How much virus information is too much?

By Edward Hurley, News Writer 21 Jan 2003 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Security professionals like to learn about new viruses and worms. No surprise there. But few have the time to keep up with all the news about the latest malicious code.

There is definitely a tension between keeping informed and getting bogged down in reading alerts and advisories. The former approach allows security pros to be on the cutting edge of the latest threats. They can assess their own systems and take proactive measures, like installing security patches or blocking specific messages.

On the other hand, security professionals could find themselves getting bogged down reading all the alerts, leaving little time for doing much else.

"I read all that I can, but I do have time constraints," said Fred Musick, a network technician with Tele-Optics Inc., a Kingsport, Tenn.-based networking and telecommunications infrastructure company. "I cannot keep up with everything. I need help presented concisely enough that I have time to read it."

Recently, SearchSecurity.com asked readers how much information they want about new viruses and worms. They were given three choices:

• Just the Nimdas. People in this group only care about the huge viruses and worms that occur a few times a year, at most. Examples of these include Nimda in 2001 and Klez in 2002. These people don't have the time to worry about the smaller viruses. They keep their antivirus scanners updated, which will handle all the minor threats.
• Does this affect me? These people want to know about the various viruses that surface each year. They are looking for someone to filter out the truly dire threats from the hype. In other words, does the newest worm pose a significant threat to their systems? As soon as they see their shop is safe from a worm, they stop reading and go back to their work.
• Knowledge for knowledge's sake. By contrast, people in this group want as much information about viruses and worms as possible. They have a genuine interest in the intricacies of worms and viruses. They want to learn as much as possible, both for the knowledge and to protect their systems from future attacks.

The overall winner was the last camp. Security professionals want to know as much about new viruses and worms as possible. Beyond just letting a company know a virus is on the loose, an alert can also offer suggestions about stopping it. Knowledge translates into power, in other words.

"We take a very proactive approach as soon as the alerts are received," said Sean Swansboro, who works for a community bank located in the eastern U.S. "We use a third-party filtering software that allows [us] to block messages that contain certain variables in the subject line. "

"We gather the information for applying it to avert any disaster, not just for the sake of having it," said Jayarajan Chulliparampil, who works for a Middle Eastern oil and gas company.

FOR MORE INFORMATION:

Take SearchSecurity.com's real-time poll related to this issue

SearchSecurity.com news exclusive: "Worms off to fast start in 2003"

SearchSecurity.com news exclusive: "Researcher uses new method to stop virus propagation"

SearchSecurity.com news exclusive: "Experts downplay Yaha variant damage"

• FEEDBACK: What camp do you fall into?
  Let News Writer Ed Hurley know.
  

  Digg This!     StumbleUpon     Del.icio.us

  
  
  
  

  RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary