Related Resources • Virus Encyclopedia • Glossary of terms

Elsewhere on the Web • SecurityWatch.com

By Ken Dunham, Researcher & Curriculum Analyst, http://www.securitywatch.com/

Jane sits down to her computer to read her corporate email. She opens an attachment sent by a colleague. Unknown to Jane, the attachment is actually a virus that promptly sends out a massive amount of email to others and then lies in wait to destroy files on the local computer at a later date. As a system administrator or manager, how do you respond to this individual?

Sadly, many administrators and managers immediately pass judgment and seek to prosecute and blame the victims of a malware incident. It appears that some people are more than happy to bash anyone who doesn’t do things exactly as they expect or desire.

Growing up as a kid my parents called this the Blame Game. Let’s step back for a minute and look at the real issues behind such an incident.

Author of Malware
If you’re looking for someone to blame, blame the authors of malware. If they didn’t create and distribute such malicious software we wouldn’t be talking about how to respond to such an attack. The authors of malware truly do have a malicious intent, unlike their victims.

Multi-layered Corporate Protection
Before you decide to go out and bash and/or fire an employee, take a look at your own support. Do you have a multi-layered corporate protection program in place with multiple tools to protect your employees? Protection at server/gateway and workstation levels is essential. I also regularly recommend using two different antivirus products on each level, utilizing aggressive update and scanning policies where feasible. And don’t forget about content filters and attachment blocking. This barely scratches the surface, but the point is solid – are you doing your part to protect your employees?

Inherent Weaknesses of Antivirus Software
Do you trust antivirus software? Are you a manager that thinks that if you simply purchase an antivirus program and install a firewall that all your problems are over? If so, think again. Have you ever noticed that every time we have an outbreak everyone is scrambling to get updates to their antivirus software? That means they have antivirus software and/or a firewall and it doesn’t catch all the malware!

Heuristic technologies, which attempt to detect new malware (not discovered yet), are still weak and traditional methodologies often fail due to improper installation, configuration, maintenance and use. Getting antivirus software installed on both server/gateway and workstation levels is a good start but it’s not a stand alone solution.