Anti-Virus Help

Pan-Am believes in strong computer and network security, but also believes you can achieve it for less than many so-called 'experts' say. Often, the best anti-virus software sits between your keyboard and your chair.

To this end, Pan-Am uses and encourages common sense when designing a network security solution.

Most of the wisdom and common sense on this help page comes courtesy of vmyths.com and copies are kept here with their permission. Rob Rosenberger, considered one of the most feared critics in the anti-virus industry, narrates in these audio clips. I'll be filling more clips in as time allows.

Some 'Magic Bullets' for fighting viruses

Experts will tell you there are no 'magic bullets' to stop viruses. Yet there are some magic bullets. These links are to audio clips from a minute (1 MB) to two minutes (1.25 MB) long.

• Anti-virus software should detect 'double-extension' exploits. Filenames that end with '.TXT.VBS' are almost certainly destructive programs, or why would they try to hide the file type behind a false filename extension?
  Updated versions of Microsoft Outlook 2000 and later automatically block nearly all executable file types, including .VBS, so you can open e-mail messages without accidentally opening executable attachments. Administrators of Microsoft Exchange 2000 servers can add additional filename extensions to the 'blocked' list.
• Anti-virus software should detect a generic Microsoft Word macro virus. MS Word documents can't contain macro code - only templates (.DOT) files can. MS Word macro viruses propagate by saving a file with a .DOC extension even though it's really a .DOT file.
  Like Outlook 2000 above, modern versions of MS Word will catch templates masquerading as documents and let you open the document without running the macros.
• Anti-virus software should change your security settings for you. Security experts recommend many well known changes to your computer's security settings, yet there aren't any automated tools to make these changes for you.
  Even more annoying are applications that won't work properly after you make those security settings. You should test programs you intend to use in a non-privileged and secured user environment, strongly encouraged in Windows 2000 and XP, before making that purchase or signing that license agreement.
• Anti-virus software should keep the important detection data they generate. Only now are anti-virus firms beginning to measure the impact of viruses and anti-virus software. We've lost over sixteen years of virus data, and we didn't lose it because of a virus.
  Modern anti-virus software can be set to log all virus checks for later analysis, so you can begin to measure the impact on your network just by throwing a single switch.
• Virus experts should agree on a virus naming convention. Even the experts get confused from time to time because of this. Even if there isn't yet a standard naming convention, your firm could standardize on the naming convention used by your primary anti-virus software vendor. Just be aware that an expert outside your firm will need to know whose convention you standardized on.

Dealing with Virus Hysteria

When virus hysteria strikes, remember these truths. These links are to audio clips from a minute (1 MB) to two minutes (1.25 MB) long.

• Panicky users will overwhelm anti-virus vendors. Not even your anti-virus vendor has enough resources to service the entire planet with updates and technical support.
  If you include profile-based virus detection, such as looking for double-extension filenames, generic macro viruses, etc, you'll be able to catch viruses before they exist. Your anti-virus vendor will thank you for asking for it, and saving them the bandwidth.
• Watch out for False Authority Syndrome. It's an easy trap for anyone to fall into, from CEOs to average users to news media. Don't take Chicken Little for face value.
  NOTE: Pan-Am doesn't claim to be staffed with virus experts. We just claim to employ common sense.
• Hysterical alerts may clog up your network. Your own staff may cause more damage by simply panicking about a virus than the virus can itself, by e-mailing the 'All Employees' address in your corporate address book.
  If you really have a need to forward a virus alert, vmyths.com provides a reporting address for just that purpose.
• Don't ask why the virus attacked so quickly. Ask why the virus attacked at all. Does your firm still react to viruses after the fact?
  Generic, Profile-based, Heuristics based, detection of viruses does exist, and vendors would gladly sell you such a solution. You need only ask for it.
• You're addicted to anti-virus software. Remember when the experts asked us to 'shoot-up' our PCs once every three months? Why are they now telling us to get our anti-virus fix multiple times per day?
  As Rosenberger says in the clip: 'Maybe we need to update our anti-virus experts.'
• Bill Gates doesn't sell anti-virus software. Remember the old joke? 'Powerful software, cheap price, great security. Choose any two.' Microsoft doesn't sell a secure operating system because no one wants to buy it.
  Actually, you could buy security with the operating system (Windows 2000 or XP Professional) or go with an even less expensive non-Microsoft platform whose vendors offer better support than Microsoft provides for Windows.