Most of us "set and forget" our anti-virus software. But to be safe, you should regularly check that the automatic update feature has not been disabled by a virus.
A friend of mine works for a university-based medical research facility, and she recently wondered why their network was experiencing a dramatic increase in virus traffic. Their Internet-facing servers, she told me, were all protected with the latest release of a major anti-virus software product. The product, like its popular home version, features automatic live updates of the latest signature files, yet they were getting hit with several variations of the Bagle virus, plus some other new viruses.
This may sound familiar. You have a desktop anti-virus program installed now, and you know the signature file subscription is current with the vendor, but still you're seeing virus-like symptoms, or perhaps you actually know that you have a virus. Since the first of this year, many new viruses have been shutting down anti-virus and firewall programs, or, in other cases, disabling the software's automatic update feature, leaving your system vulnerable to future attack.
It's actually an old trick. The virus MTX, for example, released in 2000, blocks access to anti-virus software Web sites. But these recent anti-virus-disabling attacks are more effective because of their sheer volume: with some 30-odd variations of Bagle appearing within a 10-week period, each one better than the last, you might have been hit and not even realised it.
At one time, you needed to manually update your anti-virus program monthly, weekly, then every couple of days. Problem was, with a big email outbreak such as I Love You, you were often infected before you got around to updating your signature files. So the software vendors opted for automatic downloads of signature file updates. This method has its pros and cons.
First, the pros. I like the set-it-and-forget-it anti-virus protection available on most products today. I think it's made protecting your PC much easier for casual Internet users.
But, unfortunately, convenience breeds a false sense of security. I once knew someone who felt all cars should have standard transmissions so that the driver would at all times remain in touch with the road's conditions and be better able react to danger. In the same way, it might be good for us to have to pay more attention to our anti-virus and firewall software. I'm not suggesting we give up the ease-of-use features we now enjoy, but rather these products should now integrate with each other more than they currently do and provide some kind of checks and balances for each other.
I expect to see some major changes coming later this year. Currently, the new ZoneAlarm Security Suite works with your existing third-party anti-virus programs and reports whether the signature files are out-of-date or if the software is even working. And the new Microsoft Security Center, one component of Windows XP SP2 (to be released later this year), will also warn if your anti-virus protection is compromised. Whenever the anti-virus program becomes disabled, a dialogue box informs you of the change. Also, whenever you check the ZoneAlarm Security Suite or Microsoft Security Center main screen, you'll see a warning that your anti-virus protection is not enabled.
Until these products become widely available, you will still need to check your anti-virus programs from time to time to see that they are still working.
My friend has taken to doing just that, and in the process, found the anti-virus software update feature on one of the servers had been disabled in early April. By reactivating that server's protection, her research facility has significantly reduced their latent virus problem. I suspect some of you may experience the same result with your home computers.