- — 18 October, 2002 11:34
- What is a virus?
- other security breaching programs
- How antivirus programs work
- What does AV software protect me from?
- Differences between AV solutions
- What is an online virus scanner?
- Why would I want a personal firewall included?
- Why do I need protection from e-mail?
- Why do I need protection from IM?
- Upgrading your AV software
- System requirements
- Free vs Fee AV
- Questions to ask the retailer
The rise in popularity of e-mail worms has increased the need for everyone to have an antivirus product protecting their system, but many products don't adequately protect PCs from being infected. Often the increasing desire for integration between e-mail programs and office applications has left security holes that are quickly exploited by worms such as Klez and more recently by the Netsky variants. In these cases, e-mail can be structured so just viewing the message is enough to cause infection on a system where the security patches are out of date, which is common.
The problem lies in the way that many e-mail programs work - they download a mail message, and store it in their own database format. Antivirus programs work on scanning file types they understand through the regular file-system (for example, FAT16, FAT32, NTFS), so they don't necessarily have support for understanding the data structures that your e-mail program uses to store mail messages and their attached files. This means that should your PC download an infected e-mail that your software isn't patched for, not only does your PC become infected, but it becomes very difficult to clean your system and not lose all your e-mails (every time you look at the e-mail inbox you re-infect the PC). This caused a lot of people bother with the W32.Klez worm attacking antivirus programs as its first step, and the cleaning tools released by antivirus vendors affected by this attack were not capable of cleaning the contents of mailboxes.
There are two ways around this - either become very good at downloading all the patches for your Web browser and e-mail programs as they are released, or get an antivirus package that will hook into your mail program and browser and keep it up to date.
For the e-mail system to be adequately protected, it is important that the scanning take place before the e-mail is stored anywhere that it might execute or be triggered by the user. In other words, the e-mail system needs to hand off all data to the antivirus scanner as the mail is downloaded and sent from the system (or be talking to the POP3 server via the antivirus program).
Not all e-mail packages are supported for this kind of integration, but scanners exist that integrate tightly with versions of Microsoft Outlook Express, Microsoft Outlook, Netscape Messenger, Netscape, Eudora Pro and Becky Internet Mail. Some scanners also claim to integrate with any MAPI or POP3 client.
Instant Messaging is now one of the most popular uses for a computer online and it didn't take long before the IM vendors added support for file-sharing. IM integration for an antivirus product means that it will provide the same kind of protection offered by email support - scanning of files as they are downloaded and before they are made available to the computer user. This protects the computer from either accidental virus transfer from friends or malicious attempts to gain remote control of a computer by sending someone a Trojan or backdoor application and claiming it is something else.