Link: Hacking report special
Generally, antivirus scanners come in two flavours: the on-demand scanner, which only leaps into action when told to and scan files on request; and the on-access scanner, which sits in memory and scans files and directories as they are accessed, used or created.
The latter approach takes away the need for user intervention and keeps the defence automated, therefore limiting the ways a user can infect their desktop. These tools may even monitor access to the floppy drive so that the scanner cannot be bypassed.
Some scanners also include heuristic detection functions which need less frequent updates because they sit in memory and look for virus like activity or ‘signatures’.
Remember that all security products must interoperate. Products such as antivirus scanners and firewalls should complement each other.
Just using the same single solution across all gateways, servers and desktops means that anything that slips through one point is likely to get through the rest of the network without a hitch.
Using a combination of products will ensure that viruses come up against a number of different barriers rather than multiple sets of the same one.
Most antivirus products available nowadays, for both the gateway and the desktop, do more than just protect against common and garden viruses. They also offer protection from malicious Java applets, Active X controls and other bad web scripts.
Virus writers are always updating their techniques to catch you out. It’s now possible to become infected by viewing a simple web page or reading an HTML email but, again, deploying the right tools can minimise this threat.
However, just installing antivirus software doesn’t solve the problem automatically. You have to keep the virus definition files up to date. Failure to do so may make the software next to useless as new viruses worm their way through your defences.
The Computer Emergency Response Team advises: ‘Many antivirus tools use a database of known virus characteristics or signatures, updated on a daily, weekly or monthly basis. Ensure that your computers have the most recent versions.
‘Updating your antivirus tools using vendor updates as they become available is one of the primary methods to prevent virus infections.’
New viruses are discovered every day and thousands are processed each month. This year has already started on a worrying note as four new worm variants made their way across the globe just weeks into 2003.
“Several new viruses are found every day; there’s nothing special with that. But it is not normal to find four new viruses which are all successfully spreading in the wild within two days,” said Mikko Hypponen, manager of antivirus research at F-Secure.
‘However, this does not seem to be a co-ordinated attack. It seems we just got a really bad start for this year.’