CompTIA Network+ Certification Exam Tutorial: Antivirus Programs

Oct 30
23:06

2006

Chris Bryant

Chris Bryant

  • Share this article on Facebook
  • Share this article on Twitter
  • Share this article on Linkedin

Knowing all about antivirus programs is important for passing the Network+ Exam as well as succeeding with real-world networks. Learn the basics from Chris Bryant, CCIE #12933.

mediaimage

In the first part of this CompTIA Network+ certification exam tutorial,CompTIA Network+ Certification Exam Tutorial:  Antivirus Programs Articles we looked at the different types of viruses and other invaders trying to get into our network, and how antivirus programs help to stop them.  Today, we’ll discuss some tips on how to get the maximum protection from your antivirus program.

I strongly recommend you choose an antivirus program that offers automatic updates.  If you rely on manual updates - that is, relying on remembering to go out and check for updates yourself instead of having them automatically downloaded when new updates are available - I can practically guarantee you're going to forget to do so, and this can be a fatal mistake for both your network and your career.

Why is this so important?  The #1 mistake network administrators and home PC owners alike make with antivirus software is not keeping the program up-to-date.  New viruses are being created every minute of every day, and reputable antivirus program vendors such as Symantec are monitoring that situation, looking for new viruses and writing virus signature updates  or virus definitions regularly.    (A virus signature is the actual binary pattern of a virus, and just as your signature identifies you, a virus signature identifies the virus.)  It's not enough for the vendors to create these updates - they've got to be downloaded to your computers and servers.

Most vendors offer some kind of automatic download for virus definitions, so when new updates are created, they're automatically downloaded by the antivirus program.  For example, Symantec offers LiveUpdate, which will download new virus definitions to their popular Norton Antivirus program when new ones are available. Another popular antivirus program, Kaspersky Antivirus, will download several new virus updates several times a day!   Identifying viruses and writing new definitions to defend against them is a never-ending battle, so make sure you have the latest protection.

These updates do cost money, but it's money well-spent.  Most antivirus vendors give you 30 or 60 days of free updates, but after that you must purchase a subscription to the service. 

Regardless of which antivirus program you choose, I urge you to use automatic updates if they're available.  As busy as we get, it's easy to forget these important updates, and they're too important to be forgotten.

The only viruses you're totally unprotected against are the unknown ones, and the only way for your network hosts and servers to know about new viruses is to keep them updated!

Don't be lulled into a false sense of security by seeing that your servers all have the latest updates.  Every single workstation and server in your network must have an antivirus program with the latest updates running.  I know that neither you or I have the time to walk around to every workstation every day checking on this, so I recommend you check two separate PCs on your network each day.  That only takes a few minutes, and if you see one PC with outdated definitions, there's a good chance that other PCs on the network have the same problem.  Believe me, that's one problem you want to fix now.

When you configure antivirus software, you'll have the option of setting a time when a virus scan should run on the host, as well as what files should be scanned for viruses.   If your network PCs are left on at night, setting the antivirus program to run a full scan at 1 AM is a great idea.

If a host or server has too many files to scan them all at once, you may have to pick which files should be scanned.  First on your list should be any file whose extension is .com, .exe, .ocx, or .dll.  These are all executable files, which are primary carriers and targets of viruses.  I personally like to scan a host's Microsoft Word documents as well, since those files are passed from user to user more often than any other file type.

Additionally, most network administrators have been in a position where they've had to turn the antivirus program off, and you may have installed programs on your own PC where the installation program recommends you to turn the antivirus program off.

If you're downloading software from a vendor you're not familiar with, realize that when you comply with their request to turn the antivirus off, you're trusting them with the health of your network.  Maybe they're asking you to turn it off in order to correctly install the software, and maybe they're asking you to turn it off to make it easier for the download to launch a virus. 

Legitimate vendors often have you turn antivirus protection off during a software install.  I personally scan any disk or downloaded file before I begin the install process, and I recommend you do so as well.  And if you do turn the antivirus off ... make sure to turn it back on.  I once saw an entire network go down because a virus managed to launch on an email server that had become infected one day earlier - and the infection occurred when the admin turned the antivirus off to install a program on the server and then forgot to turn it back on.  The next morning, that server was toast.  Don't let that happen to you or your servers.

Knowing the basics of antivirus programs is great preparation for passing your CompTIA Network+ certification exam, but as you can see, it’s  also a vital part of protecting the real-world networks that you and I are in charge of.  Keep your virus definitions up to date!