Batten down the hatches

IT managers continue to encounter Love bug variants
Written by Eamonn Sullivan, Contributor

Corporate IT managers were still encountering permutations of the Love Bug this week -- 20, at last count -- a worm that once again exposed vulnerabilities in the Windows platform and showed that anti-virus software, by itself, may not be enough to combat future threats.

IT managers looking for information on how to make the Windows platform more secure have several choices, including long checklists of registry and file permission changes on Microsoft's web site. But the long list prompted some to question why Microsoft does not ship Windows in a more secure state.

"Windows is shipped with entirely too many services turned on by default," said Winn Schwartau, CEO of Security Experts, a Florida-based security consultancy.

Microsoft defended its security stance. "You can either take the approach of locking it down and allowing administrators to open it up or deliver it open and giving people the ability to lock it down," said Peter Birch, architectural systems engineer with Microsoft. "But if we locked it down, the people who don't know security would find it difficult to use."

But that approach leaves too many holes, say other consultants. And blocking features such as ActiveX is not an option for many companies.

"In the modern, e-commerce age, it is no longer a valid solution to block technologies," said Nimrod Vered, director of product manage for Finjan Software. "This sometimes can lead to a loss of competitive advantage."

Increasingly, companies are also realising that anti-virus software, both on the desktop and the server, is not enough. "The CA InnoculateIT antivirus software [we use] detected, but couldn't cure ILOVEYOU," said Paul Alan, business information manager for Marshall Aerospace in Cambridge. "Despite warnings, two people tried to open the attachment. One failed due to scripting being switch off, the other opened and we had to delete and restore over 100 jpegs."

"The problem with relying on anti-virus software is you can only block things that you know about," said Nick Galea, director of GFI, which has a product called Mail Essential for Exchange/SMTP that can intercept scripts and viruses. "Anti virus software is nice, but it's only a very small part of the security puzzle."

Modern viruses and worms such as the Love Bug and Melissa move too quickly for traditional anti-virus approaches, Galea said. Companies will increasingly need something like an email firewall, even for messages going out, and quarantine every script and macro unless it is absolutely essential.

Galea said a more important danger in the next year is worms that work quietly and target specific companies, something that anti-virus vendors will not be able to stop easily.


Summary: Checklist for security

  • Visit Microsoft's security site and disable or remove unnecessary features and services from both servers and desktops.
  • Sign-up for security alert email lists.
  • Install anti-virus software on both servers and desktops and keep it updated.
  • Consider blocking or quarantining some content at the email server.
  • Educate users about the proper handling of attachments received over the network.
  • What do you think? Tell the Mailroom. And read what others have said.

    Go to ZDNet's ILOVEYOU Special Report

    Editorial standards