Handbook of Local Area Networks, 1998 Edition:LAN Security Click Here! Search the site:   ITLibrary ITKnowledge EXPERT SEARCH Programming Languages Databases Security Web Services Network Services Middleware Components Operating Systems User Interfaces Groupware & Collaboration Content Management Productivity Applications Hardware Fun & Games EarthWeb sites Crossnodes Datamation Developer.com DICE EarthWeb.com EarthWeb Direct ERP Hub Gamelan GoCertify.com HTMLGoodies Intranet Journal IT Knowledge IT Library JavaGoodies JARS JavaScripts.com open source IT RoadCoders Y2K Info Previous Table of Contents Next SUMMARY As long as there are hackers inventing new forms of maliciousness, no antivirus vendor can guarantee that their products will completely eliminate viruses. However, there are advanced products that come very close to providing the ideal defense. Knowledgeable implementation of advanced protection strategies and products can prove an effective deterrent to viruses in the short and long term. Strategies for Virus Prevention The first priority for an antivirus strategy is that any defenses put in place must be used. Many approaches emphasize end-user convenience to the point of rendering defenses useless. A company can, however, set up antivirus software on its LAN servers so that each time a user logs in, the program checks for its own presence on the user’s workstation. If the antivirus software is not present on the workstation, the program loads itself onto the PC and scans the PC’s hard drive before allowing the user to continue. If the program finds an earlier version of itself, or a modified version of itself on the workstation, it loads the newer, clean version onto that workstation and scan. The entire process happens rapidly enough not to harm user productivity. Many users do not even notice it happening. This approach is far preferable to that of programs that depend on users remembering to scan periodically. Such programs leave holes in a system’s defenses every time even one user forgets to scan. Users are often tempted to skip scanning, especially if the scanning process is slow. This adds an even more haphazard quality to network defense. Antivirus software should offer an unobtrusive way of forcing users to keep their machines clean. Repelling Viruses Proactively An antivirus strategy should be proactive. It should detect and repel viruses before they infect anything on the system. A signature scanner working as the sole defense of a network can do nothing more than occasionally report bad news. The ideal system must be able to stop boot viruses before they infect and must be able to remove all viruses without necessarily knowing the virus. Proactive antivirus software provides signature scanning as well as multilevel generic detection, a TSR approach, and behavior blocking to remove viruses that are known and unknown. Comprehensive Security Some antivirus software scans only for the 200 most common viruses, which account for the majority of infections. Protecting a system from these common viruses may offer sufficient protection, because the likelihood of infection by another virus is quite slim. However, the ideal system is not one that usually works, or hardly ever misses a virus, but one that seals off every conceivable intrusion point. In addition, viruses tend to spread in a regional fashion, turning up much more frequently in one particular country or geographical area than other areas. If a virus common in a particular region is one that the software perceives as uncommon, the scanner could miss the virus. This is especially threatening in companies that have international offices. Effective antivirus software uses a combination of traditional and proprietary heuristic techniques to ferret out even the trickiest viruses, Trojan Horses, and logic bombs. Scanning alone is not sufficient. The most effective antivirus system should use the latest generation of defenses in concert. Automatic Logging Antivirus systems should document any security events that occur so that managers can stay informed about threats to their defense system. Documentation should include log-ins, log-offs, program execution, and a separate log of failed log-in attempts. Effective antivirus software should also require password entry upon any boot-up and prevent access to hard disks any other way. After a period of inactivity at the keyboard, a time-out feature should inhibit input from the keyboard and mouse. Documentation and automatic logging requirements help management restrict physical access to workstations, which is vital to maintaining a protected environment. Previous Table of Contents Next Use of this site is subject certain Terms & Conditions. Copyright (c) 1996-1999 EarthWeb, Inc.. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of EarthWeb is prohibited. Please read our privacy policy for details.