• Insights

10 Tips For Handling Viruses and Malware

3 min read

All Insights

People have been fighting viruses for years.  And now, more recently, Malware has become very common.  These can become a very large problem that can spread throughout an entire organization if the proper precautions aren’t taken.  We’ve learned what to do and what not to do over the years.  Here are 10 tips to keeping viruses and malware away from your network:

    1. Always make sure users are not administrators of their workstations.  Many Malware programs rely on the user’s permissions to fully infect a machine.  The only exceptions being threats that take advantage of security vulnerabilities.  If you are a network administrator, it is also recommended to only be a standard user as well.  It’s also very important to NOT be a Domain Administrator.
    1. Keep your software up to date.  Stay current on Windows Updates.  If you are still on Windows XP, make sure you are on Service Pack 3.  If you are still running Internet Explorer 6 or 7, consider upgrading to 8.  Staying up to date will help prevent the spread of threats that take advantage of the security vulnerabilities mentioned in tip 1.  It’s also important to keep your antivirus software on the latest definitions as well as on the latest version.  Most virus definition updates are automatic.  However, many people don’t keep the anti-virus client itself up to date.  Newer versions of anti-virus products can detect different types of threats better than older versions.
    1. Never login as a network administrator when troubleshooting a workstation.  This is a common mistake when users are not local administrators.  The user doesn’t have rights to install a particular tool so the admin logs in as an administrator.  If that account is also an admin of the entire network, the virus can run under those credentials and spread to network servers and file shares.  If that happens, you’ve compounded your problem exponentially.  You should use the runas command with local administrator credentials to do anything you need elevated rights.
    1. Keep network directory permissions as restrictive as possible.  Many viruses will spread to network shares if the users have write rights to them.  If you have common shares that all users map to, viruses can spread quickly between computers via network shares.  This is also a reason to not login to a workstation as a network administrator when troubleshooting an issue.  If a virus wasn’t able to write to a network share while a user was logged in, the virus probably can write to that same share when an admin is logged in.
    1. Know when to give up.  In my experience, I’ve found that if you can’t remove the threat in 30 minutes, you’re probably not going to.  I constantly see people spending hours or days running scan after scan with all different utilities trying to remove malware from an infected workstation.  And once they think they got it all, they find that it just comes back a day later.  Which leads me to my next point.
    1. Only use Anti-Malware utilities as a last resort.  They can be very time consuming and often not completely clean a machine.  Most organizations have an automated imaging process for setting up workstations.  If you can completely re-install the Operating System and applications in an hour, why spend 4 hours trying to clean the machine?  However, if you must run these utilities to clean a workstation, you should boot the computer in safe mode and run the utility for best results.
    1. If a user is not a local administrator and the systems are properly patched, most threats can be removed simply by re-creating the user’s profile.  If settings are roamed to a network location, it is important to delete that copy as well.  Yes, this is an inconvenience to the user.  It’s the price they pay for doing all of that Internet “research” which got them infected in the first place.
    1. Educate users on safe computing.  People don’t get viruses by going to wsj.com or cnn.com.  They get viruses and malware by clicking on random web sites in Google searches or opening up any attachment or link that gets emailed to them.
    1. While infrastructure level protection such as web filtering appliances can help, they should not be relied on exclusively.  Viruses and malware can be brought in by other means such as USB keys.  If you have laptop users, many of these solutions are bypassed as soon as the laptop is removed from the office.
    1. Avoid letting users use alternate browsers.  Internet Explorer 8 is very fast and very safe if configured properly.  It is also highly manageable and updateable via group policy and Windows Update.  Using other browsers creates management and support issues.  Many web sites, especially internal web applications, only work properly with Internet Explorer.