Are you up-to-date on the latest virus variant threatening your system? On August 8 John C. Day led a discussion on new virus strains and what you can do to protect yourself.If you couldn’t join us then, enjoy the transcript and we hope to see you on our next live Guild Meeting. You can find a schedule of Guild Meetings in your weekly TechProGuild Note TechMail, or on the Guild Meeting calendar.
Are you up-to-date on thelatest virus variant threatening your system?On August 8 John C. Day led a discussion on new virus strains and what you can do to protect yourself.If you couldn’t join us then, enjoy the transcript and we hope to see you on our next live Guild Meeting. You can find a schedule of Guild Meetings in your weekly TechProGuild Note TechMail, or on the Guild Meeting calendar.
Note: TechProGuild edits Guild Meeting transcripts for clarity.
The Doctor Is In
MODERATOR: Hello, everyone. Welcome to tonight's Guild Meeting! Tonight's speaker is John Day, our illustrious virus expert. And now, without further ado, here's Johnny!
Worm Attacks From The Web
JOHN DAY: I was hoping that we would have some dread virus attack today, but all is quiet. Does anyone have any particular issues or questions?
KEVINOSAR: Is there anything new in regard to new types of viruses?
JOHN DAY: I think the most interesting or scary new virus attacks are the worms that attack from Web sites.
KEVINOSAR: Do they sit transient in a Web site or does something trigger them?
JOHN DAY: The "Jer" worm runs when you simply view a Web site that has the virus waiting for you.
MIKE345: What’s the difference between a worm and say a Trojan horse virus?
JOHN DAY: The "Jer" worm is like a Trojan in that it runs in the background and allows the client or sender to perform actions on your PC without your knowledge.
SHARI: That is scary! Do you know right away that you have been infected so you can pinpoint which Web site you got it from?
JOHN DAY: You usually do not even notice you are infected with a Trojan unless your virus protection software catches it or you notice hard disk activity when there should be none.
KEVINOSAR: I take it that these Web sites don't know they have a "Jer" sitting on their sites?
JOHN DAY: I know the Web sites are aware that the worms want to access your private information, especially your credit card information, which is often stored in your Internet Explorer.
TLSNC: Is this like the coding from double-click and other banner ad programs or Active X?
JOHN DAY: It is very similar to the way many sites extract marketing information from your PC, but in this case the motive is outright theft or damage to your system.
SHARI: Wow! Even worse!
TLSNC: What is the best protection against them.
JOHN DAY: The best protection is to update your virus .dat files often, turn your browser security to at least medium, and set Active X controls, especially the download setting, to prompt or disable, and then you will know when a download or install is occurring.
KEVINOSAR: Are there updates to these viruses yet? Which programs are better at identifying them?
JOHN DAY: I like Trend Micro's server and e-mail product and Norton's Antivirus for the desktop. This configuration gives you two different sets of .dat files that look for infections or attacks differently, giving you two lines of defense.
CORSAIR: What do you think about the MacAfee program?
TLSNC: I think that’s like asking what someone thinks of Internet Explorer versus Netscape. Personally I prefer McAfee.
JOHN DAY: I've recently began consulting for a company that uses MacAfee and it appears to do well on known viruses, but Norton’s technology catches new unknown attacks better in my opinion.
WELL: So Norton’s is the best?
JOHN DAY: Yes. MacAfee has a nice automatic update of user's or client PC that I haven't seen in Norton's, but I used the standalone version of Norton's for users and Trend Micro's product to protect my servers and exchange mail servers.
WELL: Two different brands, why not use only Norton’s? It provides better support to clean the unknown virus or new virus.
JOHN DAY: Many virus writers build in ways to beat popular virus protection programs, so having two gives you an added layer of defense.
TLSNC: So choosing one of the lesser known as a backup may be a very good thing.
JOHN DAY: In a way that is correct. Lesser known software does afford you some added protection, but then again not running popular software like Microsoft Office protects you from 80 percent of known virus profiles.
WELL: I think I’d better use all the brands of anti-virus software to provide maximum protection, but will this cause my system to hang/crash?
MIKE345: What about Innoculan?
JOHN DAY: I've used Innoculan, but it seems to be the last site to update its .dat files for widespread attacks like Melissa or the Wormzip attack. Trend and Sophos always come out with news and .dat files first in my opinion.
MIKE345: It seems to me that Innoculan was the first site to update its .dat files for the I Love You virus. I think I got e-mail about the I Love You virus from Innoculan before I started hearing about it in the news?
Viruses attack Microsoft
JOHN DAY: Outlook is a major security problem if it isn’t configured or used properly.
WELL: Why, because most hackers like to attack the Microsoft products? TLSNC: It is a big target too.
JOHN DAY: I don't know if it is that they like to attack Microsoft or if it is just that there is a lot of information about how to exploit the known holes in the MS products.
KEVINOSAR: Having all these hackers go after Microsoft will only make it better at defending itself.
JOHN DAY: Well, that is one way of looking at it.
TLSNC: There are security patches for Outlook at Microsoft’s site now that change VB scripting attributes in Outlook against things like the I Love You virus.
SHARI: What's an example of the problems with using an Outlook configuration?
JOHN DAY: I think the use of one set of software makes it easier to take advantage of, especially when Microsoft publishes the security problems with its products on its Web site, and many administrators don't have or take the time to fix them.
WELL: I would recommend using NAV corporate edition 7.0; it’s quite good.
How viruses are spread
KEVINOSAR: Let’s get back to how these viruses get transmitted. Are they transmitted similar to that of cookies?
JOHN DAY: Well, the answer to your question about getting infected by a virus when you’re browsing is yes, but it is not a virus usually but a worm or commonly a Trojan that uses an ICQ connection in the background to transfer your PC files to the Web site. When 95 percent of users store documents in the My Documents folder on the C: drive and the operating system files are stored in C:\Windows it makes it easy to copy or edit or even delete your data.
TLSNC: I keep all my data on different drives. OS is in C: Windows however. There is no My Documents folder on my system. I guess that’s a step in the right direction. Are you talking all data or just system data?
JOHN DAY: They can scan your system for any data, system or otherwise.
WELL: If I try to share files, like C:, it shows an error, why? Is it infected by a virus?
JOHN DAY: Well, I don't understand your file sharing questions, but sharing your C: drive is always a bad idea, because another user who is infected could infect your system.
WELL: Do you mean that if you just stick file and printer sharing under network, but you don’t share C:, others in the network can access your hard disk?
JOHN DAY: Another good idea is to limit or eliminate the use of mapped drives, because any mapped drive on your server or another users drive could be attacked by a simple script in a virus or worm to look for drives A: thru Z.
WELL: After I run the scan, no virus is found.
JOHN DAY: No, if you don't share a drive, it is not seen. There are scripts that could do something like net share C:\ cdrive, and this could allow them to see your C: drive if you’re a home user. I say disable it in the network settings. Even when I’m at work, I disable it and copy all files I want to share to the server where I can protect it via NT security and anti-virus software.
TLSNC: That would be ideal, John, but users still want to store stuff on their own drives rather than network drives. I can't see the logic, though, as I would rather have the added security of having a backup every night.
JOHN DAY: Tlsnc, I understand, and I store my files on my local drive but I don't store them in default directories and I don't allow others to access them.
WELL: In my case, there’s no sharing, but others can access my hard drive like my hard drive is sharing.
JOHN DAY: Well, are you saying you have no shares of your C: drive but others can see it?
WELL: I think I’d better discuss this with you later, maybe through e-mail.
KEVINOSAR: Are there any other virus types out there that we should be on the lookout for?
JOHN DAY: Kevinosar, there is a recent AutoCAD virus in South America that is the first written to attack AutoCAD files. Because of the amount of work that engineers spend producing AutoCAD drawings and the fact that most drawings contain confidential design information, this is a virus to watch out for.
B-BOOP: Is there a name for the AutoCAD virus?
JOHN DAY: It’s called AutoCAD2k/star.
KEVINOSAR: It’s amazing that a virus made in South America can affect things all over the world!
TLSNC: John, how did you get the info about the AutoCAD virus? My notifications from NAV and MacAfee have not mentioned this one yet.
JOHN DAY: I got the info on securityportal.com. TechRepublic watches this site for news on many security and virus sites. Trend Micro is also a good site, but I think the site with the quickest and most recent news is sophos.com. Sophos is in England, so by being several hours ahead of us, they usually get hit first with a virus and have the fix first. Plus they have a free scanner for Exchange, NT, 98, and other systems.
KEVINOSAR: Sounds like a good site.
TLSNC: I think I will check that out after the meeting then.
SHARI: Sophos sound like a great resource. Thanks.
TLSNC: I will now have to do some more serious virus checking with all my clients.
CORSAIR: What’s your opinion on firewalls, either software or hardware ones? Which are better?
JOHN DAY: Hardware is the best, but it’s also the most expensive to buy. Software can be good if it’s configured correctly, but it is more expensive to maintain.
TLSNC: Any recommendations on firewalls either way?
JOHN DAY: I like Cisco for hardware. I don't like Raptor read security portal; it is NT-based and full of bugs.
CORSAIR: Any thoughts on Web ramp?
JOHN DAY: I’ve never heard of it. Security portal has a how-to-select-a-firewall template on its Web site.
Thanks for coming
MODERATOR: OK everyone, thanks for coming. I'd like to give a special thank-you to our speaker tonight, John Day.
JOHN DAY: You can e-mail me questions at firstname.lastname@example.org.
TLSNC: Thanks, John. I look forward to more chats with you.
Our Guild Meetings feature top-flight professionals leading discussions on interesting and valuable IT issues. You can find a schedule of Guild Meetings in your weekly TechProGuild Note TechMail, or on the Guild Meeting calendar.