mmccann@hubcap.clemson.edu (Mike McCann) (07/09/89)
How does one protect the AppleShare file server from viruses? Will running Vaccine on it work? Or will the dialog box produced upon detection of a virus hang the server? Also as a new administrator of a small AppleShare network, any other helpful hints will be welcomed. Thanks for the help, -- Mike McCann (803) 656-3714 Internet = mmccann@hubcap.clemson.edu Poole Computer Center (Box P-21) UUCP = gatech!hubcap!mmccann Clemson University Bitnet = mmccann@clemson.bitnet Clemson, S.C. 29634-2803 DISCLAIMER = I speak only for myself.
mithomas@bsu-cs.bsu.edu (Michael Thomas Niehaus) (07/10/89)
In article <5956@hubcap.clemson.edu>, mmccann@hubcap.clemson.edu (Mike McCann) writes: > How does one protect the AppleShare file server from viruses? Will > running Vaccine on it work? Or will the dialog box produced upon > detection of a virus hang the server? I debated this with myself before, and came to this conclusion: You do not need to protect an AppleShare File Server from viruses. How can I make such a statement? Well, install the AppleShare software and maybe the Print Server software as well. Use something like Virus Rx and make sure that you did not install a virus (very unlikely if you are using original, locked disks). Now that your software is installed, you are safe because *THAT IS THE ONLY SOFTWARE EVER RUN* from the server. All of the other files on the network are data files. Viruses cannot be spread from these data files. Now, if you were to shut down your server, boot with another disk, and run some of the software that is on that server's disk *ON THE SAME SERVER MACHINE* then you could infect the server. But, I recommend against doing this. The stations on the network that are using the software from the servers are the ones that need to be protected. If one of them put a virus in one of the oft-used applications on the server, it would spread to all of the stations in a matter of days (or less). But since the server never runs this software, it will remain unscathed. > Also as a new administrator of a small AppleShare network, any other > helpful hints will be welcomed. Put your applications in locked folders so that viruses cannot be installed into them. Put Vaccine or something like it on all of the workstation's system disks. Check the workstation disks regularly. > Mike McCann (803) 656-3714 Internet = mmccann@hubcap.clemson.edu > Poole Computer Center (Box P-21) UUCP = gatech!hubcap!mmccann > Clemson University Bitnet = mmccann@clemson.bitnet > Clemson, S.C. 29634-2803 DISCLAIMER = I speak only for myself. -Michael -- Michael Niehaus UUCP: <backbones>!{iuvax,pur-ee}!bsu-cs!mithomas Apple Student Rep ARPA: mithomas@bsu-cs.bsu.edu Ball State University AppleLink: ST0374 (from UUCP: st0374@applelink.apple.com)
trebor@biar.UUCP (Robert J Woodhead) (07/10/89)
In article <8148@bsu-cs.bsu.edu> mithomas@bsu-cs.bsu.edu (Michael Thomas Niehaus) writes: >Now that your software is installed, you are safe because *THAT IS THE >ONLY SOFTWARE EVER RUN* from the server. All of the other files on the >network are data files. Viruses cannot be spread from these data files. >Now, if you were to shut down your server, boot with another disk, and run >some of the software that is on that server's disk *ON THE SAME SERVER >MACHINE* then you could infect the server. But, I recommend against >doing this. This is an _incorrect_ assertion. It is correct to say that if the server is proven free of viruses, and clients are not allowed read-write access to applications (or the server system folder), then those applications and system folder cannot be infected. However: Any file on any volume visible to an infected application that is read-write to the application is a candidate for infection! Read this carefully and understand it. If a user on a client machine runs his own Macwrite that is infected, and that client machine has read-write access to server applications, the virus may infect a server application. Whether or not it actually can is determined by the infection method of the virus. It gets worse, because many applications require that the user be able to modify them. The solution is twofold : 1) Regularily scan all disks, both server and client, using a good detection tool, such as (plug) Virex or Disinfectant. This includes scanning all ``incoming'' floppy disks. 2) Install, in all client machines, a watchdog init, such as Gatekeeper. So long as the user boots from the client machines' hard disk, the watchdog init will protect any visible Appleshare volumes from attack, just as regular local volumes are protected. In order for an attack to work, the user must have booted his own, infected floppy disk, which has Appleshare on it, but not the watchdog. The combination of these two techniques will provide adequate security for high volume sites. -- (^;-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-;^) Robert J Woodhead, Biar Games, Inc. !uunet!biar!trebor | trebor@biar.UUCP ``I can read your mind - right now, you're thinking I'm full of it...''
chris@accuvax.nwu.edu (Chris Krohn) (07/11/89)
In article <8148@bsu-cs.bsu.edu> mithomas@bsu-cs.bsu.edu (Michael Thomas Niehaus) writes:
##> How does one protect the AppleShare file server from viruses? Will
##> running Vaccine on it work? Or will the dialog box produced upon
##> detection of a virus hang the server?
##
##I debated this with myself before, and came to this conclusion: You do not
##need to protect an AppleShare File Server from viruses.
Having been an AppleShare net administrator for a couple years, and
having witnessed several viral infections on various types of server
configurations, I must strongly disagree with this statement.
##How can I make such
##a statement? Well, install the AppleShare software and maybe the
##Print Server software as well. Use something like Virus Rx and make sure
##that you did not install a virus (very unlikely if you are using original,
##locked disks).
Nevertheless, it can happen. For example, Adobe shipped many copies
of it's popular Illustrator program complete with a virus. Even if you
did use the orginal, locked disks, you were still vulnerable to infection.
##Now that your software is installed, you are safe because *THAT IS THE
##ONLY SOFTWARE EVER RUN* from the server.
Well, the server system *itself* is safe, but (as you point out
below) the client workstations are not.
##All of the other files on the
##network are data files. Viruses cannot be spread from these data files.
Not true. The Init29 virus, for example, will infect data files
as well as applications.
##Now, if you were to shut down your server, boot with another disk, and run
##some of the software that is on that server's disk *ON THE SAME SERVER
##MACHINE* then you could infect the server. But, I recommend against
##doing this.
I agree with this. If you do need to do this, (run a disk
optimization package or partition utility or something), make sure you
have Vaccine installed and turned on for the system disk which you use
to boot the machine.
##The stations on the network that are using the software from the servers
##are the ones that need to be protected. If one of them put a virus in one
##of the oft-used applications on the server, it would spread to all of the
##stations in a matter of days (or less). But since the server never runs
##this software, it will remain unscathed.
##Put your applications in locked folders so that viruses cannot be installed
##into them. Put Vaccine or something like it on all of the workstation's
##system disks. Check the workstation disks regularly.
##
This is excellent advice. This will not necessarily protect you
from spreading viruses off the server, but will do a good job. It is
necessary to check the workstation disks regularly, as people often will
turn vaccine off, or delete it, or whatever. Additionally, do what you can
to ensure your users are educated about viruses, because even if Vaccine
is installed, they may not understand what is going on, and may through
ignorance allow a virus to spread.
Certain software packages will not run in locked folders, however.
(E.G. FileMaker II, CricketDraw, WriteNow 1.0) and are therefore always
vulnerable. The only real solution is not to allow such software packages
to be installed on the file server, but this may not be possible.
Because no virus prevention technique is foolproof, you will *always*
be in danger of viral infections. Check your server with a virus detection/
removal program like Disinfectant on a regular basis.
##Michael Niehaus UUCP: <backbones>!{iuvax,pur-ee}!bsu-cs!mithomas
##Apple Student Rep ARPA: mithomas@bsu-cs.bsu.edu
##Ball State University AppleLink: ST0374 (from UUCP: st0374@applelink.apple.com)
Chris Krohn
Academic Computing and Network Services
Northwestern Universitymithomas@bsu-cs.bsu.edu (Michael Thomas Niehaus) (07/11/89)
In article <852@accuvax.nwu.edu>, chris@accuvax.nwu.edu (Chris Krohn) writes: > having witnessed several viral infections on various types of server > configurations, I must strongly disagree with this statement [about viruses infecting a server]. Virus infections of the SERVER or of the SERVER'S SOFTWARE? That is the distinction that I wanted to make. Yes, it is very easy to infect the applications software that resides on the server, but as for the server itself (actually, the server's System) it won't be infected. > Nevertheless, it can happen. For example, Adobe shipped many copies > of it's popular Illustrator program complete with a virus. Even if you > did use the orginal, locked disks, you were still vulnerable to infection. But since you would install this software from a workstation, the server (read: the server's System) would not become infected (unless you run the software from the server while the server is not serving). > Well, the server system *itself* is safe, but (as you point out > below) the client workstations are not. Sorry for not making that more clear. The original question asked if it was necessary to install Vaccine or some other virus protection ON THE SERVER ITSELF. > ##All of the other files on the > ##network are data files. Viruses cannot be spread from these data files. > > Not true. The Init29 virus, for example, will infect data files > as well as applications. I must clarify here as well: as far as the server is concerned, all of the files on its hard disk are data files. They are delivered to the stations upon request. The server never executes them (and they are never placed into the server's System Folder) so the server is not infected. > ##Now, if you were to shut down your server, boot with another disk, and run > ##some of the software that is on that server's disk *ON THE SAME SERVER > ##MACHINE* then you could infect the server. But, I recommend against > ##doing this. > > I agree with this. If you do need to do this, (run a disk > optimization package or partition utility or something), make sure you > have Vaccine installed and turned on for the system disk which you use > to boot the machine. > ##The stations on the network that are using the software from the servers > ##are the ones that need to be protected. If one of them put a virus in one > ##of the oft-used applications on the server, it would spread to all of the > ##stations in a matter of days (or less). But since the server never runs > ##this software, it will remain unscathed. > > ##Put your applications in locked folders so that viruses cannot be installed > ##into them. Put Vaccine or something like it on all of the workstation's > ##system disks. Check the workstation disks regularly. > > This is excellent advice. This will not necessarily protect you > from spreading viruses off the server, but will do a good job. It is > necessary to check the workstation disks regularly, as people often will > turn vaccine off, or delete it, or whatever. Additionally, do what you can > to ensure your users are educated about viruses, because even if Vaccine > is installed, they may not understand what is going on, and may through > ignorance allow a virus to spread. I must clarify one point again here: there is a difference between LOCKED folders and folders that you do not have WRITE ACCESS to. To be more effective, you should try to place applications in folders, then deny all users write access to that folder (modify the folder's access priviledges). > Certain software packages will not run in locked folders, however. > (E.G. FileMaker II, CricketDraw, WriteNow 1.0) and are therefore always > vulnerable. The only real solution is not to allow such software packages > to be installed on the file server, but this may not be possible. I have never had any problems with Cricket Draw (we have version 1.1). It works just fine from a non-write-access folder (read-only folder? I can't think of a good term. Just look for the little pencil with the line through it in the Finder's windows). > Because no virus prevention technique is foolproof, you will *always* > be in danger of viral infections. Check your server with a virus detection/ > removal program like Disinfectant on a regular basis. Definitely take the time to do this. It may seem like an enormous chore, but it will save you time in the long run. (I had to use the money argument at Ball State: Which would you rather do? Pay a lab assistant $3.35 an hour to check disks instead of do his homework, or would you rather have the software technicians reinstalling software at a higher price?) Ball State did have viruses on all of their machines across campus. But we gave them all copies of Interferon, Vaccine, and Virus Rx, taught them how to use them, and helped them reinstall all of their software/Systems. Now it is rare to find a virus, but they do still show up. In fact, several labs on campus now check every disk that is brought in the door for viruses. (This also allows them to check for pirated software.) -Michael -- Michael Niehaus UUCP: <backbones>!{iuvax,pur-ee}!bsu-cs!mithomas Apple Student Rep ARPA: mithomas@bsu-cs.bsu.edu Ball State University AppleLink: ST0374 (from UUCP: st0374@applelink.apple.com)