Printer Friendly

Computer viruses: why prevention is the best medicine.

Even the most firmly non-superstitious business people in Toronto watched their October calendars with trepidation. Rumours were that on Friday, Oct. 13, an unknown number of marauding computer viruses would be activated, ready to cause havoc for computer users.

The day passed uneventfully. But, the rumours had aroused concern that events of more than a year ago might be repeated. The computer virus unleashed by a 23-year-old U.S. graduate student in November 1988 attacked more than 6,000 business, education and government computers linked in a national network, damaging the information being processed.

Computer viruses are software programs written within other, useful software programs, such as one for word processing. Some viruses invade computers and spread an unwanted characteristic by replicating themselves over and over. Others instruct the computer to take damaging action, for example, erase data.

A computer virus could bring day-to-day business activities to a quick stop. For example:

* Preventing airline reservationists from accessing up-to-date information on availability of specific flights and fares;

* Shutting down automated banking operations so that customers are unable to make cash withdrawals easily;

* Delaying the transmission of a patient's medical records to a specialist in another city for pre-treatment diagnosis;

* Throwing your company's order entry, shipping and billing information network into chaos. (Consider what a few day's work stoppage would cost.)

Scary stuff, especially considering that computer viruses aren't accidents. They are created by highly computer-literate individuals. In most cases, viruses are inserted into networks by people who are authorized to use those networks. The consensus in the computer industry is that fully 80 percent of computer security breaches are internal, resulting primarily from deliberate attempts at theft and sabotage. Employee ineptitude and negligence also come into play.

Despite this reality, traditional computer security activity is focused on stopping a clever "outsider" from breaking into a computer network, and very little security exists against insiders.

The threat has grown as personal computers (PCs) and minicomputers increasingly are connected into information networks. These networks give computer users - and abusers - access to information that resides in multiple machines. Large amounts of processing power now is in the hands of individual network users.

Because many viruses reside within a software program stored on floppy disks or hard disks, even innocent employees may transfer viruses and infect other computers. For example, employees may copy a virus-infected program onto their disks during a session with an electronic bulletin board, where PC users exchange programs and other information.

Should an unwary PC user put an infected disk or application program into a PC that is part of a network, the virus program may infect all machines that are part of that network.

For business managers, the challenge is to minimize the threat of contaminated software programs yet provide individual network users with the applications programs they need to do their job

There are four traditional approaches to meeting this need:

* Test all programs prior to use in a company's computer system.

* Make programs impossible to change; that is, make them "write protected" and keep them stored safely in the computer room.

* Use computer programs that can find and destroy viruses.

* Lock up the computers and their storage devices like disks and tapes.

These approaches all have merit, but they tend to be inconvenient, not comprehensive and expensive. In addition, virus creators are showing an unnerving ability to outsmart programmers who are writing programs to protect disks against viruses.

Another, newer way to protect against viruses is simply not to put disks and applications software into the hands of individual network users, yet still give them access to the applications they need to do their jobs. This lack of local storage and application program entry devices is the underpinning of computer terminals known as diskless workstations.

As the name indicates, these workstations can access, display and run any application, but they do not use disks, local storage or local processing. Instead, users of these secure, PC-based workstations access only the desired application, whether it's a Payroll or a PC Lotus 1-2-3 program. The application program is then run remotely in a secured computer.

In this way, there is no danger of the user infecting the application by means of a disk-based virus. In addition, this solution restores control of network security by restricting users to data files instead of application programs. A bonus is that diskless workstations make life easier for users, who no longer have to worry about loading software, or handling back-up and recovery of data files.

So, while there may be no stopping genius programmers who thrive on the challenge of creating viruses, workable alternatives are available to ensure the safety of information - one of a business's most valuable assets.
COPYRIGHT 1991 Canadian Institute of Management
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1991 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Cunningham, Desmond
Publication:Canadian Manager
Date:Jun 22, 1991
Previous Article:Can your firm thrive on chaos?
Next Article:When visuals aid in the presentation.

Related Articles
Keeping computers safe and healthy.
Health care for computers: protect your computer and your business from viruses.
MedImmune announces issuance of patent for syncytial virus antibody.
Computer virus - know the enemy.
Computer viruses. (Making Sense Out of Your Computer).

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters