E-Business
Issue No. 16 - April/May 2004
Sooner or Later
Our Internet connection is through a firewall that limits traffic to specific types, and to and from specific addresses. We track break-in attempts at the firewall, and receive an average of 17 break-in attempts each day.
All our PCs are fitted with current virus scanning software, and the virus detection signatures are updated automatically every hour. (We use eTrust InnoculateIT from Computer Associates.) This may seem excessive but viruses can move through the internet very quickly, which is why our virus protection vendor’s tech team operates 24 hours each day, seven days each week to analyse new viruses and work out detection masks and cure actions as soon as possible. We don’t pay any extra for this service, that’s just what they do. We also run a virus scanner on the email server to catch viruses and worms coming in by email.
Interestingly this rapid automatic signature update has saved us three times already this year. Like many folks, I often check my emails first thing of a morning, and sometimes see reports of new viruses in computer security bulletins like those from CERT; the Computer Emergency Response Team and AUSCERT, their Australian counterparts. Sometimes the next message is one actually containing an instance of the new virus or worm described in the bulletin, and each time so far the virus detection signature has arrived and been installed on all our PCs before the first instance of a new virus hits us.
Many other organisations we deal with have not been so lucky; I know because when they get infected, their PCs often start sending copies of the virus to everyone in their address book, including me.
About four years ago, I noticed my PC apparently doing things when I had not touched it. Lots of disk and network activity, judging by the flashing lights on the front. I was curious so I looked further. My PC was sending hundreds of megabytes of data containing who knows what to who knows where, and yet the process t...
