Life in Windowsland
by Volker Weber
Christopher Harvey describes the latest virus outbreak at his company:
Well, one user in our company was infected with Mydoom.f just 8 hours prior to the newer dats being released that would have saved us. Anyway, this viscous little bugger ripped through our file server and deleted thousands of .XLS and .DOC files.
Initially we weren't sure how widespread the outbreak was and had everyone shutdown. After scanning the home drives on the File Server we found only the one user's drive was affected. Then we started the arduous process of requesting the off-site tape and restoring files while our anti-virus guru spent hours on the phone with McAfee. Apparently we were one of the first companies hit and our guy was a primo source of info on the virus for McAfee.
Well, here we are one day later, and we are now blocking all ZIP files in addition to the 20 executable extensions we have blocked for months.
How much stuff can you block before mail gets useless?
Comments
The real question is : How many virures, trojan horses, security flaws and attacks can you bare (and afford) before Windows gets useless.
Hmmm, what mail system were they using?
Wrong question, Alan.
If I recall corectly there was a rant on Chris Linfoot's site anticipating the problem: http://chris-linfoot.net/plinks/CWLT-67PDZU If the virus filters would not only rely on the patterns that might have been avoidable.
:-) stw
when virus attacks started to spread out via mail systems - it first was a typical layer 8 problem - of users who unknowingly opened, executed - or what ever - file attachment.
some time later users got teached that opening attachments from unknown sources is a no go. and some of them really realized that they can activly avoid viruses with that recommendation.
now viruses either exploit security holes in badly patched systems or abuse security holes for which no patches exist, or viruses use sender addresses of people that are - well - not "unknown sources", since they actually were in contact with those senders.
every day i see companies that simply rely on centralized virus filtering, using server based solutions - telling them that they should get client side filtering aswell makes them telling me that this would be unaffordable - but still they give their employees notebooks that they can drag home, get infected and create epidemic virus threats back in the corporate.
so actually we now have three possible causes, and i have no clue how they are spread towards the 100% cause - so i will list them in no particular order.
- unsecure setup of workstations/servers:
this is caused by either ignorant users, system adminstration or even management.
- unsecure systems per se:
ignorant behaviour of software manufacturers that leave wide known security holes open for months and then finally fix it with a "non critical" patch.
- unaware user behaviour
users sometimes dont even care about what they do, they click on every attachment and execute that. the PEBCAK (problem exists between chair and keyboard) user even clicks on every security warning issued by their webbrowser and install unsigned and untrusted applets, controls and every single advert banner.
kiling one cause might reduce infections alot but still there are two more cuases left. and i've seen domino companies who got users that ruined the day by a "launch" click of an attachment.
... and I know it´s worth it, being hectored about bringing my own, self-administered PowerBook into my company, where everybody else fights with these issues once in a while, except for me...
... and yes, we do use Notes/Domino as group collaboration tool.
Good points all.
As for blocking zips, I was on a client site that instituted something similar about a year ago. They "held" zips for 24 hours before final delivery into mailboxes (rescanning them first of course). They must have determined the threat eased as they dropped the practice after a couple months. Thankfully.
Just curious...anyone else notice the date on the linked article? Looks like it's from last year.
yep - it's from 0x7D4 but the topic is nonetheless still uptodate ;)
How much stuff can you block before mail gets useless?
Hmmm... your assertion does not compute... since when is email a file transfer protocol?
Yes, you can use MS Word to write a so called email. And transfer the resulting application/msword monstruosity as a MIME attachment. This doesn't mean that you should.
Ditto for file transfer.
Post a comment
Recent comments
Daniel Haferkorn
on Interview goes bad. Or just honest. at 20:44
ursus schneider
on Interview goes bad. Or just honest. at 19:50
Thomas Cloer
on Tame your Time Machine at 18:51
Volker Weber
on Tame your Time Machine at 17:36
Frank Mueller
on Tame your Time Machine at 17:33
Pieterjan Lansbergen
on Tame your Time Machine at 17:02
Samuel Orsenne
on New hardware coming up at vowe's magic flying circus at 15:52
Johannes Matzke
on Interview goes bad. Or just honest. at 13:47
Volker Weber
on Sonos gear at 50% off at 13:44
Volker Weber
on Aqua Alta Surfing - quite a PR stunt for Red Bull at 13:35
Volker Weber
on BlackBerry Storm too nervous at 13:33
David Justen
on Aqua Alta Surfing - quite a PR stunt for Red Bull at 13:26
Volker Weber
on New hardware coming up at vowe's magic flying circus at 10:35
Samuel Orsenne
on New hardware coming up at vowe's magic flying circus at 10:18
Glen Salmon
on Sonos gear at 50% off at 04:34
Bill Buchan
on Aqua Alta Surfing - quite a PR stunt for Red Bull at 23:20
Torsten Otto
on Sonos gear at 50% off at 21:57
Peter de Haas
on Windows blues at 21:26
Hajo Schmitt
on New hardware coming up at vowe's magic flying circus at 20:14
Hajo Schmitt
on New hardware coming up at vowe's magic flying circus at 20:07
Volker Weber
on Windows blues at 19:54
Peter de Haas
on Windows blues at 19:47
Volker Weber
on Nokia advertises Lotus Notes Traveler at 19:43
Volker Weber
on New hardware coming up at vowe's magic flying circus at 19:35
Goetz Goerisch
on New hardware coming up at vowe's magic flying circus at 19:09
Click here to subscribe
