| |
| |
| The 2000 Computer Security Institute/FBI Computer Crime and Security Survey revealed that 85% of the 581 companies surveyed had experienced at least one virus attack. Computer viruses can cause enormous damage: files crash, important data disappears, productivity is brought to a standstill, and entire networks shut down. A computer virus has become an umbrella term for many types of malicious code. As with a biological virus, there is more than one strand that can attack your network, since many viruses and other malicious codes are often designed to exploit weaknesses in particular applications, computing platforms, or network environments. |
| Virus proliferation is a huge problem, but understanding the major types of viruses and implementing anti-virus solutions can help IT managers better protect their networks at multiple entry points and prioritize vulnerabilities. Computer users should also be educated about viruses and know how to react to a virus attack by following a comprehensive security policy. Read more about viruses in our "What Is a Computer Virus?" section below. |
| Protecting the Enterprise |
| As viruses and other Internet threats continue to evolve, so do security solutions. Virus defense is just one aspect of a total content security solution; it can also includes mobile code protection and Internet and e-mail content filtering. The most efficient, best-of-breed security solutions are comprehensive and centrally-managed . An effective security strategy is one that recognizes an organization's assets, identifies the risk to those assets, and considers the end-user culture. |
| Solutions |
| E-mail content scanning and filtering helps protect proprietary information, reduces liability exposure, and improves productivity for e-mail applications. For example, content can be scanned for proprietary information or for inappropriate words and phrases to support a company's e-mail policy. In addition, filtering can increase bandwidth by countering e-mail address forgery attacks. |
| IrisLogic offers the following SecurNet Virus Defense products for this solution: Norton Anti-Virus, McAfee Anti-Virus, and TrendMicro Anti-Virus. The anti-virus suites also offer protection in specific network areas. Anti-Virus Firewalls scans Internet traffic and file attachments, removes any virus before it invades the computer network, and repairs damaged files. Anti-Virus Proxy scans HTTP and FTP traffic at the proxy level. It protects networks against viruses, hostile applets, problematic ActiveX sites, and even JavaScript code. |
| For any organization connected to the Internet or relying on computer networks for business operations, IrisLogic SecurNet Virus Defense is an essential security solution for your company. |
| What Is a Computer Virus? |
| A virus is generally defined as a program that infects documents or systems by inserting or attaching a copy of itself or by rewriting files entirely. A virus operates without the knowledge or consent of the user. When an infected file is opened, the embedded virus is also executed, often in the background. While a true virus is created by a malicious individual, it is generally propagated unintentionally by the users themselves. A virus does not deliberately spread itself from computer to computer. It may replicate itself within one computer, but is passed on to other users through infected e-mail document attachments, programs on diskettes, or shared files. New malicious code strains have made self-replicating viruses more common. |
| A simple virus may propagate itself and then allow a program to run normally. Most viruses, however, deliver a 'payload' or malicious act. For example, the virus may be programmed to display a certain message on the machine's computer screen or perform a deletion or modification to a certain document (or some combination thereof). The more severe viruses do irreversible damage, such as delete all user or network files, or reformat hard drives. Others may simply wreak havoc on network systems by executing processes that, in turn, execute other processes to eventually freeze the entire system. |
| There are six major types of malicious code: simple viruses, encrypted viruses, polymorphic viruses, macro viruses, Trojan horses, and worms. Each is discussed in detail below: |
| 1. Simple Virus |
| A simple virus is activated when a user launches an infected program. The virus then takes control of the computer and attaches itself another program file. These viruses are easy to detect, since they make an exact copy of themselves. To find such a virus, anti-virus software simply scans for its specific sequence of bytes, known as a signature. |
| 2. Encrypted Virus |
| For an encrypted virus, the signature is scrambled, so the scanner is unable to detect it and the virus signature changes from program to program. Fortunately, the decryption routine stays the same and anti-virus software that scans for a repeating decryption routine, instead of the signature, can catch it. |
| 3. Polymorphic Virus |
| Polymorphic computer viruses are intentionally difficult to detect, though anti-virus programs can easily find and remedy this type of virus. Authors of polymorphic viruses encrypt both the body of the virus and the decryption routine. No two infections look alike, so no single anti-virus definition can be created to combat all of them. Anti-virus solution providers use their virus protection technology to create generic decryption routines that expose the virus. |
| 4. Macro Virus |
| Macro viruses are among the most common and easily created viruses. They also tend to be the least damaging. Macro viruses use an application macro language (such as Visual Basic or VBScript) to infect and replicate documents and templates. They are platform independent, but are typically associated with Microsoft Office programs. These viruses use the Microsoft programming environment to auto-execute viral macrocode. When an infected document is opened, the virus is executed and will infect the user's application templates. Macros can insert unwanted words, numbers, or phrases into documents or alter command functions. Once a macro virus infects a user's machine, it can embed itself in all future documents created by the application. For example, if the "normal.dot" template in Microsoft Word (the default document template) is infected with a macro virus, every new document created will carry a copy of the macro virus. According to the AOL Computing Webopaedia, 75% of all viruses today are macro viruses. |
| 5. Trojan Horse |
| A Trojan horse is a malicious program that is disguised as a benign program, such as a screen saver, archiving application, game, or even a program that is supposed to find and destroy viruses. Using one of these aliases, the program actually performs a malicious task without the user's knowledge or consent. It does not replicate itself like a true virus, does not make copies of itself like a worm, and is usually propagated through e-mail or Internet downloads. Trojan horse payloads vary widely; they can steal passwords, infect a machine with a virus, or even act as a tool for others to spy on users by recording keystrokes and transmitting them to a third party via TCP/IP. |
| 6. Worms |
| A worm is a program that propagates itself, usually over a network via e-mail, TCP/IP, or disk drive, reproducing itself as it goes. A worm is not technically a "virus" because it can propagate independently. Many malicious programs that are worms are mistakenly referred to as viruses. For example, the renowned ILOVEYOU virus was actually a worm, not a virus. |
Worms are extremely dangerous to a network and are more difficult to control because they do not require user propagation. A worm can spread itself to hundreds of thousands of machines very quickly. In the ILOVEYOU example, the worm was typically received by users in e-mail as a file attachment consisting of a VBScript-based program. When the attachment was executed, several processes were spawned automatically, causing the worm to be copied (propagated) and sent as an e-mail attachment to every individual in the user's Microsoft Outlook address book. The worm also deleted and replaced certain types of files on the user's hard drive, so that if any of these files were opened, its self-propagation routine would run once again. Imagine a corporate network where several users received and activated the worm. It's easy to imagine the network grinding to a halt within just a few hours from the heavy e-mail traffic being spawned by the worm, not to mention a large loss of data from damaged files. And since the worm is propagated primarily by e-mail, it could easily infect other networks within a very short period of time.
|
| |
|
|
|
| |
|
|
| |
Other Solutions |
 |
|
|
|
|
|
|
|
|
|
|
