A good, fast plan of action will keep virus contained

A Word virus struck my personal computer recently, and I'll confess the experience was
even more disconcerting than previous virus attacks.

Typically, viruses insinuate themselves into the boot sector of your disk drives and
diskettes or attach themselves to executable files.

But the Word viruses are Microsoft Word macros. When you open an infected Word
document, they slip into your Word macro library, where they can replicate into every
document you open and save.

It used to be enough to scan foreign disks for virus-laden executable files. But with
the advent of local area networks, wide area networks and the Internet, viruses can come
calling in a myriad of ways. The payloads of these viruses can vary from doing nothing to
erasing an entire hard disk.

Now you must scan all MS-Word documents, not only from unfamiliar disks, but also from
e-mail and the World Wide Web.

My office LAN does a daily scan; recently this process revealed two Word documents on
my hard drive with the Concept virus signature. Both documents had been sent to me via
Microsoft Mail. One was a job vacancy listing with a wide distribution typical of that
genre of document. The other was a popular and widely circulated organizational briefing
paper. If the original was infected, perhaps hundreds of PCs on our LAN were now infected.

Even more disturbing, both documents were planned for distribution via the World Wide
Web server. If those documents had been uploaded to the agency Web server, thousands of
the agency's customers could have had their computers infected also. The potential for
damage, ill will and embarrassment is substantial.

Fortunately, this catastrophe was prevented, but the outcome might have been otherwise.
Thousands of hours of valuable technical expertise can be squandered in stemming these
epidemics. Mission-critical systems can succumb to the devastating payloads these viruses
can deliver to every desktop. Most ominously, agencies may injure those we are here to

What can we do to prevent these dire consequences?

1. All those responsible for periodic dissemination of documents and files must have
antivirus software running at all times. Loaded into your computer's memory, these
antivirus programs constantly look for evidence of known viruses.

2. Detection of a virus must result in the immediate and complete cessation of
computing on the infected computer. If you continue business as usual, you will infect
others via files shared on LAN drives, e-mail attachments, file transfers and uploads to
Web servers. You don't want to send infected documents to your colleagues and management
while awaiting arrival of the tech support staff.

3. Agency help desk staff should be trained in virus technology and should be fast to
give detailed and specific instructions to users who encounter viruses. These instructions
should include:

a. Turn off the computer and put a sign on it so others aren't tempted to use it.

b. Do not copy, e-mail, send or hand-carry any electronic files. You'd be better off
reading those back issues of Government Computer News that have accumulated in your

c. Wait for technical support specialists who will arrive within the hour to restore
your computer to full operation. (Prompt response is essential; otherwise customers are
likely to restart their computers and spread the contagion.)

d. If you're not at your desk when support workers arrive, they are authorized to take
corrective action in your absence. This will avoid delays resulting from phone tag and
appointment tag.

4. Tech support periodically will scan the documents and executables on shared drives,
FTP servers, gopher servers and Web servers to ensure that they are not infected.

I've seen these and similar virus control procedures in operation while on detail at a
Defense Department facility. I had received an infected diskette from an outside source.
As soon as the boot sector virus on the diskette tried to infect the hard drive, the virus
checker announced the attack, displayed the telephone number for the computer security
staff, ordered me to call and then incapacitated the computer.

Within minutes of my call, the security team arrived and, without hesitation, proceeded
to scan all the PCs and diskettes in the area, not just those I reported. The team was
determined to eradicate this potential threat to the national security.

Although most federal agencies are not responsible for national defense, our customers
are no less deserving of prompt measures to protect their information assets. We must
anticipate threats and react immediately with all necessary personnel and resources.
Otherwise, the damage could be incalculable.

Walter R. Houser, who has more than two decades of experience in federal information
management, is webmaster for a Cabinet agency. His own Web home page is at http://wow.cpug.org/user/houser/.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above