Michael_Kessler.Hum@mailgate.sfsu.edu (11/07/90)
I have just spent a couple of days removing the Jerusalem B virus from files on a 3Com/3+Share network. In the process, we discovered the existence of the Stoned and Stoned II virus in some local drives, and the Alameda virus on some diskettes. The problem, aside from the infection itself, is the following: administrative and academic computing (i.e. students and faculty) are on the same network. Administrative computing is ready to keep students off the network if our infections re-occur, and in fact, the last infection found indicated that this occured through student stations (which have no hard disks). Because we use start chips, it appears that shields cannot be used on these stations. Some of the strategies we are using are as follows: 1. Already, students cannot generally get on the network and use their own software. The menus system is locked, although anyone knowing how to get to the shell from a software package can of course bypass the protection. 2. To avoid infecting the network should a student use outside software on various stations, we recommend that all stations be turned off after use so that nothing stays in memory (Jerusalem B survives warm reboots). 3. Administrative and academic usage will be kept on separate servers. We had one network utility which required an open directory that was shared between the two sides, and I think that this is how the infection migrated. 4. Until the infection, WordPerfect was in a single open directory. Now it is in a read-only directory, but linked to its SETUP files in an open directory. The common wisdom around here is that write protected files can get infected, but files in read-only directories will not be infected. Question: Should such strategies suffice for most viruses, or am I indulging in some wishful thinking? For those programs requiring read- write directories, would it help if they were kept on segregated partitions or is such a separation of no importance? Any comments would be appreciated. MKessler@HUM.SFSU.EDU