"you should take steps to add protection to all desktops"
10. Train your users and make them part of the security team.
Only the fact that the Love Letter virus arrive at a Win95 PC saved us from that mess. After the defintion files were available and put in place, I took the time to visit every department of our small company. I talked with the users about being cautious with emails, thinking before they click, etc. I looked each one in the eye as I spoke. It had a real impact I believe as now they do call me when anything remotely strange or odd arrives in their Inbox. As one of them said that day, "I don't want to be the one that clicks on the attachment that brings down the network!"
Involved the users. Make them partof your security plan. They are your last line of defense.
Jenny
Discussion on:
View:
Show:
Some IT people are afraid to get their users on board in helping with systems issues like this. I know it's trite, but as they said in the 1960's, "If you aren't part of the solution, you are part of the problem." Virus control is everyone's responsibility.
The problem with desktop level protection is
that is causes problems with:
Performance
Devices such as digitizers
File locks on drivers, databases
network connections
Users shut them off or they fail to start due to conflicts with other devices.
Scanning the mail servers has proved to be an
invaluable supplement in our organization along with user policies and browser settings.
The desktop scanning as a first line has too many catches.
that is causes problems with:
Performance
Devices such as digitizers
File locks on drivers, databases
network connections
Users shut them off or they fail to start due to conflicts with other devices.
Scanning the mail servers has proved to be an
invaluable supplement in our organization along with user policies and browser settings.
The desktop scanning as a first line has too many catches.
I would never let the users be responsible for protecting the network from viruses. They are a bunch of noodleheads! Sure, we'll keep them involved, update their desktop dats & such, but they simply can't be trusted to do the right thing every single time.
Network Admins: Don't pass the buck. Cover your own butt. Implement file-type filtering at the gateway NOW. Anything less than this is a gamble... one that you will eventually lose. Anyone who still lets *.vbs attachments flow through their email system is hiding their head in the sand and *hoping* there are no disasters.
Is the open friendliness of letting *.vbs and *.exe files flow freely through your mail server really worth the risk? It may take a couple minutes to recover a quarantined exe for a user, but how long does it take to clean a loveletter off 400 computers?
Filter at the gateway! Anything less is not enough, and you're just fooling yourself if you think it is.
-Dave
Network Admins: Don't pass the buck. Cover your own butt. Implement file-type filtering at the gateway NOW. Anything less than this is a gamble... one that you will eventually lose. Anyone who still lets *.vbs attachments flow through their email system is hiding their head in the sand and *hoping* there are no disasters.
Is the open friendliness of letting *.vbs and *.exe files flow freely through your mail server really worth the risk? It may take a couple minutes to recover a quarantined exe for a user, but how long does it take to clean a loveletter off 400 computers?
Filter at the gateway! Anything less is not enough, and you're just fooling yourself if you think it is.
-Dave
The point wasn't to abdicate responsibility to the users. The point was EVERYONE has to be responsible for virus protection - no one is immune from responsibility here. These aren't children, they are adults (in theory) and they have to be responsible for their own actions and the consequences.
Virus protection is a team effort. We put the Fear Of God in our users enough times that they now email US about new viruses going around. The majority of sensitive to not opening suspicious emails and will ask first before proceeding. Even though our gateway blocks out any email with an executable attachment, they call us to tell us about the alert message that was substituted for the attachment.
If you treat your users like "noodleheads," that's they way they will behave. In that way, it's the same as with kids.
Virus protection is a team effort. We put the Fear Of God in our users enough times that they now email US about new viruses going around. The majority of sensitive to not opening suspicious emails and will ask first before proceeding. Even though our gateway blocks out any email with an executable attachment, they call us to tell us about the alert message that was substituted for the attachment.
If you treat your users like "noodleheads," that's they way they will behave. In that way, it's the same as with kids.
I don't treat them like noodleheads. I only call them that in the relative safety of a discussion group.
It may be true that EVERYONE has to be responsible for virus protection, but it is ultimately on the network admin's head to keep the network virus free. I have a user who is a relatively intelligent person, but my eyes were opened to her latent noodleheadedness when she called to say the following: (actual word for word quote) "I got a suspicious email yesterday. It had an attachment that looked like it might have been a virus, but I wasn't sure, so I opened it." I was stunned. I had no response.
In actual practice, I have found the following: You can't trust the users to do the right thing every single time. They are human, and they will make mistakes. Therefore if the users are a critical link in your protection chain, the chain will eventually break. My users are (mostly) highly educated and virus aware. They call every time they have an alert, and ask every time they're not sure about a potential threat, and send me every warning and hoax warning they come across. But I don't put them in the position of being a critical link. That's my job.
I am a huge proponent of file-type filtering. Since we started doing that, not a single bug has gotten in. (listen closely for the sound of me knocking on wood)
So I will stick by my original assertion. Network administrators: Don't pass the buck. Do your best to keep the protection levels high on theworkstation/user end, but use the tools that are available to you to protect your systems at the gateway. You'll find you sleep better, and life gets easier.
-Dave
It may be true that EVERYONE has to be responsible for virus protection, but it is ultimately on the network admin's head to keep the network virus free. I have a user who is a relatively intelligent person, but my eyes were opened to her latent noodleheadedness when she called to say the following: (actual word for word quote) "I got a suspicious email yesterday. It had an attachment that looked like it might have been a virus, but I wasn't sure, so I opened it." I was stunned. I had no response.
In actual practice, I have found the following: You can't trust the users to do the right thing every single time. They are human, and they will make mistakes. Therefore if the users are a critical link in your protection chain, the chain will eventually break. My users are (mostly) highly educated and virus aware. They call every time they have an alert, and ask every time they're not sure about a potential threat, and send me every warning and hoax warning they come across. But I don't put them in the position of being a critical link. That's my job.
I am a huge proponent of file-type filtering. Since we started doing that, not a single bug has gotten in. (listen closely for the sound of me knocking on wood)
So I will stick by my original assertion. Network administrators: Don't pass the buck. Do your best to keep the protection levels high on theworkstation/user end, but use the tools that are available to you to protect your systems at the gateway. You'll find you sleep better, and life gets easier.
-Dave
Just wondering, are we just talking about e-mail viruses here? Are you filtering file-types introduced on your internal network, too, or have you removed all the floppy drives, cd drives, and modems from your users' PCs since you can't trust them? You are right, the user is your weakest link. That's why the most sophisticated security solution won't provide any protection against a postit on a PC with a password on it. Organizations need to develop a security policy and every employee has to be aware of and understand it fully.
What about a new, as yet, unknown file-type or disguised file-type? At this point, your only hope, if there is one, is an educated user. In the case of your user, there should have been a published policy, andunderstanding, that, if there is any doubt, don't open it and report it immediately. It may be necessary to have your users sign off that they are aware of and understand the policies.
What about a new, as yet, unknown file-type or disguised file-type? At this point, your only hope, if there is one, is an educated user. In the case of your user, there should have been a published policy, andunderstanding, that, if there is any doubt, don't open it and report it immediately. It may be necessary to have your users sign off that they are aware of and understand the policies.
"Just wondering, are we just talking about e-mail viruses here? ..."
Any kind of virus, but the gist of the conversation seems to revolve around the email flavor. Anything that flows through the mail server gets both scanned and filtered. Same for files moving on or off of fileservers. User machines are set up to automatically download latest virus patterns.
This system prevents almost any infections from the internet, and contains floppy and webmail intrusions to the workstation in question. We don't allow modems on the inside of the network except for a few exceptions, for various security reasons.
"...It may be necessary to have your users sign off that they are aware of and understand the policies. "
She signed a piece of paper saying she understood the policy. Apparently she didn't.
I think there is no substitute for scanning & filtering at the gateway. I am suprised at the number of folks who don't do this. As I am typing this, my gateway scanner just stomped on a couple of homepage.vbs files. That means my phone is about to ring with a couple users telling me they received an alert. Scanning at the gateway removes a lot (but not all) of the risk of relying on user's intelligence.
It is important to educate users about virus issues, but it is perhaps more important to minimize their ability to accidentally launch a Loveletter. Good security management is about balancing risk and functionality. I have found that we lose a minimal amount of functionality by blocking attachments by file-type, but our risk factor is greatly reduced.
Go for it! Spend the money! Get yourself a scanner/filter on the network gateway! It will pay for itself the very first time you block the latest *.vbs script virus. Keep educating the users, but do everything in your power to not have to rely on that education. And update those dats every day!
-Dave
Any kind of virus, but the gist of the conversation seems to revolve around the email flavor. Anything that flows through the mail server gets both scanned and filtered. Same for files moving on or off of fileservers. User machines are set up to automatically download latest virus patterns.
This system prevents almost any infections from the internet, and contains floppy and webmail intrusions to the workstation in question. We don't allow modems on the inside of the network except for a few exceptions, for various security reasons.
"...It may be necessary to have your users sign off that they are aware of and understand the policies. "
She signed a piece of paper saying she understood the policy. Apparently she didn't.
I think there is no substitute for scanning & filtering at the gateway. I am suprised at the number of folks who don't do this. As I am typing this, my gateway scanner just stomped on a couple of homepage.vbs files. That means my phone is about to ring with a couple users telling me they received an alert. Scanning at the gateway removes a lot (but not all) of the risk of relying on user's intelligence.
It is important to educate users about virus issues, but it is perhaps more important to minimize their ability to accidentally launch a Loveletter. Good security management is about balancing risk and functionality. I have found that we lose a minimal amount of functionality by blocking attachments by file-type, but our risk factor is greatly reduced.
Go for it! Spend the money! Get yourself a scanner/filter on the network gateway! It will pay for itself the very first time you block the latest *.vbs script virus. Keep educating the users, but do everything in your power to not have to rely on that education. And update those dats every day!
-Dave
Hey, there's nothing wrong with anything you're say, we are both saying the same thing (I think). Without a doubt, our lives have become so much better with full filtering. Indeed, sleeping better at night has its appeal .
I can tell you noodlehead stories and I'm sure they will continue to haunt us.
I can tell you noodlehead stories and I'm sure they will continue to haunt us.
Your close, but happens when an end user brings in his home word document with a virus? Gotta happen at both levels email gateway and desktop.
For the Desktop level. My team created a Virus Page that links to the superdat file. They go to a web page click the link and the virus files are updated on the desktop
For the Gateway, I recommend the same as the noddlehead post but also I automate the desktop process and the end user process at the same time. Using batch files and the automatic upgrade on VirusScan, it can do wonders. I pull the dat files down every Thursday at morning via the automatic download. Then a batch file deletes last weeks version and copies the new files where the web page points to and then copies the same filesto the exchange server. Simple yet effective and every Thursday morning the virus files are update for both endusers and the gateway. Should a virus come out before then. We notify via a virus alert web page telling everyone to go to the page and update and I kick off the scripts manually.
I also recommand the buddy swimming theroy. Never swimm alone. When you are hit or know of a virus tell your friends ASAP in the biz to update ASAP.
Good luck defenders of your networks!
M@
For the Desktop level. My team created a Virus Page that links to the superdat file. They go to a web page click the link and the virus files are updated on the desktop
For the Gateway, I recommend the same as the noddlehead post but also I automate the desktop process and the end user process at the same time. Using batch files and the automatic upgrade on VirusScan, it can do wonders. I pull the dat files down every Thursday at morning via the automatic download. Then a batch file deletes last weeks version and copies the new files where the web page points to and then copies the same filesto the exchange server. Simple yet effective and every Thursday morning the virus files are update for both endusers and the gateway. Should a virus come out before then. We notify via a virus alert web page telling everyone to go to the page and update and I kick off the scripts manually.
I also recommand the buddy swimming theroy. Never swimm alone. When you are hit or know of a virus tell your friends ASAP in the biz to update ASAP.
Good luck defenders of your networks!
M@
a desktop protection.
It is your absolut and last line of defence.
What would a gateway scanning help if the file arrives through POP3/ICQ/Gnutella/Other?
What would it help against someone who brings an infected doc file from home?
Or even ifit comes from the net, it might be encrypted in a mail, or protected by password - and no gateway software can scan these.
There is no magic solution here. A multi-level protection is a must.
It is your absolut and last line of defence.
What would a gateway scanning help if the file arrives through POP3/ICQ/Gnutella/Other?
What would it help against someone who brings an infected doc file from home?
Or even ifit comes from the net, it might be encrypted in a mail, or protected by password - and no gateway software can scan these.
There is no magic solution here. A multi-level protection is a must.
In implementing security it seems our support personnel sometimes fail to adequately consider the impact on users. It may be time to givemore weight to balancing security concerns with maintaining high levels of service to the user. Users can be as impeded by continuing degradation of their system due to ill considered protective decisions, as by actual viruses. Poorly implemented protective mechanisms may degrade a system's performance continuosly, while an occasional virus that slips through may wreak short intensive damage. Both can be very costly. But we should't automatically put all protective measures possible inplace -- it can tie operations into knots.
As examples, I find I wait -- or get balky response -- when antivirus and spy detection software runs. Protection software loaded into active memory sometimes seems associated with "out of memory" messages. I've experienced continuing difficulty reading our Microsoft Help screens. When I select help, I receive system messages that they are considered a peril by our our security system (Active x controls?), and Microsoft help files are displayed with much degraded, difficult to read print. I also do not receive images forwarded in messages because of our security settings.
I suspect other users have similar experiences -- perhaps reflecting minimal attention by computer systems managers to "cost" (time, missing information, quality, productivity) impact on the "customer", whom we are trying to protect.
As examples, I find I wait -- or get balky response -- when antivirus and spy detection software runs. Protection software loaded into active memory sometimes seems associated with "out of memory" messages. I've experienced continuing difficulty reading our Microsoft Help screens. When I select help, I receive system messages that they are considered a peril by our our security system (Active x controls?), and Microsoft help files are displayed with much degraded, difficult to read print. I also do not receive images forwarded in messages because of our security settings.
I suspect other users have similar experiences -- perhaps reflecting minimal attention by computer systems managers to "cost" (time, missing information, quality, productivity) impact on the "customer", whom we are trying to protect.
I agree wholeheartedly with Jenny on this topic.
Educating users to not only the threat & effects of virus attacks, but investing some time establishing & enforcing an intelligent prevention policy goes considerably further than anything else an ITmanager can do to secure a network.
I created a short, simple list of DO's & DON'Ts for our networked clients & their employees. It begins with a paragraph explaining just what virus activity actually is & debunks some of the hype surrounding the subject.
We also begin our user training sessions with a brief primer on network safety. Nothing too in depth, but enough to make users aware of what a virus really is & what it can & cannot do. I am constantly met with very surprised looks from users who view virus attacks in the same light as voodoo. ("No, a virus can't erase the numbers stored on your cell phone or launch ICBM's at Canada, Mr. Smith....")
The best defense is knowledge!
Anyone who would like a copy of the list I created is welcome to it, drop me a line & I'll forward it.
Educating users to not only the threat & effects of virus attacks, but investing some time establishing & enforcing an intelligent prevention policy goes considerably further than anything else an ITmanager can do to secure a network.
I created a short, simple list of DO's & DON'Ts for our networked clients & their employees. It begins with a paragraph explaining just what virus activity actually is & debunks some of the hype surrounding the subject.
We also begin our user training sessions with a brief primer on network safety. Nothing too in depth, but enough to make users aware of what a virus really is & what it can & cannot do. I am constantly met with very surprised looks from users who view virus attacks in the same light as voodoo. ("No, a virus can't erase the numbers stored on your cell phone or launch ICBM's at Canada, Mr. Smith....")
The best defense is knowledge!
Anyone who would like a copy of the list I created is welcome to it, drop me a line & I'll forward it.
shucks, that's what the internet is all about. If I can't download from McAfee, Microsoft and such...what's the point of the internet. Aren't we really concerned about EMAIL? Things malicious users are sending out? Someone explain how these two "downloads" differ. I tell all my users to really KNOW where their email is coming from before they open it. If in doubt DELETE. They seem to understand.
doug
doug
Jenny, I'm willing to bet you have a virus free shop, or at least pretty darn close. The most important factor in virus protection has always been and will always be training your users! I would even say that this should be the #1 step in the article (of course, what do I expect from McAfee?)
To draw an analogy, we don't lock every harmful item in our houses from our children until they move out. We train our children not to touch the hot stove, or drink cleaning fluids. Sure, you don'tleave bleach sitting out where your two year old can get at it (nor do I run without virus protection at every level of the network), but you can't protect your children 24/7. You have to trust that, at some point, they'll find something harmful tothem, and that they will rely on your training not to harm themselves with it.
To draw an analogy, we don't lock every harmful item in our houses from our children until they move out. We train our children not to touch the hot stove, or drink cleaning fluids. Sure, you don'tleave bleach sitting out where your two year old can get at it (nor do I run without virus protection at every level of the network), but you can't protect your children 24/7. You have to trust that, at some point, they'll find something harmful tothem, and that they will rely on your training not to harm themselves with it.
... to be on the offense not defense.
I am surprised that filtering out email attachments was not mentioned.
The number one cause of virus rpoblems are VBS and EXE attachments.
Since I started to filter these attachments out (as a default behavior) all problems got solved.
Since then I got very few complaints about valid business attachments being pulled out.
For the past few months I have been laughing hearing about others going through another email server being shutdown because of worm viruses and the like.
Yes, server side and client side protection exists, frequent updates are good, but add attachment filtering and it gets better.
How about this for a good article subject?
I am surprised that filtering out email attachments was not mentioned.
The number one cause of virus rpoblems are VBS and EXE attachments.
Since I started to filter these attachments out (as a default behavior) all problems got solved.
Since then I got very few complaints about valid business attachments being pulled out.
For the past few months I have been laughing hearing about others going through another email server being shutdown because of worm viruses and the like.
Yes, server side and client side protection exists, frequent updates are good, but add attachment filtering and it gets better.
How about this for a good article subject?
Let's look at this from another angle. You have a president or CEO who has probably built his/her company from his/her bedroom during college and wants either to be financially secure or who wants to pass the biz on to their kids. If they have any business savvy or care about the future of their business and the employees, then they had better make damn sure that a good chunk of the company's budget is put aside for IT upgrades, training and virus protection. If your prez or CEO is blowing off the IT department like yesterday's garbage, then it's probably time to find another position.
The only position I don't want to be found in is being bent over by the CEO explaining where the files went to and why. Just hope there's no sand in the Vasoline!!!!
The only position I don't want to be found in is being bent over by the CEO explaining where the files went to and why. Just hope there's no sand in the Vasoline!!!!
After Melissa, I set a company wide policy to have our staff use unique identifiers in the subject line of any inter company e-mails. We use a store name abrieviation (AC2-Subject) Where AC2 is Aztec store #2 preceding the subject. I've also encouraged our co-workers to to communicate this to our clients, and most responded favorably.
Better than alt.comp.virus is the EWS discussion group on http://www.avien.org. They have a very high signal-to-noise ratio, and some of the best anti-virus folks hang out there. They also have the distinction of knowing about the latest malware hours before the AV developers issue warnings.
The latest types of virus attacks have used "Human Engineering" which try to convince the recipient that the virus file is from one of their best friends, that the attachment is a fun app or cool web site to check out. It is difficult to instruct all your users to not open e-mails when the message appears to be from someone you trust who has sent you a interesting attachment. Since it only takes one user to infect your entire network via your mail server the best approach is to stop all vbs, exe, scr, com files from entering your mail server.
As for limiting downloads from the internet, there are number of AV products which can scan and remove inbound viruses by checking the http / ftp / smtp ports via a proxy server interface.
As for limiting downloads from the internet, there are number of AV products which can scan and remove inbound viruses by checking the http / ftp / smtp ports via a proxy server interface.
I strongly agree with what JenneyH said earlier.
The email .vbx viruses and others would have far less impact if the IT help-desk folks and management would recognize the users as an important resource for network security.
I have heard network security gurus identify the common user as the weak-link in network security. I wish to correct that fallacy by identifying the real weak-link in network security. The real weak-links are the IS/IT personnel (including management) that attempt to justify network security problems/breaches as a "USER!" problem. These IS/IT folks refuse to take responsibility for that which they are being paid. Projecting your problems on to others is a serious character flaw.
Far fewer users would have clicked on attachments and crashed corporate networks if the IT/IM folks had been proactive (like a few years ago) when the potential for the problems had been identified. The users must be provided local/corporate briefings/seminars on network security topics by the company IT/IM staff. One to three hours out of six months is very cost effective compared to possible impacts. Tell folks how to create secure, complex, and memorable passwords, ?.
I know I am in the minority on this topic, but not allowing users to download files, browse the internet, chat, ? is not a solution, but does allow penny-wise and pound-foolish ways to avoid work that should be identified, planned, implemented, and done. Yep, accounting departments, R&D, secrets may require these types of additional sanctions, but that (with written justification) should be part of the network architecture and operations plan for a company.
Folks, I don't even work this field and I know what I have said above is fact. I hate pretext or blaming other people ? there is either some"thing" to blame (at cause) and be addressed, or an individual that is responsible for failure.
The email .vbx viruses and others would have far less impact if the IT help-desk folks and management would recognize the users as an important resource for network security.
I have heard network security gurus identify the common user as the weak-link in network security. I wish to correct that fallacy by identifying the real weak-link in network security. The real weak-links are the IS/IT personnel (including management) that attempt to justify network security problems/breaches as a "USER!" problem. These IS/IT folks refuse to take responsibility for that which they are being paid. Projecting your problems on to others is a serious character flaw.
Far fewer users would have clicked on attachments and crashed corporate networks if the IT/IM folks had been proactive (like a few years ago) when the potential for the problems had been identified. The users must be provided local/corporate briefings/seminars on network security topics by the company IT/IM staff. One to three hours out of six months is very cost effective compared to possible impacts. Tell folks how to create secure, complex, and memorable passwords, ?.
I know I am in the minority on this topic, but not allowing users to download files, browse the internet, chat, ? is not a solution, but does allow penny-wise and pound-foolish ways to avoid work that should be identified, planned, implemented, and done. Yep, accounting departments, R&D, secrets may require these types of additional sanctions, but that (with written justification) should be part of the network architecture and operations plan for a company.
Folks, I don't even work this field and I know what I have said above is fact. I hate pretext or blaming other people ? there is either some"thing" to blame (at cause) and be addressed, or an individual that is responsible for failure.
I work in an industry where downloads are a necessity for most of the employees. So we have tried to put as much information in the users hand to help prevent virus problems. You show them what things to look for, how to save and scan before openingfiles or attachments and the ignore you. They think it's either too hard, a waste of time, or not their respinsiblility to remember or keep notes on such things. So, here we try to educate the user and they don't want to learn. Therefore the user isthe week link in the situation and not IT.
... to be on the offense not defense.
I am surprised that filtering out email attachments was not mentioned.
The number one cause of virus problems are VBS and EXE attachments.
Since I started to filter these attachments out (as a default behavior) all problems got solved.
Since then I got very few complaints about valid business attachments being pulled out.
For the past few months I have been laughing hearing about others going through another email server being shutdown because of worm viruses and the like.
Yes, server side and client side protection exists, frequent updates are good, but add attachment filtering and it gets better.
How about this for a good article subject?
I am surprised that filtering out email attachments was not mentioned.
The number one cause of virus problems are VBS and EXE attachments.
Since I started to filter these attachments out (as a default behavior) all problems got solved.
Since then I got very few complaints about valid business attachments being pulled out.
For the past few months I have been laughing hearing about others going through another email server being shutdown because of worm viruses and the like.
Yes, server side and client side protection exists, frequent updates are good, but add attachment filtering and it gets better.
How about this for a good article subject?
You definately cannot count on users to update their own virus protection. Unfortunately, you will always have users who don't understand why they need to update their protection, too busy to do this themselves or just plain forget. We have a fairly easy 3 step defense against viruses.
1. Use a server level anti virus. We use Norton Corporate edition with the MS Exchange suppliment. The Corporate edition automatically pushes out definitions every night so the users know nothing. The MS Exchange suppliment scans all attachments before they get to the user. This works with known viruses. We have configured Norton to check for virus definiton updates every night.
2. We have set all machines to open *.vbs attachments in notepad. This will protect against unknown VBS viruses being opened since notepad cannot support macros.
3. The default website for the IT staff as well as reception is a site to check for virus alerts (http://www.mcafeeb2b.com/avert/virus-alerts/default.asp). Since reception often arrives first, and sees an alert they can let those who arrive early know to be aware and when IT comes they can update the virus protection, if the definations came out after the anti-virus looked for updates.
This may not work for all companies, but we have yet to be hit with a virus since we adopted this proceedure in April 2000.
1. Use a server level anti virus. We use Norton Corporate edition with the MS Exchange suppliment. The Corporate edition automatically pushes out definitions every night so the users know nothing. The MS Exchange suppliment scans all attachments before they get to the user. This works with known viruses. We have configured Norton to check for virus definiton updates every night.
2. We have set all machines to open *.vbs attachments in notepad. This will protect against unknown VBS viruses being opened since notepad cannot support macros.
3. The default website for the IT staff as well as reception is a site to check for virus alerts (http://www.mcafeeb2b.com/avert/virus-alerts/default.asp). Since reception often arrives first, and sees an alert they can let those who arrive early know to be aware and when IT comes they can update the virus protection, if the definations came out after the anti-virus looked for updates.
This may not work for all companies, but we have yet to be hit with a virus since we adopted this proceedure in April 2000.
I've read this discussion and the general themes that emerge are that users are unreliable and anti-virus software is burdensome at the client level (causing many users turn it off). I'd also like to add the obvious reminder that even the latest anti-virus software or updates are only good until the next virus designed to defeat them hits.
So you should always have a last line of defense "just in case." I suggest real-time backup software that works at the client level. Real-time, client-server backup software such as Storactive's LiveBackup (www.storactive.com--bad website but good product) automatically backs up every file change made at the client level to the server as soon as it is made. This means that should a virus strike, no user information or files need be lost. And this backup software has a system rollback/restore feature, which allows you to rollback the user's hardrive back to the point before the virus struck--it's like the virus never happened. As a stop-gap measure, the software allows bare-metal disaster recovery in case the virus renders the PC unbootable. Since this software is of the client/server variety, it's easy for IT managers to centrally manage, reducing "noodlehead" disasters.
So by all means educate users and install some good non-intrusive anti-virus software. But to avoid data/file loss for users just in case a virus gets through, make sure you have a good client backup/disaster recovery software installed. Afterall, using the "noodlehead" defense doesn't really fly with the suits, no matter how right you are.
So you should always have a last line of defense "just in case." I suggest real-time backup software that works at the client level. Real-time, client-server backup software such as Storactive's LiveBackup (www.storactive.com--bad website but good product) automatically backs up every file change made at the client level to the server as soon as it is made. This means that should a virus strike, no user information or files need be lost. And this backup software has a system rollback/restore feature, which allows you to rollback the user's hardrive back to the point before the virus struck--it's like the virus never happened. As a stop-gap measure, the software allows bare-metal disaster recovery in case the virus renders the PC unbootable. Since this software is of the client/server variety, it's easy for IT managers to centrally manage, reducing "noodlehead" disasters.
So by all means educate users and install some good non-intrusive anti-virus software. But to avoid data/file loss for users just in case a virus gets through, make sure you have a good client backup/disaster recovery software installed. Afterall, using the "noodlehead" defense doesn't really fly with the suits, no matter how right you are.
Your close, but happens when an end user brings in his home word document with a virus? Gotta happen at both levels email gateway and desktop.
For the Desktop level. My team created a Virus Page that links to the superdat file. They go to a web page click the link and the virus files are updated on the desktop
For the Gateway, I recommend the same as the noddlehead post but also I automate the desktop process and the end user process at the same time. Using batch files and the automaticupgrade on VirusScan, it can do wonders. I pull the dat files down every Thursday at morning via the automatic download. Then a batch file deletes last weeks version and copies the new files where the web page points to and then copies the same files to the exchange server. Simple yet effective and every Thursday morning the virus files are update for both endusers and the gateway. Should a virus come out before then. We notify via a virus alert web page telling everyone to go to the page and update and I kick off the scripts manually.
I also recommand the buddy swimming theroy. Never swimm alone. When you are hit or know of a virus tell your friends ASAP in the biz to update ASAP.
Good luck defenders of your networks!
M@
For the Desktop level. My team created a Virus Page that links to the superdat file. They go to a web page click the link and the virus files are updated on the desktop
For the Gateway, I recommend the same as the noddlehead post but also I automate the desktop process and the end user process at the same time. Using batch files and the automaticupgrade on VirusScan, it can do wonders. I pull the dat files down every Thursday at morning via the automatic download. Then a batch file deletes last weeks version and copies the new files where the web page points to and then copies the same files to the exchange server. Simple yet effective and every Thursday morning the virus files are update for both endusers and the gateway. Should a virus come out before then. We notify via a virus alert web page telling everyone to go to the page and update and I kick off the scripts manually.
I also recommand the buddy swimming theroy. Never swimm alone. When you are hit or know of a virus tell your friends ASAP in the biz to update ASAP.
Good luck defenders of your networks!
M@
Does anyone have an Outbreak Checklist or procedure that they would like to share?
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
