How to Keep Your Campus Safe from Infection

For many years, I've scanned the testing results from the industry standards in antivirus testing; I've perused the countless pages of information, trying to make sense out of it all. Yet, once I was done, 1 still didn't have an answer to my original question: Which antivirus program should I buy? Daily, in my duties at Colby-Sawyer College (NH), I run across all sorts of malware. After all, curious young minds want to explore all the Internet has to offer. The problem is, the Internet is not always a good place to be curious. As a result, I've seen all kinds of malware infections--in some cases, as many as 3,000 on a single computer. And I've managed to use my unique situation to acquire 10 viruses/ Trojans and two exploits. These could be considered "zero-day infections," as most were so new that they were not even recognized by antivirus software (but all were confirmed by two or more companies after submission for evaluation). I chose these threats because I've seen them destroy a computer and render it useless on and off the Net. Yet, these infections are not self-propagating, which is what a virus is by definition. Propagation is unnecessary when many of these infections are packaged with popular games or peer-to-peer programs, or, in some cases, buried on a Web page that gets 10,000 hits in a day. Most of these infections were far more complicated and time-consuming to remove and had worse effects than even the dreaded Sasser worm. Varying Performance Between Products So why doesn't every antivirus program detect and remove such infections? A technician from the computer security provider Sophos (www.sophos.com) explained that although many of the samples I have captured are Trojans and do create a backdoor into a computer (or install some sort of malicious code that eventually disables the computer completely), they are being used to propagate spyware. And until these infections are actually being used for virus-like activity, or for reasons other than bombarding your computer with spyware, the antivirus programs will not detect these infections. (Outrageously, some spyware companies in the UK were even bold enough to sue some antivirus companies on the premise that the spyware companies were receiving bad PR due to the insinuation that they were creating viruses.) If you ask me, these companies are riding the fine line of the law, skirting legalities by saying that since their program does not propagate, it is not a virus. And while I haven't yet encountered a virus that I couldn't disable and remove in a short time, I have spent several hours on a single computer trying to remove spyware. It's also worth noting that, with a few exceptions, people whose computers have viruses usually don't know their systems are infected--seldom the case with spyware. The problem is that these malicious programs technically are not spyware either, so they are not detected by any of the spyware programs I have tested. And until these programs are removed, a computer user's system will become overloaded with spyware and will eventually cease to be functional. For instance, I once saw a computer that had more than 300 processes running simultaneously, and took more than 20 minutes just to bring up the Task Manager. The truth is, we are now in the information security age, and old-fashioned antivirus programs don't cut it. Computer users need comprehensive antivirus solutions combined with effective spyware solutions, providing real-time protection. Two good ones: Computer Associates' PestPatrol (www3.ca.com/securityadvisor/pest), or Webroot Spy Sweeper (www.webroot. com/products/spysweeper). PestPatrol reports over 1,000 new pests every month, while some of the traditional antivirus products I tested found as few as nine infections. My statistics follow; you tell me where the real threat is. The Setup The antivirus software programs were tested on a fully patched Windows XP Professional machine loaded with Service Pack 2 and the latest software versions and definitions from each company. …