Problem solve Get help with specific problems with your technologies, process and projects.

Week 14: Malicious code -- When viruses and worms run amok

Shelley Bard discusses how to prevent and combat malicious code.

In an effort to help busy security managers, CISSP Shelley Bard's weekly column will build upon the concept of the perpetual calendar, offering a schedule of reminders for a proactive, strategic security plan. Visit here for an archive of previous columns.

Update weekly; at least daily during outbreaks

Even though it seems logical to believe that everyone should have some protection on their systems by now, Netsky and Mydoom wouldn't have infected so many computers if this were so. The bottom line is that if you've had loss of business, bandwidth clogging, productivity erosion, management time reallocation issues or recovery costs, you were affected.

A virus is a program capable of replicating with little or no user intervention and can destroy other programs without your permission. A worm is a self-replicating piece of code that spreads to other drives, systems or networks. I roll my eyes when I hear people correcting others when discussing a "worm" or a "virus." Other terms like trapdoor, time bomb, etc., are just flavors. Who cares? They're all code you don't want on your systems. Stop correcting people and correct the system problems. Viruses generally have a harder time running on Unix systems. There are a few viruses that run on Linux. Windows suffers the majority.

Figure out where the problem occurred. Virus signature updates not current or not frequent enough? Ensure you have the latest signatures the minute they're available, for example, using an auto-update mechanism versus fetching them yourself. People executing those attached files? Perhaps you need a better/faster/louder alert system for users. (Add this item to your training, education and awareness program.) E-mail server not recognizing outgoing spam? Tweak the activity threshold or get a third-party package that regulates bulk e-mails, in or out. If your company does a lot of legitimate mass e-mailing, you'll have to tweak this system more than most. Users complaining about e-mail quarantines? Tough. Better a few late e-mail files than a system down and organization compromised. Use a backup system called the "telephone."

In sum, take the time to figure out the area of your system most vulnerable to viruses and fix it. Even if there is a "next time," the fallout will affect you less, and the fix will be faster and more manageable overall.

More information
Fred Cohen, generally credited with creating the first virus, got the idea for the term from a science fiction book, Shockwave Rider (Harper and Row, 1975), where the author discussed a computer tapeworm. Virus protection tools are available from Computer Associates, F-Secure, Kaspersky Labs, McAfee, Sophos, Symantec and Trend Micro. Some of these companies also offer antivirus for Unix-based systems. All can help you find what you need to make your system more secure.

About the author
Shelley Bard, CISSP, is a senior security network engineer with Verizon Federal Network Systems (FNS). An infosecurity professional for 17 years, Bard has briefed and written infosecurity assessments and technical reports for the White House and Department of Defense, special interest groups, industry and academia. Please e-mail any comments to

Opinions expressed in this column are those of Shelley Bard and don't necessarily reflect those of Verizon FNS.

Last week: Social engineering --The low-tech side of high-tech
Next week: Spring cleaning -- part 1

This was last published in March 2004

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.