The Moulton Company 2003 Publications
Malware the Scourge of Enterprises
Similar to the World's focus on SARS, IT Personnel must be constantly on the lookout for Malware or malicious software. About seven out of ten of our service calls are due to an infestation of malicious software. In the past 15 years malicious software attacks on PCs and Networks has increased exponentially in both volume and rapidity of infestation. Most current malware spreads 1,000,000 times more rapidly than SARS. In the 1980's virus infections spread in months. Code Red spread in a day and current virus infections can impact tens of thousands of Internet connected computers in hours and minutes. Current active virus infestation statistics can be found at http://www.trendmicro.com/map/. When I viewed the statistics, the LOVGATE.F worm had infested almost 80,000 PCs in the USA in the last 24 hours.
Malware is most often referred to as a virus. The strict definition of a virus is malicious software that self propagates and hides inside another program. Worm programs are more common today. A worm also self propagates but it assumes the name of a seemingly important Windows or application program and does not hide inside another program.
The impact of a virus or a worm in the hapless Windows or Macintosh PC user is similar. Their computer begins to behave erratically; virus scanning software is blocked and malfunctions; and the computer slows to a crawl. This just drives PC users frantic. Today's malware is designed to irritate but sometimes it can be more vicious. In one case the malware wiped the entire contents of the disk drive causing the PC user to loose all their data, the Windows operating system, and the application programs. Although it is sometimes a good idea to wipe a PCs disk drive and reinstall all software, it is unpleasant to have to perform this procedure unexpectedly with no preparation.
Malware can be passed to a PC in a variety of forms. Essentially, some type of computer program, macro commands, or script is required to execute on a PC to infect it with malware. Scripts, macros, or programs can be imbedded in executable files (EXE and DLL files), screen savers (SCR files), MS Office Documents (DOC, VBS and XLS files but not RTF files), and more rarely Web pages (HTML, ASP, JS, and XTML files). The most common malware propagation methodology is an e-mail attachment. The e-mail itself does not infect the PC, but opening the attachment does infect the PC. Some programs can open attachments automatically while most do not.
Enterprises most at risk are those with from 3 to 50 computers with a network. IT departments in larger organizations maintain Symantec or McAfee virus protection software on their e-mail servers. This catches most viruses before they are received by employees and inadvertently opened. Virus scanning software on enterprise servers keeps infected files from spreading to other enterprise PCs. However, the cost of licensing this software is expensive albeit less costly than the disruption to enterprise operations that a malware infestation can cause. Most virus scanning software is equally effective when configured properly because the virus identification files or signature files are shared and certified by ICSA Labs (http://www.icsalabs.com/html/communities/antivirus/index.shtml), an antivirus software developer's consortium.
This brings us to the focus of this article or "the news that you can use". What can cheaply be done to protect an enterprise against malware? There are many things that prepare an enterprise to recover from a virus infestation or prevent a virus infestation. One simple approach to preventing virus infestations is to use RTF as the MS word common document format. This format does not use macros or scripts so the document sizes are larger, but malware code cannot be imbedded in the document.
Another step is to use inexpensive virus scanning software on every PC and update the virus identification signature files daily. Inexpensive virus scanning software can be found for both servers and clients at http://www.grisoft.com. Grisoft licenses a single use home PC AVG virus scanning software for free provided you register and receive an unlocking code via e-mail. Professional and server versions of the AVG virus scanning software have one time licensing fees that were substantially lower that the annual licensing fees of competing products. For example, a 10 user license for AVG Multi-license is $210.00. Ten licenses of AVG server software is $126.00. The licenses can be readily bought on-line from Grisoft. Grisoft's AVG software is ICSA Lab certified. The trick with AVG software is to configure it so that effectively detects the latest viruses.
The last inexpensive procedure to follow is to weekly install updates to your Windows operating system. The critical updates close Windows vulnerabilities to attack from the Internet. The first time that Windows is updated it can take several hours particularly over a dial-up connection. After the initial update, a weekly update might only consume minutes. This is still somewhat of a bummer!
This article has identified and described the malware threat to enterprises. We then looked at how a small enterprise could inexpensively prevent a malware infestation. This is not all that should be done, but it is a substantial start on securing the computers in a small enterprise. This is the first article in Dial-A-Nerd "news that you can use"!
(c) 2003 Copyright P. D. Moulton. All rights reserved.This article was published in the May 2003 Business Monthly.
Pete Moulton is the nerd at Dial-A-Nerd services and The Moulton Company. He has worked with PCs since 1981 and networks since 1985. Pete has authored the Prentice-Hall books: "A+ Certification and PC Repair Guide", "The Telecommunications Survival Guide", and "SOHO Networking". Contact Dial-A-Nerd services and The Moulton Company at 410 988-9294 or visit the web sites www.DialANerd.com or www.MoultonCo.com.