IT security expert Etienne Greeff measures the effectiveness of
antivirus protection.Since the outbreak of the Melissa virus just
over two years ago, virus writers have raised the level of the
cat-and-mouse game they play with legitimate IT users. When
considering the effect of Bugbear a few weeks ago, educating users
of the threat is no longer enough.
In the past, the mantra of many network managers was "don't open
any attachments you are not expecting". But now, viruses are more
sophisticated.
The latest variants are intelligent enough to use threads of
existing e-mail conversation between users as a header, making an
infected e-mail look incredibly convincing even to relatively savvy
users. So the simple advice above is proving ineffective.
There are, however, a number of steps you can take at users'
desktops to reduce the risk of catching an e-mail virus. For a
start, most e-mail-based viruses rely on the double extension trick
in Windows.This means that a virus script with the filename "My
Holiday Pics.jpg.vbs" is displayed as "My Holiday Pics.jpg" when
running Windows.
By default, the operating system will not display the full filename
extension, so users could easily be duped into opening this
supposedly innocent image, and launching the virus. If you disable
the operating system feature that hides filename extensions, users
would then see exactly what they are opening.
Another simple step you can take is to prevent the operating system
from running scripts automatically. Normally, *.VBS and *.JS
attachments are associated with a scripting engine. If you
configure the desktop PC so that these files are associated with a
benign application (such as Notepad) or remove the scripting
engines entirely, the virus can't run.
Unfortunately, even regularly updated antivirus products are not
sufficient to guarantee immunity. Recent infections have further
highlighted the need to keep up to date with security patches on
all machines in network environments. This is especially critical
on servers that are directly Web-facing, but is still important on
client workstations.
Although you'd be very unlucky if your organisation was hit by a
brand new security exploit, being affected by a vulnerability on
client workstations that were fixed by the vendor more than a year
ago is tantamount to poetic justice. And this is what happened in
the case of Bugbear earlier this month. So be on your guard.
Do you have any tips on preventing viruses?
Tell us in an e-mail >>CW360.com reserves
the right to edit and publish answers on the Web site. Please state
if your answer is not for publication.
Etienne Greeff is a professional services director at IT
security consultancy MIS Corporate Defence Solutions.