DEPARTMENT OF ENERGY
INFORMATION SECURITY RESOURCE CENTER
PACIFIC NORTHWEST NATIONAL LABORATORY
ADVISORY NOTICE No. 24
April 6, 1998
ANTI-VIRUS SOFTWARE USE UNDER SCRUTINY
DOE is experiencing an increasing number of reports about computer viruses found on email attachments and computer disks from individuals associated with non-proliferation, nuclear arms control, and international safeguards activities with Russia and former Soviet states.
The majority of incidents identify Word Macro viruses as the most common type of infection. Although the current anti-virus software used within the DOE community identifies many versions of Word Macro viruses, we continue to see evidence that these viruses have not been detected and eradicated. Apparently, either users do not have the latest virus detection software versions, have not applied it correctly, or are not applying it with strict enough rules.
Viruses could interrupt the flow of important electronic information within DOE. The prevalence of viruses could indicate that many people simply ignore computer security guidelines which require documents, disks, and email attachments be scanned for viruses. Considering that anti virus software is now easily available to DOE and DOE-contractor personnel, and computer security professionals have informed us of the dangers of viruses, it is a unknown why common viruses, which should be eradicated by the use of anti-virus software, continue to appear within the DOE community.
While most viruses do little or no damage, some offer very unusual permutations. For instance, a Word Macro virus can do no damage to Word documents but damage other files of a user's system outside of the Word application. Also, a Word Macro virus can damage files on a Windows computer and then spread to a Macintosh computer and do no damage until uploaded to another Windows computer. Although uncommon, it is even possible for some viruses to figure out what kind of system its running on and change its behavior accordingly.
The three most common viruses reported in 1997, according to the McAfee's Technical Support Department, were all Macro viruses. Since DOE anti-virus software recognizes Word viruses, how are the most common forms, such as, the Concept version still being found within the DOE environment? The problem may be getting worse. Data Fellows of Helsinki, Finland, a major computer security firm, recently announced that the number of known varieties of Macro viruses soared to over 1000 in just the last year. Is the DOE community using a version of anti-virus software that identifies all Macro viruses?
A study completed in January 1998 by Zona Research found that U.S. companies are investing heavily in computer security, but they may be addressing the wrong issues. Increased security spending is going largely into more established network and firewall software technologies, as opposed to virus protection.
In general, anti-virus software has a good record of identifying known viruses. However, within the DOE community, infiltrations of known viruses continue to be found, even though normal anti-virus scans should have eradicated the problem. Additionally, it should be considered that while anti-virus software is good at detecting known viruses, they prove ineffective against new or unknown viruses.
A special virus alert notice should be sent to individuals exchanging information electronically with or traveling to foreign countries, especially Russia and former Soviet states.
A computer virus portion should be added to the foreign travel pre-briefing to raise awareness of this issue. Some of the items to stress might be:
Return to Advisory Table of Contents
Security and Privacy Notice
To contact send email to ISRC
Last Updated October 2001