Guarding against viruses, worms, and horses

August 11, 2010

Most of us have been hit in some way by the flood of viruses that have swept the computing community during the past few months. For the most part, these attacks result in little data being lost, but protection from viruses costs billions to the business community each year. More costly is the lost time in addressing the issue.

Firms today can no longer ignore viruses or casually go about their daily business assuming that they will not affect them. Strong proactive measures must be taken to protect businesses from infiltration by viruses, and a plan of action should be developed in the event a virus strikes.

There are different types of attacks, which behave in different ways and require some explanation.

The most common computer bug is a virus. From Webopedia.com, an online dictionary of computer terms, a virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can copy itself over and over again is relatively easy to produce. But even a simple virus is dangerous because it quickly uses all available memory, bringing the system to a halt. An even more dangerous type of virus is capable of transmitting itself across networks and bypassing security systems.

A worm, which is sometimes confused with a virus, is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs.

A Trojan horse is a destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves, but they can be equally destructive. One of the most insidious types of Trojan horse is a program that claims to rid a computer of viruses but instead introduces viruses into the computer. Regardless of the name or its function, you must protect your firm's computer systems from these attacks.

Bugs can come from a variety of sources, including an outside data source such as CDs, an Internet browser, or e-mail.

Data: Your first line of defense

Before you begin the process of adding virus software and other tools, your first line of defense must be data protection. This is the single most important defense, not only against virus threats, but also against all threats human or otherwise.

Backup systems must be working and tested on a daily basis regardless of the media or software used. In addition to the files located on central servers, this includes important files on individual workstations as well as files from e-mail systems. Many backup programs require additional modules to backup e-mail systems such as Microsoft Exchange. Backup tapes should be stored at a remote location.

IT staffs and consultants should have periodic drills to test the validity of their backups. In the worst case, hire an outside independent consultant to determine and certify the backups are being done correctly and that is data is retrievable. A set of instructions should be written and included in the operations manual and Intranet. Without data protection, virus removal tools cannot protect you in the event of actual data corruption from an attack. At that point, it's simply too late.

Protection against attacks has to be at an enterprise level, combining protection at all the components of the network. These include workstations, servers, e-mail systems, and even handheld pocket devices that interact with the network in any way. Many of the leading software vendors, such as Symantec and Network Associates, offer integrated solutions.

Once installed, scans should be scheduled on a regular basis. Definition files should be downloaded automatically and verified. Annual fees for update service should be paid to the virus software firms to continue the subscriptions when they run out.

For those offices running Microsoft Windows Networks, it is imperative that all the service packs and critical security patches be updated on a regular basis. Many of the recent attacks have taken place due to flaws in older versions of the Windows operating system. Keep workstations and servers up to date by checking manually or using the automatic updater that can be activated in the control panels. The best time to do this is when installing or upgrading a new workstation.

Firewalls make good neighbors

Firewalls are a major line of defense as they protect systems against attacks coming from Internet traffic. Every, I repeat, every network, even some two-person networks operating in someone's apartment, must have a firewall of some kind.

High-speed broadband connections have now made it an absolute must, as most Internet service providers offer no protection against attacks of any kind. For a single computer running Microsoft Windows XP, a firewall is included as part of the operating system. ZoneLabs.com also offers a free, as well as paid, firewall option for single computers.

At the low end for smaller networks, many of the router manufacturers, such as Linksys and Netgear, offer built-in firewalls in their products. In most cases they are simple to install. But keep in mind that it should be installed according to manufacturers instructions. In many cases it's not automatic. For larger networks, firms such as Checkpoint, Cisco, and Watchguard offer comprehensive solutions that do require an IT professional to install and manage. Your firm's requirements for security should determine the type and level of firewall system. Firewalls can be very expensive, so proper determination of features should be taken seriously or you will be paying for unnecessary elements. These systems also require regular updates to their software.

When a bug breaks through

If a virus breaks through to a server or workstation, first make sure you are backed up. Step two is to isolate the systems by unplugging from the network or turning off the network services. The next step is to determine the symptoms, such as system slowdown, error messages, or odd behavior. Then run the virus scanner to determine if it finds a virus or worm. You may want to run the scan in Windows Safe mode as it has a better chance of removing a suspect virus from a low-level version of the operating system.

If the virus is still in the system, determine through a search of the extensive knowledge bases of software vendors what the virus may be. In most cases, vendors have specific tools for removal and protection against future attacks from the same virus or worm. Follow the instructions carefully. In some cases you may need to resort to other tools to remove more serious attacks, such as ones that imbed in your Internet Explorer.

If all else fails, a complete reformat of the hard drive and reinstallation of Windows and Applications may be required.

Your entire staff should take simple preventive measures to limit your exposure to attacks. Mandate that Internet usage be for business-related activities only, delete all e-mail from strangers, and avoid opening e-mail attachments with suspect extensions, such as .pif or exe. Scan CDs before they are loaded on the system. At the end of each day, have staff turn off their computers to avoid possible overnight attacks. For staff operating remotely, make sure their PCs are fully protected prior to accessing the network.

         
 

Comments on: "Guarding against viruses, worms, and horses "