General discussion


Protect networks from viruses and worms

By debate ·
Do you train users to not open attachments from unknown sources? Do you allow users to receive all attachments? How do you handle the constant flow of viruses on the Web? Do you think updating SMTP to include authentication is an effective method for fighting viruses? Share your comments about protecting networks from viruses and worms, as discussed in the Feb. 6 Security Solutions e-newsletter.

If you haven't subscribed to our free Security Solutions e-newsletter, sign up today!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

We don-t use Microsoft mail products

by braunmax In reply to Protect networks from vir ...

Generally linux software supports servers - and clients do not use outlook/exchange variants even though moct clients use windows.

Best would be if Visual Basic could also be blocked in installations (to prevent macro viruses in documents)

PegasusMail (freeware and fully featured) and Netscape are still the most popular clients here.

The firewall actively disables all but essential ports.

Collapse -

Windows lacks security infrastructure

by felipe_alfaro In reply to We don-t use Microsoft ma ...

We also refuse to use any kind of Microsoft
software, mainly their secureless inoperating
systens. We primarily use Linux systems and some
OpenBSD and Mac OS X systems, as we like

However, the problem is not itself in the fact
that Windows is so badly designed (from a
security point of view), due to it's nature of a
game platform, DOS-based graphical environment,
letter writting and so. The real problem is that
Windows has allowed nearly everyone to use a
computer, but most of those users haven't used a
computer before, don't know how to use it and a
have no serious security knowledge (some even
don't have common sense that stops them from
opening mails from an unknown sender).

Thus, nearly spontaneously, there is a great
number of unknowledgeable people using
complicated systems like computers running on
apparently-easy-to-use-but-severly-flawed OS.
Since we are not allowed to drive a car without
a license, I dont't understand why we should we
allow users to use a computer without a computer

Education is the key to solve these problems
we're facing everyday, like clueless average Joe
User opening an e-mail with a virus attached,
and spreading its payload to half the world
since that Joe User doesn't use an antivirus
and/or a properly configured firewall.

That's the real problem. Computers are too
powerful and dangerous to let anyone use one
without any kind of knowledge.

Collapse -

Anti-Virus Wall Can also be a problem.

by flee74 In reply to Protect networks from vir ...

My customers keep calling me to say
"Hey, I got lots of mails from somebodies unkown that read [1.I had sent a MyDoom mail] + [2.They detected the worm and delete the mail]"

Because this worm spoofs [Sender] field and [Return-path] field, Somebody (whose only fault is that she/he has lots of friends :)) can suffer a time-loss with this spam-like "WARNING" messages.

With this all the support(security related) staffs also suffer a energy with all explanation(+ extra jobs) to make them feel safe.

The original motive of the MyDoom-Creator(I Love him!!!) might have nothing to do with this side-effect, IMHO, But This can be another type (annoying-sort-of) of worm-attack.

What do you think of this situation????

Collapse -

AV Problem & Security

by Jim_MacLachlan In reply to Anti-Virus Wall Can also ...

Why any administrator still has a warning coming back out of their system is beyond me. Several years ago, we quit sending an autoreply to the sender of a virus. I think it was the hybris virus where we first noticed the sender being spoofed ('Real story of Snow White...' with a sender of '' or something like that.) We thought about it & decided not to clog servers by trying to send a warning to a non-existant address.
The previous poster made some great points about the problems with Windows security - a lot of it is ignorant users - but worse, there are ignorant sysadmins. Any kid off the street can set up a network with a Microsoft server & a few workstations & hook them up to a fast pipe to the Internet. Then the kid goes away & some secretary gets stuck trying to keep the server up. In this situation, there is no network security. This is a VERY common scenario among small businesses. The owner can't see spending real money on the network. I see it all the time.
Add that in with the old, open structure of email, the Internet & the hordes of ignorant people running an OS that was made to share everything - I'm constantly surprised we don't have more incidents than we do.
Thank goodness Novell, Linux & other NOS's are out there. If we could just get a lot of software written for secure NOS's, we'd be a lot better off. I want to move to a Linux desktop (Ximian from Novell should be awesome) but we can't move there unless the software support is there.


Collapse -

Time to put pressure on the ISPs

by phil In reply to Protect networks from vir ...

Surely the time has come to ask more of the ISPs in fighting both viruses and SPAM. All mail traffic passes through their servers - why is it not a matter of course for them to scan for viruses, authenticate senders, track senders of dubious mail etc? Used in addition to end-user's security tools (AV, firewalls etc) that would improve matters a lot. But few ISPs seem to be doing anything much?

Collapse -

And further more

by ChrisSaw In reply to Time to put pressure on t ...

I agree with Phil. I think that everyone is concern with that plague. A good example of that would be if each enterprise send to their ISP a database or list or whatever the format adopted of their customer, advertising domain they want pass through their ISP. That database could be maintain by the IT administrator from the enterprise. So everything entering at the ISP is first filtered against the database for the destination domain.

Collapse -

Re: Time to put pressure on the ISPs

by bhehmann In reply to Time to put pressure on t ...

Oh, my ISP has a whole section dedicated to AV, and one of their suggestions is, that if I receive a suspect email, I should forward it as attachment to their junk_mail address. For the last 3 weeks, I've been receiving at least 2 emails infectied with the W32/Swen worm. I've forwarded these to my ISP as suggested, but I still receive them on a daily basis. They are supposed to stop these at the gateway!

Collapse -

Force more responsibility onto the ISP

by thomas.nilsen In reply to Protect networks from vir ...

I believe that the only way forward in these lawless times, both with regards to virus/worms and spam, is to force all ISPs to have a minimum of systems/routines in place:

1. Antivirus software on SMTP Gateways
However, the ISPs will need support from antivirus vendors in the form of free/low cost AV scanning tools. (I don't think AV vendors big market is from the ISPs anyway).

2. MTA that blocks connections from open relay sources.
If all ISPs agreed to block traffic from know (verified by a globally owned ISP database - not a "home-grown" source) open relay sources, SPAM would not be much of an issue, at least not like it is today.

3. Active monitoring of customers/users.
A global blacklist register of customers who keep violating ISPs usage policies. Force open relay customers to shutdown or patch/fix.

4. More active shutdown of violating customers/users.
It can be quite difficult to get a customer taken of an ISP by reporting to the ISPs helpdesk. Global ISP agreements on how this should be handled must be made. ( could be used as a good source for violating customers)

(5. Block MS Netbois traffic! (I can't see any good reason for these ports to be open over the internet))

6. As for prosecuting spammers... Instead of prosecuting the "spammer" (as long as the spammer uses his own mail server and not an open relay), why not go after the source of the actual spam? If Acme Ltd hires a spammer, go after Acme LTD, not the spammer.

If the ISP won't take the responsibility, they should not be allowed to operate.

Collapse -

I Don't get it.

by Robotech In reply to Force more responsibility ...

How did so many people get this virus, when not one of the persons at the companies whose networks I manage got it. DO you know what this means? Bad network Administration. I have firewall, Antivirus, and I also educate my users.

These three combinations work for me and continue to work. Why are they failing for everyone else?

Collapse -

Little virus impact here either.

by kllw In reply to I Don't get it.

We have had one or two infected PCs. And they are the result of poor management practices. As the network director, I have repeatedly requested that we be granted the ability to lock down workstations and restrict web browsing; as of yet, we are still not allowed to do so. As a result, users surf to their pop mail accounts, and through those can still download and run whatever they choose.
Through our corporate email system, which is NOT Microsoft, we've had no viruses. Our antivirus blocked them on heuristics before the definitions were released.

Related Discussions

Related Forums