'Virus-free' declaration?

Subject: 'Virus-free' declaration?
From: Geoff Hart <ghart -at- videotron -dot- ca>
To: TECHWR-L <techwr-l -at- lists -dot- techwr-l -dot- com>, Erika Yanovich <ERIKA_y -at- rad -dot- com>
Date: Tue, 15 Aug 2006 09:32:24 -0400

Erika Yanovich wonders: <<Customers asked us to declare that the CDs accompanying our products (documentation) are virus free. They haven't been able to send me an example of declarations from other vendors they are happy with, and need no particular wording... The more important question is how is one supposed to make sure the CDs are virus free? Is there any 'standard'? Should they be checked with an anti-virus app?>>

Since there is usually a delay of several days between the time a new virus or trojan is released into the wild and the AV vendors receive a copy so they can update their software, you actually can't guarantee anything. Ditto for spyware, only more so. What you can do is provide a simple statement, such as the one you'll see at the bottom of some corporate e-mail, that tells the reader what you actually can guarantee and your additional advice:

"This CD has been scanned using the [name] antivirus software and the [name] antispyware software before it was shipped. Because no such software is perfect, we recommend that you install your own antivirus and antispyware software and update them regularly." Because the second sentence will alarm some clients, your managers may resist including it. However, I think it's the only ethical way to handle the problem of modern malware. There are no guarantees, and everyone must share the burden of security.

How can you minimize the risk? A reasonable safety procedure would be as follows (some of this is also good advice for all Windows computers): First, as much as possible, isolate the PC that stores the files you'll be burning to CD. This means you'll need to put it behind a firewall, disable any Internet connections, uninstall any software (active x, scripting hosts, etc.) that you don't actually need to operate the computer, and install the top-rated antivirus and antispyware software (check the main computer mags for details) and set it to update daily. Needless to say, use strong passwords: at least 8 characters (more is better) representing a mix of letters and numbers (and if permitted by your operating system, symbols such as - and &).

Set up separate Administrator and User accounts such that only the administrator account can modify anything significant on the hard drive, and leave the computer running only using the User account. This setup forces you to manually log into the Administrator account for things like software updates; that increases your protection because the nastiest malware requires Administrator-level access rights to install itself. I don't know Windows well enough to tell you whether someone must take responsibility for doing software updates manually under these circumstances, or whether you can automate it.

Next, obtain and update at least two antivirus and antispyware programs; as noted above, no one program is perfect, and having other arrows in your quiver is useful if the utmost in security is important. Typically, only one program in each category should be running (and it should be running at all times*), with the second one available for manual scans (or scans scheduled using scheduling software). Although you can sometimes run multiple programs simultaneously, this can lead to serious conflicts. Unless you can confirm that two programs play nicely together, it's not worthwhile running (for example) multiple antispyware programs simultaneously.

* I had my work computer seriously infected while I was on vacation. Someone "borrowed" it for the day, and managed to log on at the precise moment an incompetent network admin had disabled the network's antivirus software to do network maintenance. In the 5 or 10 minutes before he rebooted the software, something snuck in and whacked my computer. Grrr... So if you need to disable the software, disconnect the PC from the network until it's running again.

Note that here, you're not just trying to protect your one home computer: you're trying to protect potentially hundreds or thousands of client computers, operated by people who may sue your ass if they get a virus. This means that you have to hold yourself to a nearly paranoid standard. It'll serve you well if anything slips through your armor and a lawsuit ensues: at least you've shown more due diligence than most, so the judge will be more sympathetic.

Last but not least, even if you scan the PC regularly, check the CD manually. The software developers can tell you how to confirm that the software copied to a CD is actually what it claims to be (usually by means of a checksum or a file comparison utility), and there are tons of utilities that let you check for invisible or concealed files. Do that check too.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - --
Geoff Hart ghart -at- videotron -dot- ca
(try geoffhart -at- mac -dot- com if you don't get a reply)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


WebWorks ePublisher Pro for Word features support for every major Help format plus PDF, HTML and more. Flexible, precise, and efficient content delivery. Try it today! http://www.webworks.com/techwr-l

Easily create HTML or Microsoft Word content and convert to any popular Help file format or printed documentation. Learn more at http://www.DocToHelp.com/TechwrlList

You are currently subscribed to TECHWR-L as archive -at- infoinfocus -dot- com -dot-
To unsubscribe send a blank email to techwr-l-unsubscribe -at- lists -dot- techwr-l -dot- com
or visit http://lists.techwr-l.com/mailman/options/techwr-l/archive%40infoinfocus.com

To subscribe, send a blank email to techwr-l-join -at- lists -dot- techwr-l -dot- com

Send administrative questions to lisa -at- techwr-l -dot- com -dot- Visit
http://www.techwr-l.com/techwhirl/ for more resources and info.

'Virus-free' declaration: From: Erika Yanovich

Previous by Author: Fun Word TOC question?
Next by Author: Re: Question about warning and caution icons
Previous by Thread: Re: 'Virus-free' declaration
Next by Thread: RE: 'Virus-free' declaration

What this post helpful? Share it with friends and colleagues:

Sponsored Ads