MDR100T@ODUVM.BITNET (Margie Rogis) (06/19/89)
Here at Old Dominion University, our internal auditors have asked that a virus policy be adopted. We are forming a working group, composed of a mainframe systems person, pc/lab person, and academic services person. I joined this list in the hopes of learning from those who have gone before! I am seeking any advice, or policies set up by other institutions which could help us define our own. I suppose we would like to address prevention, detection, and recovery, as well as procedures for dealing with anyone caught trying to infect any of our systems. Any responses would be GREATLY appreciated.
kelly@uts.amdahl.com (Kelly Goen) (06/22/89)
Hi margie,
having dealt with this problem as a consultant at a couple of
silicon valley corps I have just one issue to raise from your article.
In most cases the person who is the human causative agent in the
spread of an infection is in most cases totally unaware that some of
the disk that he/she/it is using are infected... thus it is kind of
hard to discipline that person... what could be done instead is to set
up a test cpu that the software can be run on first to attempt to
detect evidence of infectious agents(of course if the virus in
question has a sufficiently long pre-trigger level even that may not
be sufficient) (n.b. a pre-trigger is used in this context to describe
an interval that the virus will not manifest its infectious
capability)
kelly goen
CSS Inc.lmi312@leah.Albany.EDU (TheBabeWithThePwr) (06/26/89)
> Here at Old Dominion University, our internal auditors have asked that a > virus policy be adopted. We are forming a working group, composed of a > mainframe systems person, pc/lab person, and academic services person. > > I joined this list in the hopes of learning from those who have gone > before! I am seeking any advice, or policies set up by other > institutions which could help us define our own. > > I suppose we would like to address prevention, detection, and recovery, as > well as procedures for dealing with anyone caught trying to infect any > of our systems. > > Any responses would be GREATLY appreciated. Although there is no real policy set at my school, SUNY Albany, there was a student who did write and release a virus on our system. To the best of my knowledge, he was fined and disusered...supposedly he is now attending MIT.