Anti-Virus Defences

(Note: This is a reprint from our August 2003 Newsletter)

Recently Green Light IT had too help a customer clean up after a virus infection, and I was reminded how expensive an exercise this can be for an organization, in terms of money for services from people like Green Light IT and in terms of lost productivity.

Just after this work came the blaster virus, which some customers were properly protected against due to good management, and others have, so far, survived due to good luck. So far no customers have been infected thankfully.

The nature of viruses continue to evolve to the point that good anti-virus protection relies on more than just having current anti-virus products and using them.

Instead we are seeing viruses that need effective “network security” to prevent them.

Of course, although this breed of viruses may seem new, it really isn’t. As I look back through previous stuff we have written I note that in October 2001 we wrote an article about the Nimda virus that made it clear that we can expect virus writers to start using recently announced security exploits as new ways to propagate viruses.

The article is still on the website at: http://www.colmancomm.com/ (this link is no longer valid sorry). It’s the fourth item in the list of “Stuff”. In fact I felt so much of what was written there was still relevant, that I was tempted just to reprint it as this newsletter’s editorial. It might be worth your time to read it, and make sure that your business is at least doing the basics mentioned there. However, I thought I might expand on the nature of these newer viruses, and what you should be doing to protect yourself.

Most businesses these days connect to the Internet in one way or another. What is also clear these days is that most viruses come from the Internet, whether via email, downloading infected files from the web, or even an infected machine trying to directly connect to your network and infect it.

Given that this is the entry point for most viruses it does deserve special attention. So of the three infection vectors I mentioned above (email, web and direct connection) what are three ways to mitigate the risk.

Email:

By and large email has carried the lion’s share of destructive viruses over the last few years. In addition to running desktop anti-virus products, your email should be scanned by another set of anti-virus products, either by you, or a third party. We offer an economical service that does this, but your ISP may also offer it as a standard part of their service. For those of you that host your own email server (i.e. not done by the ISP) you should see to this immediately.

Web:

Web is difficult to protect against because there is no real opportunity for any system to inspect a file until it is fully downloaded on the users computer (although there are some products that try to do it I don’t think any of them are satisfactory for use) (note - fast forward to 2009 - there are options now).

The two strategies that work against this are 1) getting Anti-Virus products on every vulnerable system inside your environment and keeping them up to date (including servers) and 2) educating users about the danger of downloading programs and other executable content from the Internet.

In our experience 1 is far more likely to have success than 2, but if you can do both that is better.

As another step it might be possible, depending on your network configuration, to prevent most users from downloading dangerous files. If these files do need to be downloaded, you can have it done by one person only in the office, who is hopefully a little more judicious than others.

Network:

Network borne viruses, which try to directly connect across the network and infect other machines, are the type that have been increasing in prevalence over the past couple of years. They also seem to be the ones that cause the most trouble these days, including such notorious candidates as Code Red and now Blaster.

It is well and truly past time that you should be operating a firewall on your connection to the Internet. For customers still connecting to the Internet through winproxy setups and the like, and those customers connecting through straight windows dial up, it is time to take some action.

Personal computers, which do not always have the protection of a network firewall, such as home PCs, roving laptops etc, can be protected by installing a good personal firewall product, such as ZoneAlarm from ZoneLabs (note for 2009 - most AV products include firewalls now).

Systems that provide connectivity for a whole network should probably be replaced by a dedicated firewall. Exactly what product best suits depends on your requirements. As all of our customers know, we market the SENSEI Firewall, but there are many other options too depending on the features you are after. Blaster is the wake up call. It is time to reconsider the anti-virus defenses for your business and make sure they are in good nick.

As always, you can contact us for advice and assistance.

When Will I Need To Replace This Thing

(Note: This is a reprint from our August 2003 Newsletter. These days we use some standard policies for the age at which equipment is replaced, but this is useful background as to how these recommendations have been derived over the years)

We are often asked about when we think customers will have to replace aging equipment, so we thought that this month in business in focus we might cover some of the processes we go through when trying to formulate advice to you.

When considering the question of when equipment should be replaced there are three major considerations to make; 1) risk and reward, 2) suitability to the task at hand and 3) future requirements.

Risk and Reward

Risk and Reward is the process of considering what the risk to the business of continuing to operate an ageing piece of equipment is, and when that risk passes the “reward” point of not having to expend money to replace it. Risk is a product of two things; likelihood and impact.

To give you some example of risk considerations consider two pieces of equipment, a 7 year old laser printer, and a 5 year old file server. Assuming that these two pieces of equipment had approximately the same probability of failure based on their age, which is the greater risk to the business?

If the laser printer fails, it can be fixed, or replaced, probably that same day if necessary. There is not a lot of work to commission a new printer. And apart from not being able to print the business can continue to function.

In contrast, a file server could take days to fix or replace. There is the potential for data loss, even if customers are rigorously conducting backups. The server failing may also stop other critical applications. The IT systems of the business could be disabled by the failure of this one piece of equipment.

Obviously the file server is the greater risk because if it fails there will be greater impact on the business, even though the likelihood is the same.

In considering reward we look at how much the system might cost to replace, and the expected life of a new system, to get a feel for what the customer gains by “taking no action” at this time.

For example, a new server to replace an existing and ageing server might be $4000. The new server might have a reasonably expected life of 4 years.

Suitability to the Task at Hand

In this step we consider whether the equipment is actually currently capable of performing it’s current work, and how soon, based on expected growth, may it not be able to due to increasing demands on its performance.

For example, imagine that we have a database server where the hard disks are currently 60% full, and increasing at 5% per month, and the CPU runs at 40% during business hours, and is increasing by 10% per month. Without even considering new requirements just the growth of usage on this box means that action will probably need to be taken within 3 months and definitely within six.

Of course, usually we don’t get to do that kind of analysis on equipment, we are instead told things like “seems to be slow”, “running out of memory”, “constantly rebooting” and we might get a chance to look at how the box is handling the load on the day we look, and then have to, somewhat scientifically, estimate how that usage will grow.

Future Requirements

When customers ask us about when equipment should be replaced we will often ask them what new requirements they are expecting of their equipment in the next 24 months.

Here we are simply trying to get an understanding of whether the equipment can continue doing it’s current role, or whether the business will expect something new of it in that time.

The sorts of issues that tend to show up here are things like software compatibility (software from partners and service providers wont run on ageing equipment/operating systems), radically expanded requirements (a file server becoming a genuine application sever), users needing to speak to special peripherals (GPS units, scanners, USB printers etc) and so on.

Often it is difficult to get a handle on these sorts of future requirements, particularly with the foresight of up to 24 months because businesses often haven’t thought that far into the future about IT requirements, or simply can’t predict that far into the future because of the nature of their industry.

Upgrades

Customers often ask about the option of upgrading as a way of staving off having to replace equipment entirely. Sometimes upgrading is cost effective based on requirements but against this is the truth that buying the components that make a computer (for example) individually is a lot more expensive than buying a new computer, and that the labor to retrofit all these components to an existing system can be a significant cost.

Upgrading sometimes is the only option because of short-term cash flow problems, but quite often it also gives a sense of false economy. For example, spending $1000 to upgrade a system to extend it’s life by 12 months as opposed to spending $4000 to replace it with a system that should last 4 or more years might seem reasonable until you consider that because of its age there is no guarantee that you will not strike other problems, either with capacity, or reliability before that time is out.

And if the upgraded server has a failure on one of the components you didn’t replace, the days labor to fix it, plus the 1 week’s lost productivity while a part for an old system is sourced, plus potentially lost data will make any “savings” seem pretty expensive.

That is not to say that upgrades are never appropriate, they sometimes are the most appropriate choice. The key is to recognize what the risks and benefits of upgrading truly are.

What Does It Mean In The Real World?

Here are some examples of advice we have given recently, based on customer enquiries. You may recognize one, as whilst the names have been changed to protect the innocent, the examples are genuine.

Customer 1 asked Green Light IT about replacement of several PCs used in one of their businesses.

The PCs were all quite old (4 years or so), the operating systems and software quite old (Win 98, Office 97 generation). The machines’ only duties was being basic word processing/spreadsheet terminals as well as accessing a central terminal application. Although there were 4 or 5 machines it was very rare that all of them were in use at any one time.

Advice

Continue using the equipment but be aware that eventually we may not be able to repair it, or the cost of repairing it might be too high to justify, and at that stage, for consistency, consider replacing a chunk of machines at once.

Why

• Although as a whole the systems were critical to operation, none was so critical that the business couldn’t survive the loss of one system. In fact, given the low usage, impact in the event of failure to business operations might be none at all. Risk profile is low.
• The systems were easily coping with their current duties with no expectation of ramp up in load.
• There were no obvious future requirements that necessitate their replacement with more modern equipment.

Customer 2 asked Green Light IT about upgrading their old file server as part of a network refurbishment.

The system is one of the oldest in their office (probably 4 to 5 years old), and as well as acting as a file/print server recently had its role upgraded to include acting as a genuine application and database server. The application that is run on this system, although being quite new, is rapidly becoming critical to the business (replacing their paper based filing system).

The customer and Green Light IT had agreed that the server needed a proper backup system (currently ad hoc to CD) and that the ageing hard disks might be a problem. The upgrade (including backup) would cost about half the cost of a new system.

Advice

Don’t upgrade the system; replace it with a completely new server, incorporating fault tolerant hard disks, backup solution etc.

Why

• With the importance of the new application becoming obvious it is also obvious how important the system that runs that application will be. It is clear from this how important the server will be to the operation of the IT facilities of the business.
• In the event that it failed, the business may not be able to operate without it. Given the cost of upgrading versus a new system it was obvious to us the risk of failure outweighed any cost reward of just upgrading.
• Although the system seemed to be coping with its current load acceptably (based on anecdotal evidence only) there was obviously potential for the system to require more resources in the near future, particularly if the new application continued to grow in usefulness to the business.
• The customer did not have a strong perception of their future requirements. Although there seemed a strong desire to maintain the status quo it was obvious that the business had external pressures on it from business partners which meant that its requirements would change in the next 24 months or so. The success of the new application showed that the business was starting to see the advantages of automation, and that new requirements based on a change in business methodology may be in the near future. Therefore we were concerned that the existing system may not be capable of meeting new requirements.

Customer 3 asked Green Light IT about replacement of desktop computer systems

Customer 3 asked Green Light IT about replacement of desktop computer systems after it was found that some of the older workstations were not coping well with a new version of a critical application.

The two systems in question were starting to get quite old (4-5 years), using old software (win98, Office 97), and had already been rebuilt and upgraded once as part of a refurbishment. The workstations are important to operations, but staff can use other workstations if necessary as usually not all workstations are in use.

The customer advised Green Light IT that replacement of the workstations was budgeted for the next calendar year, but it might be difficult to accommodate in the current year.

Advice

Try upgrading system memory to see if this would allow the workstations to cope with the new version of software (as suggested by the application provider). Provided this solves the problem temporarily continue with planned replacement on schedule.

Why

• Although the machines are ageing, and somewhat at risk, the business could continue to function at some capacity without one or even both of them. Furthermore, the customer already has a plan that will see the machines replaced within 12 months. Therefore, the risk posed by the failure of these systems to be able to do their task is not sufficiently high to justify the expenditure at this time.
• The machines are not coping with their current workload, but there is strong advice that the upgrade may resolve this problem. Furthermore, the upgrade is cost effective with respect to the price of a new system (~$250 per system for upgrade).
• The ability to meet future requirements is not a strong factor because the customer has already identified the need to replace these machines. If the upgrade allows the machines to meet their current workload then future requirements will be dealt with when the machines are replaced.