CompStar Technologies



CompStar

 
  

Print Page
  

Bookmark Page
 

DANGER:  Does your Virus Checker only LOOK up to Date?

The Latest Signatures Aren't Always Enough

MISHAWAKA.  All your virus checkers are humming away happily… checking daily and downloading the latest signatures… scanning every incoming e-mail and file…  You have nothing to worry about, right?  Actually, as we found out in our own office, you may NOT be as protected as you think.

Here's the story.  At CompStar, we had several machines that were running exactly as described above.  One machine was running Norton AntiVirus, the other McAfee.  Both were downloading the latest signatures as soon as they came out.  We were surprised when first one, then the other, received e-mails infected with the Homepage virus with no alarm going off.  This was particularly startling because the Homepage virus was not a new one - it had been discovered months earlier, and by the time the suspect e-mails arrived all major virus companies had measures for identifying and removing it available for months.

What was the problem?  Even though these two PCs gave every appearance of being up to date, they were actually running an older version of the program.  Usually, the software notifies the user when a version update is available.  But, depending on the license agreement, the upgrade may not be automatic - it might require the purchase of an upgrade license or a new support subscription.

If the user declines the upgrade the at the time, it might not be apparent later that the basic virus checker version is out of date.  In the case of the two installations we observed, both continued to download signatures without periodic warnings that the underlying software was outdated.  The checkers continued to spot most viruses, of course, but in this case there was a major hole in the old version.

Should we have spotted this discrepancy? Sure… but our users were lulled into the belief that they were fully protected because the virus checker was clearly scanning incoming files and because it was downloading fresh signature updates as they became available. 

Recommended Best Practice

The key elements of protecting your organization from incoming viruses are to make sure  that ALL users (including telecommuters, traveling notebook users, etc.) are equipped with virus protection, and to be sure that every virus checker has both the most up to date software version and up to date virus signature files.  User training is important, too - users will sometimes deactivate virus checking if they can, or may respond inappropriately to a virus checker prompt.

Insuring complete coverage is very important, particularly when it comes to e-mail viruses that take over the user's address book.  Imagine that an organization has 100 PCs, and 90 of them are fully protected.  If one unprotected PC opens an e-mail virus, it might be distributed to the rest of the organization.  While the protected PCs would stop the virus when it arrived, the remaining unprotected ones might continue the chain of transmission.  Not only would other members of the organization receive as many as ten of the infected e-mails, so might vendors, customers, etc.

Of course, these tasks are easy to describe, but not always as easy to accomplish.  There are a few steps an organization can take to make things easier.  First, even though many PCs come bundled with an antivirus solution of some sort, it is usually best to invest in a package that allows centralized control, like Norton AntiVirus Corporate Edition.  Products that allow single point enforcement of anti-virus policies, and that can run at both the server and desktop level, make the entire organization more virus proof.  User tampering with settings can be eliminated, and up to date signatures can be maintained more easily.

The second step (and the one that was skipped in the incident described at the beginning of the article) is to purchase a one or two year upgrade guarantee.  This is almost always cheaper than purchasing individual upgrades when they come out, and usually allows upgrades to be automated.  The important concept is that virus software isn't like other software.  While you can safely delay or even skip an upgrade to your word processing or accounting software, your virus software could be dangerously out of date if it is operating on an older engine.

Keep your users informed, too - many viruses spread simply because users clicked on a file that was commonly known to be a virus carrier.  Let them know about hoaxes, too - recently, CompStar was contacted by on user who fell for the "If you find this file, delete it immediately!" hoax and then found Windows would not operate properly.

Certainly, there are many more actions that should be part of a total security plan.  These simple steps, though, will help keep your users virus-free in almost every circumstance.

Useful Resources:

Virus Updates from CompStar

Symantec - US

McAfee.com

  IT Indiana - Home

- - - - - - - - - - - - - - - - - - - - - - - - - - - -

CompStar Technologies is a leading Indiana-based provider of networking, technology, and communications services. With offices in Mishawaka (serving South Bend, Elkhart, Warsaw, Michigan City, Fort Wayne, Niles, St. Joseph, and Benton Harbor, Michigan) and Indianapolis, CompStar provides network design / support, network security, wireless networking, business telephone systems, VoIP (voice over IP), and cctv / video surveillance systems. CompStar is the Technology Division of Direct Line Communications, headquartered in Mishawaka, Indiana.

 

    

Voip - Voice over IP



  


Home | Services | Contact | Careers | Mission | News | Locations| Video Surveillance
E-Commerce & Web Marketing | Network Security | Network Outsourcing | VoIP

   © 1999 - 2006 CompStar Technologies, All Rights Reserved.