Virus protection policy
How King Computer Solutions prevents or minimizes virus infections
King Computer Solutions will recommend and implement a virus protection package that is most suitable for your environment. We have experience with a range of packages from vendors including McAfee, Trend Micro, Symantec and Sophos. For networked systems with a server we recommend Sophos SBE with sites that have external e-mail filtering, or Sophos security suite which includes Puremessage for stopping email viruses and spam for sites running their own Microsoft Exchange server. Sophos is a centralised package which monitors and updates all client computers on the network. which reduces overall management time, reduces the amount of downloads required and simplifies identification of an infected computer. Some clients have legacy anti virus programs that are fragmented and can vary from PC to PC. This makes license and update tracking difficult and accounting time to renew various packages time consuming.
In our experience we have found Sophos more effective in catching viruses, less resource intensive and superior in management and support than other anti virus software. Independent tests by InfoWorld recently confirm our opinion. Click here to see an article on this comparison to other products. King Computer Solutions are recognised as a Gold Partner by Sophos, have rolled out the software at hundreds of sites and have a close working relationship with Sophos enabling us to provide superior support and experience.
Kings policy is to fight viruses, trojans and worms in several ways:
- Blocking unnecessary ports – All Internet traffic coming to and going from the network must pass through a router. Where King configures your router we only open ports for specific types of network traffic. This blocks a majority of worms which directly infect insecure computers through unprotected ports.
- Filtering email – King provides either an external filtering service which scans and bounces any e-mails bound for your domain before it enters your network, or a package like Sophos Puremessage which scans and cleans any e-mails as they arrive at your server.
- Running server antivirus software – King Recommends Sophos Anti-virus for its lower use of system resources, centralised management, prompt updating of definitions, ease of roll-out, monitoring and alerting functions. All vulnerable servers run Antivirus software. This software scans all data stores, looking for suspicious code and monitors and updates networked computers.
- Running workstation Antivirus software – This software scans all data written to or read from a workstation’s hard drive. If it finds something suspicious, it isolates the dubious file on the computer and automatically notifies the User and is reported to the Central Control Panel on the server. Where we have setup and maintain your antivirus software are alerts email box receives an email notification that we will act on where necessary. Generally the nature of the notifications is simply that Sophos has found and removed the virus and no further action is immediately necessary, unless the notification is that there was a reason it was unable to be removed.
- Routinely updating virus definitions – With Sophos by default every two hours the virus scanning programs check the Antivirus control centre for updated virus definitions. These definition files allow the software to detect new viruses. If a new virus definition file is available, the virus scanning software is automatically updated.
- Updating the anti virus engines – Besides virus definition updates, vendors regularly release updated versions of their anti virus packages. Where you are on a regular maintenance support plan from King, we will update the engines on the server and workstations as they become available on the next scheduled maintenance. This may require a server or workstation reboot depending on the updated.
- Scheduled scans are set to run on each system on a daily basis to check of any back-door infections that may have occurred that bypass the normal file writing process where a virus would be detected
- Keeping computers up to date – Most worms take advantage of security flaws in operating system or programs. Testing has shown an un-patched computer connected directly to the internet is infected in under 3 minutes. As part of a new system setup we will load the latest service packs and patches on all computers. We typically enable automatic updates so that new critical security patches are installed automatically between maintenance intervals, but generally the larger service packs require some manual intervention and computer rebooting to install. As part of a regular maintenance schedule King will load any newly released service packs and security patches.
Doing your bit
Even if all Internet traffic is scanned for viruses and all files on the company’s servers are scanned, the possibility still exists that a fast infecting new virus can be downloaded before vendors have written and deployed new definitions to catch them if they are a very fast moving.
Users therefore need to take reasonable steps to prevent virus outbreaks. Use the guidelines below to do your part:
- Do not open unexpected e-mail attachments, even from co-workers. Inducing text like “Have a look at this attachment” is typical of getting people to open virus infected files.
- Do not follow links to unknown websites in emails. Carefully read the actual link address. Some websites will immediately attempt to load a virus when it opens the page.
- Do not install or execute “ActiveX” components in internet explorer unless you know and trust what the component is. If unsure email our support address with a link to the site for advice.
- Delete emails purportedly from Banks, Paypal etc. asking you to login to their site and confirm or check something. They will never do this and lookalike sites are setup to capture your login details and steal from your account.
- Never open an e-mail or instant messaging attachment from an unknown or suspicious source.
- Never download freeware or shareware from the Internet without express advice of King Computer Solutions.
- If a file you receive contains macros that you are unsure about, disable the macros. The latest office programs will provide warnings about Macros attempting to execute
- Do not run peer to peer file sharing software like limewire or kazaa. There are more viruses floating around these networks than a NSW hospital.
What to do if you suspect something
- Notify King Computer Solutions Help Desk of suspicious files.
- If you receive a suspicious file or e-mail attachment, do not open it. Forward the email to our support email address or call our help desk and inform the engineer that you have received a suspicious file.
- If the potentially infected file is on a disk that you have inserted into your computer, the antivirus software on your machine will scan the disk in the background and notify you of the infected file and it will be quarantined automatically.
- With assistance on how to delete or clean up the quarantine file and on the disk as well, call the King Computer Solutions Help Desk and they will instruct you on how to handle the disk.
- After the support analyst has neutralized the file, send a note to the person who sent/gave you the file notifying them that they sent/gave you a virus. Frequently a person with an infection may not realise for some time it has hijacked their address book and is sending out copies of itself to everyone in it. If the file was sent via e-mail, the antivirus software running on our e-mail system will automatically send an e-mail message informing the sender of the virus it detected.
- If the file is an infected spreadsheet or document that is of critical importance to the organisation, King Computer Solutions will attempt to scan and clean the file and advise you on whether the virus has caused a corruption.
Types of Viruses
There are actually three various types of computer viruses: true viruses, Trojan horses, and worms.
- True Viruses can hide themselves in a variety of mediums: applications, boot sectors, partition sectors, macros within other files such as spreadsheets or Word documents. When an infected file is opened from a computer connected to an organisations network, the virus can spread throughout the network and may do damage.
- Trojan horses are actual program file that, once executed, do not spread but reside on the computer and can execute at certain times to damage the computer on which the file was run or compromise information.
- Worm is also a program file that, when executed, can both spread throughout a network and do damage to the computer from which it was run. A worm can exploit security vulnerabilities to spread itself to other computers without needing to be transferred or executed.
How viruses can infect An Organisation’s network
- E-mail – By far, most viruses are sent as e-mail attachments. These attachments could be working documents or spreadsheets, or they could be merely viruses disguised as pictures, jokes, etc. These attachments may have been knowingly sent by someone wanting to infect the organisation’s network or by someone who does not know the attachment contains a virus. However, once some viruses are opened, they automatically e-mail themselves, and the sender may not know his or her computer is infected.
- USB Drive, CD, Zip disk, or other media – Viruses can also spread via various types of storage media. As with e-mail attachments, the virus could hide within a legitimate document or spreadsheet or simply be disguised as another type of file.
- Software downloaded from the Internet – Downloading software via the Internet can also be a source of infection. As with other types of transmissions, the virus could hide within a legitimate document, spreadsheet, or other type of file.
- Instant messaging attachments – Although less common than e-mail attachments, more viruses are taking advantage of instant messaging software. These attachments work the same as e-mail viruses, but they are transmitted via instant messaging software.
To see more extensive information about viruses click here