Worms and Viruses Pose Real Threat for Y2K
Mark Edwards offers up some strategies for protecting your systems from Y2K-based viruses and worms.
December 8, 1999
Do you have all your Y2K remedies and prevention in place? Are you sure? What about viruses, Trojans, and worms? How will you cover your bases in that area?
If you don't think viruses and worms pose a Y2K threat, think again. Researchers have reported at least two new Y2K-centric virus and worm strains in recent weeks. Granted, you can head over to your favorite antivirus software vendor site and download the latest signature detection update files, but think about that action for a moment. You're downloading signatures of viruses and worms that the vendor knows about, and that's the key to any viral or worm detection and eradication: knowledge.
The reality is that any number of undetected viruses and worms might be out there waiting to trigger on a given date in the year 2000. The problem is that we just don't know what's out there, and outside of a good file and system integrity checker, you have no way to guarantee that such code hasn't entered your system. The way you'll find out about a Y2K-based infection is when a virus or worm actually activates.
Quite a dilemma, don't you think? Certainly, you can roll a computer's date forward to see how your system reacts, but that approach isn't really adequate to cover all the bases when it comes to viruses and worms. For example, what if a given virus or worm only triggers at a specific time of day? How can you test all the possible time combinations for an entire year? Realistically, you can't.
The alternative route to date and time trigger checking is comparative analysis. You can feasibly compare aspects of any system in question against aspects of a similar system that is known to be tamper-free. By examining Registry entries, file dates, and checksums, you might be able to detect potential infection before that infection becomes a serious problem.
With either route, the course is tough and time-consuming. Comparative checks are certainly more time-conservative and beneficial than date- and time-based testing alone, but even so, there is no guarantee that something is not amiss. Can you accept that risk? Perhaps your situation forces you to accept it, but perhaps not.
I've read messages on our HowTo for Security mailing list in which people have indicated they will power down their Exchange servers and other mission-critical systems to wait and see how the date rollover affects others around the world. I like that approach, but not everyone has the luxury of taking that course.
The bottom line is that you should protect your system's integrity from the start with utilities such as TripWire and use a good antivirus scanner that fits your needs. In addition, handle all email messages with caution until you're certain they're harmless. Do those things and you'll significantly reduce the amount of worry you'll experience regarding viruses and worms both now and in the future.
Using real-time integrity checkers and adequate email practices in addition to up-to-date antivirus software will lessen the likelihood that your servers or workstations will get hammered into bits of useless data. As you know, an ounce of prevention is worth a pound of cure. Until next time, have a great week.
About the Author
You May Also Like