Virus Defense

An organization here in Minnesota recently hired a new CFO. A few days into the new job, the CFO received an e-mail from his wife with the subject line, "Check This." Since the message was from a trusted source, he innocently launched the attachment. When his screen filled with pornography, he called his wife and asked what was she sending him? She wasn’t aware that she had sent anything.

You know the rest of the story.

Before the CFO could finish the conversation with his wife, everyone in his organization received an e-mail from the CFO with subject, "Check This." They all read the message and also launched the attachment, and then experienced the shock of looking at a porn image sent by their new CFO. Unwittingly, they all passed along a copy to everyone else. Before long, everyone in the organization had dozens of copies of the e-mail in their inboxes. Even worse, since some had e-mail addresses across the Internet in their personal address books, they also passed the worm along to unsuspecting friends.

As I write this, the ILOVEYOU virus is circulating the globe. From the sketchy reports I’ve heard, this worm sends a copy of itself to everyone in a recipient’s address book, then replaces all JPEG, MP3, and possibly other files on the local system with a copy of itself. It also tries to download some password stealing code on infected systems from a few Web sites across the world.

The world is full of pimple-faced kids with nothing better to do than penetrate your network. It seems like every day, security becomes more important than the day before. We put ourselves in peril if we take these issues lightly.

I recently set up virus protection for a customer, and I learned that virus protection is complex and sometimes frustrating, especially at the organization level. I realize virus protection is not a complete security solution, but I would like to see Microsoft take a few simple steps to eliminate some hassles.

We selected Symantec’s top-of-the-line virus protection product, Norton AntiVirus Enterprise Solution 4.0. It includes virus protection for every kind of email system, firewall, LAN, and desktop I can think of in the PC community.

The product is packaged well, the documentation makes sense, and installation went smoothly. Only when setting it all up, however, did it dawn on me how complicated this all is. No amount of good packaging and documentation can eliminate the complexity. Viruses can enter a network from several points, including floppies, e-mail, browser downloads, and CDs -- each entry point must be protected. New viruses appear all the time, which means organizations need some means of ongoing support to download and deploy the latest virus signatures.

Even with the best virus protection, networks can still be compromised by new viruses and other security threats. Educating users seems to be the best method available right now. But with millions of users, the odds of at least one unwitting user activating a virus or worm are pretty certain.

I’m just a skinny bald guy from Minnesota, but I think Microsoft can help by giving us a few simple tweaks. For example, in the Explorer and My Computer displays, show all files and file extensions by default, even files registered as belonging to some application. That alone could alert a savvy user to files named "LOVELETTERTOYOU.TXT.VBS." Why do we need filenames with multiple periods anyway? It might make sense to enforce some syntax on filenames, or at least warn users about file names with unusual syntax.

Next, give system administrators a method to disable e-mail clients from directly executing any EXE, BAT, VBS, or other such files. Turn this measure on by default and make administrators take some action to turn it off.

Along the same lines, provide a means to enforce macro checking in the Office suite, regardless of what any document template says. Even if a virus turns off macro checking in the default document template, give the system administrator the option to make the Office suite enforce it networkwide. Again, turn these security measures on by default and make administrators take action to turn them off.

Finally, change the default security settings when creating new files and folders. As shipped, Windows NT/2000 gives complete access to all users for new folders and files, and administrators must perform extra steps to limit this access. It should be the other way around. By default, only the creator/owner should have rights to files, and the system should force the administrator to take extra steps to widen the access.

With such simple precautions, we could eliminate many of the viruses sweeping the globe. How about it, Microsoft? --Greg Scott, Microsoft Certified Systems Engineer (MCSE), is Chief Technology Officer of Infrasupport Etc. Inc. (Eagan, Minn.). Contact him at gregscott@infrasupportetc.com.

Must Read Articles