CCTR132@csc.canterbury.ac.nz (Nick FitzGerald) (01/31/91)
In V4 #17 (Mon, 28 Jan 91) rtravsky@CORRAL.UWyo.Edu (Richard W Travsky) wrote: >[deletions] > 1. Viral Software > a. Viral scanning/cleaning software will not be used unless the > accompanying documentation has been read by the support person > doing the scan/cleanup. > b. Viral scanning/cleaning software should be kept reasonably up to date. >[As stated, we've had fairly low virus activity, so being up to date with >the latest is not real important - yet.] > c. More than software product should be used for cross checking purposes. > d. After removal of a virus, the machine/disk should be re-scanned to > verify removal. I would disagree on point b. - you should keep as up to date as there is. Whilst the virii you are most likely to experience are "old" and widely distributed, the newest scanner might one day save you from a very recent hard disk trasher. Unfortunately, it is difficult to convince most users (and "the powers that be") to go to the little extra trouble of updating their external virus file (or the software itself) as often as possible (unless they have been caught already). > 2. Maintenance >[good practices deleted] > c. All diagnostic disks will have write protect tabs. NO!! All such disks should be UNNOTCHED. Get one of your tech's to bypass the write-protect switch on drive B: on ONE machine that is in a very secure place. Make copies of diagnostics disks, installation disks (more below) etc onto disks that have not been notched. It may take a bit of effort on your part to find a supply, but do so and use them. (We found a ready supply in our safe - multiple copies of obsolete software packages like PC (IBM) DOS, PC-SAS.) For 3.5" disks pry the slide thingy out. (That's what I don't like about 3.5" disks compared to notchless 5.25" disks - a user with malicious intent can easily disable write-protection and then enable it without leaving any obvious signs of it). > d. If software is being restored to someone's machine (like a backup, > format, and then a restore) the disks should be checked for infection. > > 3. Installs >[We install software - like PC SAS - on users' machines. > a. When possible, install disks will have write protect tabs. > b. When write protect tabs can not be used, the install disks will be > checked for infection upon return. >[Some software, like dBase 4 we found, writes to the install floppy during >installation.] > c. User's machine should be checked for infection. >[This would take care of b .] Similar comments as above re write-protect tabs. Installation procedures that write to the installation disks are the pits. The sooner that vendors take the virus threat seriously, and start distributing their software on *unnotched* disks the better - McAfee Associates, are you listening? Some software licences we have allow us to install on many machines - we copy the original disks to notchless ones and distribute these to the users who want to install the programs. (We only do installation ourselves if specially asked - we would spend all our time doing them otherwise.) This may seem paranoid, but (before I started here) there was a case of the notched but write-protected disks our working copy was on coming back infected. The user had taken the tabs off the disks - because of past experience with install programs that required write access to the distribution disks - and dutifully stuck them back on when the installation was complete. This was not an intentionally malicious act. >[further good practices deleted] My recommendations above may seem a little strong for some, but I would say you're kidding yourself if you think you don't have to go to these lengths. Possible exception - *everyone* at your site who will *ever* have access to your disks and/or machines *always* does *everything* that *perfect* users *should* do. Get the point? Can't remember where, but I read the following somewhere: "Once is happenstance, twice is coincidence, three times is enemy action". With virii, "Once is enemy action", and you have to be very careful if you want to prevent that one event. - --------------------------------------------------------------------------- Nick FitzGerald, PC Applications Consultant, CSC, Uni of Canterbury, N.Z. Internet: n.fitzgerald@csc.canterbury.ac.nz Phone: (64)(3) 642-337