How to bolster your security defences to prevent e-mailed viruses
from breaking through
I am IT director at a recruitment consultancy that receives
e-mailed CVs in their droves from job seekers, and find myself
forever batting away viruses. Anti-virus software only partially
solves my problem, as it only recognises and stops known viruses.
How can I reinforce my defences?Always take precautions
Chris Hilder
NCC
There are now some 51,000 viruses, ranging from the mild and
harmless to the very vicious. Most attacks arrive by e-mail,
although the risk of viruses being spread via CDs and floppy discs
should not be forgotten.
The major problem with anti-virus precautions and risk
management is they can take up large amounts of time from key staff
within the IT department. The work is often reactive, making it
difficult to plan for every individual attack.
To make the best use of your time and still limit the problem of
viruses you need to prepare and invest properly. For example:
- Invest in anti-virus protection on a system which is between
the firewall and the internal mail server to ensure the virus does
not hit your internal mail server
- Ensure the anti-virus files are always up-to-date by scheduling
daily checks and downloads from the Internet
- Have tried and tested procedures to follow in the event of new
viruses
- Ensure all your staff back-up their systems regularly and that
everyone knows what to do in the case of a new virus arriving on
their machines
- If you can afford the time you could "buffer" the mail for
several days before sending it on to your staff. This would allow
anti-virus solution providers to sort out the problem before your
staff receive the e-mail.
Bring in quarantine measures
Roger Marshall
Elite
After Melissa and the Love Bug we are all feeling vulnerable
again. Protection against what might be termed conventional or
pre-Melissa viruses, which do not spread like wildfire by hijacking
address books, is now pretty routine and reliable. The anti-virus
companies have become extremely quick and efficient at picking up
new viruses, upgrading their software and making the patches
available to users over the Internet. So although it may be a
nuisance, if you check for upgrades regularly - by which I mean
daily at least - your risks are going to be small.
Now, though, we must take further precautions. I am no expert,
but disabling the execution of Visual Basic scripts in your
standard desktop set-up would have stopped the Love Bug. As the
secret of success for these viruses is that they spread around the
world in a few hours, before the news of their arrival is widely
known, then perhaps all attachments containing executable code
should be quarantined for 12 hours, for example, before being
passed on to their recipient.
This may be seen as unacceptable to your users, so would have to
be introduced after a process of consultation. It is hard to
believe they cannot live with such a restriction, though a means of
bypassing it in special circumstances will be needed. In practice,
most attachments are Word documents and can usually be sent in Rich
Text (.rtf) rather than .doc format. The jobseekers with whom you
are having trouble can be told the content of their CVs is far more
important than the artistic impression!
The four lines of defence
Paul White
Impact
By the time new viruses reach the general population, most good
quality anti-virus software companies will have devised a counter
measure, so the first line of defence is to be equipped with a
"proper" anti-virus software package and a subscription to its
associated update service.
The second line of defence is to use it! And to accept the
downloads offered by the update service. E-mails themselves don't
contain viruses because they don't contain executable code, though
they may carry them by means of an attachment or a macro embedded
in a word-processed document.
The third line of defence is not to download any executable
attachments from your e-mail server, but if you do, then dispose of
them at once without opening or running them.
The fourth line of defence is to set up your applications to
warn you of any documents which have embedded macros in them. If
you then receive a CV in, for example, Word which has a macro in it
- it should not, of course, for a simple item like a CV - you will
be warned in advance and you can also dispose of this document
without opening it.
Don't forget to empty the trash can after deleting the offending
items otherwise they may still be retrieved and opened.
Try to minimise exposure
Dan Remenyi
First of all there is no such a thing as a single, universal
prophylactic against computer viruses. It is in the nature of
today's computing that you will be faced with a variety of viruses
when you open your system up to receiving CVs from around the
world.
There are really only two things you can do. The first is to
ensure you have the latest, up-to-date virus software available and
secondly that you download the CVs onto one specific dedicated
system, where they are checked for these incoming viruses, before
they are passed on to other workstations in your organisation. Both
these steps should minimise the exposure you have to this type of
problem.