Education
"[Antivirus] education has to be part of the induction process," says Dozortsev. It should include information about what staff should do in the event of a suspected virus incidents. This includes reporting the incident to the appropriate person in an organisation.
Staff must be reassured that they won't get into trouble if they report a virus, emphasised Kaminski. Training should also cover what not to do--reformatting a hard disk in a panic might make matters worse.
AAPT includes such training in staff induction, says Hull. A recent reorganisation has expanded his responsibilities, and he plans to review ongoing training requirements in this area once a security review is complete.
"Educating staff is not an event, but rather an ongoing process," says Miller. "First up, companies need a well articulated communications plan or policy. This needs to be constantly reinforced via company newsletters, meetings [etc]. Companies also need to be vigilant: if breaches are found, they need to be dealt with quickly."
LAN Systems' Nixon takes the view that "the less involvement [users] have, the better". He advocates gateway-based protection coupled with locked-down antivirus software on the desktop, so user education can be kept simple.
As Cameron MacDonald, Microsoft Exchange administrator at AC Nielsen Australia puts it, "Education is important but enforced policies are more practical." However, Nixon recommends teaching users about virus hoaxes to avoid the loss of productivity caused by passing on bogus warnings.
Even warnings about genuine viruses can be a time-waster. "All the time e-mail is sent to thousands of people warning them about the latest dangerous virus and [asking them] to pass the message onto everybody they know.
They think they are doing the right thing by doing this, but indirectly they are the virus," says MacDonald.
Donovan says user education should relate to corporate policies such as using complex passwords (and not putting them on sticky notes attached the monitor!), and not opening attachments unless they are from trusted sources--though "users in Australia are a lot smarter than they used to be," he says. Recent e-mail viruses haven't spread much in Australia, but it's important to keep driving the point home to users.
Smith suggests antivirus issues should be part of general security awareness training. If users understand why security is important and how antivirus measures fit in, they are less likely to try to bypass them. He also recommends that acceptable use policies should prohibit the deliberate release of a virus.
Organisations should also investigate the possibility of extending their antivirus licences to cover employees' home computers. This may be possible at low cost or even free of charge. "The more space you cover with antivirus, the safer you are," says Kaminski.
One of the advantages claimed for server or gateway-based scanning is that they prevent viruses reaching users' PCs, so there is less need for training.
"Some of the most successful [e-mail viruses] use innocuous messages such as 'Take a look at this'," says Bell, and since the message comes from someone known to the recipient (because the virus got their address from someone else's address book), they are likely to open it.
Blocking certain attachments, especially .exe and .vbs files "won't stop everything, but will ease your pain," he says.
"You can continually educate people about viruses but it can be difficult to get them to take notice, or to consider their actions prior to opening an attachment.
Anti virus protection is needed at all points in the food chain. It is far more expensive to clean up after a destructive virus than to protect against them in the first place," says Biviano.
Final word
Buying antivirus software "is just the start of the journey," warns Dozortsev. He likens the packages to a bulletproof vest: valuable protection, but it won't stop you getting shot in the head.
Constant vigilance is needed in keeping your antivirus and other security software up to date and in applying security-related patches to operating system components and applications to deal with the latest exploits.
Hello, I have to you very odd request. My name is Jiri Kurka and I'm from Czech Republic. You writed in your article about some specialist name's Jan Chrbolka. I'm looking forward my forepast classmate and friend from school and his family emigrate from CZ. I suppose that this Jan Chrbolka is he. Do you have some contact to this man? Can you help me please?
Thank you very much for you answer.
Jiri Kurka, Czech Republic