infoadm@CS.HW.AC.UK (The Heriot-Watt Info-Server) (07/11/89)
[Ed. The following is a discussion taken from comp.sys.mac regarding the protection of Appleshare file servers from viruses.] From: mmccann@hubcap.clemson.edu (Mike McCann) Newsgroups: comp.sys.mac Subject: Virus Protection for AppleShare File Servers? Date: 9 Jul 89 07:00:29 GMT Organization: Clemson University, Clemson, SC Lines: 14 How does one protect the AppleShare file server from viruses? Will running Vaccine on it work? Or will the dialog box produced upon detection of a virus hang the server? Also as a new administrator of a small AppleShare network, any other helpful hints will be welcomed. Thanks for the help, Mike McCann (803) 656-3714 Internet = mmccann@hubcap.clemson.edu Poole Computer Center (Box P-21) UUCP = gatech!hubcap!mmccann Clemson University Bitnet = mmccann@clemson.bitnet Clemson, S.C. 29634-2803 DISCLAIMER = I speak only for myself. From: mithomas@bsu-cs.bsu.edu (Michael Thomas Niehaus) Newsgroups: comp.sys.mac Subject: Re: Virus Protection for AppleShare File Servers? Date: 10 Jul 89 05:06:56 GMT Organization: CS Dept, Ball St U, Muncie, IN, USA In article <5956@hubcap.clemson.edu>, mmccann@hubcap.clemson.edu (Mike McCann) writes: > How does one protect the AppleShare file server from viruses? Will > running Vaccine on it work? Or will the dialog box produced upon > detection of a virus hang the server? I debated this with myself before, and came to this conclusion: You do not need to protect an AppleShare File Server from viruses. How can I make such a statement? Well, install the AppleShare software and maybe the Print Server software as well. Use something like Virus Rx and make sure that you did not install a virus (very unlikely if you are using original, locked disks). Now that your software is installed, you are safe because *THAT IS THE ONLY SOFTWARE EVER RUN* from the server. All of the other files on the network are data files. Viruses cannot be spread from these data files. Now, if you were to shut down your server, boot with another disk, and run some of the software that is on that server's disk *ON THE SAME SERVER MACHINE* then you could infect the server. But, I recommend against doing this. The stations on the network that are using the software from the servers are the ones that need to be protected. If one of them put a virus in one of the oft-used applications on the server, it would spread to all of the stations in a matter of days (or less). But since the server never runs this software, it will remain unscathed. > Also as a new administrator of a small AppleShare network, any other > helpful hints will be welcomed. Put your applications in locked folders so that viruses cannot be installed into them. Put Vaccine or something like it on all of the workstation's system disks. Check the workstation disks regularly. > Mike McCann (803) 656-3714 Internet = mmccann@hubcap.clemson.edu > Poole Computer Center (Box P-21) UUCP = gatech!hubcap!mmccann > Clemson University Bitnet = mmccann@clemson.bitnet > Clemson, S.C. 29634-2803 DISCLAIMER = I speak only for myself. - -Michael - -- Michael Niehaus UUCP: <backbones>!$iuvax,pur-ee!bsu-cs!mithomas Apple Student Rep ARPA: mithomas@bsu-cs.bsu.edu Ball State University AppleLink: ST0374 (from UUCP: st0374@applelink.apple.com ) From: chris@accuvax.nwu.edu (Chris Krohn) Newsgroups: comp.sys.mac Subject: Re: Virus Protection for AppleShare File Servers? Message-ID: <852@accuvax.nwu.edu> Date: 10 Jul 89 17:14:04 GMT Organization: Northwestern Univ. Evanston, Il. Lines: 84 In article <8148@bsu-cs.bsu.edu> mithomas@bsu-cs.bsu.edu (Michael Thomas Niehaus) writes: ##> How does one protect the AppleShare file server from viruses? Will ##> running Vaccine on it work? Or will the dialog box produced upon ##> detection of a virus hang the server? ## ##I debated this with myself before, and came to this conclusion: You do not ##need to protect an AppleShare File Server from viruses. Having been an AppleShare net administrator for a couple years, and having witnessed several viral infections on various types of server configurations, I must strongly disagree with this statement. ##How can I make such ##a statement? Well, install the AppleShare software and maybe the ##Print Server software as well. Use something like Virus Rx and make sure ##that you did not install a virus (very unlikely if you are using original, ##locked disks). Nevertheless, it can happen. For example, Adobe shipped many copies of it's popular Illustrator program complete with a virus. Even if you did use the orginal, locked disks, you were still vulnerable to infection. ##Now that your software is installed, you are safe because *THAT IS THE ##ONLY SOFTWARE EVER RUN* from the server. Well, the server system *itself* is safe, but (as you point out below) the client workstations are not. ##All of the other files on the ##network are data files. Viruses cannot be spread from these data files. Not true. The Init29 virus, for example, will infect data files as well as applications. ##Now, if you were to shut down your server, boot with another disk, and run ##some of the software that is on that server's disk *ON THE SAME SERVER ##MACHINE* then you could infect the server. But, I recommend against ##doing this. I agree with this. If you do need to do this, (run a disk optimization package or partition utility or something), make sure you have Vaccine installed and turned on for the system disk which you use to boot the machine. ##The stations on the network that are using the software from the servers ##are the ones that need to be protected. If one of them put a virus in one ##of the oft-used applications on the server, it would spread to all of the ##stations in a matter of days (or less). But since the server never runs ##this software, it will remain unscathed. ##Put your applications in locked folders so that viruses cannot be installed ##into them. Put Vaccine or something like it on all of the workstation's ##system disks. Check the workstation disks regularly. ## This is excellent advice. This will not necessarily protect you from spreading viruses off the server, but will do a good job. It is necessary to check the workstation disks regularly, as people often will turn vaccine off, or delete it, or whatever. Additionally, do what you can to ensure your users are educated about viruses, because even if Vaccine is installed, they may not understand what is going on, and may through ignorance allow a virus to spread. Certain software packages will not run in locked folders, however. (E.G. FileMaker II, CricketDraw, WriteNow 1.0) and are therefore always vulnerable. The only real solution is not to allow such software packages to be installed on the file server, but this may not be possible. Because no virus prevention technique is foolproof, you will *always* be in danger of viral infections. Check your server with a virus detection/ removal program like Disinfectant on a regular basis. ##Michael Niehaus UUCP: <backbones>!$iuvax,pur-ee!bsu-cs!mithomas ##Apple Student Rep ARPA: mithomas@bsu-cs.bsu.edu ##Ball State University AppleLink: ST0374 (from UUCP: st0374@applelink.apple.com) Chris Krohn Academic Computing and Network Services Northwestern University From: johnroc@ucsco.UCSC.EDU (John Rocchio) Newsgroups: comp.sys.mac Subject: AppleShare and virus Date: 10 Jul 89 18:10:13 GMT Organization: UCSC Computing and Telecommunications Services Lines: 26 Here is some info I retrived from AppleLink: AppleShare Security: How Secure Against Viruses Is It? This article last reviewed: 23 March 1989 Q: How secure is AppleShare from viruses? Users recognize the threat to folders where others have write access and the ability to affect others using applications contained in those folders, but what about the Server Folder itself? Is the running of VACCINE on an AppleShare server indicated? Is there something better? Is it possible to issue low-level I/O calls (PBWrite and lower?) to server volumes (bypassing any AppleShare built-in security) from other Macintosh systems on the network? A: The AppleShare server folder itself is quite secure when the server is running. Is it not accessible by any system call, whether high-level or low-level. A virus would only be able to attack folders and files that it has access to. It is not necessary or recommended to install Vaccine in the Server folder on the AppleShare server. If the server is running at the Finder level, it is just as susceptible to viruses as any system. Copyright 1989 Apple Computer, Inc. disclaimer disclaimer disclaimer disclaimer disclaimer disclaimer disclaimer...