Viruses A Weak Threat? Think Again

Last year Quest Inc., an 18-year-old Sacramento, Calif., technology consultancy, experienced no significant downtime from virus attacks on its network security architecture.

So why, when its antivirus software license expired late last year, did the $100 million company undertake a thorough examination of the latest technology designed to zap productivity-sapping viruses?

Sheer volume. The number of viruses received by computers in Quest’s network skyrocketed in 2000 over the previous year.

While none had a major effect, network administrator Stephanie Buckmaster was concerned enough about the increase — and the time required for her staff to distribute virus updates and security patches to the company’s 180 employees in three offices — to spend time and money to determine which antivirus system would work best for Quest.

After scouring the market, Quest bought the Norton Antivirus Solution V7.5, sold by Symantec Corp. of Cupertino, Calif.

Not only was the product highly rated, Buckmaster said, it met the company’s criteria for ease of use, manageability, and price.

“The vendor was also quick to jump on the opportunity to partner with us and help install the software and train users,” she said.

Quest installed the antivirus software on about 160 devices, including workstations, laptops, and both e-mail and data servers.

Quest is one of many organizations realizing they’ve got to take a broader look at the process of keeping malicious code from infiltrating their networks.

Even if fighting viruses is not as sexy a security technology as firewalls, intrusion detection, or other techniques flooding the market, it’s vital.

Why? More than a decade ago, industry reports of antivirus activity occurred one to two times per month.

Today, 10 to 15 viruses are reported each day, said David Perry, public education director at TrendMicro Inc. in Cupertino.

And while 96 percent of all enterprise desktops are protected with antivirus software, viruses continue to pose an enormous security threat.

The problem has escalated largely because of the growth of points in a network where a virus can infiltrate — mainly proliferating numbers of file servers, e-mail servers, and Internet gateways.

Viruses exploit security holes in operating systems or applications, and the greater the system’s complexity, the greater the likelihood of a breach.

Viruses are also commonly introduced when mobile workers or telecommuters install floppy disks brought from home.

Most famously, hacking has become a competitive sport, with many hackers viewing the authoring of new viruses as more challenge than crime.

Viruses are the most frequent security breach that enterprises face on a daily basis,” said Arabella Hallowell, senior analyst at the Gartner Group of Stamford, Conn., who ranks antivirus software among a company’s most critical investments.

Any organization not staying on top of virus fighting risks serious losses. Just look at the data: Computer Economics, a Carlsbad, Calif., research company estimated that losses due to the iloveyou attack in May 2000 cost businesses $6.7 billion in one week.

On average, the firm calculated, productivity loss for each desktop infected by the virus averaged $1,500, with three to four days of downtime.

So it’s no surprise when industry watchers describe antivirus security as moving out of the stepsister role in which it’s languished in the security software family.

A New Approach

The newest trend: a multi-level, multi-point approach. Vendors like TrendMicro, Symantec and McAfee, a subsidiary of Network Associates of Santa Clara, Calif., recommend that network managers ramp up antivirus security to defend more vulnerability points such as file servers, desktops, Internet gateways, e-mail servers, and firewalls.

Additionally, antivirus protection is about more than software. It’s about centralized management — that is, knowing all systems in the IT environment and ensuring that all security data are updated and the latest virus signatures deployed.

The antivirus solution previously used at Quest required a technician to spend about a day each week managing the software.

The technician had to get antivirus updates and e-mail them to users on a regular basis, help users install them, confirm that they were done correctly, and fix any problems.

Now all that is managed centrally, with updates pushed to users’ desktops through the corporate network.

In addition, Quest’s 50 notebook users — who formerly had to receive updates from network administrators during their infrequent office visits — now receive automatic updates whenever they connect to the Internet on the road, or when they connect to the office network.

Quest considers such control the key to its antivirus system. “Ninety-five percent of the management is now automatic,” Buckmaster said, making oversight far more efficient.