Choosing an Antivirus Solution
Having studied malicious code defense, I am frequently asked the question: What’s the best antivirus product? My answer usually evokes a perplexed look. I routinely explain that security is a process, not a product, and that the best defense against malicious code is knowledge. After all, with new viruses appearing daily and the threat of zero-day exploits looming, it remains up to the end user to click on an infected attachment and unleash the potential disaster. While careful scrutiny of e-mail attachments goes a long way toward mitigating malicious code proliferation, there’s always the need for quality, up-to-date antivirus software as your first line of defense. Embracing the right product for your particular environment need not be a complicated endeavor.
Viruses, Worms and Trojan Horses
Malicious code is any program that acts in unexpected and potentially damaging ways. Malicious code can change, delete, insert and transmit data outside an organization. If that’s not bad enough, some types of malicious code will even insert a back door, allowing for outside entry into infected systems. The three most common types of malicious code are viruses, worms and Trojan horses. Since nearly all modern-day malicious code is mobile in nature, it will use e-mail, instant messaging and peer-to-peer (P2P) “file sharing” applications as transmission mechanisms. Malicious code can also be hidden in programs downloaded from the Internet or brought into an organization via removable media like diskettes or CD-ROMs.
An Ounce of Prevention
The best place to fight malicious code must start with detection at the gateway (i.e., your Internet connection). Then mail servers and individual workstations must be protected. Follow a checklist when considering the various antivirus products available:
- Look for antivirus software that features automatic downloading of updates.
- The automatic distribution feature frees your administrator from the hassle of installing updates on networked clients and servers.
- Install a virus scanner directly on your company’s own Internet e-mail server, or on e-mail servers that connect to your ISP’s Internet gateway.
- Be sure the product is ICSA (TruSecure) Certified.
According to TruSecure’s Web site, ISCA Lab’s antivirus certification program aims to provide the user community with products that:
- Protect from virus intrusion.
- Detect viruses on infected systems or media.
- Provide for recovery from a virus.
Here are some popular ICSA certified antivirus solutions for the detection of malicious code:
- AVG for Windows XP Professional (www.grisoft.com)
- AntiVir for Linux (www.hbedv.com)
- Avast32! for Windows 2000 Server (www.avast.com)
- eSafe Desktop for Windows 2000 Professional (www.esafe.com)
- eTrust Antivirus for Windows XP Server (www.my-etrust.com)
- PC-cillin 2000 for Windows 2000 Professional (www.trendmicro.com)
- Sophos Anti-Virus for Windows 2000 Professional (www.sophos.com)
- Norton AntiVirus for NetWare (www.symantec.com)
For a complete list, visit the ICSA Labs Web site at www.icsalabs.com/html/communities/antivirus/certi fiedproducts.shtml.
If your budget is tight, both Grisoft (AVG, see Figure 1) and H+BEDV (AntiVir) offer products free of charge for personal (non-commercial) use. In addition to the products listed, if you partake in instant messaging software, you would do well to consider downloading one of the free BitDefender antivirus messaging products available from SOFTWIN. These handy utilities work in conjunction with your primary antivirus software and are best used when your primary antivirus program doesn’t support the scanning of Instant Messaging downloads. They’re offered as a free download at www.bitdefender.com.
A final note, having a “healthy” operating system is an important first step in protecting against viruses, worms and Trojan horses. Since many worms exploit known vulnerabilities in programming code, one of the fundamental steps in protecting any computer from malicious code threats is to always have your operating systems, browsers and applications up-to-date with the latest updates and patches.
Douglas Schweitzer, A+, Network+, i-Net+, CIW, is an Internet security specialist and the author of “Securing the Network from Malicious Code” and “Incident Response: Computer Forensics Toolkit.” He can be reached at firstname.lastname@example.org.