Stripping software is Rx for viruses

By Steven Schultz

Princeton NJ -- The recent onslaught of e-mail viruses has been annoying, but largely harmless to campus computer users, thanks to software managed by the University's Office of Information Technology.

The University employs software that strips virus-carrying attachments from incoming e-mails. The mail still reaches its intended target, clogging the victim's inbox, but no longer poses a danger of infection. (For statistics on e-mail and viruses at Princeton, see "By the numbers" on page 2).

The latest virus, known as "Mydoom," began appearing the weekend of Jan. 24. By Monday, Jan. 26, OIT staff members had added the necessary updates, from the anti-virus software company Symantec, to detect and remove the virus, said Daniel Oberst, director of OIT's enterprise infrastructure services group.

"All we can do is strip the e-mail and pass it along," said Oberst, noting that the software does not give OIT the ability to delete the entire e-mail.

In the early days of virus-blocking software, the goal was to err on the side of not deleting any correspondence in order to preserve the open flow of information, Oberst said. "The overriding principle is 'do no harm.' But it's at such a level now, and the blocking software is so good that we wouldn't even pass them on if we could stop them."

New software may allow such blocking by summer or fall, he said.

The University also can do nothing about viruses that forge a campus e-mail address, making it look like a virus came from a University computer. Campus users may receive e-mails labeled "undeliverable" with their own address in the "from" field, even though they never sent such an e-mail.

The virus-stripping software is only a first line of defense. The second important element is the anti-virus software that is available for free to campus users through the University's licensing arrangement with Symantec. That software will stop viruses that come from sources other than campus e-mail, such as shared disks.

"It's really a belts and suspenders system," said Oberst. "We're catching it on the way in and then on people's desktops."

Anthony Scaturro, the University's information technology security officer, said that there are three important habits in protecting a computer from viruses and other attacks: creating secure passwords; installing system updates; and updating virus-checking software.

"Anyone doing those three things on their computer has greatly reduced his or her risk," Scaturro said. "Even so, I still would advise caution before opening e-mail attachments and surfing Web sites."

Related article
Unsung (super)heroes keep the kinks out of computer systems


PU shield
PWB logo