What are the options?
Antivirus measures can be taken at several levels within a network: on the desktop or notebook, on servers (especially mail servers), as a standalone gateway, or within a firewall.
"File filtering and content management features act as a proactive guard against virus threats before scan engine data files are updated," says Biviano. "It is a good idea to block POP3 and IMAP4 access via the firewall," to prevent users from accessing external mail servers that might not be running antivirus software.
Chris Nixon, technology marketing manager at LAN Systems agrees. "There's a different virus for each type of traffic," he says, so Java, ActiveX and other content needs to be checked at the gateway.
Although virtual private networks are put into place to increase security, careless implementation can open a window of vulnerability. If remote users have a dual-homing configuration (also known as split tunnelling), there is a risk that viruses can sneak around corporate defences.
Antivirus and firewall software are therefore both needed on remote access computers, he advises. "What if trusted traffic is carrying malicious content?"
Blended threats such as Code Red and Nimda exploit multiple vulnerabilities and points of attack, and therefore antivirus software alone is not sufficient, says Symantec's Donovan. "That's a bit of a leap for most network managers," he says, but companies have seen a shift of interest from antivirus to integrated security systems.
"The blended threat was probably the most complicated thing for anyone to deal with," says Charlie Johnson, vice president of Symantec Security Services. This is largely because of a tendency towards silos of control within organisations--one group looks after the firewall, another cares for the mail servers, and yet another deals with desktop antivirus measures.
"Not a lot of [Symantec's] clients have integrated security response programs," he says, "you need an integrated solution to an integrated threat."
Large organisations "are going to spend an ungodly amount of money" on security, predicts Johnson.
One technique to reduce the spread of viruses within a large network is to split the network into a number of virtual LANs. "Utilising VLANs then firewalling off these VLANs from other subnets can help prevent attacks from spreading from servers and PCs in different VLANs and subnets," says Foggo.
A relatively new vector for viruses is instant messaging, warns Smith. Some content filters are already available for instant messaging, and he expects to see such support in all major antivirus products shortly.
Viruses are generally regarded as a generic threat, but there is evidence that malicious code sometimes targets a particular organisation. One Australian online business claims to have lost over AU$375,000 in six months as a result of what Peter Lee, general manager of Brisbane-based security specialist ComSec Enterprises, described as a custom-written Trojan horse.
According to Lee, organisations can protect themselves from this kind of attack by using personal firewalls on desktop computers. Such software runs untrusted programs in a "sandbox" to ensure any malicious activity is identified and terminated before it can do any damage. "This new generation of product does not rely on databases of known viruses," he says.
"Any computer that is connected to the Internet is at risk," Lee adds. "Trojans can be hidden in Java, ActiveX, and all manner of Internet based program code. The days where you needed to receive an infected file are long gone. Viruses, worms, and Trojans are delivered using very sophisticated methods. For this reasonalone, it is critical that organisations don't rely on just virus scanning and firewalls."
"The hacker's counting on somebody not doing their job," says Johnson, pointing out that Nimda exploited a vulnerability for which a patch had been released 18 months earlier.
Not all platforms are equally prone to viruses. For example, AAPT uses Novell GroupWise rather than Microsoft Exchange. Todd Hull, manager of IT platform support, suggests this has reduced the number of viruses that can affect the company.
While it seems clear that the widespread use of Microsoft products attracts virus writers, vulnerabilities in other platforms have also been exploited.
Hello, I have to you very odd request. My name is Jiri Kurka and I'm from Czech Republic. You writed in your article about some specialist name's Jan Chrbolka. I'm looking forward my forepast classmate and friend from school and his family emigrate from CZ. I suppose that this Jan Chrbolka is he. Do you have some contact to this man? Can you help me please?
Thank you very much for you answer.
Jiri Kurka, Czech Republic