Understanding Virus Threats
Every contact between systems is an opportunity for virus
infection, whether it is through physical media, such as a
floppy disk, or via electronic methods, such as E-mail. Today's
computer viruses are designed to proliferate and to do
so at a rapid pace. In May 2000, it took a single day for
the I Love You virus to gain full strength. In summer of 2001
it took 90 minutes for the Code Red worm to get there and
in September of 2001 the Nimda virus took about 30 minutes
to reach its peak. These viruses could have had serious implications
for organizations that don't have a solid anti-virus strategy.
An anti-virus strategy that is well documented and maintained
will allow you to recognize and triage an outbreak rather
than simply react to one.
Anti-Virus Software Solutions
Symantec
NAV Corporate Edition
Network
Associates McAfee
Recommended Anti-Virus Software Strategy
To protect your data, use well-known anti-virus applications,
update the software routinely and as needed and follow proper
back up procedures.
It is important that both servers and workstations have
anti-virus software. The software you employ is only as
current as the publication date of the version you implement.
It is important to update your anti-virus software on a
regular basis. Older anti-virus software packages can be
updated by visiting the anti-virus software manufacturer's
website and downloading the latest virus signature files
for your version of software. Once downloaded, the signature
files are "unzipped" or the downloaded executable
file is run and your software is updated automatically.
This update must be done on each individual server and workstation.
Your workstations and server(s) will have to be re-booted
for the new signatures to take effect.
Current versions of anti-virus software have features that
will download the signature files to the server automatically
at preset intervals. Workstations on the network will, if
properly configured, automatically download the new signature
files from the network server. These events do not require
user interaction. Communication via E-mail makes it even
easier for viruses to spread and new viruses are unleashed
every day. Be sure you have a schedule in place for updating
your anti-virus software.
Implementing Your Anti-Virus Strategy
1. Assign a designated network administrator whose duties
include maintaining the anti-virus software.
2. Confirm which version of anti-virus software you have
installed. If you don't have any installed, purchase the
appropriate software and licenses recommended by Tushaus.
3. Have the software configured to automatically download
the latest signature files from the Internet monthly. Determine
whether your software is currently configured in this manner.
4. If you do not have the ability to automate your updates,
schedule regular manual downloads from the software manufacturer's
web site. Update all workstations and servers immediately.
5. When a major virus attack occurs, check the manufacturer's
web site hourly for signature file releases to counteract
the virus. Update all workstations and servers immediately.
6. Back up your data on a regular basis according to our
10-Tape Rotation Strategy. If a virus attack occurs and
you are infected, your best defense may be to delete the
affected files and restore them from tape. This cannot be
done without a back up.
What is a Computer Virus?
Simply stated, a computer virus is a program that has been
designed to reproduce itself and cause an undesired effect
to take place. They act very much like a human virus in
that they spread and cause "sickness" until destroyed.
Viral damage may not always occur immediately. Some viruses
are triggered by specific dates or after a user "logs
in" a certain number of times. The most unpleasant
viruses make subtle changes to files over a long period
of time.
There are two main types of viruses: ''boot sector'' virus
and ''file'' virus. Boot sector viruses are located at the
beginning of a disk and become activated by reading, booting
or rebooting your computer if the viral file is on the boot
drive. File viruses usually attach themselves to files such
as .exe, .com, or .bat files, which are used to start programs.
Be aware that some other file types can also be carriers.
Most viruses are spread via E-mail attachments or when
you open a file from a floppy disk. Once your computer is
infected, floppy disks, your local hard drive and any mapped
network drives may also become infected. Note that a virus
can't be transmitted from one type of computer to another.
For example, a virus designed to infect a DOS based system
can't infect a Macintosh.
Anti-Virus User Guidelines
1. NEVER open any files or macros attached to an E-mail
from an unknown, suspicious or untrustworthy source. Delete
these attachments immediately, then "double delete"
them by emptying your Trash.
2. Delete spam, chain, and other junk E-mail without forwarding.
3. Never download files from unknown or suspicious sources.
4. Avoid direct disk sharing with read/write access unless
sharing is a mandatory requirement.
5. Always scan a floppy diskette from an unknown source
for viruses before using it.
6. Back-up critical data and system configurations on a
regular basis and store the data in a safe place.
7. To help avoid boot viruses, do not leave diskettes in
your computer when shutting it down.
8. Change your computer's CMOS boot sequence to start with
the C drive first, then the A drive.
9. Write-protect any data source diskette before inserting
it in the drive, then run anti-virus software to scan it.
10. Consider dedicating an isolated computer (not connected
in any way to the network) to the task of testing all new
files and/or diskettes.
11. If lab testing conflicts with anti-virus software, run
the anti-virus utility to ensure a clean machine, disable
the software, then run the lab test. After the lab test,
enable the anti-virus software. When the anti-virus software
is disabled, do not run any applications that could transfer
a virus, e.g., E-mail or file sharing.
Anti-Virus Policy
Use this sample policy for your organization. Review your
policy regularly and share it with all users.
1.0 Purpose
To establish requirements, which must be met by all computers
connected to <Company Name> lab networks to ensure
effective virus detection and prevention.
2.0 Scope
This policy applies to all <Company Name> lab computers
that are PC-based or utilize PC-file directory sharing.
This includes, but is not limited to, desktop computers,
laptop computers, file/ftp/tftp/proxy servers, and any PC
based lab equipment such as traffic generators.
3.0 Policy
All <Company Name> PC-based lab computers must have
<Company Name>'s standard, supported anti-virus software
installed and scheduled to run at regular intervals. In
addition, the anti-virus software and the virus pattern
files must be kept up-to-date. Virus-infected computers
must be removed from the network until they are verified
as virus-free. Lab Admins/Lab Managers are responsible for
creating procedures that ensure anti-virus software is run
at regular intervals, and computers are verified as virus-free.
Any activities with the intention to create and/or distribute
malicious programs into <Company Name>'s networks
(e.g., viruses, worms, Trojan horses, E-mail bombs, etc.)
are prohibited, in accordance with the Acceptable Use Policy.
Refer to <Company Name>'s Anti-Virus Recommended
Strategies to help prevent virus problems.
Noted exceptions: Machines with operating systems other
than those based on Microsoft products are excepted at the
current time.
4.0 Enforcement
Any employee found to have violated this policy might be
subject to disciplinary action, up to and including termination
of employment.
5.0 Revision History
Typical Signs That a Virus May be Present
