masjol@dou.dk (J|rgen Olsen) (06/03/91)
RE: LAN's as vehicle for spreading virii! - ----------------------------------------- We run an installation including 700 MAC/PC's (250+450), 8 Novell Nets, 6 3+SHARE-nets, Appletalk etc. The remarks below refers mainly to our experience with the Novell-nets in the Dep. of Social Sciences - 5 - with 120+ workstations. - ----------------------------- This is mainly a question of network management. 1. Certainly - in a university where students can load programs into the netdrives - an infected program can be spread. BUT - 2. Serious problems only arise if someone with Supervisor rights are infected when logging in to do a bit of system Admin. 3. So the combination - daily scanning of areas where users (students) can leave their (games,pirate copies (sorry) etc) and removal of same combined with carefull network management (scanning of RAM & local disk) will do the trick. 4. We still have to see a Virus infecting the Netware - without a bit of outside help - as described under 2. - ----------------- Anybody with a comment to 4. ?? - -------------------------------- Do not bother to suggest that we install TSR's etc for checking. We have tried - but a number of our applications are RAM-hungry - and some does not even like some of those TSR - e.g. they start behaving funny. But a bit of planning and prevention can do the trick - or have done so til this moment. J Olsen Academic Information Systems University of Odense Denmark
padgett%tccslr.dnet@mmc.com (A. Padgett Peterson) (06/06/91)
>From: J|rgen Olsen <masjol@dou.dk> >RE: LAN's as vehicle for spreading virii! >This is mainly a question of network management. Agreed, but one easy possibility does not seem to have been covered that is widely used on BBSes: separate upload and download directories. By making the upload directory write only for users and the download directory execute only, the administrator can provide an effective filter of what is made available to the community. Of course this places added responsibility on the administrator since a problem is traceable to him (I wonder if this is why many manufacturers ship products on non-write-protected disks, there is not much question of where an infection occurred with a notchless disk), and does introduce a delay between posting and availability. Such a scenario would have user A posting a file to the upload directory. The administrator would then SCAN the program, check for malicious behavior using an account that is unpriv'd, and check for any license restrictions. Only when satisfied that the program is low-risk would it be placed in a user-accessable area. Such a filter should also be used between software developers and user areas (but rarely is). In practise, the technique is much simpler than it sounds and need not be a burden. Padgett It works for me