Anti virus strategy planning
Request a quote/Contact me
Everyone is certain of the value of a good virus checker these days. While you may not have had one yourself, we all at least know someone else who has had one. But what more is there other than installing an anti virus software?
Anti-virus is a strategy, rather than simply an application. All aspects could be considered when planning your strategy.
We've all heard the "experts" on television telling us that the best way to protect yourself against viruses is to have multiple anti virus applications installed on your machine, & they can name a couple of free
applications you can download. However, this is not at all correct. The key to remember is that unless the virus is exploiting a privilege escalation weakness - and this is rare indeed - the virus
only has the same access as the credentials of the current user. Consequently the best first step is to ensure your users are not doing their day to day work with local admin privileges. If your
users have admin privileges for day-to-day work, even the web browsing they do at lunchtime (and probably at other times...) puts your environment at risk.
Because people can download viruses & save them on the file server, or on the local machine (inside their profile) to lie in wait for the next admin user to log in to the machine, naturally a good anti-virus software is the next step to protecting your environment.
There are many good products on the market, & there are two main styles of anti virus scanning methods: Signature type & Sandbox type. A signature type anti virus looks for patterns within the file which matches against it's database of viruses. Unfortunately, to
recognize a virus it has to have it's database updated, meaning it is quite weak protecting against so called "zero day" viruses. Sandbox type scanners place the file into an isolated memory space to see what it will do, looking for virus-like activities.
Naturally it has a database of what is virus type activities, but because a lot of viruses do similar things, it offers limited zero day protection. Both of these systems use heuristics to improve their accuracy. Examples of signature based scanners is Symantec Antivirus
or McAfee. Norman Antivirus is a sandbox type Antivirus.
Your Antivirus application, whichever style you choose, should allow for real time protection as well as scheduled scans. Real time protection installs itself as a file system filter driver, and as such can scan files as they are saved to the file system, or as they
are read from the file system to load into memory or to copy elsewhere. This will remove a significant proportion of the viruses seen in your environment. Scans are helpful to ensure what viruses do make it onto your machine
don't lie there dormant waiting for the next victim.
Ideally, the antivirus system you choose should have a form of centralized management & reporting. This allows for the definitions to be downloaded once from the internet & be distributed internally by the "parent" server, rather than each client
downloading them individually - saving you bandwidth. Centralized threat reporting is extremely valuable for examining your threat history & analyzing trends. Most management servers also allow you to discover unprotected machines on your network
& remotely deploy the software to them. It also helps you maintain the updates to your software centrally.
Corporate policy needs to be the next step in protecting the environment: Will you allow vendors to plug in to your network? Non-employees plugging in to your network is a primary source of viruses. Will you allow your employees to take their laptops home for the family
to use? Children tend to be less responsible in their browsing habits & often infect machines! What about USB memory devices & CDs etc brought in from outside? It always surprises me the number of viruses people burn to CD!
An often overlooked corporate policy is: Will you allow your mobile users to go to other companies & plug on to their network? What happens if one of your employees infects a customer's network? The risk of
liability suits in this scenario is very real
While implementing a good anti virus strategy is not difficult, there are some very definite traps. I have experience with anti virus solutions within high security environments. Please contact me for assistance in your anti virus planning.