A review of new software products that can make a big difference to your business

Attack of the virus killers

How to defend your computer against viruses, worms and other pests of mass destruction

By Michael Burns

One person's misfortune is another's golden opportunity, says the cliché. So goes it with computer security. Whenever a new virus hits, business is brisk for the market leaders in antivirus protection – Symantec's Norton AntiVirus and McAfee's VirusScan. Every year, 30 million Symantec customers renew their Norton AntiVirus subscription. Sure, the hackers might have some fun, but it's Symantec and McAfee, as well as other antivirus developers and security consultants who get the most out of each new virus attack.

Viruses aren't the only concern. There are also worms that don't wait for a human being to send e-mail – they propagate on their own over a network. And then there's the Trojan horse, which installs "backdoor" access to a computer so a malicious person can take remote control of the infected computer.

Last year was particularly pestilential, with BugBear.B, Blaster, Slammer, Sobig.F and Swen winding their way into millions of computers. This year looks like it could be even worse, with MyDoom becoming the fastest-spreading worm ever in January.

The problem might get worse before it gets better. So what is a hapless computer user to do? For starters, deleting suspicious-looking e-mail would help a lot. But people are trigger-happy when it comes to e-mail. And even if they were more cautious, they would still be open to attack.

So what else can you do? Well, you can keep up with the most recent downloads of virus definitions. But that won't ward off new viruses that have not yet been spotted and blocked by the antivirus developers. That's why you also need a firewall. A firewall could have stopped the Blaster and Welchia worms that hit last year before the antivirus program was updated. It could also block MyDoom from sending unwanted e-mail, which was its mission in life.

Symantec suggests a five-pronged approach to security:

1. Firewalls screen the information entering and leaving a network to help ensure there is no unauthorized access to computers and/or the network. Intrusion detection notes unauthorized access and provides alerts and reports that can be analysed for patterns.
2. Content filtering identifies and eliminates unwanted traffic.
3. Virtual private networks secure connections beyond the perimeter, allowing organizations to safely communicate with other networks across the Internet.
4. Vulnerability management uncovers security gaps and suggests improvements to a network's security.
5. Virus protection guards against viruses, worms and Trojan horses.

The security developers are moving from a reactive to a proactive approach. Both McAfee and Symantec send alerts to organizations on security threats and offer tools to enforce security policy and monitor incidents. With Intrusion Protection, both systems analyse data packets for anomalies and block suspicious e-mails that could contain an undiscovered worm. However, some worms (such as MyDoom) do not look suspicious and will go undetected.

McAfee provides a management console to enforce compliance to security policies. If an attempt is made to turn off security, the system will automatically turn it on again. The company's ThreatScan monitors unprotected machines on a network and reports if there is open sharing of files. (Even if you want to share the files on your PC temporarily, you should not leave the files/folders as shareable). The system will also advise whether the computers on the network have applied the appropriate service pack levels and security patches.

Applying the latest security patches is an article in itself. At the time of writing, Microsoft had just released three new security updates to patch new vulnerabilities, including one rated as critical because it has the potential to leave users of Windows NT, 2000, XP or 2003 Server open to an attack that could result in remote code execution. At the moment, Microsoft says there are no reported incidents regarding the vulnerability, but recommends the patch as a preemptive strike.

McAfee's VirusScan identifies viruses, worms and Trojans. It automatically scans inbound (POP3) and outbound (SMTP) e-mail and attachments for most popular e-mail clients, including Microsoft Outlook, Outlook Express, Netscape Mail, Eudora, Pegasus and others. VirusScan also includes Instant Message Scanning and detects spyware (code that is put in a computer to secretly gather information about the user and relay it to advertisers or other interested parties). McAfee's firewall system detects and stops hacker threats and its SpamKiller blocks unwanted e-mail.

Symantec's Norton Internet Security 2004 Professional includes AntiVirus, Personal Firewall and AntiSpam protection in an integrated suite targeted at nontechnical users. Symantec's Norton SystemWorks 2004 Professional provides tools to maximize PC performance, defend against viruses, optimize hard disks, manage passwords, recover from system problems, remove unneeded programs and back up information.

For support, both firms offer a wealth of information on their websites. But be ready to spend money to talk to someone about your problems. Not surprisingly, free assistance is a thing of the past for these companies. Imagine trying to deal with millions of customers asking basic, time-consuming questions that often have nothing to do with the software and more to do with the configuration of their PCs. McAfee charges callers US$2.95 a minute after the first two minutes. Symantec charges US$29.95 per incident. Ouch. Unfortunately, many of us are forced to do our own research and end up learning far more about security than we ever wanted to know.

Michael Burns, MBA, CA, is president of 180 Systems (http://www.180systems.com), which provides independent consulting advice in the selection of business systems. Michael can be reached at 416-963-1296 or by e-mail at mburns@180systems.com