Hours of inconvenience might save you days of misery.
With the Blaster and SoBig viruses still fresh in our memories, it seems only appropriate to let you in on our proven strategy for stopping the spread of viruses: Kick end-users off their computers and keep them off. While it may not be feasible, it’s definitely a strategy that will work. So, the key is to make sure that you get as close to kicking users off the system as possible without having to actually do it.
End-users are the biggest single point of weakness when crafting a virus defense strategy. While some of you may wag your finger at me and disagree, citing security flaws in Microsoft software, most of the most rampant viruses, including Love Bug, Blaster, and SoBig, all required user intervention. If your users simply deleted the messages infected with one of these viruses, not a single person would have been infected and the virus would have quickly died off. This dependence on user interaction means that there is a hole that cannot be resolved with a software patch.
I salute the tireless individuals at the antivirus companies who work overtime to analyze a virus and disperse details and protection to the world. They represent the first step in closing the end-user hole, and it’s not by releasing signature updates. We all know that it takes some time to get a full set of signatures to detect all variants of a virus; however, it can be pretty simple to determine the general pattern of a virus. The Love Bug had a subject of "I Love You" and SoBig had attachments with a PIF extension. These simple little details should be communicated to end-users in a predefined format. For example, television and radio have that screeching beep that alerts you to emergency weather information and announcements. Create a similar format for your organization so that end-users understand that, when they receive the alert, it should be a first priority. Information is critical when trying to stop the spread of a virus.
When in doubt, unplug users from the e-mail server. I realize that this may wreak havoc, but the business case is simple. The users can either wait two hours to access their e-mail while you contain the virus or they can wait two days while you rebuild the entire network step by step after being decimated by a virus. Believe it or not, this strategy saved one company from Love Bug.
The moral here is, in the critical first hours of the spread of a virus, end-users are the biggest weakness in your virus defense strategy but can also be your best defense. People have become savvy enough to understand the devastation that can be caused by a virus, so it’s critical to utilize them and involve them in your virus defense.
David Evans is president of Geode Software, a Connecticut based software and retail point of sales company.