Latest Norton Anti-Virus Definition Date : 24/10/2001

Anti-Virus software plays a crucial role in our working environment, and without it we would not be able to perform our daily business functions. Hopefully you will find this information provides you with the answers to most common questions about viruses and virus related issues.

Latest Anti-Virus News

Nimda Virus:
This new virus uses multiple methods of replication using Outlook, Internet Explorer and Web servers.  Certain measures are in place within the company to reduce this virus risk which include:

• Blocking certain web addresses on our Internet Firewall which display Nimda type activity,
• Automatic LiveUpdate via Logon Script for all clients,
• Stripping of high risk email attachments including zip files which contain certain file types (.exe .bat .com .pif .vbs and .shs).
• Use of Microsoft Outlook Express is strictly prohibited.
• Discouraging use of non-company email systems such as hotmail.
  

What is a computer Virus?	Updating the Anti-Virus Protection Software
How can I be sure I do not have a virus?	Will I be able to tell if a virus has been detected?
What Anti-Virus software do we use?	I see a message when I start using my computer saying "Old virus definition file"
How can I tell if I have the new software?	I still have a soldier icon, should this have changed by now?
What benefits does Norton Anti-Virus provide?	What happens if a virus is found by Norton, but it can not be disinfected?
What is a hoax virus?	Who do I ask about virus related issues or suggestions about this web page?

What is a computer Virus?

A computer virus is a piece of malicious code that attaches to important areas within computers, such as program files, and the boot areas of floppy disks and hard disks (the boot area is the location that a PC first looks at, to start the operating system). A virus can destroy data after copying itself to other host files or disks. The virus spreads when its host file runs and the malicious code is unleashed. The virus can quickly spread into memory as the computer boots from an infected disk.

More commonly now, many viruses abuse the macro facilities available in Microsoft's suite of office applications, namely Word, Excel, PowerPoint and Outlook. Certain viruses such as "Melissa" have used Word document macros to force Outlook to send messages to 50 members of the users e-mail distribution list, which can in turn send a further 50 from each of those recipients. It is quite clear how fast email viruses can spread.

Back to Top

How can I be sure I do not have a virus?

We have to rely upon the Anti-Virus software companies to provide us with up-to-date protection. Their programs can also contain special detection software which looks for virus activity in any file used. You can never be 100% sure!

What Anti-Virus software do we use?

The new company global standard software is Norton Anti-Virus Corporate Edition v7.

We recently changed from the Dr Solomon's software as the product was becoming end of life.

How can I tell if I have the new software?

If you have a yellow shield  icon near the clock on your taskbar then you have Norton Anti-Virus.

If you have a icon instead of the shield, then you are still using Dr Solomon's.

If the shield icon has an exclamation mark in front of it (permanently), then you must call PC Support on xxxxx so they can check your configuration as your system has a problem.

Back to Top

I still have a soldier icon, should this have changed by now?

YES!   If you still have a icon near your system clock, then contact PC Support immediatly as you will not have protection against the new Nimda Virus!

Back to Top

How do I update my system when I have Norton Anti-Virus?

You may have noticed the varied time and complexity in some of the above procedures, which are required to keep your protection up-to-date. Norton will make updating quicker and easier.

All Windows NT desktop office based networked workstations should receive their updates automatically overnight. Should I.T. require you to perform an emergency update, the procedure would be the same as all remote users including laptops:

Double click on   then click on Just click Next, and then Finish when prompted.

Downloading updates should only take a few seconds on network connected systems and a maximum of 5 minutes for remote users.

You can check how up-to-date your protection is by looking at the date displayed on the screen which contains the LiveUpdate button (if you have just performed an update, the screen will need closing for a few seconds for the information to refresh). Remember that there is not an update every day.

Back to Top

I am a remote user with Norton Anti-Virus. How often should I request an update?

We would like users to carry out this task as often as possible (not more than once a day though!). The longer you leave your update request, the more information has to be downloaded. Ideally no one should leave it more than a week between LiveUpdate requests. Remember, you will not need to reboot your system for the changes to take effect, but you will need to be connected to the network.

Back to Top

I see a message when I start using my computer saying "Old virus definition file"

This message will be displayed if your virus definition database has not been updated given a certain time period. Should you see this message, please contact PC Support on xxxxx.

If you are a remote user, and therefore responsible for requesting updates, please try to use the LiveUpdate mechanism before calling.

What benefits does Norton Anti-Virus provide?

The main benefit of Norton is the LiveUpdate facility which addresses the major issue of constantly updating the virus protection. During out of office hours, your networked workstation requests any outstanding virus definition updates, provided you have left your workstation in the correct mode (i.e. it should be displaying "Press CTRL-ALT-DEL to logon" on the screen when you go home). The updates can be released on a daily basis or up to about 2 weeks depending on what viruses have been discovered by Symantec (the software developers for Norton Anti-Virus). Dr Solomon's version updates were usually released on a monthly basis at least.

Norton is better at detecting and disinfecting viruses then Dr Solomon's.

Back to Top

Will I be able to tell if a virus has been detected?

Yes, and it is important that you can do this! If a virus is discovered, it is important to be able to establish the source of the virus (i.e. where it came from). This can range from an email sent to you by a colleague or friend, or perhaps a floppy disk from an external company or home computer. With this information, it may be possible to establish how many other computer systems have been effected.

Depending on which system discovered the virus, you could get one of the following messages:

Norton Anti-Virus on our Exchange email system (this will be an e-mail message sent to you):

From: NAV for Microsoft Exchange Sent: 06 January 2000 13:23 To: User Subject: Norton AntiVirus detected and repaired a virus in a message you received. Sender of the infected attachment: User has been informed too. Subject of the message: FW: Duhalde Presidente User One or more attachments were repaired. Attachment SB-991129_F_Romero.doc was Repaired for the following reasons: Virus W97M.Melissa.O was found.

                   
Anti-Virus message from an email gateway (this message replaces an infected attachment):

VIRUS ALERT COMPANY INFORMATION TECHNOLOGY E-MAIL ENGINEERING The original e-mail attachment was removed from this message as it was determined to harbour a computer virus. A virus/worm was detected and the original attachment has been removed from this message. Please notify the sender of this message that their system has been compromised by the virus. The sender has most likely passed this along to you with out his or her knowledge or intent.

                    Norton Anti-Virus on a client workstation:

                 It is important to note the "Action taken" when you call us.

Back to Top

 What happens if a virus is found by Norton, but it can not be disinfected?

If this happens, then the file will be quarantined. The file will be removed from its original location into a secure area, and then a copy will be sent to I.T. We can then submit the file to Symantec, who will then identify it as a false positive (i.e. looked like a virus, but was a false alarm) or as a real virus. We always ask the user if it contains any company sensitive information. Where this is not possible we can ask the Norton virus submission software to strip all text and data from the document before is sent. Once we have received a fix, it will be included on the next virus definition update to the users workstation and the file will automatically be disinfected and released to its original location.

 What is a hoax virus?

Hoax viruses are email messages which claim the existence of a virus which does not actually exist. Usually the actions of the virus are so exaggerated that it is not physically possible for a virus to cause. It is similar to a chain letter, which asks you to forward the information on to as many people as possible. Should you get a virus related email, you should always consult PC Support before distributing the information any further (email to PC Support, Welwyn).

A few common examples of hoax viruses are given below:

"It takes guts to say Jesus"

"Budweiser Frogs"

For those of you that receive many of these messages, there is a link to Symantec's Web site, which contains an encyclopedia of hoax email viruses. Please keep I.T. informed though.

Who do I contact about virus related issues or suggestions about this web page?

You should contact PC Support on xxxxx or email PC Support, Welwyn

Back to Top

Back