First, if you haven't already done so, I recommend that you read one of my previous papers, "Virus prevention in a Microsoft network, or How to stand a chance". I discuss there about what an effective virus detection scheme should look like in order to be effective in a networked environment. This goes far more than just say "keep your antivirus up to date", but more specifically about the many ways to get this done, along with optimized configuration and information gathering, all done remotely. I also explain how such a setup saved my hide when I made a close encounter with WormExplorerZip. A must read for all NT admins and support personnel.
If you've read my paper, you know that I strongly suggest to anyone to cease to use any version of Outlook (Express). For over a year or two, most of all new viruses are specifically designed at exploiting flaws in Outlook, achieving outbreaks of proportions never seen before. That means that unless a virus also has a local payload, if you're not using Outlook, you're immune, even without any antivirus software! So, if it's so easy to protect from it, then why is millions of computers infected every time? Simple, they didn't learn their lesson and they're still using it. The day after I published my paper, the following article was published at www.herald.co.nz (reproduced here at http://www.geocities.com/floydian_99/news1.html). It's about a new vulnerability in Outlook Express that enables e-mail viruses to be activated without anyone even reading the mail, much less executing attachments. So this means that even if you practice safe computing, you're not safe enough if you're using Outlook Express. Convinced yet?
And never forget that no antivirus software can effectively catch a never-seen-before virus. Not until next update...
1. Internet, the past 5 years
3. Some quick talk about DoS and DDoS
Table of contents