spread quickly and quietly
without the user's knowledge.
Understanding anti-virus software
Anti-virus programs (also known as AV scanners)
are often misconfigured and out-of-date and do little or nothing to protect the
systems on which they're installed.
All AV scanners, including products like Norton and McAfee, work
with a database that contains information about viruses; this information is
called the virus fingerprint or signature.
The database needs to be updated frequently so that it contains the most
up-to-date virus information. Did you know that anti-virus vendors generally
offer updates well ahead of a mass infection? That's because viruses are often
detected and reported several weeks to months before end-users are aware of
them. However, because people do not keep their scanners updated, a virus can
quickly reach epidemic proportions. Then there is the inevitable mass scramble
to get to the vendors' Web sites to download the updated files, which sometimes
overwhelms the Web sites and further delays updates.
Of course, some virus epidemics have been due to the fact that
the virus exhibited completely new code and behaviors that the scanners did not
have in their database. The database is based upon existing viruses and
behaviors previously seen. This is a significant weakness of AV products that
vendors try to overcome with the use of hueristics — a method of
anticipating and examining behaviors.
Following are some basic anti-virus rules to follow:-
·
Do have a written
anti-virus policy that details the responsibilities of management and staff,
how anti-virus is to be maintained, and specific instructions on what to do in
an emergency.
·
Do make sure that
anti-virus software is installed on every machine, even if the machine is not
capable of running e-mail. Viruses can sit undetected in files on any machine.
·
Do update anti-virus
signature files and scanning engines regularly. A weekly update is good,
although daily is better. If your company has a central anti-virus server, it
can install updates on other machines on the network. However, a computer must
be turned on for this to work. If a machine was not turned on at the time of
the update, it will have to be updated manually.
·
Do run the anti-virus
program in full-time, background, automatic, auto-protect, or similar mode.
·
Do enable scans of the
memory, master and boot records, and system files upon start up of every
machine. It doesn't take long for an anti-virus program to complete these scans
and it's just plain silly not to enable these features.
·
Do configure the anti-virus
program to scan all files — not just executable programs. Viruses
come in all sorts of files and just scanning executables is not enough.
·
Do enable the
anti-virus heuristic controls (if they are available). A heuristic scan takes
longer, but not so much longer that it makes much difference to users.
·
Don't allow Windows
Scripting Host (WSH) to run on machines that don't need it. Although some
Windows programs need WSH to run, most machines can have this removed without
harm. WSH controls the Visual Basic Language and many viruses have been written
with it. By removing WSH, the virus can't operate.
·
Do enable Macro Virus
Protection in all your Microsoft Office programs.
·
Do disable the Preview
Pane view in Outlook and Outlook Express. Some viruses can be launched by
simply previewing them, even if the message is never opened. Disabling this
feature saves you a lot of grief.
·
Do not enable
JavaScript for e-mail. Although there are no JavaScript viruses, it's only a
matter of time before they appear, too. There are other vulnerabilities in
JavaScript other than viruses, so it's a good idea to disable this feature in
any case.
·
Don't allow your
e-mail programs to "auto open" attachments.
·
Don't open attachments
from people you don't know or attachments that seem suspicious.
·
Do configure your
e-mail programs to display messages in plain text only if HTML formatted e-mail
isn't necessary. This is especially true for Web-based e-mail as there have
been a number of vulnerabilities found in using HTML-enabled e-mail.
·
Do educate all your
users on the dangers of e-mail attachments and viruses in general. Also educate
users about virus hoaxes and how to tell the difference between real and
imagined threats.
·
Do use the security
features that come with the product. This includes preventing general users
from being able to make changes in the program. Some users try to turn off the
virus detection and you don't want them to be able to do that.
·
Do educate your users
about the anti-virus program you are using and how it works. This helps
eliminate confusion, and staff will be less likely to try to disable the
anti-virus program on their desktop machines.
No comments:
Post a Comment