Over the last few years, the trend has been towards increased connectivity between computers. The computer is becoming less of an isolated item with only one entry point. Although this has been beneficial for users and computers in general, it has also multiplied the number of entry points for viruses and other threats.
For this reason, it is important to know which entry points malware (malicious software) can use to access a computer and understand how a good IT security solution must protect ALL entry points.
In addition to the increase in the entry points for malware, new types of threats and new forms of transmission have also appeared.
It is also important to monitor all outgoing items. This is not usually taken into consideration, as it is thought that threats cannot enter. It should not be forgotten, however, that most infections occur without malicious intentions. Users can send an infected file, DVD, CD-ROM, floppy disk, etc. without realizing that they are also sending a virus. If all users carefully monitor their outgoing messages as well as the incoming ones, the rapid diffusion of malware as occurs today could be avoided. Users who send a virus could also be affected under such circumstances.
DVDs, CD-ROMs, Floppy disks and other removable disk drives
In the past, these mediums were the only entry points into a computer that was not connected to a network. Viruses can be included in the files that are stored on any of these mediums or hidden in the boot sector of a disk drive.
Panda Software responds to this entry point in two ways. Firstly, it includes a continuous scan that offers automatic protection. When a file stored on a DVD, CD-ROM, floppy disk or other type of disk is accessed, it is scanned by the automatic protection. Secondly, it offers the option to carry out an on-demand scan of any DVD, CD-ROM, floppy disk or other type of used on the computer in order to check that it is virus-free.
With adequate automatic protection, an IT security solution can efficiently resolve the danger that this entry point poses.
Networks
This entry point has been around for a long time, but has become very widespread over the last few years. Nowadays, wherever there are several computers, there is usually a network that connects them. The main objective of a network is to share information and therefore files. As all types of files are shared in a network, it can transmit file viruses and macro viruses as well as any other type of virus, worms, Trojans, and other threats.
Panda Software responds to this entry point in two ways. Firstly, the key protection is a continuous scan that offers automatic protection. This is the same protection as that mentioned above, which monitors access to files. If a user attempts to send or receive a file infected with a virus via the network, the automatic protection scans the file and warns the user that the file is infected. As in the previous case, an on-demand scan is also available for scanning any network drive. However, given the sharing capacity of a network, new files can be constantly added, making it difficult to ensure that a network drive is completely malware free.
As in the case above, but even more so in the case of networks, adequate automatic protection is the best way of safeguarding this entry point against malware.
Platinum Internet Security also incorporates an excellent firewall, which allows you to restrict the rights of certain programs to access certain areas or sections of the network, IP addresses (number or numeric code that uniquely identifies every computer that exists), shared folders, etc.
Although Internet has been around for a few years, it has only recently become a mass means of communication. Today it is becoming increasingly popular in all environments. The basic function of Internet is to facilitate, and in many cases make possible, the exchange of information. Therefore, Internet also facilitates the exchange of files which, as already mentioned, are a ‘vehicle’ for transmitting malware. However, Internet is slightly more complicated than a network for the following reasons:
The Internet offers a number of different services, including websites, e-mail, file transfer through FTP, chats or IRC, etc. and each service uses a certain protocol (language). It is essential for IT security solution to be able to read these languages in order to successfully scan this entry point for malware. E-mail messages, for example, could include a file infected with a virus and as this file is not in its usual format, a conventional antivirus might not detect it. Even if a message does not include an attached file, it could still be infected through the code that it contains or through its MIME format. For this reason, an IT security solution must be able to recognize the format in which e-mail messages are received.
The entry points of viruses transmitted via Internet are:
· E-mail: Viruses and other threats can be included in files attached to e-mail messages or in the message body, which means that a message does not have to have an attachment to be infected. It is important to remember that the Internet uses two protocols (sets of code and formats –a language- used by computer to communicate with one another) for e-mail, POP3 for receiving mail and SMTP for sending mail. As already mentioned, it is very important for a security solution to protect all possible malware entry points and exit points. Many of the threats that have appeared recently exploit certain characteristics and vulnerabilities of certain mail management programs and other types of widely-used programs.
· News (NNTP): Through this service you can access newsgroups that debate different topics or place messages in certain servers to be consulted and discussed. You can also subscribe to a newsgroup and receive e-mails featuring the latest information on a topic of your choice, these messages could contain infected files. The news managed by Microsoft Outlook Express and Microsoft Exchange/Outlook can be scanned.
· Downloading files (FTP): This service allows you to download files from Internet and upload files to certain Internet addresses. These files could be infected with a virus.
· Web pages (HTTP): Web pages (HTML pages) are mainly text and graphics, which do not represent a virus threat. However, an increasing number of Web pages contain other components such as Java Applets or ActiveX controls. These types of components can be infected with a virus and can infect a computer when it accesses the Web page.
To solve such a potentially serious problem, Panda Software offers a range of solutions, which are included in Platinum Internet Security. These are the following:
· E-mail: A special automatic protection that scans all outgoing messages (SMTP protocol) and incoming messages (POP3 protocol) for viruses and other threats. As a result, e-mail messages containing infected files cannot be sent or received. Other IT security solutions scan incoming mail only, which is very dangerous as a user can send a virus, with serious consequences for the sender. The e-mail antivirus protection offered by Platinum Internet Security can be used with the most commonly used e-mail programs.
An added danger with e-mail is that all outgoing and incoming messages are stored in a message database. Conventional antiviruses do not recognize the format of these databases and therefore cannot scan all of the messages sent and received before the program was installed, nor messages, that for some reason, were not scanned when they were received. To solve this problem, Platinum Internet Security recognizes the format of the message databases in Microsoft Outlook Express and Microsoft Outlook. Platinum Internet Security allows the user to scan any message in the database at any time, offering the guarantee that e-mail is malware-free.
· News (NNTP): All potentially infected contents (related documents) in a server that provides a news service will be scanned by a special automatic protection that monitors the connection with that server. This guarantees that information is safe to consult, regardless of the news program used.
· File transfers (FTP): All files downloaded from or uploaded to the Internet through FTP will be scanned by an automatic protection. These files are scanned locally before they are sent, or when they reach your computer. All previously transferred files can be scanned with a file antivirus, avoiding the problem with e-mail messages mentioned earlier. The antivirus protection is independent from the FTP program used.
· Web pages (HTTP): All Web page or HTML page contents (Java applets, ActiveX, etc.) that could be infected will be scanned by a automatic protection. Sometimes these items are downloaded to the computer that connects to these pages. When these items have been downloaded they will be scanned locally using the automatic protection. This guarantees secure website browsing, regardless of the browser used.
To sum up, it can be concluded that Platinum Internet Security offers the best protection against viruses and other threats that could get into your computer through all types of connections. All the data is scanned as it enters or leaves the computer to check that it is not carrying any viruses or other threats. It is also possible to scan all incoming and outgoing e-mail messages (Microsoft Outlook Express and Microsoft Exchange/Outlook), guaranteeing a malware-free connection to the Internet.
For more information about the entry points used by viruses consult the Virus Encyclopedia on the Panda Software website www.pandasoftware.com/virus_info/encyclopedia.