Virus attacks: who is to blame?

August was possibly the busiest month in the history of computer viruses: 800 new viruses were detected. Although this is not an...

August was possibly the busiest month in the history of computer viruses: 800 new viruses were detected. Although this is not an unusually high number, four particularly widespread viruses - Mimail, Blaster, Nachi and Sobig - all seriously compromised security.

These viruses caused widespread infections and spread using a variety of methods. Thousands of companies worldwide found they were not protected against the viruses or had not appropriately patched their operating system.

Amid the onslaught, some businesses reliant on the internet may have questioned whether it is worthwhile to stay connected and must have feared that every moment of an IT manager's day will be spent updating anti-virus software and patching operating systems. But although there are disadvantages to being connected to the outside world, there are many advantages.

In a networked economy, businesses have the advantage of quicker, automated communication with their customers, suppliers and partners. Companies no longer need to devote so much energy to time-consuming manual processes such as snail mail.

A prime example of the efficiency of online communication was the recent Blaster outbreak. When the virus broke, anti-virus companies needed to inform customers at the earliest opportunity. As they were able to do this electronically, it was just as simple to update 10,000 customers as it was to update one. A process that in the past could have taken hours, now takes minutes.

Of course, Microsoft notified thousands of companies of the critical fault in its operating system in July, weeks before Blaster existed. But notification alone is not enough - people also need to act upon the notifications.

Before tackling the prevention of security breaches, it is important to establish who is responsible for virus infections. It is easy to point the finger at someone else, but in reality we are to blame, whether business owner or manager, virus writer or operating system supplier, IT department or computer user.

It is the business owner or manager's responsibility to ensure that an effective and active safe computing plan is implemented. It is the IT department's responsibility to ensure the network is appropriately patched. It is the user's responsibility to follow safe computing guidelines and it is the operating system supplier's responsibility to develop more secure operating systems. Of course, if the virus writer simply did not create the virus, everybody else's job would be a lot easier.

Users also have a part to play and can often act as the final line of defence. Curiosity leads many to temptation and users need to be educated not to launch unsolicited e-mails. Businesses should do what they can to avoid putting their employees in such a position.

In addition to deploying anti-virus software on the desktop (whether via e-mail, instant messaging, discs or the internet), it is crucial that protection is kept updated. Subscribing to an e-mail notification service will inform businesses when viruses break and how they can protect their systems.

With an automatic update system, most anti-virus packages can be set to regularly download updates. One recurring fault is that remote users are neglected and automaticupdates must include those working off-site or on laptops. This area has been largely addressed by suppliers which have facilitated remote access updates and businesses now simply need to implement this technology.

Additionally, threat reduction features can be employed. By blocking potentially dangerous executable code at the e-mail gateway, both known and new viruses will be stopped from reaching company desktops. For example, blocking files with more than one file extension could have prevented infection from viruses such as Sircam. Files with double extensions can be quarantined, allowing them to be examined and released if required.

Other means of threat reduction include creating a list of disallowed file types. Viruses use a range of file extensions to spread and, depending on the needs of the individual organisation, some or all of them can be blocked.

Simply blocking .pif and .scr files would have stopped Sobig-F in its tracks. There needs to be a balance between security and functionality, but depending on the size and nature of a company's business, measures such as stopping all executable content, regardless of its extension, may be appropriate.

The most important message for businesses is that viruses are a problem before they get onto the front page of the newspaper. They are a continual threat that businesses need to accommodate in everyday office life. If this is done, businesses can enjoy the advantages of a networked economy, knowing their offices are safely protected from the ever-lurking threat.

Graham Cluley is a senior technology consultant at Sophos Anti-Virus

Strategy Clinic: The spam threat >>

Read more on Antivirus, firewall and IDS products