When choosing an antivirus program, it’s important the program can detect and eliminate all types of viruses, even new ones that have just been created. The protection system must be able to quarantine the virus so it doesn’t spread. Most antivirus software manufacturers request that people send viruses-once quarantined with the antivirus program–to their research center, for purposes of learning more about the virus and recording the virus definition. “When Symantec receives an infected file from someone,” explains Garcia, “we are able to clean the file and return it to the user virus free. We then keep the virus for research purposes.”
Garcia advises that when choosing an antivirus protection program, users look for some important functions. The program should be approved and certified by the International Computer Security Association (ICSA). The ICSA certifies antivirus programs as comprehensive and effective. Additionally, and most importantly, the program must have a “live update” function. “Every day new viruses are created,” says Garcia. “With the live update, you are able to ensure your protection includes the latest shield against new viruses. Software is updated via the Internet, keeping your program completely revised.”
Garcia also notes it’s a good idea to be aware of how viruses can attack, making sure not to execute commands which can trigger a virus. “Never open an e-mail attachment from someone you do not know. That’s not to say viruses only come from strangers, but it is just a safe practice to always delete e-mail if you do not recognize the source.”
The following programs are some of the most recognized on the market.
Symantec manufactures Norton Antivirus 2000, protection against viruses and other malicious codes at all possible virus entry points, including e-mail attachments and Internet downloads, as well as disk drives and networks. Norton Antivirus 2000 not only automatically scans incoming email attachments, but also eliminates viruses in multiple compressed file levels. LiveAdvisor personalized support services are delivered directly via the Internet.
Norton Antivirus 2000 includes support from the Symantec AntiVirus Research Center (SARC). With offices in the United States, Japan, Australia, and the Netherlands, the center’s mission is to provide global responses to computer virus threats; to research, develop, and deliver technologies that eliminate such threats; and to educate the public on safe computing practices. As new computer viruses appear, SARC develops identification and detection for the viruses and provides either a repair or delete operation, keeping users protected against the latest threats. For added protection, SARC’s The Seeker Project, a research and development project focused on virus search, retrieval, and analysis, searches the Internet and retrieves viruses before users of Norton AntiVirus come into contact with them. A two-pronged approach targets all known virus transmission sites where virus writers post their creations and trade tools and ideas with others, and randomly searches the Internet for viruses in general distribution. For additional information, visit Symantec’s Website at www.symantec.com.
Microsoft Security Essentials
The Trojan horse is also a dangerous form of the virus. A recent example of a Trojan horse attack would be the Distributed Denial of Service (DDOS) attacks early this year, which shut down leading e-commerce sites, including eBay, Amazon, and Yahoo. According to an FBI investigation into the attack, hackers initiated the assault by implanting DDOS vandals in unprotected computers and then sending a trigger signal to the machines to launch a simultaneous attack using hundreds of third-party systems all over the world.
To execute the attacks, hackers planted many copies of a Trojan virus on multiple machines either by hacking into the machines and planting the Trojans manually or by sending the Trojans to people via e-mail and tricking them into executing the virus. When executed, the Trojan embedded itself in the system and hibernated until the hacker began the attack.
“In light of the recent DDOS vandals that hijacked the computers of innocent users and used them to launch an attack on several high-profile Internet sites, we are offering our Microsoft Security Essentials product free of charge to home users,” says Shimon Gruper, of Microsoft. “We offer preemptive digital asset protection. It snares malicious vandals before they can cause irreparable damage or access confidential information on a user’s machine.”
eSafe features Sandbox II, a new version of Aladdin’s proactive virus and vandal quarantine technology that constantly monitors a computer for hostile activity; ready to intervene the moment a malicious code is identified. eSafe traps and quarantines the vandal, alerting users to the invader before any critical information can be assaulted or system resources hijacked.
eSafe Desktop 2.2 also contains new protection features for the personal firewall module that provides increased protection against Internet vandals such as Trojan horses, back doors, hacker tools, and other viruses. For more information on eSafe, check out Aladdin’s Website at www.aks.com.
McAfee for Windows 2000
Through its consumer Website at www.mcafee.com, McAfee offers PC security and management within several areas for all Windows 2000 applications. The McAfee Clinic is a suite of hosted application services providing consumers with critical PC security and virus protection. Programs include VirusScan, First Aid, and VirusScan Online among others. The McAfee Antivirus Center is a comprehensive virus information center that includes viruses’ characteristics, updates of VirusScan, and a virus calendar.
VirusScan Online provides a Web-based online antivirus service that provides protection without the installation and administrative overhead. An online antivirus scanning service allows users to scan their PC or server over the Internet in real-time using a Web browser. The scan service allows users to scan systems for viruses and clean or delete detected infected files. The ActiveShield, a component of VirusScan Online, is a downloadable, PC-resident service that provides continuous, real-time antivirus protection at the system level, automatically updating itself whenever the user logs onto the Internet. A rescue disk is available for users to create an emergency reboot disk that allows them to restart their computer if the system becomes infected with a virus and cannot boot up in a normal sequence.
Additionally, the McAfee PC Checkup Center, an online resource, provides consumers with information and services to assist them in optimizing their PCs. The PC Checkup Center links consumers to a hosted application service offered through the McAfee Clinic and includes Clean Hard Drive and Software, Update Finder.
Clearly, it’s not just a luxury to have an antivirus protection program–it’s a necessity. No longer can computer users be without state-of-the-art protection against all forms of computer viruses. It’s an insurance policy that Garcia says, “You’ll be glad when you need it and have it, but don’t get caught without it or you’ll regret it.”
About 64 percent of companies were hit by at least one virus in the past 12 months, up from 53 percent the year before. That makes viruses the single-biggest computer and network security concern to the 2,700 executives, security professionals, and technology managers in 49 countries who responded to the Global Information Security Survey conducted by Information Week and PricewaterhouseCoopers LLP. In the United States, viruses stung 69 percent of companies.
The Global Information Security Survey also reports the number of companies hit by Trojan horses jumped to eight percent, up from three percent.
Last year marked a revolution in back-end design. The major force behind this change was not just a need for better functionality but for a better process in Web development. In an industry survey from 1999, Web startups found that 80 percent of their budget was typically spent on development costs. These companies also observed that the best site redesign every two months. The enormous development costs got people’s attention. Complex, transaction-heavy sites were demanding better processes. The old one-tier sites with static HTML or just CGI were fading away, and even the newer, two-tier systems like flat ASP or Cold Fusion were becoming impossible to keep clean and updateable.
What is meant exactly by tiered site architecture? The three aspects of any site are presentation, logic, and data. The further you separate these areas, the more layers, or “tiers,” your system has. The earliest Web sites were static HTML pages, with maybe some small logical piece running HTML forms through a Common Gateway Interface (CGI). Sites like the initial CERN Web site and many university Web sites still combine presentation, logic, and data in one layer. The problem with this approach is that when you change any one aspect you have to wade through all the rest. For example, if you want to change the site’s presentation (i.e., do a redesign), the code and data are also affected. Two-tier architecture sites, like the early HotWired and current sites like Reebok.com and Discover.com, divide the site into two layers: a combined presentation and logic layer and a separate database. This was an improvement over single-tier architecture, as changes in content (publishing a new article, for example) only affected the database and didn’t impact the site’s logic or design. But a change in the site’s design still risked messing up the logical portion.
Enter the three-tier system, perhaps best exemplified currently by base technologies like ATG Dynamo, and now cropping up everywhere. Amazon and E*Trade are two sites that are now fully three-tier. In this system, designers and information architects work on the front layer or interface of a Web site, programmers and software architects work on the middle layer, and integrators and database designers work on the back end. The three-tier system is currently a great way to make the three pieces of Web development (front, middle, and rear) operate with some independence from each other. This independence allows sites to be built more quickly and also permits one tier to be altered without rewriting the others. Nam Szeto, creative director at Rare Medium in New York, notes that “if more strides can be made to free up the display layer from the business logic layer, Web designers and developers can enjoy more freedoms building sophisticated and elegant interfaces that aren’t wholly contingent on whatever happens on the back-end.”
Working within a good three-tier system permits designers to develop a dynamic interface in a meaningful, malleable way, taking into consideration the ultimate purpose of the site, and working with–not against–the structure of the site’s data and content. The two most important components of back-end functionality that specifically affect the designer’s job are transactions and content management. In order to have a site that can be at all affected by the people who use it, the site must be able to handle transactions. Content management allows a site’s editorial staff to keep the content fresh by rotating news, posting articles, and updating information. Whether it’s an experimental site to express oneself or a retail site that delivers products to customers, both of these components–transactions and content management–will affect how ultimately compelling the user-experience is and how flexible the front-end can and should be.
Transactions allow a user to take actions that affect the site or the real world: pay a bill, buy a product, or post a message to a bulletin board–they are an integral part of a site’s interactivity. Usually, transactions involve HTML pages that present a face for an application server, which then does the actual work. (An application server is a generic framework that allows the installation of custom software components that provide the functionality necessary in a transactional site.)
Content management, the second task of back-end technology, is the be-all and end-all of sites like online newspapers. Workflow is also a part of this picture, permitting articles in a newspaper to be entered by a reporter, proofread by a proofreader, modified and approved by an editor, and posted to the site by another editor. The workflow also allows a story to be published live and on schedule, and retired to the archive at the appropriate time. A number of systems have been built to handle content management on the Web. A system called Vignette is one of the largest, and though it is two-tier, it performs workflow and content management very well. In the future, the popular content management systems, including Vignette, will begin relying more and more on Extensible Markup Language (XML) and will make their systems fully three-tier. This bodes well for sites that combine content and transaction.
Besides workflow, another important subcategory of content management is templating, which means finding all the pages in a site that share a common format and creating a single template that encapsulates the common design elements and contains some tags or code to pull in dynamic content. “A great templating architecture is essential not only for content management but for all the disparate development areas of a dynamic Web site,” says Lisa Lindstrom of Hyper Island School of New Media Design in Sweden. “It makes designers, producers, and developers use the same terminology and will make the content gathering easier for the client.” Microsoft’s Active Server Pages (ASP), Sun’s Java Server Pages (JSP), the open-source PHP, and Allaire’s Cold Fusion are all engines that enable templating, but if the ultimate goal of a site is to become truly three-tier, only ASP and JSP or variants allow for this type of structure.
There are other areas of back-end development, such as using open architecture, that can aid in the implementation of a three-tier system and allow more freedom for front-end creatives. Open architecture means that programmers write custom code to plug into the application server to deal with existing or third-party systems. An open system allows two pieces from different vendors to work together. Misty West, community director for wholepeople.com, a new site serving whole foods markets, says, “Open architecture on the Web represents global success where Esperanto failed. Open architecture isn’t just central to the Web, it is the Web.”
Finally, having an application server that is easily clusterable also helps sustain the health of a three-tier system. This means that as the site develops, more machines can be added to serve more people, and the software on all those different machines will still work together. Three-tier systems are much easier to build and maintain, but they put more burdens on a system, so more hardware will be needed as the site grows. The best current candidate for meeting these requirements is the class of application servers, based on Java, known as Enterprise Java Bean (EJB) Servers. These use an object-oriented middle layer that meets the Sun standard and uses Java Server Pages (JSP) for the presentation layer.
In short, if you are a designer who wants to work with a team that builds useful, dynamic sites, an understanding of three-tier architecture is essential. Three-tier sites are functional for the user, but also make creativity and constant improvement possible for the designer. These sites have useful and powerful back-ends that won’t entangle you in creative restrictions. And that is the ultimate purpose of a three-tier architecture.