MailStripper - Spam Filter for Linux, FreeBSD and Solaris

News: Staff responsible for most virus outbreaks

BBC News recently covered the results of a survey published by anti-virus firm McAfee. They report that about 50% of senior managers in smaller businesses blame their staff for virus outbreaks. It was also found that staff had installed unauthorised software on their PCs and disabled the security systems that should have protected them.

Over half of the firms question in the survey admitted they had suffered some damage as the result of a virus.

The survey revealed that many firms had invested in the security technologies, but at the expense of educating the users. McAfee's spokesman Sal Viveros said to BBC News Online, "Businesses can have the most robust and integrated security system in the world, but one rogue end user could still be responsible for introducing malicious code on to the network with potentially serious consequences."

Another problem is that some of the staff appear to not learn - after years of being told not to open attachments in emails they were not expecting, most were still quite happy to open up anything that winds up in their inbox.

Another result from McAfee's survey is that out-of-date antivirus software is often to blame for not stopping the outbreaks. Without keeping the software and signatures up to date, the users are being lulled into a false sense of security believing that if they make a mistake the antivirus software will take care of it.

A different approach

Mr Viveros added, "Ideally they would be able to create security policies that are enforceable and take security out of end user's hands." He explained that small firms should think more deeply about the way they approached security issues. Instead of relying on anti-virus software and security problems in a reactive fashion, they should put in place an architecture that increases the layers of protection between the outside world and the end users.

He added that time constraints meant that many of the smaller businesses could only concentrate on their core business rather than become concerned about developments in computer security or keep up-to-date with the latest security problems.

Some network management firms are appearing on the scene that do the security work for small businesses, but these were not being taken up in any significant numbers. These range in size to outsourcing all internet and intranet connectivity to a more specialised service that offers a cleaned email feed to the customer.

Viruses are unfortunately part of the world we live in. However, proper management and understanding of the threat will help keep the risks to a minimum, but the no-risk situation is unattainable on any computer system whether connected to the Internet or not, when users have access to the machines. This risk we just have to live with.