How to Bullet-Proof Your Virus Protection

And Save Money and Resources

Computer Viruses are now entrenched as a constant irritation and threat to computer networks large and small, worldwide. The increasing ubiquity of Internet connections and email has greatly magnified the problem. While floppy disks and file-born viruses were the dominant source of infection in the pre-Internet era, email is now by far the dominant “vector” or source of virus infections today. However, file born viruses are still quite common as well, so any virus protection plan must account for all sources.

Fortunately, there is a healthy and competitive anti-virus software industry to help keep network’s virus-free, and each publisher has large staff’s constantly researching viruses and publishing cures for the latest ones. Furthermore anti-virus products are quite good at detecting and cleaning all manner of viruses.

Why Antivirus Software Fails to Protect 

It is thus reasonable to wonder, if virus protection works so well, why so many computers are constantly being infected with viruses. Part of the reason is that there are many computers that simply don’t have virus protection, or have an old version that is no longer working. More commonly, the computer has virus protection, but the program is not being updated regularly or often enough. It turns out that updating is the Achilles heal of virus protection programs. Many programs have an auto-update function, but they seldom work reliably. Even if working, a once-per-week update will not suffice when there is a new outbreak such as the Melissa virus, the Lovebug, or most recently MyDoom.

Centrally Managed Virus Protection Can Still Fail

Because updating virus signatures is so important, many publishers have designed centrally managed systems that control the workstations and their updates from a central server. Problem solved? Unfortunately not. Most of these central control solutions simply don’t work reliably. When they do work, updates are usually distributed on login in the morning, or at some other predefined time of day. Neither of these strategies is sufficient. If updating is triggered at logon, then there is an entire day that can go by while a MyDoom is propagating. Often cures are released for these fast moving viruses mid-day. It is critical to be able to get the update as soon as it is available. That means the system administrator must constantly check the anti-virus web-sites for the update, and once available, invoke a download and distribute procedure to publish that signature to all workstations. Invariably some users will not be in their office and their machine will be turned off. In many cases, their machine will not receive the update. Late that evening, or perhaps the next morning they arrive in the office to read their emails and in an instant, all vulnerable machines and all of your clients are suddenly receiving the virus from the unsuspecting end-user and your company. Not a good image builder.

Real-Time Updates the Only Sure Means of Protection

A joint venture between an Antivirus publisher and a firewall manufacturer has produced a more optimal solution to these problems. The firewall serves as the central managing agent for all protected workstations. The firewall continuously monitors both the Antivirus website and each active workstation. At least once each day the firewall will manage a web-based download to the workstation to insure that the workstation has the most current virus signatures. This download is invisible to the user. Throughout the day, should a high or medium alert be issued and a new virus signature be made available, the firewall will automatically enforce another download to the workstations. Thus, without any intervention from a network administrator, each workstation receives the absolute most current virus signatures. Reports can be obtained at any time on the status of each workstation.

Of the dozens of clients that now operate this solution, there has not been a single subsequent virus event on any workstation. This has driven down the costs of virus protection by orders of magnitude by eliminating