this product is unavailable for purchase using a firm account, please log in with a personal account to make this purchase.

I.T in practice: Fighting back when a virus strikes

Every Issue

Cite as: May 2011 85(5) LIJ, p.82

Dealing with a computer virus can be time-consuming and expensive, but it demands a quick response.

Many practices have never had to deal with the effects of a computer virus. For a small number, this is just luck; for the majority, it is a combination of sufficient expenditure on anti-virus and anti-spam software, well-documented and implemented technology guidelines, and staff who are aware of the dangers and tell-tale signs of computer virus infection.

The first report of a virus on a computer is usually accompanied by the statement “my computer is doing funny things”. An end user’s typical response in this situation is to restart their computer. However, invariably this is the action that allows a computer virus to embed itself in the inner workings of the operating system software, put in place defensive measures to prevent detection or removal, and then start to automatically work away at the malicious task it was designed for.

This can be the destruction of data on the hard disk, attacking other machines in the office network, transforming into a “zombie” to generate spam, or harvesting secure data for identity theft or fraud and sending it via the internet to a repository somewhere in the world.

The first stage in dealing with a suspected virus-infected computer is quite brutal – pulling the power plug out of the computer (and removing the battery if it is a notebook). This is because some computer viruses manipulate the automatic power-on feature on systems to turn them back on and continue their work, even if they have been run through an orderly shutdown procedure – which could also have been disabled.

A practice’s internal technical staff member or external technology consultant would usually then take the next step – disconnecting the infected computer from the network, and powering it up under controlled conditions to assess the extent of infection.

An investigation of possible virus-introducing activities, such as the installation of unauthorised software downloaded from the internet, will yield valuable information about the timing and extent of the virus infection. At this step in the process, a number of practices learn that just having anti-virus protection in place has no effect if a computer user confirms a “click here to install” message, which deliberately bypasses that protection.

Anti-virus software usually has many virus removal tools, which may be able to be used in situ to clean up the hard disk of the infected computer. Where the infection is severe, the hard disk may need to be removed from the computer and connected externally to another computer to be cleared of any viruses.

If a virus infection has reached this stage, a practice should normally now be budgeting on costs for:

  • replacement of the hard disk inside a computer and the reinstallation of all software;
  • recovery of data from the infected hard disk;
  • removal of the practice from email blacklists around the world; and
  • a thorough check of all other computers on the network for potential virus infection.

This can run to hundreds of dollars per infected computer, but the impact to the firm will be felt more in the disturbance of work processes and day-to-day activities. This can be substantially reduced by ensuring that all data is kept on a network server, and that each desktop computer is configured to be reasonably disposable (in data terms).

A network server virus infection is a step up in terms of severity and trouble-shooting required. There, the cost to the practice can run to many thousands of dollars, as it is the software equivalent of having a server computer burst into flames.

It is surprising the number of legal practices that have good anti-virus software installed on workstations, anti-spam software installed on the email server, and yet no anti-virus software on the main network server containing all of the firm’s documents and the practice management system data.

Unfortunately, computer virus infection has become reasonably commonplace – there are even developer kits available for virus software creators to make their job easier, and there is an open market for the sale of computer viruses and applications that attack known vulnerabilities in computer operating systems.

This does mean, however, that the business stigma attached to acquiring a computer virus has been lessened over recent years to the point where it does not materially affect a lawyer’s relationship with their clients and other business contacts.

However, losing access to a computer or being email blacklisted can cause client service issues, which should be dealt with quickly and with an accompanying message to clients that gives them confidence that a practice is not hampered by technology hiccups.

The practices least affected by virus infections act quickly, and are reasonably prepared in terms of a spare computer, extra hard disks, orderly storage of installation disks, and a documented process of dealing with the problem.

ADAM REYNOLDS is the principal of Proficio, an independent IT consulting firm. To contact him, ph 0413 487 640, email or see For more IT in-practice information, see the contributions of the LIV Legal Practice Management Committee and IT e-Marketing Department at


Leave message

 Security code
LIV Social