theregister.co.uk— This is a short story by Jim Kissel of Open Source Migrations Ltd about a failed email virus attack and how to protect against an email virus generally.
Dec 6, 2005View in Crawl 4
I was going to give a knee-jerk reaction without even reading the article and just be a smart-ass by saying "Just use Linux". I decided to read the article first though (since the Register does a pretty good job with their stories) and it's a pretty good read. This was a well thought out article and it turns out they WERE running Linux ;-)Just yesterday I had someone from "management" in my office watching me over my shoulder. It took them about 10 minutes before they commented on the fact that my task bar "looked funny". I told them I was running Linux (and then had to explain that is wasn't Windows of ANY flavor). They wanted to know how, as Systems Administrator, I was able to do my job without using Windows. I told them that my job was too critical to risk running Windows. They looked at me funny but I explained that I reach out and touch almost every critical system on our network from my computer.I went on to explain that of all the people in our organization, I had to be the most careful because if my computer was compromised or got infected with a worm/virus/malware, etc. it could have tremendous implications for our entire network. I then showed him how I run FireFox with the NoScript extension turned on and explained the implications of that. After all, I said, if anything is suspicious, whether it's a web page, document, email, or other file, people always send it to me. I'm the magnet for all sorts of evil things. He was also surprised to find out that 3/4 of our critical systems servers, like Email, DNS, Web Servers, proxies, IDS and DHCP, were actually running Linux and had been for several years. I'm not sure he understood everything, but I know it got him thinking.The article makes a point of mentioning that all their critical workstation run Linux and went on to explain how that helped mitigate some of the risks.The only thing I disagree with in the article is the mention of ClamAV being updated every 24 hours. Ours is updated every 15 minutes and still misses 1 or 2 of the first of a new variant occasionally. I can't imagine waiting 24 hours to update an email virus scanner. Workstations, yeah, but email?
Hell, I get one of these every week at work. Most are caught, some are not. I store the one's that aren't caught on the HDD in case I get fired some day. No big deal.
I don't know... this seems like a strange article. They were in no danger of infection because they were running Linux. Short of promoting Linux or other non-MS operating systems, what's the point?I've had a little laugh every time I've got an executable attachment, whether on Linux or Mac OS X. I mean, for *years*. What's the big deal?
rikushixDec 7, 2005
Wow. Some interesting goings-on there.
coolcoolglassesDec 7, 2005
Good info +digg. More companies need to take a harder stance on security and stop treating like a redheaded step child since it makes no money for them.<a class="user" href="http://plueballs.libsyn.com">http://plueballs.libsyn.com</a> a funny podcast (not for kids)
ntropDec 7, 2005
I was going to give a knee-jerk reaction without even reading the article and just be a smart-ass by saying "Just use Linux". I decided to read the article first though (since the Register does a pretty good job with their stories) and it's a pretty good read. This was a well thought out article and it turns out they WERE running Linux ;-)Just yesterday I had someone from "management" in my office watching me over my shoulder. It took them about 10 minutes before they commented on the fact that my task bar "looked funny". I told them I was running Linux (and then had to explain that is wasn't Windows of ANY flavor). They wanted to know how, as Systems Administrator, I was able to do my job without using Windows. I told them that my job was too critical to risk running Windows. They looked at me funny but I explained that I reach out and touch almost every critical system on our network from my computer.I went on to explain that of all the people in our organization, I had to be the most careful because if my computer was compromised or got infected with a worm/virus/malware, etc. it could have tremendous implications for our entire network. I then showed him how I run FireFox with the NoScript extension turned on and explained the implications of that. After all, I said, if anything is suspicious, whether it's a web page, document, email, or other file, people always send it to me. I'm the magnet for all sorts of evil things. He was also surprised to find out that 3/4 of our critical systems servers, like Email, DNS, Web Servers, proxies, IDS and DHCP, were actually running Linux and had been for several years. I'm not sure he understood everything, but I know it got him thinking.The article makes a point of mentioning that all their critical workstation run Linux and went on to explain how that helped mitigate some of the risks.The only thing I disagree with in the article is the mention of ClamAV being updated every 24 hours. Ours is updated every 15 minutes and still misses 1 or 2 of the first of a new variant occasionally. I can't imagine waiting 24 hours to update an email virus scanner. Workstations, yeah, but email?
reqageDec 7, 2005
For people who don't know anything about security or would like to know more, check out the Security Now! podcast. I am in no way affiliated with these guys but each show gets better and better.<a class="user" href="http://www.grc.com/SecurityNow.htm">http://www.grc.com/SecurityNow.htm</a>I'm sure a lot of people on here know about it already but just in case...
capn_cavemanDec 7, 2005
Hell, I get one of these every week at work. Most are caught, some are not. I store the one's that aren't caught on the HDD in case I get fired some day. No big deal.
fwonkasDec 7, 2005
I don't know... this seems like a strange article. They were in no danger of infection because they were running Linux. Short of promoting Linux or other non-MS operating systems, what's the point?I've had a little laugh every time I've got an executable attachment, whether on Linux or Mac OS X. I mean, for *years*. What's the big deal?