|
|
 |
 |
 |
 |
 |
 |
 |
 |
Malicious Code Threat Profile Increases
Back in March of 1999, when the Melissa virus started spreading, there was a big increase in media coverage of malicious code. This was not just media hype. Since then, many organizations that rely on computers have undoubtedly experienced a large increase in malicious code problems, with a measurable negative impact on the bottom line (mainly from increases in system support costs and losses in productivity).
|
Since 1990, the threat posed by malicious code has become more immediate, and taken on new forms that many companies have not yet addressed in their policies and procedures. |
Can
You Spare $50K? Many virus infections cost more than $50,000 to clean up! |
|
Top 10 Steps Against Email Viruses?
Click here for more info... |
The most serious threats right now are those viruses and worms which exploit Internet-based services such as email. These threats have emerged just as organizations have begun to rely on these technologies for day-to-day operations. When companies the size of Microsoft, AT&T and Boeing have to turn off their email systems to survive a malicious code attack, you know the problem is serious and not just hype.
Beating
Malicious Code
Fortunately,
it is possible to drastically reduce the impact of malicious code on system
security by using tried and tested business practices, some of which provide
additional benefits besides reducing losses due to malicious code. Here's
a six pack of practices you should be following:
1. Educate users about the computer virus threat.
2. Install reputable anti-virus (AV) software on workstations AND servers AND Internet gateways.
3. Train users to use their AV software properly and give them incentives to do so (consider giving them licensed copies for home use as well).
4. Train system administrators to manage the AV software and make sure that virus signature files are regularly updated.
5. Train all users at all levels NOT to open email file attachments unless they are 110% sure of what they contain.
6. Make sure your anti-virus policy is up-to-date (click for more).
Malicious
Code Impact
The impact
is real, more expense, and more widespread than many organizations realize.
A 1999 survey revealed that the rate of virus infections continues to
increase. This is happening despite the widespread installation of anti-virus
software (83% of the respondents said 90% or more of their PCs were covered).
Yet median rates of infection per month per 1,000 PCs in January and February
1999 were about four times the rates for 1997 and about twice the rates
for 1998.
Costly: The same survey found that the median downtime due to a virus outbreak was 24 hours (some experienced much longer recovery times -- up to 1,000 hours in 3 cases out of the 112 respondents). The median requirement was 5 person-days for recovery. A quarter of the respondents estimated that their costs ranged from over $5,000 to $100,000. For more data, see the ICSA Computer Virus Prevalence Study (ICSA.net -- requires Adobe Acrobat Reader -- available from Adobe).
You won't find a couple that knows more about viruses and malicious code that Sarah Gordon and Richard Ford. Sarah has done extensive original research not only on virus code, but also on the people who write it. Richard Ford, is a former editor of Virus Bulletin, the leading independent source for virus information and former head of the anti-virus lab at NCSA/ICSA. You won't find three people who know more about viruses and malicious code that Sarah and Richard and Joe Wells, who is responsible for the Wild List, which lists the viruses that are actually loose in the world, as opposed to being "in the zoo" or research collections -- for example, in April of 2000 there were about 200 viruses active in the wild, whereas some anti-virus vendors refer to numbers like 45-50,000 -- the total number of known viruses. To get a quick look at which viruses are currently most prevalent, based on a reliable worldwide reporting system click here. To learn more about how the wild list is organized, click here.
Gordon, Ford and Wells has applied their wisdom to the daunting task of sorting hype from hoax and reality in this excellent paper on Hoaxes and Hype. This is valuable reading for managers who want to get a handle on which aspects of the virus phenomenon need to be taken most seriously. For example, how do you decided which waste more time, virus hoax warnings forwarded by untrained employees, or viruses themselves?
Why Would Somebody Do That?
There is one question which always comes up in conversations about viruses, particularly when the conversant have recently been exposed to a computer virus for the first time: Why do people write these things? This is sometimes phrased as: What kind of person would write something like this? There are no simple answers.
Sarah Gordon has studied this question for many years. Her first paper on this subject, probably the first serious paper by anyone on this subject, is enlightening reading. A more recent version is now available from IBM's anti-virus research labs by clicking here.
Trojans, Worms and Viruses
If you really want the complete low-down on Trojan code, there is no better resource than Sarah Gordon's exhaustive research on Trojan code, co-authored with David Chess of the IBM TJ Watson Research Center.
More AV Research Papers
Check out this collection of studies at IBM's Anti-Virus site. Remember, the more you know about the threat, the better able you are to defeat it.
No organization
can hope to defend its systems against viruses and other malicious code
without a solid set of up-to-date anti-virus policies. A good start can
be made by checking out suggested policy from ICSA, available as an Acrobat
.pdf file by
clicking here (Adobe Acrobat Reader required -- available from Adobe).
|
|
|
|
|
|
|
|
|
|
|
Some article content reprinted by permission.
Article content copyright named author(s).
Anti-Virus
Info