Thought for the dayPrevention is the only cure for e-mail viruses

Opinion

Thought for the dayPrevention is the only cure for e-mail viruses

IT security expert Etienne Greeff measures the effectiveness of antivirus protection.Since the outbreak of the Melissa virus just over two years ago, virus writers have raised the level of the cat-and-mouse game they play with legitimate IT users. When considering the effect of Bugbear a few weeks ago, educating users of the threat is no longer enough.

In the past, the mantra of many network managers was "don't open any attachments you are not expecting". But now, viruses are more sophisticated.

The latest variants are intelligent enough to use threads of existing e-mail conversation between users as a header, making an infected e-mail look incredibly convincing even to relatively savvy users. So the simple advice above is proving ineffective.

There are, however, a number of steps you can take at users' desktops to reduce the risk of catching an e-mail virus. For a start, most e-mail-based viruses rely on the double extension trick in Windows.This means that a virus script with the filename "My Holiday Pics.jpg.vbs" is displayed as "My Holiday Pics.jpg" when running Windows.

By default, the operating system will not display the full filename extension, so users could easily be duped into opening this supposedly innocent image, and launching the virus. If you disable the operating system feature that hides filename extensions, users would then see exactly what they are opening.

Another simple step you can take is to prevent the operating system from running scripts automatically. Normally, *.VBS and *.JS attachments are associated with a scripting engine. If you configure the desktop PC so that these files are associated with a benign application (such as Notepad) or remove the scripting engines entirely, the virus can't run.

Unfortunately, even regularly updated antivirus products are not sufficient to guarantee immunity. Recent infections have further highlighted the need to keep up to date with security patches on all machines in network environments. This is especially critical on servers that are directly Web-facing, but is still important on client workstations.

Although you'd be very unlucky if your organisation was hit by a brand new security exploit, being affected by a vulnerability on client workstations that were fixed by the vendor more than a year ago is tantamount to poetic justice. And this is what happened in the case of Bugbear earlier this month. So be on your guard.

Do you have any tips on preventing viruses? Tell us in an e-mail >> CW360.com reserves the right to edit and publish answers on the Web site. Please state if your answer is not for publication.

Etienne Greeff is a professional services director at IT security consultancy MIS Corporate Defence Solutions.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in October 2002

 

COMMENTS powered by Disqus  //  Commenting policy