Protecting your computers from invaders: antivirus-software powerhouse Symantec offers tips for keeping viruses, worms, and Trojan horses at bay

Nursing Homes, March, 2004 by Bill Musson, James Hukill, Jr.

Antivirus software is critical in defending against computer viruses and other malicious programs (often called "malware"). Antivirus software identifies and protects against these threats by taking parts of the live electronic virus and using its characteristics as markers that are called "definitions." To identify viruses for which a definition might not be yet available, antivirus companies use a method of virus identification based on modeling behavior called "heuristics." In other words, if it looks like a duck, walks like a duck, and sounds like a duck, then it must be a duck. Employing heuristics, the software uses the basic characteristics of viruses and other attack software to actively search for programs or code with similar or identical characteristics or behaviors, tagging matching code as potential attack software.

Any organization can take some common steps to help protect against virus infections:

Install antivirus software from a well-known, reputable company, update it regularly, and use it properly. New viruses come out every single day, and an antivirus program that hasn't been updated for several months will not be as effective against current viruses. Use the software's real-time scan feature and configure it to start automatically each time you boot your system. This will protect your system by checking for viruses each time your computer accesses an executable file.

To protect your enterprise from the new generation of blended threats, you need to take a look at the security strategies you currently have in place. The "one threat, one cure" approach, such as installing only one antivirus software version, has become outdated. Enlist a comprehensive approach, creating a defensive barrier that is comprised of antivirus, content-filtering, firewall, vulnerability-management, and intrusion-detection measures. This will make your system extremely difficult and costly for intruders to compromise. All parts of the network must be protected, and there must be a response in place to provide security at different levels of the network, including the gateway, server, and client levels.

Perform a virus scan on any new programs or other files that could contain executable code before you run or open them, no matter where they originate. There are several cases of commercially distributed floppy disks and CD-ROMs spreading virus infections.

Be extremely careful about opening binary fiies and Word/Excel documents from unknown or dubious sources. Be especially wary of files unexpectedly received as at tachments to e-mail or during an online chat session. E-mail and online chat seem to be the primary means through which many viruses are transmitted.

Disable mobile code. In this context, mobile code is software that is transferred from a host to a client (or another host computer) to be executed (run). A worm is an example of malicious mobile code. If your e-mail or news software has the ability to automatically execute JavaScript, Word macros, or other executable code contained in or attached to a message, you should seriously consider disabling this feature in your Web browser. One of the best methods of preventing attacks is actively monitoring all software installed and run on your computer.