I planned to write this week's column about viruses in a terminal server environment; I've received letters from readers who want to find antivirus vendors that support multi-user environments. With the recent news about the Anna Kournikova worm, the time seemed right to tackle the question of how to stop viruses from attacking terminal servers. However, after being warned yet again about the latest virus hoax, I now have a better question. How do we stop USERS from attacking terminal servers—or email servers or their own desktops?
Running a centralized environment provides some advantages when it comes to keeping out viruses. You can more easily maintain and update virus signatures on a few central servers than on hundreds of workstations. And several companies that make antivirus products for Windows—such as McAfee, Sophos, and F-Secure—support their products in multi-user environments.
After you set aside macro viruses passed around in Office files, however, viruses cease to be a technical problem. I can sympathize with people who get macro viruses from infected .doc files. Often, you get infected that way because you receive an infected document from someone you DO trust and from whom you have every reason to expect a file. You can disable macros in Office, but sometimes you need macros to work. Receiving macro viruses is annoying, but at least somewhat understandable.
But with all the hype in the news about viruses, you'd think that by now people would know better than to run executables attached to an email, particularly if those executables are from someone they don't know well. Apparently, you would be wrong. According to British email service MessageLabs, in the first 5 hours of the Kournikova worm outbreak, the service saw 290 domains receive 2900 copies of the worm. I managed to avoid last year's I LOVE YOU virus, but during the roughly 24 hours that the Kournikova worm was active, I received three copies of it. (I didn't get infected; unsolicited executables go straight into the trash.) Considering that work contacts sent me the file, not friends, and that all my work contacts should be in touch with industry news, I might have to give up my faith in user training. (Folks, here's a tip to pass on: If you want to see a picture of someone famous, plug that person's name into a search engine. If the famous person is a pretty woman, in a few seconds you'll have more pictures than you know what to do with.)
And the problem isn't limited to viruses; what about hoaxes? Why go to the trouble of learning to script when all you have to do is write an email with vague warnings about viruses causing havoc in New York and tell the recipients to forward the warning to everyone in their email address books? The people who forward these hoaxes never seem to check CNN or the Web sites for the companies that supposedly issued the virus warnings; they just send the hoax emails on their merry way. Hoaxes are merely manually propagated nondestructive worms.
To a degree, you can resolve the technical problems viruses present. One more .vbs virus will always be coming down the pike, so if you want to use VBScript to automate tasks, disabling .vbs files is a problem. (Not an insolvable problem, however. For example, if you right-click a .vbs file and edit its properties, you create a .wsh file with the same prefix that you can run in place of the .vbs file. Any rules based on file extensions will let the .wsh file run even if the system prohibits the .vbs file.) And you can CERTAINLY edit email application settings so they won't automatically run attachments. But as long as some users engage their mouse buttons before engaging their brains, no amount of software will resolve the virus problem.