Information Technology Consulting & Solutions

Home
Up
About Us
Our Clients
FAQ
Knowledge Base
Recent News
Links
Mailing List
Contact Us
Client Access

Tip #5

How Do You Prevent Computer Viruses?

Oh what a waste of talent! The poor, misguided hooligans who write computer viruses need to get real jobs! Nevertheless, they are out there and YOU are their next target. Luckily it’s not that hard to thwart their nefarious efforts. Here are a few tips on how you can avoid what can be a costly adventure of virus cleanup and potential loss of critical data.

First, we have to understand exactly what a computer virus is. Computer viruses behave in essentially the same way a "real" virus does. When you catch a virus, it hijacks cells in your body to replicate itself and spread to another body. Computer viruses do exactly the same thing. They hijack cells, files, in your computer network to spread. So, simply put, a computer virus is an executable piece of computer code that in some manner causes a computer to first replicate the virus and second, to behave inappropriately, i.e., your computer gets the sniffles and infects others just like you do.

There are a wide variety of viruses out there and more are being introduced every day. Most are amateurish pranks that are easily detected and prevented. The infamous Love Bug virus is a good example of this. This was a ridiculously simple virus that was easily caught and eradicated. Still, it made the national news, shut down quite a few email servers and caused considerable loss of data at, by some estimates, a cost of over 2 billion dollars. So even these simple viruses should not be taken lightly.

Others are much more dangerous and harder to find. These are sophisticated programs that know how to hide and can change as they are spread. Those that know how to hide are known as Trojan viruses. Trojan viruses are not detectable until they have actually done damage. They hide out in some corner of a file that is not normally scanned for viruses and then lash out and damage another file. The damage done to the other file is detectable but the original file is still infected and not detected. Thus, it can once again do damage even after the damaged files are replaced or repaired.

Those that can change are known as polymorphic viruses. Polymorphic viruses have the ability to mutate as they spread. One mutation may be detectable by anti-virus software but the next mutation may not. A real world example? Influenza. The influenza virus mutates constantly which is why you need to get a flu shot every year. The same is true of computers that may be exposed to polymorphic viruses.

So how do you stop them? The same way you stop a real virus. The key to preventing being infected is to avoid being exposed. That means Mom was right, you need to wash your hands and cover your mouth when you cough. With a little discipline, there are some easy ways to do this. Think of your network as a variety of access points that can potentially allow entry of a virus. These access points are, diskette and zip disk drives, CD ROM drives (Yes!  Contrary to popular belief, CDs can be infected with a virus!), tape drives, Internet access points (modems, routers, etc.) and laptop computers that are attached to other networks or the Internet and reattached to yours. Any one of these can act as a carrier for a virus.

To prevent this, each access point must be guarded. The way to do this is with a reputable and up to date anti-virus software. The two most popular anti-virus softwares are Network Associates’ McAfee Virucide and Symantec’s Norton Anti-Virus. Both do an excellent job with a little help from you.

What help? Obviously the first thing is to acquire the anti-virus software, but before you do, there are some decisions to make. You need to decide who in your organization is going to be responsible for preventing viruses. This can be each user’s responsibility or you can control this at the enterprise level. That is, there are versions of anti-virus software that are designed to protect one computer and others that are designed to protect the entire network from the server.

If you have a medium to large network with one or more servers, the server based enterprise protection is most likely the best way to go. This solution is a bit more expensive and complex to setup but makes the anti-virus protection more or less automatic. This strategy places the responsibility of virus protection on the server. All computers that login to the network automatically have the anti-virus protection installed and updated periodically from the server.

For smaller and peer to peer networks or stand alone computers, workstation protection is the way to go. In this case, each computer has it’s own copy of anti-virus protection installed. Each computer is then responsible for keeping itself up to date.

Okay. We’ve installed the anti-virus software so now we’re safe, right? Not quite. Since new viruses are being introduced every day, new virus definitions must also be installed. A virus definition is a description of the virus that allows the anti-virus software to detect that particular virus and prevent it from doing damage. If your virus definitions are out of date, you’re not protected.

If we install an enterprise version of anti-virus protection, we will set this up to automatically download and install new definitions on a periodic basis. This keeps the server and the workstation up to date with the latest definitions with no action required by your users. If you go with workstation level protection, then you must make sure each workstation is updated periodically. Either way, some form of Internet access is required for the download of the new virus definitions.

Okay. We regularly install new virus definitions so now we’re safe, right? Not quite. Remember those Trojan viruses? Most can be detected if the file that is actually infected is scanned. So, you need to periodically scan all files on all computers for viruses. Again, with an enterprise version of anti-virus software, this can be done automatically. With workstation based software this must be done at each workstation.

Okay. We periodically scan our computers for viruses so now we’re safe, right? Not quite. Since new viruses are introduced all the time, there’s a certain amount of lag time between the introduction of the virus and the release of the definition that eradicates it. So it’s still possible to be infected by a virus that is not detectable by your anti-virus software. This can usually be prevented with a bit of discipline. If you do not already have them, you need a set of policies that control what is allowable with your network’s computers.

User’s love to personalize their work environment. If you look at a typical user’s work area you’ll find knick-knacks and photographs and such that bear this out. Unfortunately, they like to do this with their computers too. One very popular way of introducing viruses is to provide cute screen savers or animated cursor programs over the Internet. Users like them, so they install them. Then, the next time the screen saver is fired it infects your network. Your policies should prevent this from being done. Any program downloaded from the Internet potentially contains viruses.

Okay. We have and enforce policies that prevent users from downloading programs from the Internet so now we’re safe, right? Not quite. Email has become the most popular way of spreading viruses. This is how the Love Bug virus was spread. This is usually done through file attachments and macros. To prevent this from being a problem, you must configure your anti-virus software to automatically scan email as it is received and before a user opens an attachment, it should be scanned for viruses as well.

Okay. We scan our email so now we’re safe, right? Not quite. While infection is now very unlikely, the bottom line is that you’re never 100% safe. Even if you follow all of these procedures, it is still possible to be infected by a computer virus. Now the key is one of detection, containment and recovery. You need to have disaster recovery procedures in place and ready to activate in the event of infection by a rouge virus or any other disaster. If you do, you’ll find that you’ll suffer minimal downtime costs and eliminate the risk of major loss of data.

The bottom line? Viruses are out there and they’re gunning for you. This is not something to be taken lightly. You must be proactive in your preventative measures and those measures must be comprehensive. One access point left open or one system with out of date virus definitions drastically increases your chances for contracting a dangerous virus. Want to make sure you’re doing everything you need to do to prevent this? Your answer is simple! Call us at 405.495.9900 or email us at support@datasystemsokc.com! We’ll be glad to help.

[Return]