企业病毒防护

企业病毒防护

computer virus Many of you probably know that. Disaster from computer viruses various causes damage How can there be chaos at work? Many people are aware of how insidious it is. Or some of you may experience You can come by yourself sometimes. Or you may have heard it before. Some of you may have misunderstandings. Cause fear beyond reason and then take measures for prevention. Whose responsibility should it be? Our Administrator or users of the machine who have to take care of each other

Enterprise virus protection
Compiled by: Sanya Klongyoi
Source : ThaiCERT: Thai Computer Emergency Response Team, Computer Security Coordination Center, Thailand

Computer virus Many of you probably know that. Disaster from computer viruses various causes damage How can there be chaos at work? Many people are aware of how insidious it is. Or some of you may experience You can come by yourself sometimes. Or you may have heard it before. Some of you may have misunderstandings. Cause fear beyond reason and then take measures for prevention. Whose responsibility should it be? Our Administrator or users of the machine who have to take care of each other So which method of protection should you choose? Will it use a hardware system or a software system? Which type provides more reliability in work? Before we study how to prevent it. We have to study the behavior. and behavior of viruses To understand how viruses work Create correct understanding and study how many groups and types of viruses there are How many species are there? After that, we studied to find ways to protect the system from computer viruses. As the old saying goes, "Know him, know us. Fight a hundred times, win a hundred times"

What is a computer virus?
A computer virus is a computer program that is designed to have certain properties. Mix yourself up with other programs in the system. which computers are affected by viruses It will damage the data on the disk. or hard disk or unwanted behavior such as Deleting files stored on the hard disk or format the hard disk etc. However, most viruses do not focus on destruction. But it works as simple as threatening or showing a message to create fear. The virus works only in the system's memory. and will remain until the machine is turned off. When the computer is shut down, viruses are also removed from memory. But this does not mean that the virus has been removed from the system. Because shutting down the machine does not remove viruses from files, programs, or from hard disks that contain hidden viruses. When using the computer next time The virus will work too. And it will spread to other programs. By the work of the virus program itself Computer viruses have the characteristics of spreading. and existence Like a virus

Group of viruses
Viruses are grouped into several groups. And one interesting group is an emerging group. Including a group of viruses called "Macro Virus" which will work and spread with various types of document data files It was first discovered in a Microsoft Word document file. and later found in Excel and power point as well Currently, many programs for checking and searching for viruses are able to work with these document files with extensions such as .DOT, .DOC, and viruses are currently grouped according to their behavior as follows

Common Viruses : These are general viruses that do not expect results in destruction. Focuses on causing fear and annoyance, easy to detect and eliminate

Program Viruses : Viruses that can spread when a program that contains a virus is run. and will quickly spread to other programs

Boot Viruses : Viruses that can hide themselves. and spread in specific areas of the disk or hard disk is in the Boot Record or Master Boot Record section, such as the Stone virus, etc.

Stealth Viruses : Viruses that have the ability to hide, conceal themselves from detection. making it difficult to verify and eliminate

Polymorphic Viruses : are viruses that have many forms of behavior within themselves. There are different variations in each spread. Makes it difficult to detect

Multipartite Viruses : Hybrid viruses that combine the functions of many viruses together. Can be spread both in files and the program

Macro Viruses : Macro viruses are newly emerging viruses. It is created from the macro language of Word (namely Word Basics) and is spread with Word, Excel or Power Point document files, such as a virus named WM.CAP, etc.

What level of damage can viruses do?
Computer viruses can infect programs that can run. such as Word Process
Spreadsheets or operating system programs. Viruses can infect parts of a disk or a specific part of the disk system, such as the Boot Record, where they will be executed as soon as a disk containing the virus is introduced. or has the system booted to work and will begin the process of spreading But computer viruses It cannot cause damage to hardware systems such as monitors or keyboards. But sometimes the way viruses work causes us to misunderstand. that the hardware system has a problem This is because the virus takes control of the programs that control the operation of the monitor and keyboard, such as creating strange characters. or letters fall from the screen And viruses will not be able to damage the disk. It only resides on the disk. It can also attach to many types of files and cause errors in working with programs or data. only

Prevention measures
To prevent viruses from causing damage to the system What method of selection protection should be used, hardware or software? Which is more effective in protection? which should come to do Consider that Which method should be chosen in the organization? To protect the organization from viruses

Choose Hardware If hardware is chosen to protect against viruses Of course, if hardware is used, there must also be a card that performs monitoring and protection functions. Most importantly, aside from the card's functionality, How can the card recognize new viruses? Analysis of suspicious programs And what level of protection does the card provide? What about compatibility with the hardware of the computer system? and operating system Or does the program you use have adequate support? such as technical support Providing new information about viruses Upgrading card abilities Price of the card to be used Is it appropriate for the card's abilities? If looking at the work side, then the hardware devices and work in a safety-related manner There is always a program to control and manage the work. is the driver program and must have a working program Help program Utility programs Which is still using software to control the operation of the hardware.

So, what level of safety is the current level of security when choosing software to protect against viruses? How reliable is it? This type of program currently has many formats to choose from to suit organizations or agencies of various sizes. and suitable for many operating systems to choose from Functional compatibility is higher than hardware systems. So which one should you choose? For outstanding antivirus programs And is widely known among computer players, such as the program called SCAN from McAfee. Scan has the ability to check various types of data files. and the program is small Work includes normal work. Detecting suspicious file behavior Works in many operating systems such as Window NT, Windows XP, Windows Vista, Windows 7 and has the ability to detect files coming from a network system. or the internet, called WebScan, updating virus databases (Virus Signature) and knowing new viruses This may be a weak point of this program because the program version changes very quickly. and database updates Users must download the new version of the program and install it themselves. If each user doesn't update regularly, which is usually done once a month, it will be a point where viruses can attack as well.

The next program is equally popular. And one that has been famous and familiar for a long time is the Norton Anti Virus family of programs from Symantec. This program has a number of strong points. and is the heart of our work in many ways such as Automated work process management Searching for viruses according to a preset time Automatic virus signature database updates with the click of a button. The program will contact the company's server to update information. It's called doing. "Live - Up-date" This means that users do not have to download data themselves and wait for the work to complete. And install the program again. Doing Live - Up-date can be done at any time, such as at noon before eating. The program will install automatically. When I got back from eating, I booted the system. Let the new virus database program run and the process is complete. The database will be updated every 15 -30 days, in addition to detecting suspicious files. Working behind the scenes is also highly effective. Notifications are clear and fast. The disadvantage is that the detection program has a relatively large memory size for machines with little memory.

There are also programs that we don't know much about such as Dr.Solomon's PC-Cillin Cheyenen, etc. For large agencies or organizations that have server systems in use, programs for these systems are interesting programs such as Cheyenne Inoculan, which Suitable for working with network systems that are Windows NT and Windows Client. It has the ability to detect viruses attached to electronic mail and has relatively good management related to system security. For example, allowing system administrators to inspect machines that are suspected of having viruses inside the system. Another interesting program for large organizations is Intel's LDVP 5.0 or LanDesk Virus Protect, which has the ability to work independently of the operating system. It is well managed and will have higher capabilities if it works with a system management program called LanDesk Manager from the same company.

Conclusion
Which system will be suitable for use in the organization? By the opinion of the author Each system has different strengths and weaknesses. If it is a relatively large organization Many operating systems are already in use. A good choice would be to use protection software that can manage your system. Have the ability to work with network systems. And using legitimate programs is still more budget-friendly than using hardware-based systems. Because the hardware system can only be used on one machine. The machine must be disassembled and installed with a driver program in order to work. In addition, at present it does not support working with network systems, even if it is installed on the server, the functionality is still not outstanding. In terms of compatibility with operating systems For machines that work as stand alone in the office, using programs such as Scan or Norton Anti Virus seem more effective. When compared in terms of price and ease of use And for current machines, using Norton Anti Virus is probably a better choice and should not be a problem with current memory issues.

Choosing any form of anti-virus protection must be considered readiness. and elements in many aspects of the organization such as the potential and ability of the organization Creating knowledge and understanding for personnel in the organization strengthening responsibility and discipline in using computers Despite how good the measures to prevent viruses are in the organization, If personnel using computers do not have the discipline to use computers Data discs taken from other sources are not checked before use. Even though there is a program Or no matter how good the protection hardware is, it will not be able to protect it. Just like "Napoleon, the mighty warrior, still loses in love, so does an undisciplined computer user. Just like that, I'm defeated by the virus.

Note

The writings in this article are the opinions and experiences of the author. Other people do not necessarily have the same opinions as the author.