'Melissa's' Message: Practice Protection
- By Paul Korzeniowski
- May 02, 1999
Municipal governments across the country probably winced when Portland, Ore.'s computers and countless other networks across the nation were jammed by the "Melissa" virus last month. It was a network nightmare that drives home the importance of updating your anti-virus software.
Civic networks certainly can be easy targets, vulnerable as they are to disgruntled employees or private citizens unhappy with civic services, tax rates or legislation. Fortunately, an estimated nine of out every 10 desktop systems now include anti-virus software, which detects and removes such unwelcome code.
However, it's important to note that installing anti-virus software is only a first step in keeping systems clean. Hackers constantly tweak existing viruses or develop new ones, and that means network administrators need to be just as clever in guarding against viruses by downloading anti-virus packages early and often.
And with the growth of networking, viruses have plenty of places to go. A PC can be infected when a user accesses the Internet, swaps software with friends, exchanges files via e-mail or is hooked to a network.
Most network administrators, including those in state and local government, are not always diligent in their anti-virus campaigns. "We try to make users aware of the need to keep their virus protection software up to date, but realistically I think many of them don't," said Cpl. Sean Renauer, who works the computer crime unit of the Montgomery County Police Department, Rockville, Md.
The International Computer Security Association estimates that 1,000 new viruses emerge each month, and older anti-virus packages often will not detect new strains. When Melissa swept across the Internet in March, virus protection software suppliers scrambled to get users to download the latest versions of anti-virus software--the only hope in combating this wild new strain of computer virus.
"We recommend that users update their virus-protection packages at least every couple of weeks," said Roger Thompson, director of anti-virus research at ICSA.
Anti-virus software suppliers stand ready to help civic agencies combat new viruses. When an organization thinks it may be under attack from a new virus, that agency can report the virus to a vendor's anti-virus research center. These departments usually will determine within 24 hours whether a new virus has appeared and can find an anti-virus in a few days.
Vendors also understand that the update process can be tedious and are working to make it simpler. Network Associates Inc.'s Enterprise SecureCast service relies on push technology to automatically send updates to corporate network administrators as soon as the updates are released from the company's labs. Administrators can use a central distribution console to protect an enterprise's clients and servers.
Meanwhile, Symantec Corp.'s Norton anti-virus product line includes a LiveUpdate feature that enables network administrators to download updates. A customer can perform the update manually or set a hourly, daily or weekly schedule for automated updating.
Some products try to identify patterns or signatures in viruses. "Viruses tend to exhibit a consistent characteristic that our heuristic engine, BloodHound, was designed to recognize," said Carey Nachenberg, chief researcher at Symantec.
Even so, some hacker attacks seem to be getting more personal and not just random acts whose goal is to disable as many anonymous computer users as possible. "Historically, hackers were young males testing their technical expertise," said Sal Viveros, a group marketing manager at Network Associates. "But lately, viruses have become more vicious, many are designed to take down an organization's network, and they seem to come from disgruntled employees."
- Paul Korzeniowski
Tips for Internal Virus Cleansing
* Disable program features that automatically open e-mail attachments or launch downloaded program files.
* Take advantage of Microsoft Corp.'s Word 97's ability to disable all macros when opening a template.
* Back up all Word template (DOT) files to an unused directory and change the file extensions.