A Modern Day Maritime Curse?



Read our article on the challenges of anti-virus software as published in “The Digital Ship” magazine.

Most IT Technicians who attend ships would agree that the unexpected presence of viruses on shipboard computers is a frustrating and often time-consuming problem. The original work schedule can be radically affected by the sudden requirement to remove viruses from infected computers and repair the damage that has been caused by them.

There are numerous ways in which viruses reach shipboard computers e-mail, Internet downloads, CDs of “questionable origin”, but an increasingly common problem is the USB Flash Drive – commonly referred to as a “USB stick”. While the USB stick is very convenient in terms of data portability it is also the preferred media for many modern computer viruses to propagate from one computer to another. A lesson learned often the hard way, is removal of the viruses from all onboard USB sticks before attempting the same on the computers – and that’s after the job of finding them onboard. Many hours can be spent “cleaning” a computer only for the virus to reappear as soon as a previously infected USB stick is inserted.

It is not uncommon for a shipboard computer to be so badly affected by viruses that the only viable, long term solution is reinstallation of the operating system. While this is normally a very effective way of eradicating viruses (and it often provides the additional benefit of restoring the computer’s performance) it is sometimes not an option because not all of the media required to re-install the software applications can be located onboard.

Why are shipboard computers so susceptible?

The answer, in most cases, is that the anti-virus definitions are not updated beyond the initial deployment. Anti-virus solutions are only fully effective when equipped with the latest definitions – these are the updates that the anti-virus system vendors distribute in response to new virus threats. These updates are issued on a daily and sometimes hourly basis. Like other software vendors, many anti-virus system vendors take it for granted that a computer will be connected to the Internet.

Keeping shipboard computers updated

For an increasing number of shipping companies “fixed price” maritime data communication solutions like VSAT are the answer – anti-virus software on shipboard computers updates itself automatically at no extra cost. For many, without such “fixed price” solutions, the problem continues to be the “pay as you go” cost of data communication and the variable size of the update files. The size of update files varies enormously between vendors and a single vendor’s update files can also significantly vary in size from one day to the next. When a ship, to keep its anti-virus definitions up to date, has to download ten kilobytes one day and one megabyte the next it makes accurately predicting the cost of having the anti-virus system onboard a difficult proposition.

Many shipping companies create anti-virus update CDs for their ships – these are sent out with the ships’ mail. A common problem with this approach is the CDs going missing or simply not being used by the ships staff. With new virus threats appearing all the time, the update CDs are out of date before they have even been posted.  Additionally with some anti-virus systems a missing update causes ongoing problems because subsequent sequential updates cannot be applied without the missing update.  Managing such methods becomes an administrative headache for in house IT staff.

An increasingly common method of keeping the ships is up to date is incremental updates sent to ships via e-mail or automatic file transfer. Numerous maritime solution vendors offer this tailored service using specialised knowledge of their chosen anti-virus solutions and techniques to ensure that the update files are as compact as possible. In most cases, for ships with Local Area Networks, the anti-virus software on the computer running the maritime e-mail system is updated and other computers on the network automatically update themselves from the e-mail server. This method is sometimes regarded as too expensive for ships running older / slower data satellite communication systems so the “CD in the mail” continues to be the only viable solution.

Preventing viruses getting onto shipboard computers

The USB stick is only one of the problems – viruses can, for example, also reach ships via e-mail messages or on CDs of “questionable origin” taken onboard. However the good news is that it is less common for virus-laden e-mail message to reach ships because the shore components of the e-mail systems check messages for viruses using definitions that are automatically and frequently updated via the Internet.

The importance of having anti-virus software on all shipboard computers and keeping the anti-virus definitions up to date cannot be understated. For the ongoing threat from USB sticks there are software utilities (and often equivalent features in the anti-virus solutions) that prevent data storage devices from being used in the computer’s USB ports – peripherals such as USB printers are permitted but USB storage devices such as USB sticks are specifically blocked.

Internet access

With an increasing number of ships connected to the Internet, and with the ship staff being able to browse some or all of the World Wide Web, there is, potentially, a direct threat to the onboard IT infrastructure – viruses and trojans can be inadvertently downloaded directly.  An internet connection on the vessel can be helpful in terms of keeping the anti-virus system up to date but, unfortunately, the same pipe can become the biggest threat.

There are numerous ways to prevent particular content being downloaded by ship staff like content filtering and numerous maritime vendors provide such services. A highly effective solution is browsing via shore-side proxy servers with anti-virus solutions monitoring content in two places – shore and ship.

Recovery using digital images / Restoration solutions

A very effective solution for eradicating viruses and restoring full system functionality is the re-installation of a computer’s operating system and all resident applications from digital images (sometimes referred to as “ghosting”). The solutions are normally simple to use so recovery is quick and uncomplicated. A computer restored in such a way will no longer contain the user’s data (documents, spreadsheets etc.) so some prefer similar, but often less effective, solutions that replace or repair the operating system and applications while preserving the user’s data. A common solution enabling network workstation computers to be seamlessly rebuilt or replaced is a network storage policy where all users store their individual data on the ship’s central file server.

Thin client and virtual computing on ships

The benefits of thin client and virtual computing are being realised by an increasing number of shipping companies. In such environments the “computer” used by the user is a virtual representation of a computer provided via software. (The human interface components such as the keyboard, mouse and monitor are real – but the computer itself is a virtual machine provided by software running on the ship’s main server.) Such environments are beneficial in terms of virus protection because only one computer (in this case, the server) needs to be kept up to date and new virtual sessions can be effectively like having a brand new “virus-free” computer each time you switch it on.

Prevention is better than cure

Keeping the anti-virus systems up to date is important but it can never be a guarantee that a new virus won’t find its way onto the ship in which case it has to be dealt with. In such cases users are commonly unaware that there is a(new resident virus until the anti-virus software receives its next update and scans the computer. Anti-virus solutions are designed to detect and remove viruses but, at the same time, virus creators attempt to undermine or disable the anti-virus systems that could potentially detect them.

As a real example: A colleague was recently attempting to install an anti-virus system onto an infected computer. The virus had disabled the network card and CD drive (and destroyed all settings that would allow them to be reinstated) so the only way to add software was via a USB stick. Each time the USB stick was put into the computer the virus put itself onto the USB stick and, from it, removed the installation image for the anti-virus software! It’s in situations such as these that manual interaction is required.  The benefits of virtual computing or options for restoration of computers from digital images are a welcome solution to a problem that might otherwise take many frustrating hours to resolve.