Network Computingwww.networkcomputing.com

With so many SOHO users and telecommuters out there, attackers have a plethora of machines through which to invade a network. But what's the No. 1 threat to your SOHO PCs? Viruses and worms.

Macro Viruses, or the Melissa Effect
Macro viruses and worms aren't new. Nevertheless, they can have devastating effects if they get in through your SOHO machines. The Melissa virus should have served as a wake-up call: Our information society has become incredibly vulnerable. Word and other Microsoft products have supported macros for some time, and these viruses aren't hard to create. You can program a macro virus with very little knowledge of traditional programming, and now that Word supports most of the Visual Basic commands, it's even easier. APIs that allow data exchange between applications also let hostile macros use whatever application they need to cause damage.

Favorite targets seem to be Microsoft Outlook and Word, but PowerPoint viruses have become popular as well. The O97M.Tristate virus infects Word 97 documents, Excel 97 spreadsheets and PowerPoint 97 slides. 097M.Tristate taught us not to trust any document received through or downloaded from the Internet--even if it's from a friend.

Critical Steps to SOHO Security Always scan unknown files before executing them. Use encryption to submit confidential data. Configure your firewall software so it doesn't allow any shares to be used over the Internet.

Unfortunately, you can't do much about Outlook's security; the alternative is to use another e-mail program, such as Qualcomm Eudora or David Harris' Pegasus Mail, though these products don't have all of Outlook's conveniences.

Traditional Viruses: Out of Fashion?
Today, managing a whole network and examining it for viruses isn't particularly difficult and, thankfully, even your SOHO sites can be routinely checked for viruses. Yet only a few companies take the necessary steps. And even those that perform regular virus checks may end up victims of polymorphic viruses.

Polymorphic viruses are extremely difficult to detect because they change their appearance with each infection. Antivirus-software vendors claim their products can recognize thousands of viruses--including polymorphic varieties--and the number of viruses these products claim to recognize increases weekly. Whether these numbers are reliable is doubtful. Some vendors count all variants of a polymorphic virus as just one virus, while others count each variation as its own virus.

Boot-sector and program-file viruses can cause major damage on corporate and private computer systems, so a virus scanner should be installed on every PC. And regular updates of the virus signature files are a must; most products let you download new signature files from the Internet in minutes. McAfee Corp.'s VirusScan, Symantec Corp.'s Norton AntiVirus and similar packages let you download these files automatically, on a regular basis, assuming you have a dedicated line to the Internet. Then, it's a good idea to automate weekly viruses-signature updates and daily scans for viruses on each machine.

Most antivirus packages offer rich feature sets that let you adapt the software to your needs. Proper configuration of these programs is key in the hunt for viruses; if your antivirus software gives you too many false alarms, you're likely to turn it off, but one alarm too few and your system could end up infected.