Share this article

print logo

NIMDA SUCCEEDED BECAUSE USERS LET THEIR GUARD DOWN

After trying to erase the latest computer virus for two days, Sharique Ansari was ready for drastic measures.

"What I'd like to do is pull the plug on the outside world -- but unfortunately I can't do that," said Ansari, managing director of Digicon Imaging in Buffalo. As a digital pre-print service, Digicon receives too much text and pictures via computer to go offline for even a day.

Unfortunately for wired businesses like Digicon, the W32/Nimda virus that hit last week is just the first example of a new, more wicked strain of digital infections, computer experts say. Constant vigilance will be necessary to keep from being infected, but many computer users -- and network administrators -- don't have their guard up.

"We do anticipate this is going to kind of take off," said April Goostree, virus research manager at McAfee.com in Sunnyvale, Calif. "The source code has been posted on the Internet, which suggests there will be some variants, which is very bad news."

Nimda started to sweep the United States last Tuesday, infecting 160,000 computer networks at its peak, according to the Cooperative Association for Internet Data Analysis in San Diego. Unlike predecessors, it spread via e-mail, on Web pages and over network file sharing, taking advantage of 16 different security holes. Several network administrators in Buffalo said Nimda was the hardiest virus they'd
seen, and some were still cleaning up their systems Thursday after two days of persistent infection.

"After you clean up servers, it can reinfect the server from a client," said Jeff McCaskey, president of Web developer Aurora Consulting Group in East Aurora. Nimda took down some popular local Web sites and forced Buffalo.com to unplug for a day as a precaution.

But other networks that use the Microsoft technology targeted by the virus kept running throughout the epidemic. At Buffalo City Hall, network servers and hundreds of individual workstations remained virus-free last week, data processing director John Zebracki said. He credited a stringent anti-virus defense that updates software on networked computers each time a user logs on.

Indeed, frequent updates are the key of avoiding infection, experts said.

"People will say, 'well, I have an anti-virus program,' and we'll find out its two years old," said Joseph Graves, owner of Computer Solutions Unlimited in Buffalo. "That's only going to stop very old viruses."

"Most people who got hit didn't get the latest anti-virus software or they didn't get the latest update from Microsoft," said Adrian Zannin, vice president of operations at PC Assistance in Amherst.

Both types of updates are critical, experts said. PC users can download "patches" to Microsoft programs that close known security holes at Microsoft's Web site, www.microsoft.com. A patch available Aug. 18 closed one of the doors used by the Nimda virus. Similarly, major anti-virus companies like Symantec and McAfee provide updates for download that inoculate against the newest viruses. Such programs scan files for strings of code that are known to be associated with a particular virus and erase copies of the virus.

But infection isn't solely the fault of lax users. Software manufacturers who leave security breaches must shoulder some of the blame, experts said.

"Windows lets a lot of applications work together, but the safeguards are not built into it," Zannin said. And the server software targeted by the Nimda virus "just wasn't adequately tested."

Microsoft Outlook has been a frequent target for e-mail viruses, said Goostree at McAfee. The program's "preview pane," which views unopened e-mail, can trigger a virus even if the user doesn't open the e-mail or its attachments, she said.

"Just shut it off," she said of the preview pane option. "Sure you loose a nice little convenience, but its too dangerous."

PC users should also set their Internet security settings at maximum levels during a virus outbreak, she said. Temporarily doing without Java or ActiveX functions is a small sacrifice, which can be reversed after the infection wanes.

The rise of home networks has left another avenue of infection open for PCs, as viruses exploit file-sharing capabilities between computers. Users should specify a password for logon to their network, a move that blocked one of the mode of attack used by the Nimda virus, Goostree said.

But serious virus protection comes from frequent, habitual software updates that few home users bother with.

"How many home users do you know who went to Microsoft's site and downloaded the latest patch?" she said.

e-mail: fwilliams@buffnews.com

There are no comments - be the first to comment