Are you prepared for the next globe-sweeping virus? What about your users? In his recent article, “Use all your firepower when fighting a virus,” TechRepublic contributor David Williams explained how he reacted when the recent AnnaKournikova virus attacked his company’s network. While Williams was able to clean his infected Exchange system with Symantec’s antivirus software, some TechRepublic members suggest using other methods for dealing with menacing e-mail bugs. This article highlights some of these approaches so that you can better prepare for the next threatening virus outbreak.
Stop suspect files at the gate
If you see an .exe or .vbs coming into your network, beware. In many cases, these extensions are telltale signs of a damaging virus. When AnnaKournikova and Nakedwife were infesting networks across the globe, jelliott protected his organization’s network with ScanMail from TrendMicro. Jelliot set ScanMail to block all .exe and .vbs file extensions, in addition to other “nuisance files,” such as .mp3, .mpg, and .wav.
In addition to ScanMail, McAfee’s GroupShield is another software product that allows an administrator to block specific file extensions. According to member mstrfsh, GroupShield “allows extension filtering without any regular edits or reboots. We don’t let .exe or .vbs files in. Never. No exceptions. And we have had no outbreaks since doing this.”
Member bill_warren has found that because Microsoft Outlook executes .vbs files, it’s particularly vulnerable to a virus attack. According to bill_warren, Microsoft has released an Office 2000 patch that will nip any .vbs or .exe extensions in the bud. Matthew Damp claims that the Microsoft patch stopped the AnnaKournikova virus from infecting a client’s laptop.
While installing detection software is a necessary step to protect a network from viruses, users themselves can help to prevent virus outbreaks as well. Getting users on the same page can prevent viruses from propagating throughout the network. For instance, although .exe files can contain threatening viruses, they do have some legitimate uses in certain instances. Member selftaught & streetwize often needs to send or receive .exe files, but coworkers know these messages are safe because of a standard, organization-wide procedure. All .exe files “are accompanied by a phone call with a description and file size or [the messages are] confirmed before executing.”
In addition to this procedure for .exe file transmission, selftaught & streetwize recommends inserting a “signature element,” such as the sender’s initials, into the subject line so a recipient sees that the message has been sent manually.
Because viruses are relatively infrequent occurrences, end users’ virus awareness is likely to come and go. The less tech-minded the user, the more likely he or she will let his or her guard down. Many members believe that it’s the IT staff’s responsibility to educate and remind users of the dangers of unsolicited file attachments.
Francis Mahon suggests that a good way to periodically remind users of these dangers is to distribute an industry standard test file from eicar.com. Mahon says that the test file is completely harmless to the network, and it’s a surefire way to keep the threat of viruses fresh in users’ minds.
Member Dave Dickens likes the idea of eicar.com and recommends sending different versions of the same file attachment to test both users and software. Dickens suggests a kind of virus drill in which the entire organization participates.
“Low-cost rewards could be handed out to the first people to report the ‘virus’ in each department. Other rewards could be handed out to those people who aren’t caught by the ‘virus.’
Are you prepared for the next plague?
How safe is your network from the next AnnaKournikova or Nakedwife virus? What do you do to keep users abreast of the dangers of file attachments? Join the discussion and share your thoughts.