Network Security guide for the home or small business network – Part 3 – Antivirus
Ok, the first two entries thus far, hardware firewalls and software firewalls have been fairly operating system independant. A hardware firewall is best, but if that’s not possible a software firewall will do until you get a hardware firewall setup. This next item is (currently) a must have for Windows users. However, Mac and Linux users may see the day soon when it is an essential part of security for those systems as well. These days I am stunned to see PC’s that don’t have an antivirus program installed.
They are out there though. Now it’s time for some bad news. If you got antivirus software with your PC 2 years ago, but the subscription lapsed about 1 and 1/2 years ago. You’ve got a problem. Here’s a basic idea of how antivirus software works. The antivirus companies write a “dictionary” of known viruses. They send that off with the install discs (or download) for their software. But the minute that get’s pressed (or packaged), someone, somewhere in the world writes a new virus and it doesn’t match any of the entries in this dictionary (these dictionaries are referred to as signature files or virus definition’s).
So, the virus company takes a look at this new virus and adds it to their “dictionary” or definitions. Ideally then, the software downloads the new definitions and ONLY THEN is the pc protected against that new virus. There is an inherent problem in this setup. We are always in a “defense” mindset, the definitions are always behind the viruses and it’s essential that the pc checks frequently for updates.
There are many good cheap (and free for home use) antivirus programs out there. As with software firewalls, look for 3rd party recommendations of any software you are interested in trying. I highly recommned AVG free for home users. It’s free with free updates (and the updates seem fairly frequent (every day or two).
If you run an in house mailserver I would highly recommend including antivirus scanning at the mailserver level. My usual setup uses Clam antivirus on a linux mail server. Clam antivirus then checks for updates ~once per hour and frequently I’ll see several updates in a single day. Another note here. At one point I had a suggestion that “if we have antivirus at the mailserver, we don’t need it on the desktops”, which is not a good way to think about it. Typically email attachments have been a common “vector” for viruses, but they’re not the only route a virus can take into a system. These days web-browsing is also a possibility. Don’t “lower your defenses” if anything strengthen them. I would suggest if you have both email server level antivirus and desktop antivirus that you use different antivirus programs for each role. (A small home network with inhouse mailserver might have clamantivirus (clamav) on the server and AVG free on the desktop’s for instance.)
Currently Mac/Linux users have at most 1 or 2 viruses a year to be concerned about. Windows users have (this year) 16,000+ new viruses.