S 2.159 Updating the computer virus scanning programs used

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: Head of IT Section

Where IT systems are equipped with computer virus scanning programs, these programs must be updated regularly so as to ensure reliable detection of new computer viruses. To do this, a procedure must be laid down to specify responsibility for and procurement and distribution of the updates.

At the time of procurement of a suitable computer virus scanning program (see S 2.157 ), attention should be paid to the need to update it at short intervals (no greater than 6 months). As virus scanning programs are also updated for specific reasons, for example because of the appearance of new viruses, the person responsible for the problem of viruses should check with the software producer for information on updates on a regular basis (at least once a week).

The BSI has set up a mailing list for fighting computer viruses for Federal authorities. Up-to-date information about virus problems is distributed to members of the mailing list. In cases of an extremely serious virus danger, in future a virus warning will be issued. Special drivers to deal with new viruses not yet detected will also be distributed over this channel. Staff working for Federal agencies can join this mailing list over the IVBB Intranet under http://www.bsi.ivbb.bund.de/antivir/mailing.htm or else by sending an unstructured e-mail to antivir@bsi.de.

When updates to the computer virus scanning program are distributed, steps must be taken to ensure that the updates are indeed loaded promptly onto the IT systems. If this cannot be performed automatically (in the case of networked IT systems), the update should be made available to the relevant IT users quickly.

Because virus scanning programs are updated so frequently and tested within very tight timescales, they are susceptible to error and must be tested in actual operation before release or installation (see also S 2.83 Testing Standard Software). When updates are installed, particular care must be taken that the existing configuration of the computer virus scanning program is not changed by preassigned parameters. For example, an update could cause a previously resident computer virus scanning program to be switched to an offline mode.

In addition, steps must be taken to ensure that computers which are not allocated to any individual person and are not networked, for example laptops, are also supplied with updates.

Additional controls:

• Were the copies created for distribution of the updates made on an IT system which was demonstrably virus-free?

• How long does it take to disseminate an update throughout the entire institution?

• Are occasional checks made as to whether updates have been implemented?