dweissman@amarna.gsfc.nasa.gov (WiseGuy) (04/10/91)
What viruses (if any) affect Novell local area networks? Any DOS virus? Over a broadband/ethernet LAN? =============================================================================== = Dave Weissman - Broadband and FDDI LAN Operations Group Snail mail: NSI DECNET (SPAN) - 6153::DWEISSMAN Code 543.8 NSI TCP/IP - dweissman@128.183.112.2 Goddard Space Flight Center SPRINTnet's X.400 - Greenbelt, Maryland 20771 (C:USA,A:TELEMAIL,P:GSFC,FN:DAVID,SN:WEISSMAN ) *DISCLAIMER*DISCLAIMER*DISCLAIMER*DISCLAIMER*DISCLAIMER*DISCLAIMER*DISCLAIMER* I don't speak for nor represent the views of NASA or my company although they would both be happy if I just shut up for once......... *DISCLAIMER*DISCLAIMER*DISCLAIMER*DISCLAIMER*DISCLAIMER*DISCLAIMER*DISCLAIMER*
p1@arkham.wimsey.bc.ca (Rob Slade) (04/12/91)
dweissman@amarna.gsfc.nasa.gov (WiseGuy) writes: > What viruses (if any) affect Novell local area networks? Any DOS > virus? Over a broadband/ethernet LAN? I used to tell people that "why should a virus work on a network? Nothing else does!" However, that doesn't appear to be the case. Because of remapping of interrupts by network "shells", many viral programs will not work properly on a network. However, a number do. Network protection seems to be fairly effective against most, but not necessarily all, of these, so networks do seem to provide a measure of protection above that of "plain" MS-DOS. The people at Novell do not like unsubstantiated claims of viral programs that purportedly bypass network security, and you can't blame them. Unfortunately, substantiation is not always easy to come by, vis the company that called me about a program which reported itself as the "ICK virus" and was trashing their system. In spite of the fact that *they* were calling *me* as an expert in the field, they would not allow me to examine their system. Odd ideas of security there ... ============= Vancouver p1@arkham.wimsey.bc.ca | "Is it plugged in?" Institute for Robert_Slade@mtsg.sfu.ca | "I can't see." Research into (SUZY) INtegrity | "Why not?" User Canada V7K 2G6 | "The power's off Security | here."
viki@crash.cts.com (Victoria Harkey) (04/18/91)
It jumped around, infected and reinfected files; and it beeped at you as if it was saying , "Here's Johnny!" Another system I cleaned up had the Jerusalem-B virus; about 75 exe, com and ovl were infected on the network. They had to be deleted (cleaned and written over with a binary pattern); and then reinstalled. The Platinum package this banking system was running had a large number of files that had to be removed, and then platinum had to be reinstalled; files replaced and one module replaced. All floppy disks were inspected, and the virus was found on the 2 suspected disks. One more incident of an "Unknown virus" -- a trojan horse that activated on 4/1; it played music and that was appropriate when symphony was executed. It sounded benign -- but in the procedures to trap and erradicate it, it went into the panic mode and wiped out total access to the hard drive. Fortunately, the company had pulled this machine off line as soon as it was acting abnormally. When de-virusing a network, all workstations have to be devirused as well as all floppy disks -- something brought it in... This is a good recommendationffor diskless workstations that keep anyone from taking your valuable data off site,to the malicious or unintentional introduction of a virus on the network. There are viruses that infect data files as well as the executables and overlays. I have a favorite virus fighter than remains resident in the workstations attached to the server (or they are not allowed to attach); and the net is secure. Please be aware that the above viruses paid no heed to NetWare's SRO; they might have been secure had they been flagged EXE ONLY -- but I'm not willing to test this on a production unit. Viki Victoria Harkey Certified NetWare Engineer
jesse%altos86.Altos.COM@vicom.com (Acer - Jesse Chisholm) (04/19/91)
|dweissman@amarna.gsfc.nasa.gov (WiseGuy) writes: |> What viruses (if any) affect Novell local area networks? Any DOS |> virus? Over a broadband/ethernet LAN? About 1.5 years ago, our NOVELL network was infected with Jerusalem-B. What happened was MicroSoft-Word needs to be writable because it can reconfigure itself for some user options. What we think happened is the supervisor ran MSW from a workstation that was infected. From MSW the whole company was soon infected. Since MSW remained writable to itself, it infected itself 70 someodd times. The infection was not detected until a TSR that was being developed in the R&D department started showing eratic behavior. It worked fine the first time it was compiled and run, but never again. Because of this, and the three weeks it took to clean house, our MIS department purchased a battery of protection programs and scanning programs. We have had no network infections since. We have been infected by Stoned, Jerusalem-B, Disk-Killer at various times since then, but only on a limited number of workstations before it was detected and cleaned. We have a problem trying to keep suspect floppies out of our system, since the Taiwan office is always sending floppies to us and not everyone knows about viral protection. Its an uphill battle, but so far we are winning. - -- Jesse Chisholm | "I've UNDERSTOOD IT! Well, that is, ..., jesse@Altos86.Altos.COM | I'm not exactly sure WHAT I've understood, Tel 1-408-432-6200x4810 | but I have the impression I've understood Fax 1-408-434-0273 | SOMETHING." -- Anselm Lanturlu