 |
| . |
|
Navigation |
| Research |
| Marketing |
| Communities |
| Net Tools |
| Security |
| Seminars |
| Our Services |
| Search |
| . |
| Bookstore |
|
Check out our bookstore, operated with our associate, Amazon.com: |
 |
Net Q & A
Question of the Month: October 2001
What Should Solos and Small Firms Do to Protect Against Computer Viruses?
Answer
This is an excellent question, one
that is often overlooked. Most
writing about anti-virus measures seems to focus on large firms. That is where the money is, but most law firms don't have their level of
monetary and technical resources. For
many lawyers, it’s a story of "do it yourself, or it won't get done.”
Exercising the following precautions should greatly reduce your risk of
virus infection, without demanding too much of your time:
1. Exercise extreme caution about
opening attached files.
If the attached file is a program, a
script, or a data file containing a macro, it can completely take over your
system and do anything you could do.
Just because the message appears to
have come from someone you trust does not make it safe. Some of the most
contagious viruses (like "I Love You") spread by taking control of the
victim's e-mail program, and then sending copies of themselves to addresses of
new victim's from the first victim's e-mail address book.
2. Get good antivirus software, preferably a brand that reminds you when updates are ready and downloads them with little or no effort on your part.
Updates are needed because new
viruses are being developed all the time, and software does poorly in detecting
new ones until their "signatures" are added via an update.
Which brand to choose? Norton
Antivirus is a longtime popular favorite. The F-Prot brand (now called F-Secure;
from Iceland) performed by far the best in tests when I researched this in-depth
for my book, but 1998 is a long time in this field; they may no longer be the
best. PC World's testing in 2000 preferred Panda brand, but not be a great deal;
probably well within the margin of effort for this notoriously difficult-to-test
subject:
http://www.pcworld.com/howto/article/0,aid,55803,pg,4,00.asp
There are many other tips that could
be provided, but those two probably have the highest ratio of protection to time
invested. Those who are interested in a higher level of security and have time
to invest in achieving it will find additional ideas in this article and the
ones at the bottom of this column:
http://www.pcworld.com/features/article/0,aid,34703,00.asp
One last idea, though: When selecting software, remember that Microsoft products tend to be by far the most vulnerable to viruses. This is particularly true of MS Word, MS Outlook (the e-mail program that comes with MS Office) and MS Outlook Express (the e-mail program that comes with later versions of the MS Internet Explorer browser. For example, just a couple of years ago, 80% of all virus infections were from viruses that could ONLY be transmitted through MS Word files. The reasons for this are explained in an article at my web site:
http://www.netlawtools.com/security/word_vir.html.
Tech guru John Lederer, someone I respect a great deal, recently estimated on the ABA Law Tech online discussion group that “not running Microsoft applications eliminates somewhere around 90% of all viruses and not running a Windows OS kicks that up to 99+% -- far more effective than any virus scanner.” Not everyone is ready yet to move to Linux or another non-Windows operating system to get to the 99+% security level, but failing such a drastic move, you can cut your risk a great deal by avoiding Word, Outlook and other MS application programs.
It is frequently assumed that so many viruses target Microsoft products because they are so common in the marketplace. There is probably some truth in this excuse, but it overlooks a more fundamental cause: technical vulnerabilities seem to be built into Microsoft products more frequently. As best I can determine, this seems to be due to marketing pressure by Microsoft managers. They like to build in new “features” that they can tout in ads, especially in ads directed to the technical support people at large businesses. Many of these features let one computer take over another, through the use of macros or scripts. This may work well in a world where everyone is benign, OR everyone has a well-trained technical staff that can keep all anti-virus software up to date and instantly download every bug fix that Microsoft releases. In the real world, Microsoft’s approach is a disaster, or, more accurately, a series of disasters. One computer security fiasco after another centers on vulnerabilities in Microsoft products.
Because other types of viruses have
become relatively more common, MS Word is no longer the predominant threat that
it was, but it is still dangerous enough. The two versions of Outlook have more
than taken up the slack. They are particularly vulnerable to virus infection.
If you think you must use them for some reason, at least turn off the
"Windows Scripting Host" feature. This story tells how:
http://www.zdnet.com/products/stories/reviews/0,4161,2568111,00.html
MORE INFORMATION
PC World, "Kill Viruses
Before They Infect Your System," http://www.pcworld.com/features/article/0,aid,32802,pg,8,00.asp
PC Magazine, "Avoiding MS
Word Viruses," http://www.zdnet.com/products/stories/reviews/0,4161,2682118,00.html
|
Send us your questions. We'll select the best each month and answer it here. On request, questions will be edited to conceal the questioner's identity.
|
|
View Q & A Archives. |
This page last revised: September 28, 2001.