WARNING: This site is intended for online use only; mass-downloading of pages degrades the server and is prohibited.
If you attempt to use tools to mass-download the site, you may be blocked permanently by automated software.
If you want to read this CertiGuide offline, please use one of the links on the left to purchase a convenient PDF copy. Thank you.

Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Test yourself better with 300 extra Security+ questions!
Get It Here!

Google
Web CertiGuide






Table Of Contents  CertiGuide to Security+
 9  Chapter 1:  General Security Concepts (Domain 1.0; 30%)
      9  1.5  Malicious Code

Previous Topic/Section
1.5  Malicious Code
Previous Page
Pages in Current Topic/Section
1
2
Next Page
 1.5.2  Trojan Horses
Next Topic/Section

1.5.1  Viruses
(Page 2 of 2)

Managing and Preventing Virus Infections



Numerous measures can be taken to prevent, contain and perform damage control on virus infections on your network, including:

Enforcing a policy that users must run anti-virus software on their workstations (if some users complain that they don’t want to run your organization’s standard anti-virus software xyzzy because it locks their computer up when they try to run program frobozz, don’t let them out of the anti-virus utility requirement… find another one for them to try). Common packages are Symantec’s Norton Anti-Virus102, McAffee VirusScan103 and Grisoft AVG AntiVirus104

  • Virus-scanning all incoming email automatically, to guard against attachments that contain viruses being received and then opened or run by users

  • Require users to use software which does not include macro capability, or require users to save files in formats not supporting macros (for example, Microsoft Word can save files in .rtf format, which doesn’t support macros, as well as in .doc format)

  • Change PC boot sequence in CMOS to always try to boot from the hard disk first, so that a floppy carrying a boot sector virus won’t infect a workstation’s boot sector (and thus infect that PC)

  • Set email clients to not automatically open attachments of certain types (like .EXE)

Wise Users Are Paranoid

Instruct users to check with the system administrator before opening an unfamiliar type of email attachment, any attachment they did not expect to receive, and any attachment from a user they do not know, as it could contain a zero day virus105. (Companies spent hundreds of thousands of dollars removing the ILOVEYOU virus from computers, when thousands of users opened a “Love Letter For You” that claimed to be from a familiar user. You see, it looked “just plausible enough,” and it’s those “just plausible enough” lies that are the most believable.)


A virus is almost guaranteed to get through your defenses eventually no matter how careful you are – perhaps because it was just released out into the wild 6 hours ago, and your anti-virus software does not recognize it, and thus didn’t stop its entry into your network. And then, once it’s been discovered, you may or may not have software that will remove it safely, since some viruses are so destructive that they cannot be removed without deleting all infected files. Taking on a task like this is expensive. The average cost in 2003 was almost $100,000 USD106 . (And you thought getting Security+ certified is expensive).

In that case, what will save you is a good, recent backup. If you are on a company network which features standardized clients (same type of PC, same OS and applications, etc.), a “Norton Ghost” style disk image program may allow for quick recovery in the case of multiple infections.

Administrator, Survey Thyself

What anti-virus program(s) is in use on your network? Is it installed and enabled on all systems? Have you found alternate anti-virus programs that work for those users who absolutely insist they cannot get their work done if the standard anti-virus software is installed on their computers, or are you letting them slide without an anti-virus program and just hoping they won’t get a virus?



 __________________

102. http://www.symantec.com

103. http://www.mcaffee.com

104. http://www.grisoft.com

105. A “zero day virus” is a virus not yet known to be in the wild, and you’re one of the lucky first people to “discover” it.

106. http://news.com.com/2100-7349_3-5176420.html?part=rss&tag=feed&subj=news

Previous Topic/Section
1.5  Malicious Code
Previous Page
Pages in Current Topic/Section
1
2
Next Page
 1.5.2  Trojan Horses
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $


Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.