commentary Most of us "set and forget" our anti-virus software. But to be safe, you should regularly check that the automatic update feature has not been disabled by a virus.A friend of mine works for a university-based medical research facility, and she recently wondered why their network was experiencing a dramatic increase in virus traffic. Their Internet-facing servers, she told me, were all protected with the latest release of a major anti-virus software product. The product, like its popular home version, features automatic live updates of the latest signature files, yet they were getting hit with several variations of the Bagle virus, plus some other new viruses.
This may sound familiar. You have a desktop anti-virus program installed now, and you know the signature file subscription is current with the vendor, but still you're seeing virus-like symptoms, or perhaps you actually know that you have a virus. Since the first of this year, many new viruses have been shutting down anti-virus and firewall programs, or, in other cases, disabling the software's automatic update feature, leaving your system vulnerable to future attack.
It's actually an old trick. The virus MTX, for example, released in 2000, blocks access to anti-virus software Web sites. But these recent anti-virus-disabling attacks are more effective because of their sheer volume: with some 30-odd variations of Bagle appearing within a 10-week period, each one better than the last, you might have been hit and not even realised it.
At one time, you needed to manually update your anti-virus program monthly, weekly, then every couple of days. Problem was, with a big email outbreak such as I Love You, you were often infected before you got around to updating your signature files. So the software vendors opted for automatic downloads of signature file updates. This method has its pros and cons.
First, the pros. I like the set-it-and-forget-it anti-virus protection available on most products today. I think it's made protecting your PC much easier for casual Internet users.
But, unfortunately, convenience breeds a false sense of security. I once knew someone who felt all cars should have standard transmissions so that the driver would at all times remain in touch with the road's conditions and be better able react to danger. In the same way, it might be good for us to have to pay more attention to our anti-virus and firewall software. I'm not suggesting we give up the ease-of-use features we now enjoy, but rather these products should now integrate with each other more than they currently do and provide some kind of checks and balances for each other.
I expect to see some major changes coming later this year. Currently, the new ZoneAlarm Security Suite works with your existing third-party anti-virus programs and reports whether the signature files are out-of-date or if the software is even working. And the new Microsoft Security Center, one component of Windows XP SP2 (to be released later this year), will also warn if your anti-virus protection is compromised. Whenever the anti-virus program becomes disabled, a dialogue box informs you of the change. Also, whenever you check the ZoneAlarm Security Suite or Microsoft Security Center main screen, you'll see a warning that your anti-virus protection is not enabled.
Until these products become widely available, you will still need to check your anti-virus programs from time to time to see that they are still working.
My friend has taken to doing just that, and in the process, found the anti-virus software update feature on one of the servers had been disabled in early April. By reactivating that server's protection, her research facility has significantly reduced their latent virus problem. I suspect some of you may experience the same result with your home computers.
ZoneAlarm Security Suite
ZoneAlarm Security Suite puts Norton Internet Security and McAfee Internet Security to shame with its easy-to-use features.
First Look: Windows XP Service Pack 2
The forthcoming Service Pack 2 for Windows XP is actually a significant upgrade for Microsoft's OS, delivering much-needed security enhancements. We highlight the key changes.
3%
5%
Set and forget is a brilliant thing. Many of the recent outbreaks would have been prevented if people used a set and forget virus solution.
My computers over the last 10 years have never been infected by a virus. (I am currently receiving around 5 netsky-d and z's a week), but it basically comes down to this. My computer was always checked daily from windowsupdate.microsoft.com and my virus scanner was also checked daily. Now, I dont need to worry because my computer does it for me, but I still check.
Virus writers have always looked for techniques of evading Joe Average's virus scanner. I remember one virus saved itself to the recycle bin because a lot of the virus scanners skipped that folder. Disabling an antivirus package is just another attempt,
These are my gripes about antivirus products:
1. Many antivirus products do not warn the user if they are being shutdown,
2. Antivirus products need to ensure that the registry keys etc are set so they are automatically started when Windows boots up. They need to save a MD5 or something for each file to make sure that the binaries are not substituted by some malware.
3. The process for renewing a subscription is often painfull, with click to renew links often broken, and demands for all sorts of information when renewing. It should be a quick process.
4. More warning needs to be given that an expiry date is approaching - I have used antivirus software in the past that just stopped updating, no message on my screen to say my subscription had expired.
5. Automatic Updates are often switched off by LAN managers who are sick of losing all their bandwidth as each machine decides it needs to download the same file. Much more work needs to be done in allowing a P2P style update distribution. Digitally signing each update would be an effective way of preventing tampering of the updates, and LAN managers would be much happier if they could stream the update to their network storage device and rely on each workstation to be up-to-date within an hour.