The key to effective anti-virus policy is education. Computer users should be concerned
about viruses. Educating your users includes instructing them on how to protect themselves
against computer viruses, and what to do if they become infected by a computer virus.
Good habits need to be promoted. One effective way of teaching good computer hygiene is in
conjunction with the deployment of anti-virus software. Guidelines for good habits should be
included with general security guidelines.
One of the best educational environments can occur when there is a computer virus infection.
This can become a valuable learning experience.
- Deployment of Anti-Virus Software
The deployment of good anti-virus software is unquestionable. Users should be instructed in
its proper use and configuration. In addition, good anti-virus software is useless unless it
is kept up to date. The appropriate update mechanisms must be in place to ensure that it is
The wide deployment of high-quality anti-virus software, along with common-sense preventative
measures such as restricting the installation of unauthorized software, write-protecting system and
software diskettes, and changing system configurations to prevent booting from the diskette drive,
will prevent the outbreak of many viruses.
Taking other actions such as ensuring the regular backup of data and the availability of clean
boot disks will aid in post-infection recovery.
When a user believes their computer may be infected they should have a clear notion of what to
do. This includes the understanding that reporting the incident is an urgent matter. The
user must clearly know who should receive the incident report.
Users should feel confident that they will not be blamed or subjugated to recriminations when
reporting an incident, and they should be assured that they will receive assistance that is
appropriate to the incident and their needs.
Proper incident response provides that people reporting virus incidents receive swift and
accurate advice and assistance at the level the user and the situation require.
The response team will step the user through containment to stop the spread, disinfecting to
clean their system, and the capture of incident information for future use.
Ethics requires the swift acknowledgement of any infection of others. People outside of the
organization need to notified if the computer virus was passed to them through email, floppy
diskettes, or however else it may have occurred.
If your organization experiences more than just a few virus infections per year, trend analysis
may be required to identify problem areas or individual users where special actions need to be
Regular evaluation of anti-virus policy can help prevent problems from occurring in the future.
Particular points to evaluate should include:
Quality of anti-virus software.
Adequate deployment of anti-virus software.
Update frequency of virus definitions.
Identification of high risk areas or users.
Effectiveness of incidence reporting and response.