FBI anti-virus plan mirrors local efforts: RCMP

The U.S Federal Bureau of Investigation announced Monday a partnership with the computer industry to develop computer security strategies for U.S. companies and home users.

But Canadian authorities say a similar partnership between government agencies and the private sector already exists here.

Monday’s announcement marks two distinct strategies to protect both U.S. business and home computer users, said Alan Paller, research director at the Sans Institute in Pittsburgh, Pa.

The FBI’s National Infrastructure Protection Center has set up a new Web page ( www.nipc.gov) that posts online security tips for home users, Paller said. The page will inform home users about not opening suspicious e-mail attachments and the importance of using anti-virus software.

Paller said the FBI, the Sans Institute, and over 30 organizations have also compiled a list and scanning tool for the 20 common threats to company servers. The Top 20 scanner can be found on the Sans Institute Web site and addresses software problems in Microsoft’s Windows and Unix operating systems. It also notes common security mistakes such as incomplete data backups and simple passwords.

The program is designed to raise user awareness and will be updated to scan for new threats. Recent Internet threats such as the Code Red worm and the Melissa virus exploited well-known program vulnerabilities that companies need to patch, according to Paller. He said system administrators must be more vigilant when installing new software.

“The installation of the software almost always installs extra things that you will never use and because you don’t know it’s there, you don’t patch it,” Paller said.

“The CD you install almost always comes with major errors in it. The default installation almost always makes your Web server and other large computers vulnerable to attack.”

Similar computer and Internet security strategies are already in place in Canada, said Paul Marsh, spokesperson for the Royal Canadian Mounted Police in Ottawa.

“We deal with the larger community on a daily basis. We have a partnership with Industry Canada as far as informing Canadians about how to use the Internet safely. We do have very strong partnerships with the business community,” Marsh said.

Canadian companies should upgrade their anti-virus software on a constant basis, said Stafford Tavares, professor emeritus, department of electrical and computer engineering at Queen’s University in Kingston, Ont.

“As viruses come out, then you can get protection from the latest version. It’s an ongoing process – we are all guilty of buying anti-virus software, installing and then not upgrading it. Vigilance is a good thing if you really care about protecting your system,” Tavares said.

Federal Bureau of Investigation’s National Infrastructure Protection Center in Washington is at http://www.nipc.gov. Sans Institute, in Pittsburgh, Pa., is at http://www.sans.org. The Royal Canadian Mounted Police in Ottawa is at http://www.rcmp.ca.