I have always maintained that your response to malicious code should be aimed at a more basic level. For all users you can make the case, there should be no reason why they should have the ability to download or copy new executable code onto their PCs. Why should this be the case? For three good reasons: firstly because of the threat of malware (all malicious code is executable by default). Secondly, because as an organisation you would want to control the use of program material used to that of properly licensed software. Thirdly so that you can properly test any new software to be run on your PCs and networks for its correct operation and that it does not conflict with any other currently installed program. Why do we continue to allow users this freedom? I think mainly because of the myth that without the ability to be able to introduce new executable code the PC and or its installed software will not function correctly. Well this myth is long out of date and needs revision. It is perfectly possible to control a network of PCs in this manner and in doing so drastically reduce the threat from malicious code without the overhead of having to keep this method of protection updated on a monthly, weekly, daily or even hourly basis. The "KISS" principle applies (Keep It Simple Stupid) to computer security just as any other.

New Improved Approach

Interested? Well I hope so, since we have many reported incidents of attacks where networks protected with this type of defence remain intact and "clean" whilst others under the same administration but without the benefit of this protection get infected with the latest virus or worm. Routine installation of new software or software updates can be performed by the administrator with the protection in place on a single PC or by means of a software distribution package to the entire network. I'm not suggesting for one moment that you throw away your anti-virus software, it is still useful and another level or layer of protection. What it does mean is that you will finally be using your anti-virus software in a way it was originally conceived it would be used (to detect a known virus that you have either isolated or trapped). AV software was never designed to be a security barrier, as you know it's only as good as its last update and even then as you have learnt here that might not be enough.

Conclusion


There is a better way forward, security as always is never just one product or technology but layers of defence. I strongly advise you to look at other means of protection to use in conjunction with your anti-virus software if you want to remain virus free into the future.



Reflex Magnetics Ltd are exhibiting at Infosecurity Europe 2004 which is Europe's number one IT Security Exhibition. Now in its 9th year, the show features Europe's most comprehensive FREE education programme, and over 200 exhibitors at the Grand Hall at Olympia from 27th to the 29th April 2004.