How could I have got a virus?

“But you installed anti-virus software on my machine, how could I have got a virus!”
It is Virus Season 2012 here at Virtual IT, and the opening comment is endemic of the view point of some of our clients who have succumbed to this season’s must have malware.

Taking the stance of the IT Support Technician, this statement is often met with confusion, Anti –virus is not a silver bullet. So how come so many people regard it as such? And worse still, could we not in part be responsible for this way of thinking? After all well sell ourselves as “your Virtual IT department”. During the sales pitch we will dazzle you with the array of services that we will provide in one tidy package, which encourages the audience to hear “We will do all the thinking about your IT, so you don’t have to.” We offer completely unlimited and unrestricted IT support for our clients. “You can’t remember how to archive your email? No problem, we will do it for you. Would you like to learn how to do it so you don’t need to call us next time? No? OK, just give us a call the next time it needs to be done.” It could be argued that this style of IT management gives the end user all the freedom of IT with none of the responsibility associated with it.

And in no area does it come back to haunt us more than in the arena of malicious software infecting our client’s infrastructures.

To date we have had a policy of not restricting local administrative access to customer’s computers unless the customer already had a policy restricting this. Cutting through the babble, this means we let you enjoy the freedom of being able to install whatever you want onto your computer whenever you want. Why do we take this stance? Simple, we are an outsourced service provider, and few things annoy end users more than having their liberty taken away – especially by an IT department of all things. Unless the decision is arrived at internally the relationship will sour and this isn’t in our interests. The problem with leaving local admin access on a computer is that also give malicious software the freedom to install itself on your computer without you knowing.

This is where antivirus software comes in. My preferred analogy is to continue on the virus theme. Think of a computer virus like the common cold. You won’t know where it expressly came from but coming into contact with external sources increases your chance of contracting a virus. To reduce the risk of infection, you can go visit your GP and have a flu shot. However, there is no such thing as a common cold. Cold and flu viruses are constantly evolving. This in turn means the next flu shot you get will inoculate you against those newly evolved viruses, and so the cycle continues. It is exactly the same with computer viruses and antivirus software; a virus is produced and released and the antivirus provider will find a cure to it. But this takes time, and in that time you could get infected.

The difference in these two scenarios is that if you get a cold or the flu after getting inoculated, you don’t storm back to your GP demanding your tax payer’s money back, because you know that isn’t how it works. You also know there are certain things to avoid (such as other sick people), and certain things to embrace (such as having clean hands). The same can be said for avoiding computer viruses.

There will always be a degree of responsibility bestowed upon the user if that user wants to enjoy certain freedoms. So here are some brief tips on how to mitigate the chance of infecting your computer:

  1. If it looks too good to be true, it probably is. Emails offering you riches or heightened virility, for example, that encourage you to click on a link for further information will be at best a scam or at worst install malicious software on your computer.
  2. Vista and Windows 7 have something called User Account Control (UAC) in control Panel. If you don’t know what it is, it is because it is disabled, but basically it prevents and notifies you when a potentially harmful (read any), program attempts to make changes to your computer.
  3. Only download applications from trusted sources, and read what it says in the boxes that pop up during the installation process. If in doubt, chicken out.
  4. Don’t use torrent sites to download licensed applications for free, there is usually a price, and that price is your computer’s security.
  5. If your computer is doing anything peculiar or out of the ordinary, don’t live with it, get it looked at.
  6. Don’t ignore those irritating pop ups on the bottom right of your screen. Adobe Reader, Oracle Java even Microsoft Updates will all let you know when there is a security update for them. They will do this by leaving an icon in your system tray and a speech bubble will pop up on a regular basis reminding you that there is an update available. While it can be an inconvenience downloading them and potentially rebooting your computer, the updates are not only intended to improve the functionality of the product but close potential security holes in the application.

I guess the message I am trying to convey is that while there is a lot your IT support department can do protect you from viruses, it is all for nothing if you don’t accept some of that responsibility for yourself. Ultimately we can’t protect you from you. Well we can, but you would hate us for it. Simon, our Head of Technology and Innovation has also written an article on this subject, you can find it here.


Comments are closed.