Most business networks provide users with access to the Internet, and although there might be a firewall in place to prevent outside users from breaking in, this doesn't mean that the network is completely protected. Potentially damaging programs such as viruses, Trojan horses, and worms can still find their way onto the network through file downloads, e-mails, or even floppy disks. It's possible to screen out and eliminate most of these hazards using any one of many antivirus software products intended for stand-alone systems, but network administrators often use products that centralize the virus-scanning process so that every file transmitted over the network is checked.
A virus is a software routine that is deliberately designed to attach itself to another piece of software on a computer and perform some preprogrammed activity. The worst types of viruses are engineered to irretrievably destroy all or part of the data stored on the computer by wiping out hard drives. However, there are many viruses with effects that are not so catastrophic. Some viruses can cause intermittent problems on the computer, such as system lockups or specific feature failures, whereas others do nothing but display a message programmed by its author. Viruses are created deliberately by unethical individuals who think that tampering with other people's property is an amusing way to spend their time. Antivirus software products must be continually updated to cope with the constantly evolving techniques used by the creators of viruses.
Like biological viruses, computer viruses are designed to replicate themselves by infecting other entities, in this case, other pieces of software. If you insert a virus-infected floppy disk into your computer, the virus can migrate from the floppy disk to the computer's hard drive, infecting the code that it finds there in one of several ways. In some cases, viruses are designed to remain dormant until the computer's clock registers a particular date and time. There have been, at various times, well-publicized scares about "time bomb" viruses that are due to trigger on a particular date. There is usually a rush to purchase antivirus software on these occasions, but the danger is always overrated, as few cases of the virus in question are found.
When a virus-infected computer is connected to a network, you have the functional equivalent of one sick child sharing a room with a group of healthy children. When one gets sick, the others are likely to get sick also. Files transferred from the infected computer to the other systems on the network can spread the infection, as shown in Figure 16.6. Depending on the design of the virus, the effect can range from a nuisance to a catastrophe. Once the network is infected, it can be very difficult to completely remove the virus. If you miss one infected file on one computer, the virus can reassert itself and start spreading all over again.
Figure 16.6 A virus can spread from a floppy disk to one computer, and then through the network to other computers
Viruses can attach themselves to various parts of a computer's software, and they are often classified by the area of the disk in which they reside. The most common types of viruses are as follows:
To protect your network against virus infections, you should implement a series of policies that affect both the behavior of your users and the configuration of their computers. All users should be wary of floppy disks from outside sources and particularly of files attached to e-mail messages. One of the most common techniques for disseminating viruses these days is code that causes the victim's computer to send an e-mail message with an infected attachment to all of the people in the user's address book. Because the recipients recognize the name of the sender, they often open the e-mail and launch the attachment without thinking, thus infecting their own computers and beginning the same e-mail generation process.
Antivirus software products can protect individual computers from infection by viruses and other malicious programs arriving on floppy disks, through Internet downloads, and in e-mail attachments. A typical antivirus program consists of a scanner that examines the computer's MBR when the computer starts and checks each file as the computer accesses it. A full-featured program also checks e-mail attachments and Internet downloads by intercepting the files as they arrive from the e-mail or Internet server and by scanning them for viruses before passing them to the client application.
A virus scanner works by examining files and searching for specific code signatures that are peculiar to certain viruses. The scanner has a library of virus definitions that it uses to identify viruses. To keep your computers fully protected, you must update the virus signatures for your program on a regular basis. In many cases, antivirus programs have a feature that automatically connects to a server on the Internet and downloads the latest signatures when they become available. The product you select should update its virus signatures at least once a month. In addition, be sure to check on the software manufacturer's policies for virus signature updates. Some products include perpetual updates in the price of the software, but others include updates for a limited period of time before you must purchase a subscription.
In a network environment, all of the computers, both servers and workstations, should run an antivirus program so that the entire network is protected. Antivirus programs designed for use on networks do not provide greater protection against viruses, but they simplify the process of implementing the protection. The centralized management and monitoring capabilities in network-enabled antivirus products typically allow you to create policies for the computers on the network that force them to run the virus-scanning mechanisms you specify. They also simplify the process of deploying virus signature updates to all of the computers on the network.
Match the virus types in the left column with their characteristics in the right column.
| || |