IT Risk #2 – Untested Antivirus Software.
IT Risk #2 – Untested Antivirus Software. https://www.shandam.com/wp-content/themes/corpus/images/empty/thumbnail.jpg 150 150 Shandam Consulting Shandam Consulting https://www.shandam.com/wp-content/themes/corpus/images/empty/thumbnail.jpgIT Risk #2 – Untested antivirus software.
Jim: “This crocodile repellant works great!
Bob: “How can you be sure?”
Jim: “Well, you don’t see any crocodiles around here, do you?”
This represents the approach most organizations take with antivirus software – everyone knows they need it, so it gets deployed in some manner, but is never actually tested.
As part of our assessment process we look at antivirus strategy, and 9 times out of 10 we find the antivirus system is either obsolete or simply not working, placing the organization at risk of virus infections, or increasingly, ransomware. A weak antivirus strategy coupled with a weak backup policy (see risk #1) will virtually guarantee a loss of data at some point.
“How can you test an antivirus software? Surely you don’t want me to download a real virus!”
Of course not… But we can use a test virus! Antivirus software companies have all agreed to use the same test virus file to verify virus detection, notification, escalation and mitigation functions are working. The file is just a piece of random code that contains no actual virus software, but all vendors have agreed to treat that code as if it were a real virus. The file is called the European Institute for Computer Antivirus Research (EICAR) test file and it can be found with a simple Google search or via this web link:
https://www.f-secure.com/v-descs/eicar.shtml
What might happen when you try to download this file:
- If you are unable to access or download this file, this indicates a high level of organizational security. While this is not a comprehensive test, it does indicate that someone in your organization is paying attention to network security!
- If you can download this file to your PC, but it is detected and quarantined by your antivirus software, you have some level of antivirus protection, but are still at risk since the file was able to enter your network.
- If you can download the file to your PC without detection and quarantine, your organization is at high risk.
- If you can copy the downloaded test virus to a network server or file share, your organization is at a very high risk.
Anyone can perform this test, and if the results you get are not what you expect, it’s time to have a difficult conversation with the person responsible for IT security in your organization. Ignoring this situation will just postpone the inevitable, as virus creators have evolved from teenage vandals to state sponsored hackers or financially motivated criminal organizations.