by March 1, 2000 0 comments

An anti-virus policy is something like a data backup strategy. You don’t take it seriously enough until something happens–such as critical data loss or a widespread virus epidemic. And then you scramble for cover.

The number and types of viruses is increasing rapidly. Not only that, they’re discovering new methods to sneak into networks. For instance, some viruses mail themselves to you from known contacts, without the contacts themselves knowing about it. A single virus could bring your entire company to a standstill, causing loss of time, data, and money.

Take for example, the Zip Explorer virus. It spreads itself through e-mail attachments and destroys all data from Word and Excel files, so that before you know it, all your regular work is gone. Then there are viruses that could format your hard drive, or mess up its boot sector. 

To prevent viruses from entering your network, and to stop them from wreaking havoc if they do manage to get in, network managers must devise a suitable virus control policy. 

But before we get to that, let’s take a closer look at how they spread.

Modes of attack
Before networking came in, the prime mode of virus spread was floppy disks. Users would bring in virus-infected files on floppies, which would get transferred to the PC. Subsequently, any user taking that file from the PC would also take the virus along. The virus would also replicate itself onto the PC’s hard drive. This mode of virus spread was slow, and not widespread.

With networking, it became easier for viruses to spread within organizations. They could reside on the file server and spread whenever a user accessed infected files. This mode of virus spread was still slow and restricted. At most, a virus could spread to other PCs on the network and be carried away on floppies from there. 

Today, e-mail is the most widely used medium of virus spread. You get an e-mail with an attachment from an unknown person. You open the attachment and there’s a virus epidemic in your company before you realize it. Some viruses are even smarter. They use an e-mail address book to send out copies of themselves. So, as the innocent recipient, you’d think that the mail was from a known source, open it, and get the full treatment. 

The bottom line–double check before opening attachments, from whatever source. Were you expecting such an attachment in the first place? It may be wiser all around if you had a system which could automatically scan all incoming mail for a viral payload.

Then there are viruses that spread through the Web browser. Earlier, viruses would enter a PC through programs downloaded from Websites. But now, viruses can also come in as Java and ActiveX components. These pose the greatest threat because they can spread very easily, and wreak havoc.

One way to control this is by not allowing ActiveX content from an unknown Website to run on your PC.

The latest versions of most browsers have security settings to prevent unauthorized ActiveX content from getting downloaded. 

Policy time
Now that you’ve seen that a virus can enter through unknown openings in your network, isn’t it time to do something about it, across the organization? Whatever action you decide to take will be your anti-virus policy. Creating an organizational anti-virus policy isn’t about choosing an anti-virus package alone. It’s about having a strong set of processes to prevent a virus from entering your network in the first place.

And if it does manage to enter the network, you need policies to minimize its impact, and get back to normal as fast as possible. You also have to take into account employee awareness issues, anti-virus implementation procedures, virus incident management, and the like. 

Let’s look at each of these separately.
Choosing an anti-virus package Corporate virus protection packages today go way beyond something that comes on a single floppy and can be installed on a desktop. Today, anti-virus software companies are coming out with packages based on organization size—so you have workgroup editions, enterprise editions, and corporate editions that cater to all sizes of organizations. The difference is mostly in the management features, and of course in the price you pay. Most of these include separate packages for clients and servers. The server version would have a management console that gives you some centralized control. By using the console, you can for example, set up alarms that would broadcast virus detection across the network. They can also download the latest updates, inform all the nodes about it, and make them available for retrieval at a central location. The clients have also become smarter. They can for example, alert the server of an infection, and the server can in turn quarantine an infected PC so that the rest of the network isn’t affected. 

Level of protection Assess and define the level of protection you need before choosing an anti-virus solution. Suppose you have your own messaging server for your e-mail. You might want virus protection on that end. Some anti-virus solutions have agents that can reside on Lotus Notes and Microsoft Exchange based messaging servers. They check all incoming and outgoing mail for viruses, and if a virus gets detected, they send an alert on the network and remove the virus before it can even reach the desktop. Some anti-virus packages offer these as optional components.

If you have Internet gateways, you may require an anti-virus package that can run on the gateway itself and scan everything that passes through.
User awareness Some basic awareness must be imparted to all employees about the do’s and don’ts in case of a virus attack. For example, if a user’s PC gets infected with a virus, then the policy could be that specific IS staff be immediately informed. All PCs on the network must be kept updated with the latest anti-virus updates. For this, a copy of the latest updates must be made accessible to everyone and all users must know its location. For instance, you could keep it on the company intranet, available for download through a Web browser or FTP.

Speaking of intranets, these can be handy for a lot of other things as well. Information about the latest viruses, the damage they can do, which type of files they infect, how to detect and cure them, etc, could also be made publicly available. 

Incident management It’s quite impossible for your organization to be lucky enough to never face a serious virus attack. If that happens, how will it be handled? This is where incident management policies come in. How fast do you react to a virus attack? How fast can you identify, isolate and cure the infected systems? How do you isolate the entry point, and what do you do to it? There are many fronts on which you need to be prepared. 

Last word
That prevention is better than cure is a universal statement. Virus attacks are no exception. Guarding all possible virus entry points is extremely essential. Keeping track of the latest developments in both viruses and anti-viruses is equally important. Finally, how well you can manage the anti-virus solution you’re using is critical. Because, that’s your final protection against critical and crippling data loss.

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.