Tip

Week 14: Malicious code -- When viruses and worms run amok

In an effort to help busy security managers, CISSP Shelley Bard's weekly column will build upon the concept of the perpetual calendar, offering a schedule of reminders for a proactive, strategic

    Requires Free Membership to View

security plan. Visit here for an archive of previous columns.

When
Update weekly; at least daily during outbreaks

Why
Even though it seems logical to believe that everyone should have some protection on their systems by now, Netsky and Mydoom wouldn't have infected so many computers if this were so. The bottom line is that if you've had loss of business, bandwidth clogging, productivity erosion, management time reallocation issues or recovery costs, you were affected.

Strategy
A virus is a program capable of replicating with little or no user intervention and can destroy other programs without your permission. A worm is a self-replicating piece of code that spreads to other drives, systems or networks. I roll my eyes when I hear people correcting others when discussing a "worm" or a "virus." Other terms like trapdoor, time bomb, etc., are just flavors. Who cares? They're all code you don't want on your systems. Stop correcting people and correct the system problems. Viruses generally have a harder time running on Unix systems. There are a few viruses that run on Linux. Windows suffers the majority.

Figure out where the problem occurred. Virus signature updates not current or not frequent enough? Ensure you have the latest signatures the minute they're available, for example, using an auto-update mechanism versus fetching them yourself. People executing those attached files? Perhaps you need a better/faster/louder alert system for users. (Add this item to your training, education and awareness program.) E-mail server not recognizing outgoing spam? Tweak the activity threshold or get a third-party package that regulates bulk e-mails, in or out. If your company does a lot of legitimate mass e-mailing, you'll have to tweak this system more than most. Users complaining about e-mail quarantines? Tough. Better a few late e-mail files than a system down and organization compromised. Use a backup system called the "telephone."

In sum, take the time to figure out the area of your system most vulnerable to viruses and fix it. Even if there is a "next time," the fallout will affect you less, and the fix will be faster and more manageable overall.

More information
Fred Cohen, generally credited with creating the first virus, got the idea for the term from a science fiction book, Shockwave Rider (Harper and Row, 1975), where the author discussed a computer tapeworm. Virus protection tools are available from Computer Associates, F-Secure, Kaspersky Labs, McAfee, Sophos, Symantec and Trend Micro. Some of these companies also offer antivirus for Unix-based systems. All can help you find what you need to make your system more secure.

About the author
Shelley Bard, CISSP, is a senior security network engineer with Verizon Federal Network Systems (FNS). An infosecurity professional for 17 years, Bard has briefed and written infosecurity assessments and technical reports for the White House and Department of Defense, special interest groups, industry and academia. Please e-mail any comments to mailto:securityplanner@infosecuritymag.com

Opinions expressed in this column are those of Shelley Bard and don't necessarily reflect those of Verizon FNS.

Last week: Social engineering --The low-tech side of high-tech
Next week: Spring cleaning -- part 1

This was first published in March 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.