Professional Documents
Culture Documents
TABLE OF CONTENTS
March 1, 2002
Trend Micro, Inc.
The complexity of modern computer networks has made the management of antivirus software
very challenging for IT administrators. When the first computer viruses emerged more than ten
years ago, the primary mode of transmission was via diskettes being swapped among different
computers. Viruses would spread slowly among computers within a company and to home com-
puters as employees exchanged infected diskettes. Computer virus infections were localized,
and sometimes took months to spread around the world. The infection rate was gradual.
As computers became more common in businesses and homes, and became connected via
email and Internet connections, virus writers started developing viruses that capitalized on the
1. ICSA Labs Seventh Annual Computer Virus connected architecture. More than 87% of computer viruses are spread via email1 and many
Prevalence Survey 2000.
are capable of sending confidential information through the Internet. In addition, today’s network
has several potential virus entry points that must be protected including: email, Internet, FTP
gateways, shared drives, network connections, and backup tapes. Compared to the computer
viruses of just five years ago, the infection rate of new computer viruses is extremely rapid.
• Internet gateways
• Email/groupware servers (Microsoft Exchange and Exchange 2000, Lotus Notes, etc.)
• File servers (Windows NT, Windows 2000, Novell NetWare)
• Workstations (DOS, Windows 3.1, Windows 95/98/ME/NT/2000)
TREND MICRO TREND MICRO CONTROL MANAGER: CENTRALIZED ANTIVIRUS MANAGEMENT 4
WHITE PAPER
MARCH 1, 2002
Antivirus software requires relatively high levels of active management to ensure its successful
operation. Virus pattern files, scan engines, and program updates must be regularly deployed
to all of the antivirus installations on the network. Since the typical network contains many dif-
ferent antivirus programs, the effort to do a network-wide update can be substantial. Once all
of the potential virus entry points on a network are protected with antivirus software, the man-
agement challenge becomes how to regularly update many different antivirus scanners
successfully with a minimum of effort.
Fortunately, a centrally controlled antivirus system enables the management of diverse antivirus
software on your network simultaneously and from a single management console.
Management of all antivirus products running on the network must be coordinated to ensure
that all virus entry points are blocked and that virus outbreaks are stopped before they spread
and overwhelm your network resources. In addition, it is essential that you can verify that all
antivirus progams on the network are using the most recent antivirus pattern file, scan engine
and program version to detect the latest virus threats.
Antivirus software is only as effective as your latest antivirus pattern file. When using antivirus
software that is centrally managed, you can automatically download the latest antivirus pattern
file from your software vendor and then deploy it to all of the antivirus programs on your
network. In addition, a centrally controlled antivirus strategy shows the real-time status of the
pattern file versions that are being used throughout the network.
Central management provides real-time information about the status of your antivirus software.
You are able to see the status of all of your antivirus programs from a single web-based man-
agement console.
TREND MICRO TREND MICRO CONTROL MANAGER: CENTRALIZED ANTIVIRUS MANAGEMENT 5
WHITE PAPER
MARCH 1, 2002
Protecting your network against computer viruses is analogous to protecting your office or factory
against burglars — fortify the perimeter to keep them out, and then implement systems to prevent
their spread if they penetrate your defenses. The four main virus entry points that need to be
protected with antivirus software using an up-to-date virus pattern file are the following:
Trend Micro sells antivirus software that protects each of these resources.
UPDATE AND MANAGEMENT ISSUES WHEN DEALING WITH MULTIPLE ANTIVIRUS PROGRAMS
Diligent network administrators who install antivirus software on all of their network’s potential
virus entry points create a new challenge for themselves. How can you manage four separate
programs and antivirus systems to ensure that every program is using the most current virus
pattern file and scan engine? Since the scan engine, the core of all virus scanning programs,
is the same in all Trend Micro antivirus programs, they all use the same pattern file.
Trend Micro Control Manager is a web-based management console that is able to manage
several antivirus programs, simultaneously, via a browser. The Trend Micro Control Manager
interface replaces your antivirus program’s native interface. Administrators are able to view the
entire picture of their network’s antivirus security and formulate and enforce antivirus policy.
Trend Micro Control Manager provides the following features:
• Enables administrators to remotely and simultaneously configure, monitor, maintain, and deploy
Trend Micro antivirus and security software across the enterprise
• Offers flexible user management for job delegation and efficient use of security resources
• Records virus activity, system events, and status into a central database, enabling administra-
tors to identify weak points in the network and maintain up-to-date virus protection
• Improves utilization of network bandwidth through customizable software deployment plans
• Eliminates the need for platform-specific computer skills when administering the variety of
antivirus programs often found on the network
• Allows the automatic, single-point update of virus pattern files for all Trend Micro software
• Installs on an NT server in minutes, then deploys Agents that register every antivirus product
detected on the network
TREND MICRO TREND MICRO CONTROL MANAGER: CENTRALIZED ANTIVIRUS MANAGEMENT 6
WHITE PAPER
MARCH 1, 2002
• Uses “push” technology for Agent installation, configuration changes, and virus pattern
updates, and represents the newest frontier in antivirus management
• Saves time and money in the administration of antivirus products – including most Trend Micro
and other antivirus products
• Three-tiered management model reduces network load
• Interactive and event-driven communication minimizes network traffic
• Allows administrators to enforce an enterprise-wide virus protection policy
TREND MICRO INTERSCAN VIRUSWALL® FOR SMTP, HTTP, AND FTP INTERNET SERVERS
The widespread deployment of Internet access in companies has created a new way for viruses
to penetrate your network. Viruses can hitch a ride on FTP file transfers or spread to worksta-
tions when network users visit insecure sites. In addition, the web has created an entirely new
class of malicious web scripts, Java applets, and ActiveX controls.
InterScan VirusWall filters Internet traffic to keep viruses out of your network. Optional modules
help network administrators manage and monitor their employees’ web usage and browsing habits.
ScanMail prevents computer viruses from being propagated through your company’s email or
groupware servers. There are versions for Microsoft Exchange, Microsoft Exchange 2000, and
Lotus Notes. In addition to scanning incoming message attachments at the server to keep mes-
sages out of user mailboxes, it continually scans message volume passing through the server
to prevent your network users from infecting others, either inside or outside your network, with
infected attachments.
ServerProtect guards Windows NT and Novell NetWare servers, monitoring all file access activity
to prevent a virus from ever being copied to the server. It integrates with several industry-
leading backup and network management tools to keep your servers virus-free.
TREND MICRO TREND MICRO CONTROL MANAGER: CENTRALIZED ANTIVIRUS MANAGEMENT 7
WHITE PAPER
MARCH 1, 2002
OfficeScan Corporate Edition is client/server antivirus protection. Client programs are deployed
to every workstation on the network to provide local scanning. The client programs are managed
by a central server via a management console. Administrators can deploy client software, monitor
antivirus status, update virus pattern files, and uninstall client software, all from a central point.
In order to prevent or contain a virus outbreak, the system administrator must do the following:
• Install and enable antivirus software on all of the potential virus entry points on the network.
These include workstations, file servers, email/groupware servers and conduits of Internet
traffic like SMTP, HTTP, or FTP servers.
• Update all of the antivirus products running on your network to catch the virus.
• Verify that all servers and desktops get the update.
• After preventing the spread of the virus, you must scan the entire network for residual viruses.
• Verify that all viruses are cleaned or deleted.
• Block the virus entry points on your network and warn the parties that are sending you viruses.
• Review what caused the virus outbreak and develop a strategy to stop these potential threats
in the future.
Companies must evaluate vulnerabilities and then choose the appropriate antivirus software.
TREND MICRO TREND MICRO CONTROL MANAGER: CENTRALIZED ANTIVIRUS MANAGEMENT 8
WHITE PAPER
MARCH 1, 2002
Antivirus scanning programs also use a component called the scan engine that must be peri-
odically updated to ensure protection against the latest viruses. Scan engines, however, do not
have to be updated as frequently as the virus pattern file.
For every virus incident in your antivirus program’s log files, ask yourself why the virus infec-
tion happened. If you determine that any of the entry points to your company’s network are
unprotected, make sure that you install antivirus software in those areas and make sure that it
is functioning properly.
• If the virus entered your network as an email attachment, you might want to consider banning
attachments of certain types. For example, the ILOVEYOU virus entered companies as a file
with a *.VBS file extension. Most companies would not have a legitimate need to exchange
files of this type, so it would be prudent to prohibit *.VBS attachments. Be careful, however,
not to make your antivirus policy so restrictive that it hampers your company’s operations. For
example, Word and Excel files are also common hosts for computer viruses but there is legit-
imate businesses need to exchange these types of files.
• Were a small number of employees responsible for a disproportionate number of your
company’s virus incidents? If so, more attention should be paid to what these employees are
doing and to educate them about the risks that computer viruses pose.
• Are all of your antivirus programs regularly being updated with the newest virus pattern and
scan engine files? Remember that your company’s antivirus is only as effective as your latest
pattern file. Regular updates are crucial in order to stay protected against the latest viruses.
• Antivirus software can only detect viruses after the fact. The administrator’s job is to analyze
the raw data from the antivirus scanner and make management decisions about how these
incidents can be eliminated in the future. Use the log files to formulate and fine-tune your
company’s antivirus policy.
TREND MICRO TREND MICRO CONTROL MANAGER: CENTRALIZED ANTIVIRUS MANAGEMENT 10
WHITE PAPER
MARCH 1, 2002
Fast-spreading Internet-aware viruses like Melissa, ILOVEYOU, etc., pose a special challenge
to the antivirus administrator. In order to safeguard your network against them, you must get
real-time data from all of your antivirus scanners and ensure that every one is updated and
using the most recent virus pattern file.
Without a centrally managed antivirus management system, every antivirus program must be
individually updated and managed. Tedious and time-consuming chores have a higher prob-
ability of being neglected, thus putting your network at risk.
Most antivirus programs also permit the scheduling of future scans. When this function is avail-
able from the management console of a centrally managed antivirus system, the administrator
can schedule scans when network usage is at a minimum.
In order to make monitoring of your antivirus software easier, a centrally managed antivirus
system is required to view the status of your antivirus software in aggregate.
The following are some general guidelines to prevent virus outbreaks from affecting your
company’s operations.
A centrally managed antivirus system automates the process of updating antivirus software and
provides real-time information about the success of an update.
TREND MICRO TREND MICRO CONTROL MANAGER: CENTRALIZED ANTIVIRUS MANAGEMENT 12
WHITE PAPER
MARCH 1, 2002
For example, most antivirus programs can be configured to only scan files with certain exten-
sions. If files that have the potential to harbor viruses are not being scanned, your network is
not being protected, even though the antivirus scanner may be enabled and running.
Administrators should check the configuration of their antivirus software to ensure that all risky
files are being scanned.
A centrally managed antivirus system provides log information that shows the success or failure
of a pattern or program component update.
A centrally managed antivirus software system uses software installed on many different network
resources to catch viruses. For example, if a virus-infected email attachment reaches a user’s
inbox due to malfunctioning or outdated software on the email server, then antivirus software on
the workstation would detect the virus as soon as it was opened and halt the virus’s execution.
VIRUS OUTBREAKS
A centrally managed antivirus system must be able to prevent virus outbreaks from overwhelming
your network resources. The keys to guarding your company against virus outbreaks are:
• Rapid development and release of new virus pattern files by the antivirus vendor
• Ability to download the virus pattern file once and then deploy it to all antivirus products
throughout your network
• Comprehensive log information about the virus events on your network
• The ability to scan all of your network resources remotely and verify that no virus code remains
on your company’s servers and workstations
TREND MICRO TREND MICRO CONTROL MANAGER: CENTRALIZED ANTIVIRUS MANAGEMENT 13
WHITE PAPER
MARCH 1, 2002
A centrally managed antivirus system should support you in enforcing these policies through
configuration of your antivirus software from a central point. In addition, the centrally managed
antivirus system should consolidate and present the settings from all of your antivirus programs.
In a large network, it’s impossible to effectively manage your antivirus software without a central
management control system. A centrally managed antivirus system gives you the following:
Trend Micro provides centrally controlled server-based virus protection and content filtering
products and services. By protecting information that flows through Internet gateways, email
servers, and file servers, Trend Micro allows companies and service providers worldwide to
stop viruses and other malicious code from a central point before they ever reach the desktop.
Trend Micro’s corporate headquarters is located in Tokyo, Japan, with business units in North
and South America, Europe, Asia, and Australia. Trend Micro’s North American headquarters
is located in Cupertino, CA. Trend Micro’s products are sold directly and through a network of
corporate, value-added resellers and service providers. Evaluation copies of all of Trend Micro’s
products may be downloaded from its award-winning web site, http://www.trendmicro.com/.