Chapter 15
Viruses

Computer viruses were first introduced to the computing community in the 1960s. Over the years, viruses have not only become more sophisticated in design, but their numbers have increased exponentially. At present, approximately 200 new viruses are written each month.

To protect a computing environment from viral infection, the computer security professional’s knowledge base should include a good understanding of computer virus types, how they behave, what they target, and the operating systems they work with. An understanding of the antivirus program prevention and detection techniques is also essential. This will help in evaluating the many programs available on the market, and in choosing those that best meet your organization’s needs.

A User’s Perspective

Before this chapter discusses computer viruses and their place in your information protection strategy, take a moment to consider what the users you are tasked with assisting or protecting “know” about computer viruses. These users have different levels of understanding about the computing tools they use each day. They have different perceptions of the risks involved in sharing information, whether that be over the Internet, on an internal intranet, or on a floppy. Some users may doubt viruses exist at all. However, most relatively experienced computer users have heard about computer viruses, or perhaps have known someone who claims their machine was infected by one. Some users believe they themselves (or more correctly, their data) have been the victims of a virus on a computer they have used. Consider the attention the media gives to virus-related issues, citing experts and warning about viruses with cryptic or malevolent sounding names. Computer savvy friends warn them about the latest viruses. Software manufacturers cite statistics showing rapid growth in the development of new viruses. E-mail messages arrive with warnings to not open particular e-mail messages or archived files.

Given this tidal wave of information, it’s no wonder that most experienced computer users are concerned about viruses. And they look to you and your organization to provide unobtrusive protection for their precious data. They may even look to you for guidance and education. It might seem overwhelming to both you and your users.

A Reality Check

Just to be fair, look at viruses from your perspective as an administrator or IT resource manager. The bad news, of course, is that viruses are real. You probably have been involved in some way with users whose machines have been infected by a virus, and you know what a pain it can be to clean up an infection and prevent it from spreading or reinfecting your computing environment. You are probably responsible to some level of management for the safeguarding of information assets, and yet you need to do this in such a way as to be as unobtrusive as possible. In other words, you may find yourself caught between the proverbial rock and a hard place.

The good news is that help is available. Tools can help an administrator detect, contain, and in some cases, repair the damage caused by viruses. User education can go a long way in preventing virus infection, and tools are available to help provide peace of mind to concerned users (as well as concerned administrators!) The purpose of this chapter is to help you understand the underlying techniques used by a virus, so you can better know the enemy!

This book provides you with a good, solid understanding of the issues and technologies involved with computer viruses. In addition, you may find a wealth of information on the Internet itself. Many antivirus software developers maintain web sites containing information about their products and news of interest to those concerned with viruses. Other individuals and organizations maintain web sites containing opinions about products and threats. Given the amount of information available, it seems wise to examine the opinions and credentials of those claiming to be experts before making decisions about purchasing or implementation.

Every computing environment should have an overall information protection strategy. This strategy should be drawn from the organization’s overall security policy, which serves to define the rules that govern the access, creation, and modification of information resources. In the context of virus protection, this strategy includes such issues as how viruses are prevented from infecting stand-alone workstations, workstations on the network, servers, and so forth. This may involve running more than one antivirus product on each workstation, and/or running an antivirus product on network servers.

This chapter, then, takes you on a detailed tour of computer viruses and their most likely targets, and recommends actions you can take to minimize the risk of viral infection. It also explains how different antivirus program strategies work to ward off infection and offers the best means to resolving the problems viruses cause.