Results 1 to 4 of 4

Thread: Virus

  1. #1
    3 Star Lounger
    Join Date
    May 2001
    Location
    Mount Vernon, Washington, USA
    Posts
    305
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Virus

    I need to know the best virus protection and firewall program. Our business got hit with the W32Nimda.A virus. We can't afford to have this happen again. We currently have Norton. Any suggestions for better protection???
    lynndelap

  2. #2
    Bronze Lounger
    Join Date
    Feb 2001
    Location
    England
    Posts
    1,306
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus

    Hi
    Norton what? Norton Anti Virus kept up to date is as good as it gets. For Windows 2000 Professional, get 2001, and for XPP, 2002.
    For a corporate Firewall, you could do worse than Zone Alarm Pro (the version you have to buy for business use), but if you want a preview pop over to my web site and try the freeware. Don't forget the Zone Log Analyser to go with it.

    If you got hit by Nimda, whilst you're there it might be worth a thorough study of my Attack and Defence page - with appropriate follow up to the links and documents.
    When you've done all that, if you still want to pay a consultant to look at your security - let me know - I must have missed something out, though for simplicity I do not emphasise server or LAN matters.
    Also it would be useful for you to read the posts on this Board by RM Rucker. Much of what I recommend on-site is a distillation of this correspondence.

    Luck

  3. #3
    5 Star Lounger
    Join Date
    Feb 2001
    Location
    Youngstown, Ohio, USA
    Posts
    705
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Re: Virus

    When the Nimda.A virus was fairly new, our office installed IE6 and the SP2 "fix" for Office 2000 as a preventative measure. Within the day, I found out how vulnerable these fixes were when I went to a web site that had been infected. SP2 has done nothing but irritate me to no end, and IE6 would have let Nimda run rampant on my PC (and then our network)... except that I was running an up to date version of Computer Associate's 'InoculateIT'. Although this freeware is no longer available, it was incorporated into the commercial release <A target="_blank" HREF=http://www3.ca.com/Solutions/Product.asp?ID=3243>eTrust EZ Armor</A>. Given the frequency of updates CA puts out for InoculateIT and its success to date, I would expect eTrust EZ Armor to be a reliable security suite (AV & firewall). Hopefully someone out there will be able to give some additional clarifications on this?

    One other caveat -- make sure to educate the users at your site on some of the basic self-defense measures that all internet users should be aware of. I've heard it said before that "A foolproof system never accounts for the ingenuity of fools." Merc has some very good pointers available on his site. <img src=/S/bow.gif border=0 alt=bow width=15 height=15>

  4. #4
    Bronze Lounger
    Join Date
    Feb 2001
    Location
    England
    Posts
    1,306
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Virus

    Hi Dave
    The Nimda was a particularly nasty form of infection, as it could get to you in a variety of ways. Since one of these at least was via scripting, as well as the latest IE, you also need the latest MS JVM (as this controls javascript as well as Java applets). For whatever reason, IE6 does not always give you VM 5.00.3802 - I know, because it happened to me. My first VM with IE6 was 5.00.3209, which has holes which could be exploited.
    You could avoid infection by setting your standard Internet Zone in IE Security as a Restricted type of site i.e. everything Disabled. You then also made OE open in Restricted mode. Without active content enabled, one couldn't have got the worm, unless you'd put the site into a Trusted Zone, with things enabled. These are the settings suggested by RM Rucker, and so far they've worked for me. When you come to a page that won't load properly, or won't let you send Search queries or form details, you think carefully, then you put it into Trusted. A button on the bar (RM Rucker again) makes this convenient : #85 from my site.
    Whereas it's true IE6 would have let you run the inimical script, that's only because the default settings thought up by MS are so naff. Had you disabled the appropriate settings, you'd have been safe from attack in this direction.

    Cheers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •