|As I reflect on the state of computing over the past year, one of the
most striking concerns involves the amount of time that my colleagues and
I have had to spend in protecting the computers in our libraries. We've
expended numerous resources to combat viruses and protect our systems from
hackers--the number of actual attacks has been alarming. But our efforts
have paid off. We finished the year with little to no damage to our computer
systems. Read on to learn more about how to develop a successful strategy
for computing in an increasingly dangerous world.
What We're Up Against
I believe it's safe to say that computers are under attack, now more
than ever. As they've become more powerful, well-connected, and capable
of performing useful tasks, they've also become more desirable targets
and more efficient instruments for transmitting hackers' wares. The current
generation of desktop PCs has taken on many characteristics previously
held only by servers: powerful, multitasking operating systems, high-speed
network connections, and access to the Internet. While we appreciate the
tremendous computing power at our disposal, we must also be aware of the
Computer viruses earned their name because they resemble the biological
ones in many ways. Like a bad cold, they have the ability to move from
one victim to the next. The more a computer remains isolated, the less
likely it will be infected. Most viruses can replicate--a single copy of
malicious program code can eventually infect thousands of other computers
by making copies of itself on other host systems. Just like their biological
counterparts, computer viruses can attack their hosts, often in vicious
ways. They can delete files and damage critical system components. Data
can be lost and systems can be rendered unusable. Viruses that remain static
and unchanged can be identified, and cures or vaccines can be devised.
Unfortunately, many computer viruses have been programmed to mutate--to
change their behavior and markings just enough to make them difficult to
identify and eradicate.
Computer viruses have steadily become more sophisticated over the years.
The first generation involved file viruses that were most often transmitted
through diskettes. Most of these viruses could only be transmitted or activated
if the user booted from the disk or ran a particular program. Hackers soon
discovered that the boot sector on a diskette or hard drive is a convenient
means to store and transmit viruses. While these file and boot-sector viruses
were troublesome enough in their day, they spread at a fairly slow pace.
Such viruses were also platform-specific. Since they invaded executable
files, they targeted only one platform at a time: Windows, Macintosh, or
UNIX. Windows seemed to be the one most favored.
The current generation of viruses spreads more rapidly and finds a much
wider range of victims. While the early viruses depended on "sneakernet"
(the process of carrying floppy disks from one machine to another to exchange
information when you don't havea network) to propagate, the modern ones
take advantage of e-mail and other networked systems. A typical virus will
insert itself into a computer's e-mail program, exploit any available address
book, and send itself to all known recipients. Victims are no longer limited
to a single type of computer platform, as many applications have macro
languages that operate across computer types. Microsoft Word, for example,
has a macro language that functions under both Macintosh and Windows operating
systems. Malicious macros can equally attack either system. The presence
of scripting languages is also a great boon for the virus creator. A computer
with Visual Basic or Windows Script Host offers a powerful tool, not only
for its own user, but also for intruders.
Taking Defensive Measures
Although we recognize that our computing world has become increasingly
dangerous, the tools to combat these ills have also become more effective.
The antivirus software market has become a booming industry--one that's
dominated by a small number of large corporations. And don't expect a free
ride--antivirus software will require a modest investment of both money
and time. You'll need to invest proportionately to the complexity of your
Whether your network is large or small, the best way to ensure its safety
against the current and next generation of computer viruses is to implement
multiple layers of protection. These layers involve both human and technical
components. In many ways, the human aspects are the most important.
Layer One: User Training
Most--but unfortunately not all--computer viruses require some sort
of human intervention in order to spread, activate, or attack. Computer
users must be trained to understand the warning signs of potential viruses
and to avoid the actions that trigger infection and attack.
The great majority of recent viruses spread through e-mail attachments.
While e-mail attachments serve useful purposes, they should be used sparingly
and cautiously. One of the rules of thumb I follow is to open attachments
only when I'm expecting a document or related material from a specific
individual. It's also unwise to open attachments that are executable programs
or scripts. Your mail program should show you each attachment's file type.
Launching ones that end in .vbs or .exe could be harmful
to your computer's health. Also avoid attachments sent through listservs.
It's impolite to send an unsolicited attachment to a listserv, and most
listservs are configured to automatically strip submissions of attachments
Be skeptical of any program you might plan to install on your computer
and obtain software only from reliable sources. Don't assume that every
game, utility, or screen saver on the Internet is virus-free.
Be very cautious of diskettes. My recent experience is that a significant
percentage of the diskettes I encounter have boot-sector or file viruses
on them. While the use of diskettes is waning due to their limited storage
capacity, the same concerns theoretically apply to Zip disks and CD-Recordable
Layer Two: Antivirus Software for PCs
All personal computers should be equipped with professional-quality,
up-to-date antivirus software. Some of the features you should look for
include the following:
You can expect to pay from $15 to $30 per computer for most of the commercial
antivirus packages. Some are free for personal use, but these will likely
come with advertising requirements.
The ability to detect the signatures of all known viruses--There are some
50,000 known viruses, and the number is growing. Antivirus software must
be comprehensive in its ability to detect them.
Automatic update of virus signatures--New viruses can spread worldwide
in days, if not hours. It's vital that your antivirus software be updated
frequently. Most offer the ability to take advantage of the computer's
Internet connection to retrieve new virus signatures daily.
Automatic inspection of all files as they're accessed by your computer--Whether
the file is loaded from the local hard drive or from the network, the antivirus
software should check it for viruses before it's executed. Unfortunately,
there's a performance penalty associated with this activity since the antivirus
software pre-empts the operating system for each task that involves file
Automatic and on-demand scanning of all removable media (e.g., diskettes,
Zip disks, and CD-R discs)
Regular, scheduled scanning of all files on each hard drive--While the
active inspection features should catch any viruses before they're written
to your hard drive, it's still wise to perform comprehensive scans of all
your disks regularly.
Most of these workstation-level antivirus applications are configured
by default to automatically activate each time the computer starts. It's
possible, however, for the software to become unloaded without the user
being especially aware of it. While computer administrators may believe
they've installed antivirus software on each computer in their charge,
they should regularly check to ensure that this software has not been accidentally
Layer Three: E-Mail Scanners
Most of the current viruses, as noted above, are transmitted through
e-mails. Eliminating this path will drastically reduce the number of viruses
that might infect your network. There are a number of products now available
that inspect mail messages as they pass through a mail server to ensure
that they're free of all known viruses. These scanners have the ability
to process all incoming and outgoing messages.
The emergence of e-mail as a favored distribution media for viruses
has made many organizations reconsider how they organize their e-mail services.
The trend now favors centralized, industrial-strength e-mail servers that
are well-secured. It's becoming less tenable for smaller departments to
maintain their own mail servers given the current security concerns.
At Vanderbilt University, we've implemented Trend Micro's mail-scanning
software on all our mail servers. While the university is working toward
a single, enterprisewide e-mail system, its individual colleges--as well
as our library--still operate separate e-mail systems. All the mail systems
are equipped with the Trend Micro software, which intercepts many hundreds
of viruses each month. This layer has, by far, made the largest impact
on reducing the number of viruses that are seen on desktop computers. It's
extremely rare now for the workstation-level antivirus software to catch
Layer Four: Antivirus Software for Servers
Most organizations rely on file servers to store critical institutional
data. These NetWare, NT, or UNIX servers need to be part of an organization's
antivirus strategy. Just as workstation-level antivirus software can check
each file as it's accessed by its user, there are server applications that
can inspect any file accessed by any user. It's also wise to regularly
scan entire network disk volumes with antivirus software. While the real-time
inspection of network files can degrade server performance, comprehensive
scans can be scheduled at off-hours.
If the organization has implemented antivirus software on its e-mail
system and on all of its desktop computers, then it should be extremely
rare for a virus to make its way to a network server. But a lapse on a
single computer could open the door for a potentially widespread infection
on a network server. Therefore, it's still important to have this layer
Layer Five: Personal Firewalls
A new genre of security software has emerged in the last couple of
years that adds yet another layer of security for computer users. Most
organizations have implementedfirewalls that inspect and filter network
traffic as it enters their network from the Internet. Some have additional
firewalls that secure sensitive parts of their internal networks. Personal
firewall software is now available that can be installed on each workstation
or server in a network. This software will monitor the computer's network
port and allow only a specified type of network access.
Especially on any computer that operates as a server, personal firewalls
add an important level of protection, catching any attacks that may have
been missed by the institutional firewall. Given that desktop computers
have server-like capabilities, it's becoming more common for personal firewalls
to be implemented on these computers as well. A personal firewall doesn't
do all that much to intercept viruses, but it offers protection from hackers
and worms, which are just as important to resist.
One of the techniques used by hackers to identify computers that they
may attempt to attack involves scanning the entire network address space
of an organization port by port to see which computers answer. Each computer
that answers is a potential victim. A good personal firewall will make
your computer invisible to these port scans.
Finally, Avoid Complacency
Network security is a never-ending task. Even if you have implemented
a multilayer approach such as I've described, it's important to regularly
review your strategy. Viruses' behavior can change abruptly. As any systematic
vulnerability becomes known andpublicized, there'll be those who'll be
quick to exploit. Today, e-mail seems to be the favored inroad, but it's
very likely that Web browsers will be the next favored target for attack.
Never let down your guard. We live in a dangerous world.
Marshall Breeding is the technology analyst at Vanderbilt University's
Heard Library and is a writer and speaker on library technology issues.
His e-mail address is firstname.lastname@example.org.