Close encounters of the virus kind

Computer viruses may be unavoidable, but anti-virus software, proactive management, and user training reduce the danger of infection.


You Can't Detect What You Can't See: Illuminating the Entire Kill Chain

On-Demand Webinar

(Page 1 of 3)

Even the healthiest people sometimes get sick. And even the best-protected companies can catch a virus. As with human health, the true test of a network's well-being comes in how quickly it fights off or recovers from an illness.

To keep computer viruses, worms, Trojan Horses, and other nasties that fall under the umbrella title of "malicious code" away, most companies simply deploy anti-virus software.

But what happens if the anti-virus vendor gets sick? Just ask Symantec Corp., of Cupertino, Calif. Earlier this month, the company received a message from hackers threatening to unleash a worm via e-mail. Luckily, employees in the Netherlands perceived the threat quickly. Executives in San Jose then deleted the message and repelled the infection with Symantec's security software, says company spokesperson Richard Saunders.

AT A GLANCE: Willamette Industries Inc.
The company: Based in Portland, Ore., Willamette Industries grows trees, harvests them, and makes paper and wood products. The company employs 14,000 people in over 100 manufacturing sites and 150 facilities worldwide, ranging from single-person offices to the 5,000-person corporate headquarters in Portland.

The problem: Periodic attacks from "malicious programs," including both computer viruses and worms.

The solution: Anti-virus software from Symantec Corp., which runs on servers, e-mail gateways, and desktops to intercept potential infiltration. Almost daily updates via the Internet provide up-to-the-minute support.

The IT infrastructure: Approximately 4,000 computer users run Windows95--about 80% of whom use Compaq Computer Corp. desktop computers, while 15% to 20% use IBM laptops. The firewall is a combination of a Cisco router and an unspecified Linux box running homegrown software. Willamette uses a Compaq ProLiant mail server, and the PCs run Microsoft Mail. Each site has a LAN attached to the company intranet through dial-up and T1 connections.

The lesson to be learned is that no network--no matter how secure--is totally immune. And while the best option is to avoid computer viruses, the next best alternative is to know how to quickly recover, as Symantec did, when your network does get sick. Remember to be aggressive. Deploying anti-virus software is a good start. Establishing and implementing a set of best practices and policies should be next on your agenda. If your network is compromised, having a plan can save time and a lot of headaches in the IT department.

Willamette Industries Inc. has taken this lesson to heart. The $4 billion integrated forest products company based in Portland, Ore., uses Symantec's integrated Norton AntiVirus product, combined with regular updates, careful inspection of all incoming files, and end user education. This system has made for a more secure environment.

Despite these checks and balances, the company earlier this year caught the Melissa virus. A macro virus that made the rounds in March by getting into users' systems through a Microsoft Corp. Office document, Melissa then replicated itself, and sent out copies via e-mail using Microsoft Outlook. Melissa propagated itself up to 50 times with each user it successfully infected. According to a recent survey conducted by Icsa Inc., a Reston, Va., provider of Internet security assurance services, there were 7.6 infections per 1,000 PCs during the week Melissa was released. The chance of encountering Melissa was around 30 per 1,000 PCs per month. Of the almost 5,000 PC users surveyed during or after Melissa, 3,650 reported having been infected.

Melissa managed to infect two servers at Willamette, one at corporate headquarters and one in a branch office in the Southwest, according to Robert Woods, PC systems manager for the company. "A few of our servers were slowed down by the volume of mail, but it was more of an annoyance than anything else," Woods says.

Fortunately, the impact was minimal because IT officials identified the problem, isolated the systems, and got them fixed quickly.

Press and Internet warnings had alerted Willamette to the virus. "We were aware that Melissa was a possibility, so we sent out a notification to all users via e-mail, telling them what to look out for and reminding them of the policies we had in place," says Woods.

Willamette's early warning system kept Melissa in check until a cure was found. As a result, IT officials watched the virus--mostly inert--in its system for about two days, until Symantec issued the "inoculation" that would scrub the virus out. It was distributed, and that was that.

In 1993, the federally funded Computer Emergency Response Team handled 1,334 incidents. By 1998, it was up to 3,734 incidents, and in the first third of 1999, the number was 1,795.
Thus, quick response on the part of the company and the supplier averted what was for other companies a period of costly downtime. "Damages from viruses can range from mere annoyance ... to the obliteration of critical data resources," says Bill Pollak, a spokesperson for the federally funded Computer Emergency Response Team (CERT) Coordination Center at Carnegie Mellon University, in Pittsburgh.

Enough to make you sick

Know your enemy
Types of "malicious software"
Virus: A computer program that makes copies of itself and needs a host program. It may be destructive, but that isn't the primary goal of the program. It may try to hide to avoid detection.
Worm: A computer program that copies itself from one computer to another. It doesn't try to hide, and doesn't need a host. Typically, it spreads through a network.
Spam: A mass e-mail mailing, which can clog up a system almost as much as a worm. More annoying than dangerous, spam wastes time and systems resources. It can often be filtered out by the corporate server or firewall.

Other sniffles
Bug: Programming error that causes computer software to misbehave--or, more often, not work at all. Bugs are not intentionally malicious, but can cause damage nonetheless. Also, virus writers can sometimes exploit known bugs for their own purposes.
Virus hoax: A message warning of a nonexistent virus. These warnings propagate quickly, like all rumors. They frequently spread over e-mail. They cause panic among users and force IT to waste time squelching the rumors. Some anti-virus vendors are considering adding known hoax e-mail filters to their software.
Spam: A mass e-mail mailing, which can clog up a system almost as much as a worm. More annoying than dangerous, spam wastes time and systems resources. It can often be filtered out by the corporate server or firewall.
The use of the term virus is somewhat inaccurate, since a computer virus is only one of several types of malicious programs that can wreak havoc with a company's network. But colloquially, virus can be used interchangeably with mal-ware, or malicious software.

"A virus is any type of malicious code that can be used to cause disruption of the information infrastructure," according to a spokesperson for the Defense Intelligence Agency (DIA), which is part of the U.S. Department of Defense. "The disruption can entail attacking the system's integrity, circumventing security capabilities, and causing adverse operation action, or exploiting and taking advantage of the information system."

Viruses are classified by the way they infect systems, says CERT's Pollak. File viruses attack executable files, boot viruses infect boot sectors of hard and floppy disks, and macro viruses are data files written to exploit the macro commands available to Microsoft Word and other applications.

Today, 80% of all viruses are macro viruses, according to Carie Nachenberg, chief researcher for Symantec's Anti-virus Resource Center. "It used to be the floppy disk, but today, a machine can get infected surfing the net, or from executables from Usenet [news] groups."

"It's way beyond the benign stage," adds Michael Erbschloe, vice president of research for Computer Economics Inc., an independent research firm in Carlsbad, Calif. According to the company's survey of about 2,000 customers using computers, from which it received about 150 responses, Erbschloe figures that companies worldwide lost $7.6 billion in the first half of 1999 because of computer viruses--that's more than five times the losses for all of 1998. "That includes about $1.4 billion to clean up results of the virus," he explains. "And the rest was lost productivity."

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.