Most businesses today recognise that good, up-to-date anti-virus
software is an essential part of the defence against malware
threats. However, it is not the complete solution.
Sophos recommends that customers monitor announcements from
operating system, application and web server software vendors for
details of new vulnerabilities found in their code. Many viruses
Nimda and Klez-H are just three of
numerous examples) have exploited loopholes in commonly used web
browsers and email software to increase their chances of spreading
Astonishingly even when security vulnerabilities are discovered,
patched and publicised before they are exploited many people will
not bother to apply the fix.
Loopholes are found in products on a weekly basis, some
significant, some trivial. IT managers should keep abreast of these
loopholes and apply patches where appropriate before new viruses
come along to exploit them. Every IT manager responsible for
security should consider subscribing to vulnerability mailing lists
such as that operated by Microsoft at http://www.microsoft.com/technet/security/bulletin/notify.asp.
Other vendors offer similar services.