Immunity impossible so minimise exposure

02/09/2003 - 22:00


Upgrade your subscription to use this feature.

In a follow up to her story on computer worms and viruses, and the differences between them, Alison Birrane this week looks at strategies to prevent and minimise attacks.

THE havoc caused recently by the MS Blaster, Welchia and SoBig.F worms highlighted not only the vulnerability of computer systems, but also the vigilance required to prevent and minimise such attacks.

While there is no sure-fire way to prevent a worm or virus attacking a computer system, there are various strategies that can be employed to reduce the likelihood.

These strategies will differ depending on the type of system, the size of the network, and whether a personal or work computer is in use.

There are also some low-cost, commonsense strategies that can be employed to prevent a virus or worm spreading from a home computer to the corporate network, for example, via a laptop computer.

Curtin lecturer in Information Systems Paul Worthington said there were two main strategies that could be employed by a business to minimise its exposure to a computer worm or virus.

Mr Worthington, who is also studying for a PhD in virus risk management, said the first strategy was to ensure the latest Microsoft updates and patches were installed immediately — users can choose to have the Windows automatic update switched on.

Secondly, Mr Worthington said it was crucial to ensure that the latest anti-virus technology, such as McAfee or Norton Anti-Virus, was up-to-date and that the definitions were correct.

Edith Cowan University Information Security manager Sue Kennedy said there were additional low-cost strategies people could employ to safeguard their individual machines.

Ms Kennedy also suggested looking at intrusion detection and prevention systems, because while these may not have a patch for a new virus or worm, they will look for anomalies in files entering the system and could provide early detection of files containing malicious code.

She said the Welchia worm was one of the worst so far in that it bypassed many perimeter levels of security.

“If you didn’t have a virus checker on your desktop, you got infected,” Ms Kennedy said.

With this in mind, using a personal firewall on a PC as an additional security layer over and above network and company firewalls could also provide another level of security from a self-installing program.

Personal firewalls are often low cost or free if they are used on personal or home PCs, but installing them at home could prevent a virus being transferred from a personal to a work computer.

For example, a virus can be transferred if an employee takes a laptop home and plugs it into their home ADSL connection, where it may become infected with the absence of a firewall. The virus or worm can then be transferred to the corporate network when the laptop is returned to the work place and plugged in.

Personal firewalls, such as Symantec’s ‘Norton Personal Firewall’, Zone Lab’s ‘ZoneAlarm Pro Protection’ or Tiny Software’s ‘Tiny Personal Firewall’ are available on the Internet.

Ms Kennedy also suggests considering the use of anti-spyware software such as SpyBot, which can be useful in removing self-installing programs that may contain malicious code.


Subscription Options