Virus man gives corporates small tick

A homegrown virus authority believes large organizations have made good progress in preventing mass-mailing viruses, but have some way to go in their general system administration.

Nick FitzGerald runs Computer Virus Consulting in Christchurch, contracting his services mainly to large U.S. organizations. The New Zealander previously edited the respected U.K.-based Virus Bulletin Web site.

“Given the dramatic reduction in effectiveness of most mass-mailers – there really has been nothing for the corporate world to be deeply ashamed of since Anna Kournikova – I think most large corporates have sufficient filtering and gateway protection measures, vis mass-mailing viruses,” says FitzGerald.

“Code Red and Nimda, however, raised some worries about the quality of system administration of crucial e-business servers and the like as both took advantage of ‘old’ exploits. Both could also, in nearly all cases, have been prevented, even if the patches had not been available, had common standards for proper server administration been followed in the installation and configuration of those servers.”

Microsoft is partly to blame for not applying stricter development and code review standards to products like IIS and having most of its options enabled – “including the ones known to be of no use or interest to 95 percent-plus of IIS users.”

This does not excuse administrators who did not disable the unused and unneeded features of their machines, he says.

FitzGerald says belated increased security measures by Microsoft have reduced Outlook’s usefulness as a distribution method, but also most largish corporate e-mail systems, which “disproportionately” use Outlook, now block all potentially executable attachments. A mass-mailer virus thus can’t broadcast itself to corporate address lists.

So virus writers are moving to implement self-mailing code that use their own SMTP client software and work “pretty much” anywhere, he says. They may also gather target addresses from many other sources on the victim PC, such as HTML files in the temporary Internet files cache and mail folder files for other mail clients.

FitzGerald, who says he has had viruses written using his name, also has a hunch there are fewer active virus writers than in the past.

“We still see a large number of utterly trivial new viruses mainly written by teenage wannabes. However, it seems that fewer of those starting virus writing ‘progress’ to the more challenging aspects.” This may be, he says, partly because trivial hacking activities using popular remote access Trojan (RAT) tools are more interesting to those of the age and mindset who previously were getting into virus writing.

He believes bog-standard “known virus scanning” is getting closer to the end of the road. “More generic approaches including better heuristic scanning have been developed, but this approach will always largely be a matter of who gets to bat first.”

Other developments, such as “sandboxing” – isolating and assessing an e-mail before it is passes on to the normal e-mail program – and keeping the user’s address book outside the e-mail package, can be useful security techniques, he says.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now