There's nothing like your company's LAN and Internet access slowing to a crawl and then disappearing entirely to drive home the point that even if you are a good little Boy Scout/Girl Guide and keep all your PC patches and anti-virus signatures up to date, some of your less-than-diligent colleagues can still cause you grief.
The problem we're alluding to is the recent attack on our network by a variant of the W32/Sdbot AKA W32.HLLW.Donk worm. The worm got past RMIT's firewalls--most probably by simply hitching a ride on an unprotected laptop. Once inside the firewall it routed out all the PCs that had not received frequent Signature updates and proceeded to flood the network.
Some areas may have valid reasons for not updating; we for example carry out testing on client's disk images that we must maintain in their current state--and that can cause headaches. But in most cases it's simply a matter of neglect.
So how do you get around the problem?
The simplest method is to institute a policy, which may or may not be adhered to, that all PCs must have their AV software configured to auto update from the relevant vendor's Web site.
There is one glaring problem with this: network traffic and the associated cost. Let's say your users have configured their AV software to update once a week, not frequently enough really but this is just an illustration, and the typical signature file is 1MB. Each user will be downloading 52MB a year, not too bad until you multiply this by your number of PCs, which may be 10,000 or more--520GB is a bit rich.
For very large sites it is probably simpler and cheaper to mirror the vendor's updates on your own in-house server, thus lowering your costs significantly.
But as we have seen relying on users to "pull" the updates down from a server will probably result in less-than-perfect coverage.
A more reliable option is to set up a server to "push" the updates to the users' PCs. This also has the added benefit that the server knows when a new update is available whereas if the users "pull" the updates they must regularly poll to see if there are any updates available, again needlessly chewing up bandwidth.
Let's look at how some of the most popular virus solutions work.