In mid-February, a new virus, VBS_Kournikova, infected thousands of computers throughout the United States. While the motivation of the alleged 20-year old virus writer remains unclear, ZDNet (an authoritative source for technology-related news) reported the youth released the nasty deed to "teach" personal computer users to follow better antivirus practices. Quite a noble objective, but perhaps somewhat misdirected.
Viruses Run Amok
As I thought about the recent computer virus outbreak, I recalled how this infection represented the current state of things. Today, an estimated 56,000 personal computer viruses are on the prowl, and this number is growing rapidly. About 80 percent of the latest viruses, such as VBS-Kournikova, are macro viruses. Macro viruses typically target specific software applications, such as Microsoft Outlook (MS-Outlook) and are designed to replicate themselves as email attachments sent to every address listed in the infected computer's address book. Once an unsuspecting user opens the infected email attachment, the virus is initiated and, depending on the particular virus, may alter your computer's hard drive and/or files.
Why Should We Care?
According to the ICSA Labs, a security research firm, the likelihood of an organization experiencing a major computer virus outbreak has doubled during each of the past five years. The organizational cost per virus incident is substantial and increasing. Besides the potential loss or damage to data and productivity, it takes a lot of time and resources to clean up infected personal computers and servers. If you consider the expected campus growth and the development of far more sophisticated viruses, the potential for increased reports of lost or damaged information and greater number of staff resources impacted by computer virus outbreaks is enormous.
What Can We Do?
What can we do as individuals to protect our data and personal computers from attack? Here are some suggestions for your consideration.
Precautions and Easy Fixes
- Use antivirus programs on your work desktops and home personal computers. The UC Davis Bovine Online CD provides inexpensive access (about $11) to Symantec's Norton Antivirus program. Faculty and staff may also purchase Norton Antivirus through Software Licensing. Norton is the most-used antivirus software on campus and can be run on most platforms (e.g., Mac and Windows 95/98/NT/2000). Licenses currently cost $8.50 each, run until June 2002, and are available to campus departments on the Jukebox. See http://slc.ucdavis.edu/slc/content/nav.html for more information.
- Keep both your antivirus programs and antivirus signature files (the "antibodies" residing on your hard drive) current. Updating one and not the other may affect the success of your anti-virus programs to identify and remove viruses. Many of the antivirus programs provide a mechanism to automatically schedule the downloading and installation of the updated signature files.
- Don't open email attachments from unknown sources.
- Don't open files attached to email messages with unusual subject lines. The VBS_Kournikova virus had a subject line of "Here you have ;o)" -- somewhat of an atypical subject. This suggestion should be followed even if the email message is from your relatives or best friends.
- Routinely scan transportable media such as floppy disks, Zip cartridges, and CD-R/CD-RW disks for evidence of virus contamination.
- Whenever possible, require the use of antivirus programs by University affiliated users (e.g., contractors and guests) connecting to the campus network.
More Technical Precautions and Fixes
(Note: If any or all of the following suggestions are Greek to you, consider seeking the help of your local computer resource specialist or departmental technical support coordinator, or give IT Express a call at 754-HELP.)
- Periodically review the application settings on your antivirus program. They should be configured to remove the virus infection, delete the infected file, or place the infected files into an isolated folder.
- Create a filter on your Internet email reader (e.g., MS-Outlook, Eudora) to automatically delete email that matches the characteristics of an infected message you have heard about through the grapevine, on your antivirus manufacturer's Web site, or in an email alert (e.g., filter for the subject line). This creative technique is a good approach for new viruses that have not yet been incorporated into antivirus vendor updates. (See sidebar on using Eudora's filtering capabilities.)
- Back up your files frequently to floppy disks, CDs, backup tapes, or Zip cartridges, and test the recovery capability of the backup. This will permit you to restore any virus-damaged files.
- If you suspect your computer has fallen victim to a virus, check the Web sites of antivirus program vendors, such as Symantec, McAfee, Computer Associates and Trend Micro. You should also be sure to check the campus Security Web site. This site is the central campus repository of resources on viruses and other security issues. Antivirus vendors support an extensive virus encyclopedia and discuss methods to identify and remove virus infections. In addition, these Web sites identify common virus hoaxes (warnings about a virus that doesn't really exist). Although a virus hoax is not dangerous itself, it may lull you into complacency (remember the "child who repeatedly called wolf?") and also may erroneously generate unnecessary virus warnings.
- If you can't find vendor information about a new virus, take a look at the National Infrastructure Protection Center (NIPC) Web site. The NIPC is a U.S. Department of Justice agency chartered to perform assessment and investigation of threats or attacks on critical infrastructure services. Warnings and advisories pertaining to new viruses are often reported by the NIPC.
- Activate antivirus application options where available. For example, Microsoft Word contains a macro virus protection option. In addition, Microsoft has released a security patch to MS-Outlook/98 and MS-Outlook/2000. The patch eliminates the capability for MS-Outlook to automatically execute email attachments. Keep in mind this MS-Outlook security patch does not include any capability to remove it later -- even if it interferes with legitimate email functions. To learn more about the patch and find a download source for this patch, go to Microsoft's Outlook Security Update and follow the instructions.
- If your computer has become infected and you need cleanup assistance or you have questions about the above suggestions, the consultants at IT Express may be able to help you. IT Express has a drop-in office in 182 Shields Library and can also be contacted at 754-HELP or ithelp@ucdavis.edu.
Working Together to Squash These Bugs
What can we do from an organizational perspective? An effective program to reduce the impact of malicious code requires antivirus controls at three tiers. Each of the three tiers addresses a different part of the problem:
- Desktop: tier handles viruses from disk exchanges and local infected programs and files
- Network Servers: helps to reduce the opportunity for re-contamination, as infected files are not permitted to remain on network servers
- Internet Gateways: typically scans inbound and outbound Internet traffic and removes infected files and email attachments
The campus antivirus program has focused primarily on the desktop tier. In my role as the campus IT Security Coordinator, I will promote moving beyond this single-tier focus to develop a more comprehensive program.
As the campus information security program moves forward to address issues such as malicious code, we will keep you informed of new developments. Stay tuned, and please send me your comments and suggestions for future columns on security issues at security@ucdavis.edu.
|
|
|