Viruses A Weak Threat? Think Again - Page 2

Jun 5, 2001

Lynn Haber

Just as for tech consultancy Quest Inc., problems with the antivirus technology used by the Louisiana Department of Public Safety (LDPS) centered as much on system management as on virus fighting.

As described by Dennis Weber, the department's information services technical support supervisor, updating the latest antivirus signatures was a cumbersome process. Technicians would download updates from the Internet and post them on the department's intranet for employees to access. While this made the updates available to all, it was left to employees to retrieve them.

Given the number of offices that fall under department's jurisdiction -- including state police, fire marshals, motor vehicles, and the gas commission -- and a total of 3,500 desktop computers and 600 laptops, it's easy to see why a technician averaged 20 hours a week simply managing the system.

When shopping for a less time-consuming way to stamp out viruses, the LDPS turned to a software maker it knew -- Computer Associates International of Islandia, N.Y., which had installed its Unicenter TNG package to manage the department's entire network. Computer Associates sells a security suite, called eTrust, that works within the TNG framework, and its antivirus component is called InnoculateIT.

The LDPS has now installed InnoculateIT on about half of its networked desktops and laptops, and it expects to complete the installation, including on 90 servers, by summer. That day that can't come too soon for Weber, who realizes that spreading viruses is child's play even for novice hackers who would struggle to breach a firewall.

Lessons Learned

1) Antivirus security can't be left up to users to implement. Solutions must be automated.

2) Opt for centralized management to control antivirus policy across the enterprise.

3) Antivirus software only performs as well as it's managed, meaning it must be kept updated and operational.

4) Contrary to popular belief, the latest virus is generally not the most dangerous. The viruses most people catch are not new; many stick around for years and continue to create problems.

But the IT supervisor returns to the ease of system management: "With the new software, antivirus updates are automatic -- the minute a user logs onto our system the most recent protection is pushed down to the devices. Once InnoculateIT is up and running, we don't have to touch it."

The result: a 20-hour technician's chore has been reduced to a 30-minute task of checking software logs once a week to ensure that the software is running smoothly.

Growing Damage

While the most damaging virus infections, such as Michelangelo, Melissa, and Iloveyou, have attracted enormous publicity, many corporate execs remain ignorant of how such malicious code has multiplied in severity. Industry sources say Michelangelo took seven months to reach 75,000 people; that Melissa took 10 hours to reach 3.5 million people; and iloveyou took all of three hours to reach 72 million.

Ninety percent of all viruses breach organizational gateways through e-mail, said Michael Callahan, director of product marketing at McAfee, the Network Associates security subsidiary. Virus writers are getting more creative, he said, while noting that systems have grown more vulnerable in direct proportion to their growing complexity.

The latest potential security vulnerability on the radar screen of both vendors and users: handheld devices. While most industry watchers still believe the threat to business networks from handhelds and personal digital assistants is low, they expect the situation to change as the devices proliferate. Reports of the first handheld virus -- PalmOS/Phange -- was reported last year, followed closely by the second, Liberty Crack Trojan Horse.

Within the last year most vendors have introduced antivirus protection for handheld CE- and Palm-operated devices -- McAfee with VirusScan Wireless last August, TrendMico Inc. late last year with PC-cillin for Wireless, and Symantec Corp. in March with AntiVirus 2001 for Palm operating systems. But for the moment, sales remain scanty.

Ryan McGee, marketing manager at McAfee, said, "We're seeing a lot of enterprise interest in antivirus protection for handheld devices, but not a lot of buying." Any reports of businesses suffering significant data losses to viruses spread through handhelds would likely change that situation quickly, he added.

Thinking About Costs

As with most of today's software packages, pricing for licenses is far less than for ongoing support and maintenance.

According to McAfee, the average cost for a multitiered antivirus system for a company with 5,000 nodes is between $30 and $40 per user. Pricing includes the company's "E-Policy Orchestrator" management system.

Industry watchers insist that good customer support is mandatory when thinking about the cost of antivirus protection. (McAfee estimates that customer support can be anywhere from 7 percent to 20 percent of the total cost.) In fact, Arabella Hallowell of the Gartner Group recommends that businesses buy vendors' premium packages to ensure the best support, while also pushing for customization.

Even at its best, Hallowell maintains that virus protection is still akin to firefighting -- that is, only as good as the security policy a company has in place. Not only must an organization have a policy for administering the software and maintaining antivirus updates, it also must have a plan for dealing with viruses should one attack.

"It's important to look not only at what vendors do to prevent viruses but what types of resources they provide to help clean up after a virus strikes," the analyst said.

For any business serious about best IT practices and protecting networks at their point of greatest weakness, antivirus protection across the enterprise has become a non-negotiable item. As Weber of LDPS put it, "Because of e-mail, the door is always open unless a company has good antivirus protection in place."

Lynn Haber reports on IT and business technology issues from Norwell, Mass. She can be reached at

Page 2 of 2


0 Comments (click to add your comment)
Comment and Contribute

Your comment has been submitted and is pending approval.



 (click to add your comment)

Comment and Contribute

Your name/nickname

Your email


(Maximum characters: 1200). You have characters left.