Slashdot Mirror

← Back to Domains

Domain: agnitum.com

Stories and comments across the archive that link to agnitum.com.

Comments · 51

  1. Re:Give a little, get a lot by Windigo+The+Feral+(N · · Score: 2 · on Symantec Tries to Censor Criticism

    Alex Bischoff (not to be confused with the former "TV manager" of a certain wrestling actor's troupe in Atlanta) dun said:

    That's not a bad idea, but what AV would you recommend? A product with the ability to auto-update its virus definitions at regular intervals would be a plus.

    Command Antivirus has live updates for registered users; if memory serves, so does the Data Fellows version of F-Prot. (Notably: both of these use the F-Prot AV engine (damn near the best antivirus engine you can get next to AVP, and if memory serves they're even using part of the AVP engine in the latest versions) and the Data Fellows version comes in a package called F-Secure which also includes some very neat security toys.)

    I don't know whether AVP has live updates or not, but I'd recommend it nonetheless; AVP is quite literally the best antivirus program one can get for Windows, bar none, and they do have trial versions (good for thirty days) for download...the registered version is not terribly expensive (around $25-30 if I remember right) and it is money well spent...if memory serves, AVP actually updates their virus list weekly, too, and updates are available on their website. If one is serious about antivirus protection I'd seriously recommend getting a copy of it...

    As it is, if one is serious about antiviral protection anyways, it never hurts to have two antivirus programs on board. You use one for the standard protection which isn't quite as sensitive/more prone to false alarms like Norton or McAffee, and if that alerts you bring out the heavy-duty tools like AVP or F-Prot. (Or, if you're like me and can get both, you use Command Antivirus (read: F-Prot under a different label ;) for the main scan and AVP for the heavy guns--I've only had to do that once, when an older version of Command Antivirus didn't like a newer database update [basically they'd changed the format--no biggie, just get the upgrade])

    It never hurts to practice computer "safe sex", though--I've never had virus problems, because I'm careful to the point of being neurotic :) Here goes a list of good antiviral techniques:

    Don't enable HTML mail or Javascript in mail--this keeps you safe from malicious code that may activate downloads of worms that target Outlook Express, etc.

    If possible, don't use Microsoft products like IE or Outlook Express or Office--there are a LOT of serious security bugs, even in the latest versions of Outlook Express and IE, that enable one to download malicious code like worms--sometimes without expressly clicking to accept (such as some worms that specifically target Outlook Express). Office, and specifically Microsoft Word 97, is downright infamous for macro viruses and worms--in fact, the single largest category of viruses anymore are Word macro viruses (and it's also the largest growth category--the year after the first Word "proof of concept" macro virus was released, there were more than 200 known in the wild--now it's something like 4000). In fact, Win95/Win98 actually have security flaws in the OS itself that allow such things to spread easily...

    If you must use Microsoft products, stick with the maximum security settings you can get away with--Don't enable macros in Office and don't accept documents with macros unless they go through a reliable virus-scanner first (if possible, encourage people to send stuff in RTF or text format; Excel users, try to stick to tab or comma-delimited formatting, as Excel macro viruses are an increasing problem). Set MSIE and Outlook Express to their maximum security settings. Do not use ActiveX unless absolutely necessary (there are serious security bugs in ActiveX as compared with Java)--at the least do not allow untrusted ActiveX applets to run. Consider using more secure OS's if possible (for Microsoft-only shops, this may entail going from Win98 to WinNT or Win2000). In WinNT or Win2000 environments, only give supervisor access to those who really need it and set others to lower levels where binaries cannot be installed.

    Do not read untrusted Word or Excel documents, or run untrusted executables--this expressly includes your friends--"Trusted" here means "downloaded from a known, clean, virus-free source" or "run through a reliable virus-scanner". There are a rather surprising number of worms and trojans (including more than one case of Back Orifice being distributed via a trojan sent by email, as well as cases of DDOS (distributed denial of service) clients being distributed in this fashion). This includes anything gotten in email, ICQ, etc. (Business environments--if accepting resumes by email, you may seriously want to consider asking clients to send resumes in plain text or RTF format. This may not be as pretty, but it's easier for clients to send you resumes this way and it eliminates problems with Word macro viruses.) Again, WinNT shops probably want to strongly consider limiting supervisor and administrator access to those who need it and set everyone else to levels where binaries cannot be installed (the misuse of administrator levels is one major way in which WinNT shops get infected--allWord macro viruses work on NT, and a fair amount of Win32 viruses do as well).

    Get a good virus scanner and use it regularly --Norton AntiVirus is probably on the low end as far as "good virus scanners" go. I personally recommend one of the F-Prot based ones or AVP; most over on alt.comp.virus would recommend AVP first and one of the F-Prot based ones secondly. (Most also recommend you use at least two virus scanners, one for regular use and one as a backup/sanity check.) Alt.comp.virus has a lot of good info on viruses and the good and bad in antivirus software, anyways. :)

    Consider using other security programs--There are firewall-type and intrusion detection programs even for Win95/Win98 systems such as Jammer--Jammer, in particular, acts as a firewall and detects things like attempted Back Orifice scans, etc. As Win95/Win98 is notoriously insecure, it's a good idea to give it any more security if you can.

    Don't trade in warez--This may seem like child's play to most of us, I'm sure, but in home and even in business environments there are a lot of folks who do deal in warez. Most warez anymore (at least the downloaded kind, not the "burning a friend's copy of Win98 to CD" kind) seems to be from Russia, Brazil and China, which also happen to be rather large H/C/V centres. (It's worth noting here that it's widely thought that CIH escaped into the wild from Taiwanese warez posted to one of the Usenet warez groups that just happened to be infected with CIH; it turns out the author or a friend of the author was in one of the major warez groups.) I can't state strongly enough in regards to this that if you absolutely must use or trade warez, please for Cthulhu's sake scan the damn stuff before installing it or trading it with others so you don't infect yourself or others.

    Don't assume that commercial software or "minority" OS's are immune to viruses or don't need virus-scans--Commercial software has been released before that was infected with viruses (including several demo CD's). Macs have several viruses to contend with, at least one virus is known to specifically target both WinXX and Macs, and Macs are still susceptible to Word macro viruses (and probably IRC worms, if a version of mIRC exists for Macs); at least three "proof of concept" viruses for Linux do exist, including one which apparently tries to gain root privs to perpetuate itself, and even aside from this Linux boxen are commonly used as servers for files for other OS's. You still want to virus-scan even that copy of Diablo II that you got; folks will be happier if Linux servers scan executable files for viruses. (By the way, yes, antivirus software for Linux does exist; AVP has ported its antivirus scanner to Linux, and actually has the downloads for free last I checked.)

    Keep your antivirus software up to date--This is a given, and "live updates" such as featured with NAV and CAV are very nice in this regards. Don't wait for the news report on the next Worm from Hell to update, either. Monthly is a minimum, and preferably more often than that if you can (weekly is good :).

    Make sure others follow these same "good computer hygiene" rules--If you run a business, explain why you have policies against people installing stuff from home computers, running executables, etc. If you're at home, explain to folks why you don't accept executables (even of that neat "dancing baby" thing) sent by mail, or HTML mail, or Word or Excel files sent by mail. Encourage others to install and use antivirus software and other security programs.

    Don't panic--Panic just spreads stuff like that damned "Good Times" hoax. If someone spreads stuff like that, point them both to a site like Data Fellows which has up-to-date listings of viruses--or, preferably, the alt.comp.virus WildList, pointed to in the ACV FAQ over at ftp.uu.net and your favourite Usenet FAQ archives--and to a site like Virus Myths which has a nice list of hoaxes, etc. (so does Data Fellows, but Kumite's a bit friendlier on that); this is probably the best defense against "meme viruses" like "Good Times" that you can get ;)