Q

Applying gateway products to stop malware

I am using Symantec Norton antivirus solution with the latest update. I don't have any protection on my gateways.

We were recently attacked with the Nimda virus. I cleaned it, applied the Microsoft patch, but again and again we are getting that virus, even though I have configured it for quarantine. Why should that virus come again and again? Is there any permanent solution other than applying gateway products?

Malicious code, which is designed to probe for weaknesses and spread by constantly attempting to infect systems, will not go away or stop its activity once you have protected or patched your system.

The only way to stop the probes is by using something to filter them out, at the firewall or gateway level, as you suspected. Otherwise, they will continue to seek out weaknesses in your system and nothing you do at the desktop level will have any impact on them.

For example, I got tired of Sircam and Yaha-infected mail coming to me. I used a spam filter on the mail server to block incoming mail containing subject lines which correspond to these messages. Voila, no more infected e-mails of that type. The same idea can be applied to your case.


For more information on this topic, visit these other SearchSecurity.com resources:
  • Executive Security Briefing: Virus management: Never a dull moment
  • News & Analysis: To block, or not to block at the gateway
  • Virus Prevention Tip: Adding to antivirus software


  • This was first published in February 2003

    Dig deeper on Malware, Viruses, Trojans and Spyware

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close