Protecting Windows systems from malware is a cat-and-mouse game. The virus authors find an attack vector and exploit it until the security administrators and antivirus companies devise an effective defense. But when the door gets shut on that attack, the virus authors don't just quit and go home. They look for the open window to find a new vulnerability to exploit.
Even more devious (or creative depending on your point of view) malware authors will try to attack through the door, the window and coming down the chimney all at the same time. If one attack vector is good, then two are better and the malware has a much better chance to propagate. When malware uses two attack vector at the same time, you have a bi-modal or bipartite attack. When it uses three or more simultaneous attack vectors, it is a multipartite attack.
Some threats attack computer systems in multiple ways simultaneously. In the case of the Nimda worm, the threat propagated as an e-mail attachment, exploited vulnerabilities in Web browsers, spread to Web servers through a Microsoft Internet Information Server (IIS) weakness and moved through open network shares while modifying various local system files on infected machines.
How should you protect your systems from these multi-faceted threats? Your antivirus software may be guarding the door so to speak, but you also have to protect other methods of entry into your systems. While your strategy will depend on what the attack vectors are, you should employ some basic, common sense steps to protect systems regardless of the type of threat.
Aside from the obvious steps to implement antivirus software and establish a process that ensures AV software is updated frequently, there are various other steps you can take. Below is a list of key steps to proactively defend against bi-modal or multipartite attacks.
Table of Contents
1. Block e-mail file attachments
2. Restrict outbound SMTP traffic
3. Manage patch deployment
4. Use IPsec to protect critical servers
5. Lock down user access and privileges
6. Training, training and more training
About the author: Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet / Network Security, providing a broad range of information security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions you can visit Essential Computer Security.
More information from SearchWindowsSecurity.com
This was first published in June 2005