Free anti-virus techniques presented at Virus Bulletin 2002

by Nick Fitzgerald (Computer virus consulting ltd),

Tags: Security

URL : http://www.virusbtn.com/conference/vb2002/abstracts/free_techniques.xml

Summary : " Anti-virus experts typically advocate adopting a multi-layered
approach to implementing virus protection, particularly in large,
complex installations such as corporate LANs. In common with similar
recommendations from the broader field of computer security, the idea
is that one layer's weaknesses are covered by the strengths of
another, and vice versa . When considering such protection for network
systems, the divisions between layers are often perceived as occurring
at natural boundaries. A few examples of such divisions are
Internet/intranet gateways (covered by content filtering and/or
scanning SMTP/FTP/HTTP proxies), corporate IT/departmental or
corporate IT/individual responsibility (covered by workgroup and/or
`groupware' server scanning), user/computer interface (covered by
on-access scanners) and so on.

In fact, it is easy to see how these examples follow by analogy from
broader general security concerns and practices. However, given that
known virus scanning has established limitations in dealing with new
viruses, most of these anti-virus layering efforts are largely wasted
because each layer has the same weakness. Further, given the users'
reputed reticence to adopt alternative (desktop) protection measures,
and the industry's acknowledged reluctance to develop alternative
products ahead of significant market demand, it is clear that
corporate IT staff face a rather worrying realization: when it comes
to questions of the next virus outbreak, it is still a matter of when,
not if. In light of these considerations, this paper suggests system
configuration changes to harden individual computers making them less
of a `soft target' or a `target of opportunity'. Many of these
measures can be widely applied across corporate desktops, adding a
layer of diversity and thus protection. All are `free' in that they
require no further software purchases or updates.

"