Anti-Virus Protection 101

Printer Friendly Version

Anti-virus software should be the first line of defense in preventing miscreants from destroying the integrity of your data with viruses, Trojans, and worms. Though anti-virus software used to be primarily for desktops using Microsoft operating systems, it has come a long way in the last five years. Today a plethora of anti-virus software exists for not just Microsoft based operating systems, but for various Linux operating systems as well. A variety of server based anti-virus packages also exist so that you can scan for viruses on your messaging server, web server, firewall, and groupware servers as well.

Market and Technology Background

Anti-virus software has been around for years, and the two companies that come to mind first as anti-virus when thinking of industry leaders are likely McAffee and Symantec. Both McAffee and Symantec got into the anti-virus market in the early 90s and have developed strong customer followings since then. However, in recent years, a number of pure-play anti-virus vendors have populated the market creating many choices for end-users.

While end-user desktops were the original anti-virus platform, today specialized platforms exist for UNIX/Linux desktops, firewalls, Web servers, and groupware servers. The latest anti-virus products on the market are anti-virus appliances that you plug into your network infrastructure. Many of the new anti-virus appliances serve as specialized gateways and also perform various other network functions. Some anti-virus vendors are starting to add content filtering and anti-spam filters to their existing anti-virus product lines. In short, anti-virus products have become very robust, with powerful feature sets.

Though the current information technology (IT) downturn in the U.S. economy has certainly hampered the sales of software and hardware packages, anti-virus products have not been nearly as affected as other IT security products. Most corporations and organizations have come to the conclusion that if you are only going to spend a limited amount of money on protecting your data, protecting against viruses is often at the top of the list. The anti-virus market stands to increase by at least 25% a year for the foreseeable future.

The popularity of Microsoft operating systems in the 90s has created a huge demand for anti-virus software because its operating systems are particularly vulnerable to viruses. It was once thought that UNIX systems were not affected by viruses, due to the fact that ASCII files, commonly used on UNIX systems, are not affected by viruses. However, UNIX systems now commonly use many other file formats making them far more vulnerable than they used to be in the early days of the Internet. Today UNIX end-users should be scanning their desktops for viruses particularly if they are using specialized file formats, HTML, and ActiveX and Java.

Table 1. Leading Anti-Virus Vendors

Virus Types and How They Work

Viruses can enter your system or network through email, the Web, servers that have been compromised, CDs, floppies, PDAs, and even digital images from digital cameras. With so many possible entry points, it is not surprising that there are currently over 70,000 viruses in the wild today.

There are different types of viruses including worms, Trojans, HTML mail message, macros, and polymorphic viruses. Viruses can 'hide' in different places on your system before trying to destroy or pilfer data. Some hide in memory files, and others take up residence in host files, boot sectors, disk blocks, or temporary files.

A worm is a virus that replicates itself, but does not invade other computer programs. Trojans viruses disguise themselves as something innocuous. For example a Trojan might be given a name of an existing standard system file that you'd expect to see on your system as part of the operating system. Mail messages formatted with HTML are subject to the same types of vulnerabilities as Web pages. Therefore, HTML formatted emails are subject to cross-site-scripting attacks, and the same kinds of viruses that attack ActiveX Controls and Java Applets. Macro viruses are small instruction sets embedded in dynamic documents such as Word documents, Excel documents, or various databases. Polymorphic viruses are particularly sneaky viruses that replicate themselves in a variety of different ways to avoid detection. Some polymorphic viruses mutate themselves using random number generators.

When a virus is found, the anti-virus scanner should prevent it from loading, opening, or executing. Reputable virus scanners will log every incident and alert the network administrator of its findings.