As the old saying goes, an ounce of prevention is better than a pound of cure. Nothing could be closer to the truth when battling today's strains of hi-tech viruses. Over time viruses have progressed from being a hobby for hackers to a full time job for software developers. With personal information, corporate data, and computing resources all up for grabs as the marketable prizes, today's "hackers" have become entrepreneurs and business people. Businesses in the Red Bank area and throughout New Jersey are constantly under attack by criminal enterprises from all over the world. Lists of credit cards, social security numbers, and computer IP addresses have all become currency for criminal internet businesses.
Today's infections occur most often from web sites, not e-mail, and criminal enterprises deliberately focus on web site virus distribution. Current versions of anti-virus software with current virus definitions have become very effective at stopping the distribution of viruses via e-mail. Since the old channel of virus definition is hitting a tough defense, criminals now write software aimed at the weakest link: computer users and their web browsers. As a result, the bulk of new viruses are arriving through viruses planted at popular web sites. Visits to web sites like Facebook and You Tube can result in visitors to these sites getting viruses. Making a wrong click now has serious consequences. Once a "seed" virus is planted on a computer, the seed virus quickly reaches out to the criminal enterprise for instructions and to begin downloading an assortment of software to the infected computer for key stroke logging and remote control. Once fully infected, a typical virus remediation will take 4 to 6 hours and will require removing the hard drive from the infected computer at an average cost of over $250. It is often less expensive to re-install the operating system or purchase a new computer then remove the virus.
Why does it take so long and cost so much to remediate viruses? While viruses often repeat the use of filenames and actions, the newer viruses are much smarter. Most immediately attack any anti-virus software that may be running, disabling it or rendering it inoperable. After defeating the anti-virus software, the virus begins to imbed itself into the Windows registry using random self generated names. A typical remediation requires the use of three or more remediation tools, and manual editing of the registry to remove the final traces of the infection. Each cleaning pass is followed by testing to see if the infection regenerates. Unfortunately this is a time consuming process.
Here are some tips on how to protect your company's computers:
- Restrict Internet access of employees to only pre-approved and authorized web sites. The latest models of SonicWall firewalls have the ability to restrict Internet access by groups of computers to only business related web sites with low virus risks.
- Learn and follow safe Internet surfing guidelines:
- Don't click on every link in a Google search. At least one link on every page is infected.
- If an offer pops up on your screen, turn off you computer immediately. If the offer returns after restarting the computer, disconnect the computer from the Internet and corporate network and begin virus remediation - you are infected.
- Under no circumstances allow access to pornographic or gambling web sites. Most are hosted and controlled by the same firms writing and distributing the viruses.
- To provide an extra layer of protection, use an anti-spyware program like Malwarebytes, with the anti-virus software. DeckerWright Corporation sells and supports Malwarebytes.
- Setup a Network Attached Storage device and backup each desktop at least daily. Backup programs like Retrospect and Acronis provide for computer "snap-shots" that can be used to "roll-back" a computer to an operating state before the virus infection hit. Symantec has included a similar software package with its latest software, the Symantec Anti Virus Protection Suite. DeckerWright Corporation supports solutions from all three manufacturers.
- Make sure your data is backed up. Use a service like Wright BackUp for online backups for key files. Remember, if you don't catch a virus quickly, even back up files may contain infected files.
Which preventive measures make the most sense will vary by company. Many business owners are reluctant to restrict Internet access to only allowed web sites, the most effective means for reducing the risk of virus infection. Content filtering does provide a layer of protection and will reduce the risk of infection significantly. Providing content filtering for Pornographic and Gambling web sites will have a significant impact on virus infection rates. Owners of SonicWall firewalls with an active Security Bundle have this capability today. Other measures like desktop computer backups are being included with DWC's new Virtual Care Services offerings.
About the Author:
Marshall Wright of DeckerWright Corporation has been providing New Jersey businesses with Technology Consulting Services including HARDWARE, SOFTWARE & NETWORKING solutions since 1984.
For more information please contact DeckerWright.
