Nick FitzGerald Computer Virus Consulting Ltd
Anti-virus experts typically advocate adopting a multi-layered approach to implementing virus protection, particularly in large, complex installations such as corporate LANs. In common with similar recommendations from the broader field of computer security, the idea is that one layer's weaknesses are covered by the strengths of another, and vice versa . When considering such protection for network systems, the divisions between layers are often perceived as occurring at natural boundaries. A few examples of such divisions are Internet/intranet gateways (covered by content filtering and/or scanning SMTP/FTP/HTTP proxies), corporate IT/departmental or corporate IT/individual responsibility (covered by workgroup and/or `groupware' server scanning), user/computer interface (covered by on-access scanners) and so on.
In fact, it is easy to see how these examples follow by analogy from broader general security concerns and practices. However, given that known virus scanning has established limitations in dealing with new viruses, most of these anti-virus layering efforts are largely wasted because each layer has the same weakness. Further, given the users' reputed reticence to adopt alternative (desktop) protection measures, and the industry's acknowledged reluctance to develop alternative products ahead of significant market demand, it is clear that corporate IT staff face a rather worrying realization: when it comes to questions of the next virus outbreak, it is still a matter of when, not if. In light of these considerations, this paper suggests system configuration changes to harden individual computers making them less of a `soft target' or a `target of opportunity'. Many of these measures can be widely applied across corporate desktops, adding a layer of diversity and thus protection. All are `free' in that they require no further software purchases or updates.
