E-mail viruses
CA's Kaminski observes that around ten years ago it was possible to protect against viruses simply by scanning floppy disks, so all you needed to do was put a PC with antivirus software near the door and require everyone to scan the disks they brought into the building.
However, as networking became widespread, the number of entry points widened. Just being connected to the Internet was enough to allow the recent Nimda virus to attack a vulnerable system.
Although many recent viruses have been spread by e-mail, scanning e-mails and attachments is not a sufficient defence against viruses.
You also need to scan code immediately before it is executed, and to scan files before they are closed. It's not enough to rely on one line of defence-"think about total security" is Kaminski's advice, which includes checking for viruses, controlling access to systems, ensuring compliance with security policies, and detecting intrusions.
Or you can take an appliance-style approach. WebShield for Nokia Appliance is "a gateway solution," says Vic Whitely, Nokia Internet Communications' general manager in Australia and New Zealand.
He argues that over 90 percent of viruses are carried by e-mail, so it makes sense to detect them at the edge of the network. Using a separate device avoids adding to the load on already heavily used mail servers and avoids instability resulting from running a third-party scanner alongside the mail server software.
Furthermore, moving the scanning process away from users minimises the risk that someone will accidentally or deliberately disable the protection. Nokia Appliances can be installed in pairs for fault tolerance, and the company claims that in this configuration failover occurs so quickly that no packets are dropped.
Sybari Software thinks e-mail viruses are even more common. Biviano says around 95 percent of viruses enter an environment via e-mail, so "the focus of virus protection should be at the e-mail server."
"We still recommend you have antivirus software on the desktop," Whitely says, because a layered approach is needed for adequate protection, such as against the minority of viruses that arrive on physical media. Biviano concurs: "Best practice protection involves protecting all points in the food chain-firewall, e-mail, server, and desktop."
Trend Micro sees desktop software as a "last line of defence" against e-mail viruses. Gateway protection can filter out infected e-mails before they reach the mail server, which is especially important when dealing with a mass-mailing virus.
Such filtering should be used in conjunction with a mail server scanner to detect viruses in internal e-mails as well as those lying dormant in old messages, Montgomery recommends.
He points out that it is usually best for an antivirus product to completely delete mass-mailing viruses, because there is no benefit in trying to disinfect or quarantine such messages as you would a Microsoft Office document that had been infected with a macro virus.
Scanning only mail traffic is also not enough, says Network Associates' Bell. Some gateways scan SMTP traffic only, or perhaps SMTP and FTP, he claims. HTTP, SMTP, POP3, and FTP can all be exploited, and his company's E250 and E500 gateway appliances cover all four.
Symantec's new Gateway Security Appliances provide antivirus protection, firewall, intrusion detection and VPN functionality in one box.
The three models are intended for 50 to 1000-node installations, and multiple units can be used in combination to provide load balancing or to protect remote offices while retaining the advantage of single console management.
While you want to catch viruses as close as possible to the fringe of your network, timing issues underscore the need for multiple layers of protection. "Occasionally the firewall or mail gateway will let a new unidentified virus through to the users, because the virus signature database is not yet updated with information on the new virus threat. In this instance, when the workstations receive their virus signature database update they will then be able to detect the virus," says Antony Steele, senior system engineer at Open Systems.
"An example is where a virus-infected e-mail is received by a corporation's mail gateway at 3am. The users virus signature database is updated with new signatures at 5am, and the user reads the e-mail message sometime after 8am. The infected e-mail may have got through the mail gateway, but as the user tries to launch the infected attachment at their PC the virus is detected and prevented from running."
Hello, I have to you very odd request. My name is Jiri Kurka and I'm from Czech Republic. You writed in your article about some specialist name's Jan Chrbolka. I'm looking forward my forepast classmate and friend from school and his family emigrate from CZ. I suppose that this Jan Chrbolka is he. Do you have some contact to this man? Can you help me please?
Thank you very much for you answer.
Jiri Kurka, Czech Republic