TechWhirl (TECHWR-L) is a resource for technical writing and technical communications professionals of all experience levels and in all industries to share their experiences and acquire information.
For two decades, technical communicators have turned to TechWhirl to ask and answer questions about the always-changing world of technical communications, such as tools, skills, career paths, methodologies, and emerging industries. The TechWhirl Archives and magazine, created for, by and about technical writers, offer a wealth of knowledge to everyone with an interest in any aspect of technical communications.
Erika Yanovich wonders: <<Customers asked us to declare that the CDs
accompanying our products (documentation) are virus free. They haven't
been able to send me an example of declarations from other vendors they
are happy with, and need no particular wording... The more important
question is how is one supposed to make sure the CDs are virus free? Is
there any 'standard'? Should they be checked with an anti-virus app?>>
Since there is usually a delay of several days between the time a new
virus or trojan is released into the wild and the AV vendors receive a
copy so they can update their software, you actually can't guarantee
anything. Ditto for spyware, only more so. What you can do is provide a
simple statement, such as the one you'll see at the bottom of some
corporate e-mail, that tells the reader what you actually can guarantee
and your additional advice:
"This CD has been scanned using the [name] antivirus software and the
[name] antispyware software before it was shipped. Because no such
software is perfect, we recommend that you install your own antivirus
and antispyware software and update them regularly." Because the second
sentence will alarm some clients, your managers may resist including
it. However, I think it's the only ethical way to handle the problem of
modern malware. There are no guarantees, and everyone must share the
burden of security.
How can you minimize the risk? A reasonable safety procedure would be
as follows (some of this is also good advice for all Windows
computers): First, as much as possible, isolate the PC that stores the
files you'll be burning to CD. This means you'll need to put it behind
a firewall, disable any Internet connections, uninstall any software
(active x, scripting hosts, etc.) that you don't actually need to
operate the computer, and install the top-rated antivirus and
antispyware software (check the main computer mags for details) and set
it to update daily. Needless to say, use strong passwords: at least 8
characters (more is better) representing a mix of letters and numbers
(and if permitted by your operating system, symbols such as - and &).
Set up separate Administrator and User accounts such that only the
administrator account can modify anything significant on the hard
drive, and leave the computer running only using the User account. This
setup forces you to manually log into the Administrator account for
things like software updates; that increases your protection because
the nastiest malware requires Administrator-level access rights to
install itself. I don't know Windows well enough to tell you whether
someone must take responsibility for doing software updates manually
under these circumstances, or whether you can automate it.
Next, obtain and update at least two antivirus and antispyware
programs; as noted above, no one program is perfect, and having other
arrows in your quiver is useful if the utmost in security is important.
Typically, only one program in each category should be running (and it
should be running at all times*), with the second one available for
manual scans (or scans scheduled using scheduling software). Although
you can sometimes run multiple programs simultaneously, this can lead
to serious conflicts. Unless you can confirm that two programs play
nicely together, it's not worthwhile running (for example) multiple
antispyware programs simultaneously.
* I had my work computer seriously infected while I was on vacation.
Someone "borrowed" it for the day, and managed to log on at the precise
moment an incompetent network admin had disabled the network's
antivirus software to do network maintenance. In the 5 or 10 minutes
before he rebooted the software, something snuck in and whacked my
computer. Grrr... So if you need to disable the software, disconnect
the PC from the network until it's running again.
Note that here, you're not just trying to protect your one home
computer: you're trying to protect potentially hundreds or thousands of
client computers, operated by people who may sue your ass if they get a
virus. This means that you have to hold yourself to a nearly paranoid
standard. It'll serve you well if anything slips through your armor and
a lawsuit ensues: at least you've shown more due diligence than most,
so the judge will be more sympathetic.
Last but not least, even if you scan the PC regularly, check the CD
manually. The software developers can tell you how to confirm that the
software copied to a CD is actually what it claims to be (usually by
means of a checksum or a file comparison utility), and there are tons
of utilities that let you check for invisible or concealed files. Do
that check too.