www.vmyths.com/index.cfm: Can't tell your AOL4Free.com from your Love Bug? VMyths.com, Rob Rosenberger's virus myths home page, will help you separate fact from fiction.
I remember recruiting new staff to address virus issues and interviewing a string of ex-military and intelligence types. Short haircut after short haircut explained to me that the way to eradicate the virus threat was simply to remove all floppy drives and CD-ROMs from all machines, disable Internet access and discipline anyone caught with a virus on their machine. We could never get away with that.
The business benefits we derive from allowing documents and spreadsheets in and out of our environment far outweigh the downside of the rare virus epidemic that overloads the e-mail system or of the requirement to go to backups to recover some corrupt files after an infection.
Of course, we work to reduce the risk as much as we can. But best efforts don't give us 100% protection; every system has a chink in its armor. Once in a while, a new virus finds a way through our lines of defense.
In the good old days, it would take many months for a new virus to become a global issue, leaving plenty of time for virus updates. Today, a hacker can execute a few mouse clicks using a virus generator tool kit and make headlines on CNN the same day.
In response, vendors have developed faster ways to deploy updated signatures. Most are now Web-enabled with automatic updates and central management consoles. Their deployment packages, which push protection onto user desktops and servers, could teach intrusion-detection system (IDS) vendors a thing or two.
Most IDS deployments require you to visit each machine in turn. That's fine when you have five machines in a demilitarized zone, but what if you have more than 4,000? Even with these improved tools, it still takes a lot of effort to deploy a new signature to every desktop. If the machine is turned off or the user has disabled the virus checker, then you're still exposed.
As the number of virus signatures grows, the desktop virus scanner runs slower and slower, tempting users to disable it. Vendors have tried to work around this by limiting what they scan: They usually just look for program files -- the .exe, .com, .vbs and .doc files known to contain viruses. This means that, even with all the latest signatures loaded and the desktop antivirus software enabled, infected files can still get through undetected. So we can't trust the desktop to be timely or even there at all. We have to have gateway protection as well.