If you use Microsoft® Office Outlook® 2007 on a daily basis to manage e-mail, appointments, and contacts, losing the information that you’ve stored in Office Outlook 2007 could cause significant problems. Outlook 2007 data can be lost in a number of ways, from accidental deletion to file corruption to hard disk failure. In addition, a user who purchases a new computer might leave behind information when transferring data to the new machine.
This chapter examines virus protection for both the server and workstation to help you understand how to protect yourself and your network from e-mail-borne viruses. Outlook 2007 provides features to protect against viruses in attachments, and there are several steps you can and should take to add other forms of virus protection.
Hardware and software failures are by no means the only source of anguish for the average user or administrator. Viruses and worms have become major problems for system administrators and users alike. When a major virus or worm outbreak hits, companies grind to a halt, systems shut down, system administrators turn off mail servers, and general chaos ensues.
The effects of a particularly virulent virus or worm can be devastating for a company. A virus or worm can bring your mail servers to a quick halt because of the load it imposes on them with the sheer amount of traffic it generates. Bandwidth, both local and across wide area network (WAN) links, is affected as multiple copies of infected messages flood the network. Files can become infected, rendering them unusable and subjecting users to reinfection. This means that you must recover the files from backups, making an adequate backup strategy even more important than usual.
One often overlooked effect that viruses have on a company is the public relations nightmare they can create. How would your customers react if they received a flood of infected messages from your company that brought their mail servers to a screeching halt and damaged their production files? Forget for a moment the ire of your customers’ system administrators. Could your company survive the ill will generated by such a catastrophe?
At the least, your company would probably suffer serious consequences. Therefore, developing and implementing an effective virus protection strategy is as important—perhaps more so—than developing a backup strategy. When you examine your antivirus needs, approach the problem from two angles: protecting against outside infection and preventing an outgoing flood of infected messages. You can approach the former through either client-side or server-side solutions, but the latter typically requires a server-side solution.
Whether or not your organization uses Microsoft Exchange Server, your first line of defense against viruses and worms should reside between your local area network (LAN) and the Internet. Many antivirus solution vendors offer server-side products that monitor traffic coming from the Internet and detect and block viruses in real time. One such product is McAfee WebShield SMTP from McAfee (www.mcafee.com). WebShield is part of the Network Associates Active Virus Defense product, which also includes client antivirus software and an antivirus solution for Exchange Server. Another solution that filters viruses before they get to your network is Panda Software’s Panda Antivirus + Firewall 2007, which works in conjunction with any firewall that supports Content Vectoring Protocol (CVP) to allow the firewall and the antivirus product to interact. You might also consider Symantec’s AntiVirus Gateway Solution, which provides antivirus, antispam, and other filtering functionality at the Internet gateway.
Stopping viruses before they get into your LAN is a great goal, but even the best products sometimes miss. If your organization uses Exchange Server, you should also consider installing an Exchange-based antivirus solution. Microsoft Antigen (formerly from Sybari) protects Exchange Server 2000 and Exchange Server 2003 and has been rebranded as Microsoft Forefront Security for Exchange Server for use with Exchange Server 2007. McAfee offers GroupShield Exchange, and Panda Software offers Panda BusinesSecure 2006 Exchange with TruPrevent Technologies. A third solution is Symantec Mail Security for Microsoft Exchange. Each of these applications works at the application programming interface (API) level with Exchange Server to provide real-time virus detection and removal/quarantine. Other companies also offer antivirus solutions for Exchange Server.
In addition to detecting and removing viruses from network and Exchange Server traffic, you also should implement a solution that provides real-time virus detection for your network’s file servers. These solutions scan the server for infected files as files are added or modified. For example, a remote user might upload a file containing a virus to your File Transfer Protocol (FTP) server. If local users open the file, their systems become infected and the virus begins to spread across your LAN. Catching and removing the virus as soon as the file is uploaded to the FTP server is the ideal solution.
Consider all these points as you evaluate server-side antivirus products. Some might be more important to you than others, so prioritize them and then choose an antivirus suite that best suits your needs and priorities.
In addition to blocking viruses and worms at the server, you should also provide antivirus protection at each workstation, particularly if your server-side virus detection is limited. Even if you do provide a full suite of detection services at the server, client-side protection is a vital piece of any antivirus strategy. For example, suppose that your server provides virus filtering, scanning all e-mail traffic coming from the Internet. Even so, the server might miss a new virus in a message with an attached file, perhaps because the virus definition file has not yet been updated. A user opens the infected file and infects his or her system, and the worm begins replicating across the LAN. If the user has a client-side antivirus solution in place, the worm is blocked before it can do any damage.
Use the following criteria to evaluate client-side antivirus solutions:
Are frequent updates available? On any given day, several new viruses appear. Your antivirus solution is only as good as your virus definition files are current. Choose a solution that offers daily or (at most) weekly virus definition updates.
Can updates be scheduled for automatic execution? The average user doesn’t back up documents on a regular basis, much less worry about whether antivirus definition files are up to date. For that reason, it’s important that the client-side antivirus solution you choose provide automatic, scheduled updates.
Does the product scan a variety of file types? Make sure that the product you choose can scan not only executables and other application files but also Microsoft Office system documents for macro viruses.
You’ll find several client-side antivirus products on the market. Microsoft has two offerings that might be of interest: Microsoft Windows Live™ OneCare includes antivirus protection in its suite of services for home and small business computer users, and Microsoft Forefront Security for Clients offers similar protection for computers in an enterprise environment, although it does not scan e-mail. Other popular products include Symantec Norton AntiVirus (www.symantec.com), Network Associates VirusScan (www.nai.com), and Panda Antivirus for Servers and Desktops (www.pandasecurity.com). Many other products are available that offer comparable features.
Virus protection is an important feature in Outlook 2007. You can configure Outlook 2007 to automatically block specific types of attachments, thus helping prevent virus infections. Outlook 2007 provides two levels of attachment protection, one for individual users and one for system administrators.
Outlook 2007 provides features to help protect your system against viruses and other malicious system attacks. For example, Outlook 2007 supports attachment virus protection, which helps protect against viruses you might receive through infected e-mail attachments. Outlook 2007 offers protection against Microsoft Office system macro viruses, letting you choose when macros run. Control over programmatic access is also configurable, allowing management of how applications interact with the security features in Outlook 2007 as well as their ability to send e-mail.
Note
For information about protecting against malicious HTML-based messages, see "Configuring HTML Message Handling" in Chapter 14.