details of a virus
Along with solid desktop protection, the basis of any sound anti-virus strategy is user education. Many IT professionals scoff at the idea, insisting that users are “too stupid” or “don’t care”. Nothing could be further from the truth. The “problem” with users is that they are not computer professionals. Their focus lies elsewhere. They have a job to do, and their computer is just one of the tools they use to get their job done. When an IT professional starts droning on about protocols and gateways and updates, most users become bored quickly because they don’t understand the terminology. It’s the job of a good IT department to communicate computer issues to their customers in terms the customer can understand.
It is not important that the end-user know the details of a virus. They only need to know what they need to do to protect themselves. Automating virus installations and updates as well as software patches eliminates a great deal of end-user confusion. (Am I up to date? What do I need to do to stay up to date? How do I update? Etc., etc.) Instructions to end-users should be given in general terms; what to do when a strange attachment arrives, how to recognize potentially “bad” programs, what actions to avoid when connected to the network, how to work cooperatively with the protections that are in place.
Fortify The Gateway
Once you have virus protection at the desktop in place, you need to analyze your network assets carefully to determine how best to build protection at the gateway. E-mail is very important because it’s the present method of choice for distributing viruses. However, other methods of distribution may predominate in the future. Just as the floppy disk gave way to the e-mail client, the e-mail client may give way to the web browser or the instant messenger or the cell phone.
When you think about how traffic flows in and out of a network, some obvious “choke points” appear. One area is the Internet connection itself. A network intrusion detection device may be put to good use in this area, as may a firewall. Many modern firewalls and IDS systems have the ability to detect certain types of virus attacks such as Code Red and Nimda, alert network support personnel and immediately drop the connection. Some “intelligent” routing and switching equipment comes with the ability to foil certain types of attacks. Cisco’s “NBAR” (network based application recognition) is an example of this.
In some cases, based on business goals, it may be possible to block certain ports, preventing some types of attacks from being successful. This can be particularly helpful with viruses like Badtrans that plant trojans on computers and send passwords and even keystrokes to an attacker’s web site. The range of trojans that are easily available on the Internet is so great that some businesses may want to consider adopting a policy of “white listing” ports. Rather than trying to keep up with the list of ports that are known to be used by malicious programs, white listing takes the approach of closing all ports at the gateway and only opening ports that are known to be needed by the business. Cognizant of this approach, virus writers have begun concentrating their attacks on ports which cannot be closed, such as HTTP, e-mail, FTP, etc.
Protect Critical Services
Once the gateway has been protected, focus on critical services. Since the bulk of viruses attack through e-mail and the web right now, those two services should get special attention. There are a large number of products available today that provide content filtering. It’s even possible to create “home-grown” solutions by using the existing capabilities of the daemons that provide service. More and more e-mail servers have content filtering capabilities built in. It’s possible to block e-mail, for example, that has an attachment with an extension that is on the “forbidden” list. This technique is essentially the first line of defense for Messagelabs, the popular e-mail-filtering provider.
There are also products that are designed to scan for viruses in e-mail, web and ftp traffic. Although they suffer from the same weakness that all anti-virus software has, the need to be constantly updated, they can provide an effective adjunct to the other measures already discussed.
In summary, to fight the virus battle, enterprises must take a holistic approach to virus protection. Every aspect of the enterprise should be examined for ways to lessen the impact of viruses so that the organization can fight off viruses in a coordinated fashion. Once effective measures are in place, the IT staff should keep a vigilant watch for new attack methodologies and devise strategies to deal with them. By doing this, the enterprise can remain relatively virus-free, and the end-users, the customers of IT, can concentrate on the success of the business.
Paul Schmehl is a Technical Support Services Manager with over 25 years experience. He is currently employed in IT management in higher education, in enterprise-wide technical support, help desk management and anti-virus protection. Involved in many new technology projects, web site development and security-related issues. Paul is also a founding member of AVIEN.
Proofpoint Virus Protection:
Anti-Virus and Zero-Hour Anti-Virus Technology
Proofpoint Virus Protection™ and Proofpoint Zero-Hour Anti-Virus™ technologies, included in the Proofpoint Enterprise Protection email security suite, provide complete protection against email-borne viruses, worms, trojans and other malware. By including both signature-based and zero-hour virus detection capabilities, powered by the world’s leading anti-virus engines—combined with robust policy management features—Proofpoint Enterprise protects your organization against both known and emerging malware threats.
* Comprehensive protection against all types of viruses, worms and other malware, powered by leading anti-virus engines. Both inbound and outbound email streams can be scanned for malware.
* When deployed as SaaS, 100% anti-virus accuracy is guaranteed by service level agreement.
* Continuous virus-protection updates ensure your organization is always protected.
* Integrated, centralized anti-virus policy administration and reporting.
Many computers are vulnerable to various types of harmful software such as viruses, Trojans, and worms — collectively called malware. Having virus protection on a system is important to help protect data. As with most things, the best virus protection is prevention; an anti-malware program that will stop malware before it can get on your system. Possibly the most well known type of virus protection is an anti-virus software. However, it is also important to have an anti-spyware and a firewall installed and active on the system.
When looking for virus protection, consider first an anti-virus program. The important options for an anti-virus program are real time or on-access scanning, the ability to schedule a scan on a regular basis, and automatic e-mail scanning. It is also important to find an anti-virus that is easy to use and install, that is effective in both detecting and cleaning viruses, that will give you easy to understand notices of found viruses and what the program has done with it, and has good customer support. It is also necessary for the updating process to be easy so that the user can keep the software regularly updated. The scanning process should also be fast so the user does not get tempted to pause or stop the scan.
Firewalls are also important in keeping malicious objects off a computer. A firewall is a program that examines all messages going to and from the system and blocks those that do not meet certain criteria. This can stop malware from getting on to the system. A firewall does not, however, detect malware that has made its way onto the computer so regular anti-virus scanning is a must. Most computers will come with a firewall installed, but it is up to the user to make sure it is up and running.
Some users may find themselves being bombarded by pop-ups that are designed to sell them something. These pop-ups are types of spyware. Spyware can also steal personal information and change the computer’s configuration without the user’s knowledge. The solution to this is an anti-spyware program. A good anti-spyware will not only detect and remove spyware from the system but will also keep spyware off the system in the first place.
Those looking to protect their computers from viruses may find themselves tricked into buying fake virus protection. Such programs, called rogue anti-viruses, can be programmed to look just like legitimate anti-virus software. They often pop up when a user is on the internet and claim that the system is infected when, in fact, it may not be. If the user downloads the rogue software, it can cause problems on the system, including tricking the user into buying fake software, stealing information, corrupting files, disabling real computer and anti-virus updates, and stopping the user from visiting a real anti-virus website. Proper virus protection, coupled with knowledge of how these rogue anti-viruses work, will prevent users from succumbing to these attacks.
