Viruses!

From Bob's Desk
June 2001

Another CIM-Data customer got hit with a virus last month (actually a worm). As we wrote in last month's issue of CIM-Sphere, more and more of our customers are starting to get on the net. There also seems to have been a lot more virus activity than usual in the last six months. More and more people are getting on the internet, more email is being passed around, and probably most people who start on the net aren't aware of how important AntiVirus protection is.

This month, we will give a preliminary report on Norton AntiVirus Corporate Edition 7.5 Solution Suite. We will continue next month with additional reports.

Free Network AntiVirus Protection
Computer Associates is offering free downloads of their InoculateIT product. If you aren't convinced you need AntiVirus software, at least get this one downloaded into your Internet machines and get a little experience with AntiVirus Software. Their site is at http://www.ca.com.

AntiVirus Test File
If you want to test how good your AntiVirus software is, a test file is available from http://www.eicar.com. The file contains a sequence of 68 characters that should be detected as a virus by any Antivirus software. The file is NOT a virus and is probably perfectly safe on your machine. (Mind you, I'm sure a hacker would think it a great joke to hack into the site and substitute the files with a real virus!)

Report on Norton Enterprise Solution Suite
We have had good success with Norton AntiVirus software for a number of years and were glad to discover that their new Version 7.5 has just been released.

The licensing policy on this product includes both server and workstation licenses for ten users or more for about the same price as the older Norton AntiVirus for Servers 4.0 that included only one server license. This makes this product a reasonably priced piece of protection.

There are two things to be said about Norton 7.5 up front: First, it is a very comprehensive, professional, and polished product, although still new. Second, is that it is big, complex, and not easy to understand. It takes about two to three days for a system administrator to figure out which options to use and what to install in what order. It is designed for large user networks with hundreds of users and in-house support staff.

We have prepared a simplified Step by Step Installation Guide for customers that purchase a 7.5 License from CIM-Data, that helps take much of the guess-work out of installation.

Centralized Workstation Control
The main advantage with the Corporate Edition is that you can control all the workstation AntiVirus Software from the server.

The scheduling of Disk Scans, the actions to be taken upon discovery of a virus, and control of the workstation configurations can all be done on the server. In fact, new Virus Definitions are automatically downloaded by the server and pushed out to the workstations on a daily, weekly, or monthly schedule, as you choose. 

In addition, your network can be configured to force installations of AntiVirus software on every workstation that logs onto the server automatically. And since users can be locked out from modifying their own settings, you and your users don’t have to worry about someone disabling a needed feature accidentally.

This centralized management capability ensures that AntiVirus protection is always properly enabled on the network and that all workstations have the latest Virus Definitions.

Virus Sweeps
The server can define daily virus scans for all the workstations to start all at the same time, say early in the morning, to make sure that any viruses are detected and cleaned all at once, preventing a virus from hopping from machine to machine. Real Time scans detect viruses on the fly as files are opened or closed or copied to or from a machine over the network.

Virus detection is instant and well reported. If you do find a virus, you can look it up in the Virus List and find out about its characteristics.
 

Click on image for larger version

One really cool feature is the "Virus Sweep". If you've actually found a virus and want to make sure it hasn’t gone anywhere else, you can go to your Primary Server, and with one mouse click, you can start a simultaneous scan on all computers in your network all at the same time to check them all!

Scan Email Attachments
Both incoming and outgoing attachments can be checked if you are using Lotus Notes 4.5x, 4.6, and 5.0; Microsoft Exchange 5.0 and 5.5; Microsoft Outlook 97, Microsoft Outlook 98 (MAPI only, not Internet), and Microsoft Outlook 2000. For other packages (Outlook Express), the attachments are checked as the file is read or written to disk.

When a virus is found, Norton can insert a warning message right in the email telling you it found the virus and what it did about it. In addition, if the virus is found in an incoming email, Norton can automatically send a reply back to the sender cautioning them that they sent a virus!

Email Protection at the Gateway
Also included in the software, is a Gateway version that runs on your Internet server and is compatible with proxy servers and firewalls. It scans your email attachments as email arrives or is sent. This provides protection before email even gets to your workstations. It doesn’t sound like Norton has heard of the word “overkill” and honestly, the more protection you can add, the better.

Advanced Features
One other interesting feature is the Quarantine and Reporting option. If this is installed, and Norton thinks it has found a new virus, the affected file can be "quarantined" and emailed to SARC - the Symantec AntiVirus Research Center - for investigation and possible inclusion in the next set of Virus Definition Files released by Symantec.

Norton Corporate Edition comes with one year of free AntiVirus Updates. There is an annual charge after that. Terminal Server is not yet supported but Symantec is apparently working on adding that capability.

Summary
If you are looking for a complete AntiVirus solution, this product is reasonably priced and should provide thorough network protection. The bigger your network, the more important it is to consider a product such as this.