Computer Virus Detection and Protection
Number: ENT-SEC-102
Established for: State of Montana Information Technology Enterprise
Steve Bender, Acting Director
Department of Administration
Jeff Brandt, Acting Chief Information Officer
Information Technology Services Division
Department of Administration
October 2004
Policy - Requirements
SCOPE
This policy applies to all computers that reside on the inside of the state's Internet firewall, including all state agencies as well as local government entities. This policy does not apply to colleges and universities, the Commissioner of Higher Education Office, or public access computers in libraries.
PURPOSE
The Department of Administration's Information Technology Services Division (ITSD) is responsible for providing computer security for the Montana state network. To accomplish this, viruses must be kept from infecting the state network
REQUIREMENTS
Each user of the State of Montana's computing and information resources should realize the fundamental importance of information resources and is responsible for the safe keeping of these resources.
Users and network system administrators must guard against viruses that disrupt or threaten the viability of all systems, including those on the State network and those on networks to which State systems are connected. Virus scanning software MUST be installed, updated, and used regularly on servers, workstations, portable computers (and any other computers being used to connect to the state's network remotely), and PDA's (Personal Digital Assistant).
Users shall not knowingly introduce a computer virus into a state computer. Using the virus scanning software tools installed on the computer, users MUST scan files and software downloaded from the Internet or from any external source, regardless of its origin. Users must scan ALL removable media if it has been used any place other than their own workstation.
Each user is responsible for having knowledge of the State's policies concerning security and care for their computer.
A user that suspects that his/her workstation has been infected by a computer virus must IMMEDIATELY POWER OFF the computer and notify their Network Administrator or designated contact person to coordinate virus removal operations. Much of the damage attributed to viruses occurs through improper removal attempts.
Most computer viruses are introduced via electronic mail. Virus scanning software has been installed on all enterprise e-mail servers. To avoid virus infiltration, filtering mechanisms may be incorporated without prior notification.
Further protections for laptop computers including the installation of a firewall product, have been included in the Workstation, Portable Computer, and PDA Policy, ENT-SEC-112. Please see this policy for additional information.
Background - History on the creation of or changes to this policy
The NetWare Managers Group Policy Committee originally created this policy. The policy and 2002 revisions were reviewed with the Information Technology Managers Council for comment prior to adoption. The state information security committee made slight modifications to this policy in 2004
Guidelines - Recommendations, not requirements
Suspicious e-mail messages should be forwarded to the State Information Security Manager for investigation before they are opened.
Users should write protect all diskettes whenever possible. A write-protected diskette cannot be infected unless there is a hardware error that disables the write protection. If the diskette requires write ability, it can be enabled at that time.
Users should not leave diskettes in the computer when not needed. A PC can become infected from a diskette left accidentally in a PC if the PC reboots due to an error or the power goes off momentarily. The PC will attempt to boot from the diskette in the drive. This can immediately infect the hard disk if a boot sector virus is present on the diskette, even if the boot process is not successful.
References - Laws, rules, standard operating procedures and applicable policies
2-17-534, MCA; 2-15-114, MCA; 45-6-311, MCA; 1-0250.00, MOM