Michael_Kessler.Hum@mailgate.sfsu.edu (10/18/90)
"I have run a PC lab "virus free" for the last three years. We use a Novel network, with student PCs equiped with auto-bootup ROMS on the network cards. The students cannot write to the server hard disk, only access applications and data. The student PCs do not have hard disks. No floppies are handed out by staff. Students can download shareware and licensed software. They cannot make a DOS diskette. We also run the McAlfee program (WE ARE LICENSED FOR IT!) A student can check a floppy for possible infection." Obviously that is a way of keeping a network clean, but it is not foolproof. I run a 3Com network in essentially the same manner (no home directories for students). The problem is that some educational software must be located in Read/Write/Create directories, i.e. open directories. Fortunately, unless we are dealing with a malicious act on the part of the user, the chances of getting a virus through the use of open directories are small because the applications do not require the insertion of any outside diskettes. I also use Saber Meter, and that requires a Read/Write/Create directory. So far my luck has held out. Most network administrators try to keep directories write-protected as regards everyone but themselves. However, hard disks on the local nodes tend to pick up all sorts of things, and if you happen to decide to or must administer from a public machine, once you go into the system with Read/Write/Create capabilities, you have opened it up to viruses. "They cannot make a DOS diskette." Why that policy? An aside: one LAN manager on this campus swears by 3Com for the Mac, stating that one big advantage is that an individual's account may be infected, but the virus cannot travel to other files on the disk because Mac viruses cannot travel in a DOS environment. Anyone care to comment? MKessler@HUM.SFSU.EDU