by December 4, 2001 0 comments

Remember the story of how an ant brought a mighty elephant down on its knees? Similarly, a computer virus, a few KBs in size, can destroy even terabytes of data and bring the biggest organization to a halt. So it’s essential to have an effective anti-virus policy in place.

The size of your organization will decide your anti-virus policy. For a company with less than 10 users, personal anti-virus applications are fine. What is important is that each user updates his virus signatures frequently (once a week), and immediately after the outbreak of a major attack. To save time and bandwidth, one user can download the updates on the network, and others can take it from there.

For larger organizations this is not practical; enterprise anti-virus solutions are better. This has two components, the server part and the clients. The first is installed on one machine, and the second on individual machines on the network. The server can automatically download the updates, and distribute them to all clients, saving bandwidth and time. This is also a way to ensure that all machines on your network have updated anti-virus programs. The server can also perform scans on clients anywhere on your network.

Protecting e-mail

You’ll win half the battle against viruses if you effectively clean e-mail containing viruses. Smaller organizations don’t usually have their own e-mail servers, and rely on their ISP or other free mail services on the Web, which do virus scanning. It is still a good idea to scan the mail you receive. Most anti-viruses do this by routing mail through their anti-virus servers. Some also create a layer between the mail server and your client, so your mail is scanned before you get it.

One or many?

It is bad policy to have more than one anti-virus installed on any one machine, for the simple reason that one’s virus signature files could trip the other one. Having more than one anti-virus package installed and running across an organization could lead to many such false alarms. So, it is advisable to have only one enterprise-wide anti-virus program on all machines. But that does not mean that you should not have a licensed copy of a competing brand available as backup, just in case

For organizations with their own e-mail server, it’s essential to install the e-mail component of your anti-virus on the mail server. This scans e-mail of all users before they get them, and if a virus is found it informs the sender/recipient or the administrator. It also checks all outgoing mail. You should also consider having an anti-virus on your Internet gateway.

Real-time, heuristic scans you need to look for real-time protection in your anti-virus solution. This means that your anti-virus will always run in the background and check all files that enter your computer from sources like LAN, Web downloads, or even Java and ActiveX components from Web pages. This is more important for file servers as they hold the data of the entire organization. Also look for heuristic scanning, which lets you detect potential viruses that have not been identified. Though many anti-virus software let you turn these two features off, our advice is: Don’t!

Just in case…

But if a virus does creep in, isolate the machine by removing it from the network. If your anti-virus is unable to remove the virus then check the Web for a patch or procedure to remove it.

The key to controlling an outbreak is early detection. So make sure your anti-virus’ alerting features–paging a specific number, flashing messages on all systems with the name of the infected machine, and firing e-mail to the administrator–are used, so that the administrator can take corrective action before its too late.

Sachin Makhija

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.