ZDNet UK

CBS INTERACTIVE UK BUSINESS SITES:
BNET UK
silicon.com
ZDNet.co.uk

You are here: ZDNet.co.uk > Resources > Articles > Comment

Comment Articles

How cooperation can beat viruses

Robert Vamosi CNET News.com

Published: 16 Apr 2004 14:35 BST

Throughout this latest swarm of Netsky and Bagle computer viruses, I've been trying to dream up a way we can all work together to reduce the number of viruses and worms spread on the Internet. It's not easy. Most of our current computer security strategy is based on after-the-fact mitigation, and we don't focus enough resources on prevention. Sure, good networks are built on trust, but no matter how many firewalls and antivirus scanners you install, it takes only one Typhoid Mary computer to infect a whole network.

Back in the 1980s, the way to avoid computer viruses was to ask, "Whose floppy disk am I loading onto my computer?" Two decades later, we should be asking instead, "Whose desktop, laptop, or PDA is connecting to mine? Should I trust that individual to have installed proper patches and antivirus protection?" In most cases, the answer is no.

The MSBlast example
How big a problem is connecting to an unpatched computer? Big. Last August, the network worm MSBlast ripped through home computers and corporate workstations alike. Large companies should have been immune; after all, they have gateway firewalls and gateway antivirus protection to protect the entire company. But MSBlast was especially pernicious. It didn't spread via email; instead, the worm passed through open ports on vulnerable Windows 2000 and XP computers. Many companies and universities protected their perimeters well against MSBlast, but they didn't patch every desktop on the inside. All it took was one infected PC connecting from the outside to that unprotected internal machine to cause a meltdown.

If you think your network doesn't have any of these rogue internal machines, don't be too sure. In a company, an innocent sales rep could return from a road trip and simply dock a newly infected laptop into a network connection. At a university, where network security is often even less rigorous, a student could connect to the network for the first time with an unprotected machine.

New course requirement
That's why I was encouraged to read that a small Iowa university will require returning students to have their computers scanned for active viruses before connecting to the school's network. Last week, the University of Northern Iowa announced that beginning this autumn, students using their own computers to connect to the university network must first make sure their home PC is clean. The university has until August to specify how it will accomplish this, but I think discussing the concept of a preventive scan is a very important first step.

Some universities and corporations already supply remote users with antivirus apps, but I'm imagining a bolder initiative that would include known Windows vulnerabilities. Such an expanded online scan would catch patches not yet installed on the connecting PC. I imagine this process would be about as invasive as using the free antivirus scanner at McAfee.com to scan your PC -- in other words, not dangerous at all -- and would apply only to those wanting behind-the-firewall access to a network.

And I think that every computer requesting access to a network should undergo this scan -- not just Windows systems. While Linux and Mac OS users are immune to most 32-bit Windows viruses written today, Linux and Mac OS systems attached to a network could nonetheless infect Windows systems inside that network's firewalls.

If such a scan found the MyDoom worm, for example, it would ask you to remove the infection (and give you the tools to do so) before allowing you to type in your ID and password; if it found Netsky.p and the underlying Internet Explorer flaw that it exploited, you might also be asked to download the proper patch from Microsoft.

Get in the habit
I realise that to first scan, then connect to a system like this would greatly prolong the amount of time it takes to connect to a corporate or university network, but delays also result from major worm attacks. Which is worse: slow access or a crippled network?

Also, a new scan-before-access requirement would better inspire employees and students to keep their personal computers in good health. Those who practiced smart self-maintenance would be rewarded by express access to their corporate, collegiate, or government network.

In colleges specifically, such an approach would train the next generation to practice safe computing. Like using seat belts, applying patches and updating antivirus signature files would, hopefully, become second nature. And we would all benefit from that.