Good Grief, Another Virus?

Of all the most useless, time wasting activity that IT spends its life at is removing viruses from corporate systems and networks. It’s a mind boggling, grief stricken task for any IT administrator to go through, especially when the virus is so embedded into the network system, that it is a losing battle to sanitise the company. Most IT admin prefer lobotomy than to go through this thankless task.

We don’t usually clean viruses and worms for our clients, but at times end up doing it. It takes a lot of time, and we usually diagnose on the severity and the spread. In some cases we recommend a low-level format on the drive and reinstall new. But most worms now reside on the network and even if we clean or reinstall new, sooner or later, it gets sick again. The only way is to do an overall purge, meaning, every single desktop needs to be scanned and disinfected.

We’ve been helping out a client on this, and basically, the haphazard sharing of files and such has caused unmitigated disaster in the form of autorun.inf files propagating through the systems via shares, and then auto loading the payload. One of the mischievious things this virus does is to hide all the files so that we think that everything is deleted.

It’s a losing battle. In our previous battles with viruses, we decided to euthanise most of the old laptops that had viruses and buy new sets, reformat and reload our servers. We even moved our office physically, and set fire to our old office, watching all 22 floors go down in a blaze of glory. Of course not. It’s arson. And it’s illegal. But we did move office, because our rent got too high. Landlords are also another form of virus at times, but that’s another story.

Anyway, the term prevention is better than cure applies to viruses in IT terms as well as in health terms. The best way is not to get sick. And here are some practices for companies:

1. Get a good antivirus. Not one of those free AVG or whatever. A paid one. Kaspersky, Norton, we don’t care. Most of them are more or less the same, and works on most virus.

2. Update your OS. I hate to do it, because Windows releases updates like crazy, but we bought windows and agreed to be part of the guinea pigs to fix their systems so….

3. Host firewall. Your computer should have a firewall. Get one.

4. IT admins shouldn’t give admin rights to normal users. It’s like giving the keys to Candyland to a kid.

5. Secure your perimeter. This means you are at war. Don’t expose yourself to the internet, secure all systems that faces the internet.

6. Control your DNS. Most viruses infect your DNS, force you to a website, download the payload and execute. In PKF, we firewalled all DNS requests out (even Google ones), except to the approved DNSes we have. So if someone contacts a rogue DNS, it’s blocked.

7. Control your internet access. Most users have no idea that www.persiankitty.com isn’t a site to adopt cute kittens. Kill it. Get a webfilter tool and make sure your policies are pushed out to all desktops/laptops with internet access.

8. Educate your people. People are the weakest link to corporate security. Teach them that they are not supposed to click on strange links on emails, accept any file transfers from skype, open attachments, or engage in Professor Muzazoagabe from Nigeria who wants to pay them a million Euros, but require 1000USD to release the funds.

9. Use strong passwords. No, Iloveyou is not a strong password. Neither is 1234, or password123.

10. Document and have policies. Countless companies fail to have proper policies to address issues like this, and users are not govern in how they are supposed to conduct themselves.

11. Monitor! The best prevention is to rabidly monitor your systems and network as well as software on devices. Have a proper asset listing, software management system and patch management system.

12. Finally, and we’re not selling here: Do your IT audits and Penetration testing! It’s like saying I don’t need to go for a health checkup since I’m fine. By the time you are not fine, it’s too late.

Drop us an email if you need more information on how to stay well, or get well!

Leave a Reply