The computer virus problem may not be in the headlines as it was a few years ago, but a study recently released by the National Computer Security Association (NCSA) shows that viruses are still pervasive in corporate America--and that an organization's chance of encountering a virus in early 1997 is "an order of magnitude" greater than just a year ago. The virus threat is also evolving, requiring LAN managers to take new steps to protect their networks.

NCSA researchers contacted IS managers at 300 large and medium-sized organizations in North America and asked them about their experience with viruses on Intel Corp. platforms. Over 99 percent admitted to a past virus encounter, and the rate of infection is rising: The number of virus encounters in January was almost equal to the total number of encounters between July and December of 1996.

Much of the increase was due to the proliferation of macro viruses, which account for more than two-thirds of the virus encounters reported by respondents this year. Microsoft Word macro viruses account for 66 percent of encounters; viruses that infect the company's Excel spreadsheets tally just a single percentage point so far. The macro viruses' "success" can be traced to the ease with which they are transmitted--simply opening an infected document replicates the virus--and the fact that users are much more likely to exchange document files than the executeables that carry other types of viruses.

Although the sharing of infected disks is still the primary method of transmission for viruses, the prevalence of macro viruses has made online transmission a more serious threat. According to the NCSA survey, more than a quarter of all respondents reported that one of their users received a virus in an E-mail attachment, up from 9 percent the previous year. Twenty-one percent of respondent organizations, up from 11 percent the previous year, had received a virus through files downloaded from BBSes, online services, or the World Wide Web.

Despite the increasing incidence of infection, fewer than 30 percent of respondents had used virus scanning at their E-mail gateways, proxy servers, or firewalls.

All is not doom and gloom, however. The average amount of server downtime caused by a "virus disaster," defined as an infection of 25 or more PCs, dropped from almost six hours per incident last year to just 40 minutes this year. The study notes that companies are learning how to deal with viruses more effectively and that the nature of the macro viruses makes server shutdowns unnecessary. The cost of recovery from a virus disaster--an average of $8,300--and the time required for a full recovery--an average of 44 hours--have been pretty stable over the last year. However, the number of person-days needed to complete a recovery has jumped from 10 last year to 22 this year, which may reflect the increased work needed to recover.

The virus threat is still a real one. Large and medium-sized organizations can expect to see approximately 35 virus incidents per 1,000 personal computers per month this year. The vast majority of these will be Word macro viruses, and the number of viruses transmitted through E-mail and downloads is on the rise. If your organization has already implemented desktop and server virus protection, your focus should move to the files entering your network through E-mail and downloads.

Contributing Editor Al Berg is a CNE and director/strategic technologies at NETLAN Inc., a networking and integration company in New York.

Source: LAN Times