Techguy
December 13, 2000, 10:19 am
t's been nearly a year since "I Love You" struck, but variants of this self-replicating virus still find their way into my mailbox - enough to cause a nuisance. The most recent, EIGO.BMP.vbs, came from a security vendor just two weeks ago.
Seems as though a new variant hits every day. Just in the past two weeks, a plethora of new viruses were reported, including variants of Romeo & Juliet, Navidad, Afeto and Shockwave. Like Melissa and I Love You, they all take advantage of desktop mail programs to spread and their close relationships to other applications to act up.
"We'll see more viruses with more frequency in 2001, partly because they're so easy to write and edit," says Ian Poynter, president of Jerboa, a security consulting firm in Cambridge, Mass. "I think we'll also see more of these viruses carrying a payload and not just propagating themselves. This will make for more infections that are more serious."
The problem with today's viruses is twofold: Not only can they be easily rewritten to change their signatures and bypass antivirus tools, but they are also tempting attachment types for click-happy users who see nothing wrong with opening mail attachments from trusted sources.
No matter how often you tell users not to open executables with file extensions like .exe, .vbs (Visual Basic scripts), .url or .wsf (Windows script files) and other executables including music or video attachments, they will still succumb to temptation, says Bruce Moulton, vice president of infrastructure risk management at Fidelity Investments in Boston.
"Training is not enough. You also need a technical solution," says Roland Cuny, chief technology officer at Webwasher.com, an Internet content filtering vendor and a division of Siemens.
That's why Moulton decided to set up filters to block executable attachments before they get to desktops. Blocking file types known to carry viruses and Trojan horses (hidden programs) may sound extreme. Moulton, however, first reviewed how his company uses these file types. Once he determined that these attachments weren't even used for business purposes, making the decision to block them was easy. "The business impact of shutting out these file types is zero because 99.9% of these attachments that come in are for personal viewing, like animated Christmas cards, movie clips, things like that," he says.
Microsoft's Outlook 2000 e-mail security patch was designed to filter a number of executable file types from the Outlook program.
In addition, a number of vendors market filtering products that can effectively block custom-specified file types and even subject lines (like "I Love You" or "Check this out") at the mail gateway - before they get inside the enterprise. A short list includes Baltimore Technologies' MIMEsweeper and Mailsweeper, Symantec's Mail-Gear, SurfControl's SuperScout, Elron Software's Message Inspector, and Tumbleweed Communications' e-mail filtering products.
Many of these companies also offer Web site filtering, as Webwasher does, to prevent certain file types from activating on a browser.
Besides filtering, be diligent with your antivirus software updates. My antivirus software caught the virus that came from the security vendor.
These viruses haven't delivered any seriously damaging payloads so far. But such viruses have ended friendships, lost customers forever and spread bad karma, according to postings at About.com.
So keep your antivirus software up to date, educate your users and block those executables at the gate. And hope your remote users aren't replicating viruses off-site, since their systems aren't protected by these enterprise filtering tools.
By: Deborah Radcliff
- computerworld.com
------------------
Thank you for using Help From Techs Support Forums!
Please come again and remember to refer a friend to our site.
Seems as though a new variant hits every day. Just in the past two weeks, a plethora of new viruses were reported, including variants of Romeo & Juliet, Navidad, Afeto and Shockwave. Like Melissa and I Love You, they all take advantage of desktop mail programs to spread and their close relationships to other applications to act up.
"We'll see more viruses with more frequency in 2001, partly because they're so easy to write and edit," says Ian Poynter, president of Jerboa, a security consulting firm in Cambridge, Mass. "I think we'll also see more of these viruses carrying a payload and not just propagating themselves. This will make for more infections that are more serious."
The problem with today's viruses is twofold: Not only can they be easily rewritten to change their signatures and bypass antivirus tools, but they are also tempting attachment types for click-happy users who see nothing wrong with opening mail attachments from trusted sources.
No matter how often you tell users not to open executables with file extensions like .exe, .vbs (Visual Basic scripts), .url or .wsf (Windows script files) and other executables including music or video attachments, they will still succumb to temptation, says Bruce Moulton, vice president of infrastructure risk management at Fidelity Investments in Boston.
"Training is not enough. You also need a technical solution," says Roland Cuny, chief technology officer at Webwasher.com, an Internet content filtering vendor and a division of Siemens.
That's why Moulton decided to set up filters to block executable attachments before they get to desktops. Blocking file types known to carry viruses and Trojan horses (hidden programs) may sound extreme. Moulton, however, first reviewed how his company uses these file types. Once he determined that these attachments weren't even used for business purposes, making the decision to block them was easy. "The business impact of shutting out these file types is zero because 99.9% of these attachments that come in are for personal viewing, like animated Christmas cards, movie clips, things like that," he says.
Microsoft's Outlook 2000 e-mail security patch was designed to filter a number of executable file types from the Outlook program.
In addition, a number of vendors market filtering products that can effectively block custom-specified file types and even subject lines (like "I Love You" or "Check this out") at the mail gateway - before they get inside the enterprise. A short list includes Baltimore Technologies' MIMEsweeper and Mailsweeper, Symantec's Mail-Gear, SurfControl's SuperScout, Elron Software's Message Inspector, and Tumbleweed Communications' e-mail filtering products.
Many of these companies also offer Web site filtering, as Webwasher does, to prevent certain file types from activating on a browser.
Besides filtering, be diligent with your antivirus software updates. My antivirus software caught the virus that came from the security vendor.
These viruses haven't delivered any seriously damaging payloads so far. But such viruses have ended friendships, lost customers forever and spread bad karma, according to postings at About.com.
So keep your antivirus software up to date, educate your users and block those executables at the gate. And hope your remote users aren't replicating viruses off-site, since their systems aren't protected by these enterprise filtering tools.
By: Deborah Radcliff
- computerworld.com
------------------
Thank you for using Help From Techs Support Forums!
Please come again and remember to refer a friend to our site.