Virus clinic: practical advice from community members

Community members have been sharing advice about dealing with the recent email virus outbreaks.

Continued...

» Register now

The full article is available to registered AccountingWEB members only. To read the rest of this article you’ll need to login or register.

Registration is FREE and allows you to view all content, ask questions, comment and much more.

Comments

Outsourcing your security -losing control

AnonymousUser | | Permalink

It ain't necessarily so. It ain't necessarily so.

Detecting and removing viruses at server level would protect not only those who fail to take precautions but also reduce the risks for those who do but are caught unawares. It could dramatically reduce their spread for the benefit of all. Individual users / businesses can / should still maintain their own on-site protection.

The problem as I understand it is,are people prepared to accept the price required to pay for the service?

Views from the User of a Stand alone PC

AnonymousUser | | Permalink

Very impressed by earlier comments!

It is very easy to blame anti-virus software for problems created by bundled utilities. I have read many stories of problems caused by Norton, which are in reality caused by other Norton Software which you don't have to buy!

When installing new software you are supposed to turn off other software running in the background -many users fail to do this!

Always remember that if someone is offering a "bargain" there is always a price to pay! Don't accept sweets from strangers! Don't accept or acknowledge unsolicited emails and don't open attachments without scanning!

There will be far more horror stories about market leaders but also far more satisfied customers. Internet Explorer / Outlook Express is freely available! It is true that many MVP's use other Readers!

AccountingWEB's picture

Virus protection - the options

AccountingWEB | | Permalink

The jury at present is out in relation as to how best to protect your email from virus infection. Statistics state that 88% of virus attacks are via email and rising.

There are 2 options avaiable to users.

1. Is to use a resident anti virus product on either an email server or to the desktop. This has been the normal method of protection to users for over the past 10 years.

2. The other is to use net resident scanning engines. These are fairly new to the market. These include mail warden, message labs and armour mail. All provide anti virus and some other form of protection usally anti spam.

They update their email servers constantly to provide the most upto date anti virus protection.

How you implement your anti virus strategy is dependent upon many factors , finacial the most important. Ideally you would use the classic resident anti virus software in conjunction with the new net resident screening services.

Your other factor is in admistration. Do you have the resources to effectivley admister your anti virus strategy. If not then the screening services may be more attractive.

My aim in posting is to give you an idea what is out there at present. For the record I am the MD of IP Engine Limited who provide the Mail Warden service,(www.mailwarden.com).My FD asked me to post to your forum to provide an understanding of how the market is reacting to the the virus threat.

A precaution to prevent a Virus attack is not to use Microsoft O

AnonymousUser | | Permalink

As well as being a Topic Expert in respect of the Solicitors Accounts Rules of The Law Society and an honorary consultant to the Office for the Supervision of Solicitors of The Law Society in England and Wales, I am also a Freelance Virus Consultant.
It has been known for some time that Viruses, Trojans, and Worms are more often written to travel via Outlook or Outlook Express. My recommendation has always been to utilise the Address Book within your Internet Provider, and to take receive and write your emails direct through that provider, and not download them to Outlook or Outlook Express.
The instructions within the program of "Copy" often activates the Virus infection, whether that command is activated by the User or automatically by the Software.
It is imperative to subscribe to Updated Virus prevention Software package that advises you of the issue of downloadable identity files by email, such as that provided by Sophos.com, also you should not pass on emails advising of Virus Alerts received from other sources unless you have checked with the Sophos site whether or not they are genuine or hoax alerts, as this increases the email traffic.
If uncertain from whom the email is received, either download the file to a floppy diskette, write protect the floppy, and virus check it. If infected, reformat the floppy.
If the email includes a download, be especially careful that the file is not notated as "*.*.*" -- the name + a dot + the word 'pif', 'doc' or other extension + a dot + another extension -- usually signifies a possible virus inclusion.

AccountingWEB's picture

Practical and cost-effective tips

AccountingWEB | | Permalink

I run a web hosting and design company as well as an accountancy service (!). We are vulnerable to virus problems as both businesses receive various scanned documents and attachments by email.

Norton Antivirus is difficult to configure and alters system settings. We found it offered little or no protection against virus attacks. I would not recommend it.

Now we have a combined strategy - virus scanning at our ISP, anti virus software on our system and a firewall.

Our antivirus software is linked into our email server.

Always-on PC systems linked to the internet and Windows machines running IIS (Internet Information Server) are particularly vulnerable to hack attacks and trojans - which are as disabling as virus attacks. Any protection strategy should also include a firewall.

We implemented this after "catching" Code Red and have so far, avoided the latest virus\hack problems. Our firewall shows our system is frequently "scanned" for open http ports by hackers searching the net for open smtp relay and other hacks.

This set up is not expensive - our AV and firewall options cost less than £100 per year plus hosting costs.

If required, we can provide hosting on Windows 2000 servers for domains requiring AV email scanning - email only or full website. We can also assist with pointing people towards AV and firewall software for download off the internet - the first 60 days AV service is free and the software auto updates every week to maintain relevant definitions.

If you have low email traffic, try diverting your messages through Hotmail - all email is virus scanned there for free.

Just set up a forwarder on your email domain to your Hotmail account.

Norton Anti-V and other stuff

AnonymousUser | | Permalink

I use norton anit-v 2001 on a desktop pc and would make the following points:
firstly just a moan - when i first got the product (preloaded on my pc) it caused my system clock to malfunction
- i eventually traced it to Norton and downloaded a patch to fix this
it's shocking that it could be sold this way especially on a pre-loaded new pc
It took me several hours to find the prooblem and then do the fix

now some info i have found:
if you set up a new email account in outlook express, norton does not automatically include messages received on that account - you have to go in and check settings for email specifically

it is easy to forget to update the norton "engine" as well as the virus definitions - as you have to tick a different box - it seems that the engine may be out of date and then falsely report that the latest virus definitions have been loaded when in fact they have not. i recently updated teh engine part of the software and it now states on screen that you need to connect several times to get all the updates and cannot assume that the first download completion is actually a complete update.

other stuff not norton specifically
freeserve email - they seem recently to have barred all .exe attachments - although this does not protect you completely it is of some use for freeserve members (also some hinderance too !)

windows scripting host - apparently this is widely used as a mechanism for attacks on pc's. it can be turned off on your pc without loss of functionality for most users (obviously some software uses it and you may find you need to turn it back on)
details on how to do this are on the norton website - an automated program can be downloaded to simplify turning it on and off
- this is a shortcut way of blocking alot of viruses

I agree with the person who commented about using non Microsoft email software. Not everyone has the choice of course but if you do, there is an excellent product called Eudora that you can download for Mac and PC which has been around for years. www.eudora.com
It will happily co-exist with Microsoft and Netscape web browsers (and email software if you want to leave those on).

Messagelabs.com - I have found that many of my colleagues in large organsations are using this outsourced virus scanning service - with very promising results - where they have been spared from infection that others have caught - it is comparatively expensive and is designed for those running their own mailserver (hence not domestic or SME users ) but it might be something that a group of practices or a larger practice could investigate as a solution for business use.

AccountingWEB's picture

Use an ISP that cares

AccountingWEB | | Permalink

In addition to running Norton and Grisoft all the time and IPE occasionally my virus protection starts at my ISP.
I use Cix (now Nextra)who use a product called
Brightmail to scan messages for viruses
before they go into the POP3 mailbox.
If a virus is deected you get a message to say
so. They also scan outgoing messages and
if a virus is detected return them to you
instead of delivering.
As a last feature they bin anything that they recognise as junk mail into a special area from
which you can retrieve it if you really want to.

AccountingWEB's picture

manual fix for latest virus which Norton cannot fix

AccountingWEB | | Permalink

latest virus to hit us at www.premiertraining.co.uk results in the infected machine being unable to boot up and Norton Anti-Virus appears unable to repair a file called "c:/windows/system/kernel32.exe".

The solution is to boot into DOS using a windows startup diskette and then manually deleting the file which is not a "genuine" Windows system file at all, but is in fact the virus.

For those unfamilar with DOS the commands starting at the A: prompt are as follows:

C: (this switches you to the C: drive)

cd windows (this puts you in the windows directory)

cd system (to switch to the system directory)

del kernel32.exe (this deletes the 'bad' file)

follow this with Ctrl-Alt-delete to reboot and all should be well

dennismiller's picture

Use a different email program

dennismiller | | Permalink

I was sent what was probably the BadTrans virus several weeks ago by a client and I went to open the attachment. Nothing happened. I use Netscape rather than Outlook and those experts that I have spoken to say that this virus only attacks Microsoft.

What better reason for changing to a far superior product!

I was also advised to install a virus scan program, free download, from Grisoft.com. It seems to be working perfectly ok (at the moment!)

TAKE CARE ON JEFF'S MANUAL FIX

cbales | | Permalink

Do note that Kernel32.dll is a necessary Windows System file so do take care to differentiate between the .exe and the .dll type suffixes.