Virus protection in a Microsoft Windows network, or How to stand a chance

[adam.richard2 () sympatico ca (Adam Richard)]

Virus protection in a Microsoft Windows network, 
or How to stand a chance
by Floydman,
Bachelor in Computer Sciences
Floydian_99 () yahoo com
May 30th, 2000

You can distribute this document freely, as long as no changes are made to
the file, or as long as credit for it is not pretended by someone else. 
All comments and suggestions about the material presented here should be
directed at floydian_99 () yahoo com.  If future versions of this document
includes add-ons coming from other people than me, then proper credit to
the various authors will be clearly identified.  All version updates of
this document are to be released by me.

You can find it online at http://www.geocities.com/floydian_99/

Preface

Computer viruses have always been a weird part of the computer security
game.  It is the aspect of computer security that gets the most press
coverage, while it is probably the less dangerous to deal with (compared to
trojans or intrusion).  To many security experts, viruses are not such a
big threat because you don't get infected if you practice safe computing
practices.  While this may have been the truth for a while, but it isn't
the case anymore.  For the past five years, the Internet have grown up
quite a bit, now having millions of people with poor computer litteracy
online, from their houses or from businesses.  While UNIX used to be a big
part of the Internet (and still is), the fact remains that there are a lot
of Microsoft networks connected to it at this time.  A virus launched from
the Internet can cripple down a business if appropriate measures are not
taken.  I think small and medium enterprises here, but also big
corporations.  The last breeds of Macro.Viruses are just a hint of what may
soon happen.  Most of these viruses only slowed down servers to a halt, but
what will happen when they start to really get nasty?

Abstract

The goal of this paper is to present some strategies that can (and should)
be implemented in corporate or non-corporate networked sites using
Microsoft products as operating systems in order to maximize overall virus
protection of said sites.  I state here sites using Microsoft products only
because it is the most widely virus-attacked platform, but the strategies
described here could be applied in other platforms subject to virus
infections.  Also note that the strategies that I am about to describe have
been applied on the most part with McAfee antivirus software, ranging
versions 2.X to 4.X, which was the product used at my workplace at the time
I was there.  This is mostly a recollection of the experiences and results
that I had made at the time and, and I present here the results I had
achieved from such a setting.  This document should be in *no way* a
starting ground as to if McAfee or Norton (or any other virus scanning
software) is the better virus scanner, nor is it to be ground to Microsoft
bashing.  Commercial products mentionned here are so only because these are
the products that were used at the time, and in no way should be considered
as my preferences over other products.

Targeted audience

This document is presented to anyone who has interests in computer
security, network administration, virus prevention and computing in
general.

Table of contents

1. In the beginning
2. The obvious
3. The batch file strategy
4. Then came autoupdate
5. Batch, batch and more batch
6. McAfee Customer Support
7. My Web
8. Strategies to adopt
9. Real-life crisis case study
10. The brown stuff
11. The sad thruth
12. In conclusion
Appendice A: Something extra

1. In the beginning

After I finished University, I had found myself a job at a large
corporation as a job for desktop support and server administration for a
whole department, about 300 people, 6 remote sites in two major cities,
about 8 servers.  We were two guys in one city, and two others in the other
one, and helped each other when massive work had to be done.  We had just
finished doing a cut-over from OS/2 to Windows 95 desktops and laptops
along with NT 3.51 servers (that was in 96).  Converting all the stations
one-by-one, by hand, it didn't take long to learn quicker ways to install
software, in order to save time.  The task was huge, but when it was done,
we were proud of ourselves, we had done a great job, and no major problems
happened during the conversion.  But the truth was bitter: as soon did we
finish, as soon we had to do it again - at least partially.  If we wanted
our site to be up to date in virus protection, we had to go on each station
- again and again every month - to update the virus scanning software.

After three months of this treatment, I could suffer this no more - nothing
is more boring than installing the same software again and again,
repeatedly, especially on week-ends.  I went to my boss and said "let me
take care of this."  This is the final result.

<HR NOSHADE>
<UL>
<LI>application/octet-stream attachment: virusprevention.txt (Text Document)
</UL>