My Computer Network Is Protected, Right?

With the rapid rate of technology progress and the seemingly infinite number of viruses (approximating at least seven per day), virtually any computer that has the power switch turned on is at risk of exposure to a computer virus. The exposure can be in the form of files downloaded from the Internet, shared diskettes, mail attachments or files on an infected server. Whatever the means of exposure, the threat is real. Most experts agree, the question is not if your computer or network will be exposed to a virus, but rather when your computer or network will be exposed. Once a computer is exposed, that unit has the potential to become infected and to pass the infection on to other computers. Dealing with an infection is a costly process whether the infection is wide spread or limited to a few units. Not only must the units be "cleaned" of the virus, but software and data must be restored before the computer is allowed to log back onto the network, resulting "cleaning" costs, loss of use of the unit and loss of productivity for the user of that unit.

Identifying and implementing an incident response procedure, which includes prevention, requires the cooperation and participation of all computer users. As with any security measure, virus prevention is only as effective as its weakest element, i.e., people. If only one individual ignores the prevention instructions (or simply does not understand the instructions), viruses will infect systems, spread and the result can be an "epidemic" in your network. It should be common practice or policy for anti-virus software to be installed, kept active and kept current on all computers at risk. Anti-virus software is no fail-safe and other protective measures should be used, but it does afford some level of protection. All downloaded files or files received on diskettes should be scanned for possible infection before they are opened. When e-mail messages containing attached files or parts are received, users should routinely look at the name of the attached files. Usually the names are already meaningful because colleagues or clients usually send documents with easy names for mnemonic reasons. If a mail message contains an attachment with a suspicious or unknown name, the system administrator should be notified immediately and the sender should be contacted for confirmation of the attachment before opening the file. To check the content of a mail message before opening it, save the file to a disk and scan the file with anti-virus software. Following these simple recommendations will greatly reduce the possibility of exposure.

One overlooked characteristic of viruses is that viruses can only do what the user who executes them can do - at least from an access control perspective. Aside from the fact that it is a highly recommended security practice, granting users least privilege to files and directories can prevent virus infections, as well as preventing their spread and resulting damage. Systems administrators in particular need to be reminded of this characteristic. It is imperative for systems administrators to have a non-privileged account or sector for doing normal, daily activities and network users should only be granted write privileges to those areas that are necessary. This prevents a virus initiated under a particular user account from having write privileges on all files on a disk, server or network.

Administrators must educate users as to how viruses are spread and encourage users to immediately report any infection. Users may be hesitant to report an infection for fear of embarrassment or retribution; however, reporting infections aides in identifying high risk areas and patterns that frequently occur with viruses.

If your firm network has not yet been exposed to any sort of virus, count yourself among the fortunate few. Our firm has experienced two incidents where viruses were unwittingly sent to us on diskettes by trusted individuals and we were exposed on at least four occasions to the "Love Bug" virus. Fortunately, all viruses were identified and immediately removed without damage to hardware or software, but again I asked myself that question, "My computer network is protected, right?"

© Copyright 2004 ALA-Knoxville Chapter. All Rights Reserved.
Questions or comments about this site should be directed to

 The Web Master

DISCLAIMER: The Knoxville Chapter of the Association of Legal Administrators is a separate legal entity from the Association of Legal Administrators (ALA). ALA licenses the use of its name, mark, logos and other protected properties to chapters which are in good standing. ALA disclaims all liability or responsibility whatsoever for the actions, representations and liabilities of the Knoxville Chapter, specifically including those of any nature whatsoever arising from or out of the content of the other features related to the Knoxville Chapter Web site.  In no event shall the ALA be deemed the guarantor of the Knoxville Chapter.