Click here to download the spam blocking calculator.
The barbarians at your network’s gates are multiplying. The number of new viruses and worms identified in the first half of 2004 by security software vendor Symantec increased more than fourfold-to 4,496-compared with the first six months of the previous year.And the rising flood isn’t merely annoying; network-borne nasties can inflict a huge financial hit.
In 2002, Temple University spent an estimated $500,000 for additional technology staff to recover after dozens of student PCs were infected by the Blaster worm, a self-propagating piece of code that spread quickly by taking advantage of security holes in Microsoft’s Windows operating system.”You only have to go through that once to realize you can’t afford to have that happen again,” says Tim O’Rourke, Temple’s vice president of computer and information services.
What are the best ways to ward off the assault, short of unplugging every computer from the network? Here are key guidelines from information-technology practitioners for doing battle with viruses, spammers, phishers, malicious bots and other scourges of the Internet.
1 Realize there’s nosilver bullet. Antivirus software is one of the primary shields every company needs to repel the Internet’s robotic vandals and arsonists. But it’s possible to get around even the highest and sturdiest barriers.
Shortly after midnight on Aug. 20, 2003, railroad company CSX was forced to delay several trains because its computer networks were flooded by the Nachi worm, which exploited a security hole in Windows XP.
The Jacksonville, Fla.-based railroad, the third-largest in North America, says the overall effect was a slowdown in its operations for about half a day. Considering the company had $7.79 billion in sales for 2003, several million dollars of revenue would have been at risk of evaporating while it was fighting the worm.
How did it happen? CSX says it was running up-to-date antivirus software on its desktops and e-mail servers. (The company would not disclose the names of its software vendors.) But computers located in CSX’s remote offices were not always included as part of the routine maintenance to patch operating systems. Only about 2% of the company’s PCs were infected, but that was enough to bring the network to a standstill.Since that outbreak, CSX says, it has improved processes for managing security updates to Windows machines throughout its organization.
2 Add protection in layers. Some companies have used antivirus and antispam products from more than one vendor, believing such a setup provides better overall security. But many have concluded that there’s not much to be gained from this approach, because most products provide roughly the same ability to eradicate viruses.For protection against viruses and worms, a better strategy is to deploy antivirus products in layers-at the network level, on e-mail servers and on desktops-and choose a product based on factors such as management capabilities and quality of support.
Peoples Energy, a natural gas service provider in Chicago, had been using McAfee’s VirusScan on its 1,800 desktop computers and Symantec’s antivirus software on approximately 250 servers. “Our rationale was that, at least early on, one vendor would come out with a virus definition substantially earlier than another, and we wanted to hedge our bets,” says Joseph Gurga, corporate security manager at Peoples Energy.However, Gurga and his team eventually found that the basic ability of most vendors to identify and block viruses has become comparable. So, in the fall of 2003, the company standardized on Trend Micro’s antivirus software.
3 Respond to threats as quickly as possible. Preventing outbreaks requires immediately updating every computer connected to the network with the latest virus-definition files when a new threat is discovered.Label maker Avery Dennison uses Symantec’s software on its desktop PCs. Mark Van Holsbeck, the company’s director of enterprise security, says he’s generally happy with Symantec but points out that the vendor needs to deliver antivirus definitions more quickly. “Even five minutes can mean thousands of lost dollars,” he says.
According to Symantec, the only cases in which it does not issue automatic updates immediately are for lower-level threats (category 1 or 2 on the company’s five-point threat scale). “We don’t want to cry wolf,” says Brian Foster, director of product management for enterprise antivirus at Symantec. He says customers who want faster access can check Symantec’s site for uncertified “rapid response” definitions, which are updated hourly.
4 Pick tools that manage themselves. Jenny Craig wanted to cut the spam from its e-mail diet. The Carlsbad, Calif.-based weight-loss company’s 500 e-mail accounts receive around 24,000 messages per week; roughly 20% of those are spam. “There was a hue and cry from our users,” says Jeff Nelson, Jenny Craig’s director of technology.The first spam-filtering software the company installed, which Nelson wouldn’t identify, wasn’t doing the job. Early last year, Jenny Craig opted to use the spam-filtering and antivirus services of Postini, which automatically identifies and quarantines (for later inspection, if desired) virtually every incoming spam and virus-laden message, Nelson says.
He concedes that some flotsam still slips through, but by and large, “I’m not getting spam in my inbox anymore.”
5 Understand that technology can only go so far. Antivirus and other security systems are useless if an organization’s security processes and the people managing them aren’t up to snuff.Two years ago, the city government of El Paso, Texas, was hit with the same worm that struck CSX. The city’s McAfee WebShield e500 appliance had been continuously scanning network traffic for viruses and worms. But the administrator in charge of the system had not configured it properly, so its security definitions weren’t updated.
For several days after the worm invaded its computers, city workers-including the police and fire departments-couldn’t send or receive e-mail or access financial or human-resources systems. Jose Aguirre, El Paso’s manager of information systems, says “a change was made in personnel,” and the task of managing and updating the system is now handled by two members of his department. In the months since then, he says, El Paso has not been knocked offline by any virus outbreaks.
