Keeping your network safe from viruses sounds easy, but watch out for complacency. Often, it's your own worst enemy.
It seems that no matter what precautions one takes to avoid viruses you can never be 100 percent safe. (Sensible precautions at least—after all, you could disconnect your PC from the network, keep it in a locked room, and not install anymore software on it. This defeats the purpose a bit, though.)
While the BugBear virus has been taking its toll, we appear to have survived its onslaught rather well. We received a few e-mails but simply deleted them. The list of the abilities attributed to BugBear are annoyingly impressive: multiple infection paths, exploitation of IE vulnerabilities, back door, key-logger,and disabling antivirus and firewall software.
But, given the pretty much universal awareness of computer viruses how many people are still naïve enough to execute every attachment they are sent?
OK, I’ve may have offended some people who will in their defense say, “Mary is always sending me amusing little jokes, I thought this was one of them”. That’s a fair statement, although I will pretend not to hear management grumbling “shouldn’t be exchanging jokes on company time”. Still there are ways you can avoid a good deal of grief.
We all keep our antivirus software up to date, of course, and that’s a pretty good first step. But how often do you update--every day, once a week, or heaven forbid,once a month? To be a tad more cautious, if you do receive an EXE, DOC, XLS, or any other attachment that can execute or may cause its parent application to run a macro for example, you could first check the antivirus Web site for updates before attempting to open the attachment. Or if you tend to be a bit more paranoid, why not create a quarantine directory on your drive and only open the slightly suspect files a week later, again after you have checked for the latest virus images.
If you have any misgivings about the file at all, just delete it--so you miss a good joke.
Now I have to come clean, we may have survived BugBear without a problem, but we did get saddled with another virus—a variation of the Apache Worm. We found out we had the Worm pretty much si- multaneously from two sources. We were testing wireless LANs for throughput, range, and cross-vendor roaming capabilities, and to test the throughput in particular we were FTPing large files from a Linux server.
We worked pretty hard to get all the testing completed before a self-imposed deadline. Which meant we created the tests, ensured they were repeatable, and then let them loose on the products under test.
Unfortunately one of our staff was on holidays—the one who usually kept our Linux patches up to date. We missed a patch to the Apache Server SSL by a couple of days and during this time the Worm exploited a flaw in the SSL security. I found we had a problem when I was trying to make sense of the test data--we include checkpoints and these just did not tally. I then came to the conclusion that the tests had started going awry on a particular day.
A day later I had a call from RMIT’s ITS department informing me they had firewalled our Linux box they had detected some pretty disturbing activity from it. They had determined that we had the new variant of the Apache Worm as did a couple more unfortunates.
We ended up having to totally rebuild the Linux box and--just to make certain--we did a from-scratch install with formatted drives and immediately installed the most up-to-date patches we could lay our hands on.
So lets see, the recipe for minimising virus risks is a large dollop of caution, touch of paranoia, and doggedly staying abreast of the latest patches and virus IDs. Doesn’t sound too hard does it?
Steve Turvey is Lab Manager of the RMIT IT Test Labs, and can be reached at stevet@rmit.edu.au.
Subscribe now to Australian Technology & Business magazine.
