New Security Threats & Solutions

Recently the security industry has found new hybrid viruses which top anything previously known. They are saying that virus producers now are almost like a terrorist group, they have funding, they have research and development teams, etc. It should be expected really, as there are obviously hate groups all over, particularly Muslim I guess, and they are willing to blow them selves up just to attack the West. 

What do these hybrid viruses do? 

One such virus found in 2007 was named “Storm”, and has been called a Worm and Trojan as well as Virus because it has features of both, I just call them all viruses. Storm actually has capabilities of an SMTP relay apparently, and some sort of Socket server with the capability to communicate stolen information to many destinations, even the ability to communicate and warn it’s own Storm infected host computers across a network of many Storm infected computers. One report said this Storm creates a Botnet of computers with combined criminal computing power greater then IBM’s best super-computers. This virus has features which I really do not want to state because I don’t want to proliferate virus design. This virus starts in an eMail containing an executable attachment, the dumb users are tricked into running the attachment. That’s typical. Experts are estimating that this Storm virus has infected more then 200 million computers around the world, by email, and only the US and Europe have gotten some control of it at this time. 

What’s the solution? 

Actually the solution is to not execute any program from any source except your trustworthy business associates, within the US preferably. But where ever you are you need to have educated and trustworthy associates, so they don’t accidentally propagate viruses. However with eMails you also need to be sure they are legitimate, not artificially produced by a spam virus using your friend’s eMail address. That’s the rule for me, but many of my clients just can’t keep these rules, so I install good Anti-virus software on their computers.

There are a lot of anti-virus packages out there, but big names are not always best. For example Trend-Micro is recommended by many but tests have shown it is not that thorough, and Microsoft has been unwilling to participate and prove the quality of their AV software. McAfee is what I use for many of my clients and it has an excellent track record for many years with a low price, though I also use Symantec which is possibly the best of all. 

I know better then to run any eMail attachment, or download and run any questionable software product from non-american companies particularly, so I have actually not had a virus that I can remember. And I have not used Anti-virus software for near 10 years on my computers. Well, pre 2000 I think I had some minor virus problems, and I unfortunately downloaded and used some over-seas software and started having computer problems, so I backed everything up and wiped my hard drive clean. That’s how I solve my virus problems. Were you expecting some elaborate solution? True, you need more advanced solutions particularly for big networks… 

Advanced corporate solutions: 

Most importantly, again, the solution is to not execute a questionable program. This is especially important on servers, and ultra important for administrators to be careful not to run any questionable program. Second you need good Firewall solutions implemented on your network, this holds down such things as the Storm virus. These things are standard practice of course. I have actually averted these problems all together for administration by using a product called Iron-Admin from WiseFirm, I use it to administer all of my customer’s servers and workstations. This product allows you to administer all your network computers from one workstation, including Windows and Unix/Solaris/Linux servers, and you don’t ever have to execute any programs at all. Iron-Admin uses high-encryption for all it’s communications, and from one computer you can remotely administer 100s of servers and limitless workstations, and do backups of them all at scheduled times. Another similar product which I have tried is InterStructures, but it is not compatible with AIX and Solaris and does not do backups.

You may use Anti-virus software, but honestly it is over-rated. Consider the case of a new virus, such as Storm, in this case your Anti-virus software will not recognize it initially. If your company is so unfortunate that this virus gets access to administration level servers, your whole company’s data could fall. Anti-virus software is a good step to protect common user’s computers to a limited degree, and to stop a virus eventually after it has been discovered. 

I will get into more details on the security factors we have looked at in this article, and some additional ones. Look for my future blogs here.