Earl Consulting Services, LLC.

Security/AntiVirus Software

Computer virus infestations can get ugly. They can bring a network to its knees and compromise your most critical corporate data. Clearly measures need to be put in place to deal with this potential menace. Antivirus software is but one layer of a comprehensive antivirus strategy. This article will detail antivirus software and provide a brief outline of a broader antivirus strategy.

Many companies create antivirus software and all this software have characteristics which they have in common. Most people are familiar with virus definitions which must be obtained from the manufacturer of the software and contain new information about viruses known in the wild. Reliably obtaining these definitions is critical to maintaining proper defense against viruses. Usually it is necessary to maintain a subscription to continue to download these definitions. Also of critical importance, but not as widely known, is the importance of maintaining the version of the antivirus engine. New versions are created all the time. These versions contain updates which provide the software with new ways to find and remove viruses that are hiding in your system. Without regular updates to the antivirus engine, your software will lose its ability to find and remove the latest viruses. In fact, for those of you who have antivirus software from 2006 or earlier, I'm going to go out on a limb and say that your antivirus software is providing you dubious if not zero protection against modern viruses.

For maximal benefit, corporate antivirus software needs to be a client/server application where the software comes with a server component that you install on one of your server computers in the organization. The server component provides a single view of the entire network's virus defenses. The administrator can see the version of the virus definitions, the version of the antivirus engine, and see if any viruses have been detected and if they were successfully removed. Having this centralized point of administration is critical, as without it the administrator would have to walk to each computer to ensure the client were up to date and virus free. In fact, if there is no centralized server, issues with antivirus definitions, engines, and infections often go undetected for long periods of time and open your systems to undue risk.

Another important aspect of selecting an antivirus product is the performance impact it has on your systems. Nobody wants software that slows down your computers. Rarely, you may also encounter antivirus software that conflicts with some other software that you use. For these reasons, it is important to thoroughly test trial software in your environment when selecting an antivirus product or rely on the expertise of an experienced network engineer.

A broader antivirus strategy would also implement many additional measures. These measures include implementing antispam technology so the magnitude of spam in your organization is reduced. Spam is a major source for viruses. Windows Updates need to be maintained on a regular basis on both servers and workstations. Viruses often enter your system by way of known security holes. Windows Updates closes these security holes so viruses cannot exploit them. Lastly, you should configure your user accounts, where possible, to not run as administrators. If your users have administrative rights, viruses will be allowed to install themselves and potentially obtain full control of the computer. Instead configure your users with standard user accounts. Finally the importance of training your users with strategies to avoid the common virus sources cannot be overstated.

Additional software and hardware can also be purchased to further mitigate your risk depending on your needs. If you have your own email server, you may wish to obtain antivirus software for this server. This software is distinct from the basic antivirus software installed on the server. It works specifically with email servers and scans the email within the server to eliminate viruses in email before they even get to your desktops. You may also wish to obtain a UTM (Unified Threat Management) Firewall that will scan email and web traffic coming into your environment before it gets to the desktop. With these additional technologies in place your environment can have 3 levels of antivirus protection.

For optimal security, you may wish to implement all of these measures to ensure a secure environment. You should discuss these issues with your system administrator or contact Earl Consulting Services for assistance implementing a comprehensive strategy.