Slashdot Mirror

1). tomsrtbt Linux on a floppy - essential!
2). Windows 98SE boot floppy
3). Knoppix 3.2 bottable Linux on a CD.
4). Memtest86 bootable CD for testing RAM - excellent!
5). DOS freeware F-Prot and recent virus definitions
6). Norton's DOS utilities
7). Various HD setup utilities (eg: Western Digital, Seagate boot floppies)
8). Freesco Linux router/webserver on a floppy
9). Sample linux config files (eg: XFConfig-4, fstab, etc)
10). Frozen-Bubble bootable CD for times of stress

You administer a network of this size, and you haven't heard of anti-virus software?

Really, everybody knows Mcafee and Norton/Symantec, but F-prot blows these out of the water.

It's current.

It's fast (you can run on a P-200 and still have a usable computer!)

It's cheap. ($2/workstation, $300/server)

It runs on Windows, Linux, BSD, AIX, DOS, etc.

We use it on our Linux mail servers with excellent results as a free service to our clients.

-Ben

The sendmail patch protects machines relayed to - so people running sendmail on their mail hubs will have far less reason to worry about the machines behind them. ;-)

Note that this also applies to ISPs using something other than sendmail - any linux/*bsd user who fetchmails his inbox and then pipes it through sendmail can get rooted that way as well. At the moment, ironically enough, the only umodified MTA which is known to protect the users behind it is: sendmail!

But just in case using a sendmail security bug as a reason for upgrading to sendmail seems distasetful to you, my open source Anomy Sanitizer has had code to prevent attacks like this for quite some time now. Or if you prefer throwing money at the problem, you could sign up for a managed e-mail security service (yes, they pay my salary).

Most anti-virus software runs on Windows operating systems (for obvious reasons).

If you're looking for a solution to run on a Linux server (but still check for MS viruses), check out Vexira antivirus. It is inexpensive, automatically updates via cron, unpacks attachments (even multiple levels), and has an integrated virus checker. It can check incoming or outgoing email, or both.

I installed it about 3 weeks ago and I'm very happy with the results. It can be installed as a sendmail "Milter" if you're running a very recent version of sendmail, or as a separate SMTP server that passes the mail along to sendmail via a pipe or a different port (once it's been checked). They have a trial version so you can see if it will work before you buy it.

Most other email virus checkers require a separate program to virus check-- which means you need a MS virus checker that runs under Linux, such as Kaspersky, f-prot, or Sophos.

You could probably use the DOS or Linux version of F-Prot. It doesn't need to write anything, and it has some nice command-line options for automated scanning etc.

With a little effort, you can even fit the DOS version on a single floppy. You'll need to store it compressed, and uncompress it to a ramdisk when booting.

F-Prot for Linux, free of charge for personal use.

I'm not related with Frisk Software except that I use their software.

F-Prot Antivirus

It's also free (as in beer)...

[Sorry for AC post, already have 50 karma points]

Anyone who works in an ourward-facing business capacity (read: not most IT people, but most everyone else at the company) generally receives email from people they don't know, and they don't have the luxury of simply trashing it. If you work in customer service, marketing, accounting, sales, you have to check out these emails and see if they are for real. Fine, not the ones that are obviously spam, but the spammers are getting smarter and disguising their spam as legitimate email. Just because the address is unfamiliar doesn't mean that it can be trashed.

Here's a better solution: Only open attachments that you are EXPECTING. If Accounting from the San Diego office sends you an earnings report every week, fine. But if someone sends you a screensaver from out of the blue saying "I expect you would like it," then guess what...it's a fucking virus!

Of course, there is nothing better than vigilant virus scanning with updated virus definitions (I recommend F-Prot...free for personal or educational use). At my firm, we do a network-wide scan for viruses once a day. Our employees have been instructed to use common sense in opening e-mail, and each of them has a copy of F-Prot for Windows, so they can scan as well.

Of course, that doesn't stop Mr. or Miss Click-Happy-Luzer from spreading viruses. Those people usually wait a few days before we attend to their needs. :) That's how the game works...don't fuck with your sysadmin.

Go out and get FRISK Software'sF-Prot antivirus instead. It is competently written with timely updates. I have relied on it since before I ever heard of the internet. There are DOS, Windows (network or standalone) and ($free) Linux versions. They do not generate hype or nasty bloated programs. They do generate a good antivirus product.

I do not work for this company. I am just a satisfied customer. You can get free trials on their site. Prices: US$25/yr for single private license, US$2/machine for corporate or educational ($40min) and there are extra educational discounts.

I work with a virus removal group on the undernet that works from the channel #dmsetup. We often locate new stuff all the time. Below Im pasting all my links I usually give out to users. Included are keepers of the gates of hell (stuff you use before you get infected.) and some stuff that gets out out of hell (what you use after your girlfriend opened that attachment)

Cleaners and virus scanner suites

Housecall online antivirus scanner
PC-Cillin virus scanner suite
Central command Virus Scanner Suite
Puppet's Cleaner
Puppet's Cleaner Alternate Site
Mcafee virus removal suite
Norton Antivirus, virus removal suite
Frisk software's f-prot antivirus suite for windows dos and linux

Firewall software

Zone Alarm Firewall
Conseal Firewall

Various tools used to get out of hell or figure out what hell you are in.

Boot disk images
Dmsetup.org
Common port usage/abuses

F-Prot is from Frisk software in Reykjavik, Iceland. The Linux version is in beta right now so it's totally free.

I am using windows 2k and I hate the memory resident crap that's on the market today. I think somethings, like a free command line/dos GUI based pregram will never go obsolete.
This is a perfect example of what I'm talking about. The old dos version is free, whereas you must pay for the windows version (which i've never thought of trying) Just running this every now and then to check your downloads is a good idea, but I for one don't need memory resident protection. I wish memory resident protection would go obsolete...

Great choice, no?

and not purchase, nor recommend to anybody including my employer (2000+ PCs) McAfee's products. Or any other product that doesn't jive with what I want it to do.

Will be interesting to see what the marketplace thinks of this move when their stocks start trading again on Monday.

F-Prot isn't based in the States, and maybe they will provide the protection users want.

Alex Bischoff (not to be confused with the former "TV manager" of a certain wrestling actor's troupe in Atlanta) dun said:

That's not a bad idea, but what AV would you recommend? A product with the ability to auto-update its virus definitions at regular intervals would be a plus.

Command Antivirus has live updates for registered users; if memory serves, so does the Data Fellows version of F-Prot. (Notably: both of these use the F-Prot AV engine (damn near the best antivirus engine you can get next to AVP, and if memory serves they're even using part of the AVP engine in the latest versions) and the Data Fellows version comes in a package called F-Secure which also includes some very neat security toys.)

I don't know whether AVP has live updates or not, but I'd recommend it nonetheless; AVP is quite literally the best antivirus program one can get for Windows, bar none, and they do have trial versions (good for thirty days) for download...the registered version is not terribly expensive (around $25-30 if I remember right) and it is money well spent...if memory serves, AVP actually updates their virus list weekly, too, and updates are available on their website. If one is serious about antivirus protection I'd seriously recommend getting a copy of it...

As it is, if one is serious about antiviral protection anyways, it never hurts to have two antivirus programs on board. You use one for the standard protection which isn't quite as sensitive/more prone to false alarms like Norton or McAffee, and if that alerts you bring out the heavy-duty tools like AVP or F-Prot. (Or, if you're like me and can get both, you use Command Antivirus (read: F-Prot under a different label ;) for the main scan and AVP for the heavy guns--I've only had to do that once, when an older version of Command Antivirus didn't like a newer database update [basically they'd changed the format--no biggie, just get the upgrade])

It never hurts to practice computer "safe sex", though--I've never had virus problems, because I'm careful to the point of being neurotic :) Here goes a list of good antiviral techniques:

Don't enable HTML mail or Javascript in mail--this keeps you safe from malicious code that may activate downloads of worms that target Outlook Express, etc.

If possible, don't use Microsoft products like IE or Outlook Express or Office--there are a LOT of serious security bugs, even in the latest versions of Outlook Express and IE, that enable one to download malicious code like worms--sometimes without expressly clicking to accept (such as some worms that specifically target Outlook Express). Office, and specifically Microsoft Word 97, is downright infamous for macro viruses and worms--in fact, the single largest category of viruses anymore are Word macro viruses (and it's also the largest growth category--the year after the first Word "proof of concept" macro virus was released, there were more than 200 known in the wild--now it's something like 4000). In fact, Win95/Win98 actually have security flaws in the OS itself that allow such things to spread easily...

If you must use Microsoft products, stick with the maximum security settings you can get away with--Don't enable macros in Office and don't accept documents with macros unless they go through a reliable virus-scanner first (if possible, encourage people to send stuff in RTF or text format; Excel users, try to stick to tab or comma-delimited formatting, as Excel macro viruses are an increasing problem). Set MSIE and Outlook Express to their maximum security settings. Do not use ActiveX unless absolutely necessary (there are serious security bugs in ActiveX as compared with Java)--at the least do not allow untrusted ActiveX applets to run. Consider using more secure OS's if possible (for Microsoft-only shops, this may entail going from Win98 to WinNT or Win2000). In WinNT or Win2000 environments, only give supervisor access to those who really need it and set others to lower levels where binaries cannot be installed.

Do not read untrusted Word or Excel documents, or run untrusted executables--this expressly includes your friends--"Trusted" here means "downloaded from a known, clean, virus-free source" or "run through a reliable virus-scanner". There are a rather surprising number of worms and trojans (including more than one case of Back Orifice being distributed via a trojan sent by email, as well as cases of DDOS (distributed denial of service) clients being distributed in this fashion). This includes anything gotten in email, ICQ, etc. (Business environments--if accepting resumes by email, you may seriously want to consider asking clients to send resumes in plain text or RTF format. This may not be as pretty, but it's easier for clients to send you resumes this way and it eliminates problems with Word macro viruses.) Again, WinNT shops probably want to strongly consider limiting supervisor and administrator access to those who need it and set everyone else to levels where binaries cannot be installed (the misuse of administrator levels is one major way in which WinNT shops get infected--allWord macro viruses work on NT, and a fair amount of Win32 viruses do as well).

Get a good virus scanner and use it regularly --Norton AntiVirus is probably on the low end as far as "good virus scanners" go. I personally recommend one of the F-Prot based ones or AVP; most over on alt.comp.virus would recommend AVP first and one of the F-Prot based ones secondly. (Most also recommend you use at least two virus scanners, one for regular use and one as a backup/sanity check.) Alt.comp.virus has a lot of good info on viruses and the good and bad in antivirus software, anyways. :)

Consider using other security programs--There are firewall-type and intrusion detection programs even for Win95/Win98 systems such as Jammer--Jammer, in particular, acts as a firewall and detects things like attempted Back Orifice scans, etc. As Win95/Win98 is notoriously insecure, it's a good idea to give it any more security if you can.

Don't trade in warez--This may seem like child's play to most of us, I'm sure, but in home and even in business environments there are a lot of folks who do deal in warez. Most warez anymore (at least the downloaded kind, not the "burning a friend's copy of Win98 to CD" kind) seems to be from Russia, Brazil and China, which also happen to be rather large H/C/V centres. (It's worth noting here that it's widely thought that CIH escaped into the wild from Taiwanese warez posted to one of the Usenet warez groups that just happened to be infected with CIH; it turns out the author or a friend of the author was in one of the major warez groups.) I can't state strongly enough in regards to this that if you absolutely must use or trade warez, please for Cthulhu's sake scan the damn stuff before installing it or trading it with others so you don't infect yourself or others.

Don't assume that commercial software or "minority" OS's are immune to viruses or don't need virus-scans--Commercial software has been released before that was infected with viruses (including several demo CD's). Macs have several viruses to contend with, at least one virus is known to specifically target both WinXX and Macs, and Macs are still susceptible to Word macro viruses (and probably IRC worms, if a version of mIRC exists for Macs); at least three "proof of concept" viruses for Linux do exist, including one which apparently tries to gain root privs to perpetuate itself, and even aside from this Linux boxen are commonly used as servers for files for other OS's. You still want to virus-scan even that copy of Diablo II that you got; folks will be happier if Linux servers scan executable files for viruses. (By the way, yes, antivirus software for Linux does exist; AVP has ported its antivirus scanner to Linux, and actually has the downloads for free last I checked.)

Keep your antivirus software up to date--This is a given, and "live updates" such as featured with NAV and CAV are very nice in this regards. Don't wait for the news report on the next Worm from Hell to update, either. Monthly is a minimum, and preferably more often than that if you can (weekly is good :).

Make sure others follow these same "good computer hygiene" rules--If you run a business, explain why you have policies against people installing stuff from home computers, running executables, etc. If you're at home, explain to folks why you don't accept executables (even of that neat "dancing baby" thing) sent by mail, or HTML mail, or Word or Excel files sent by mail. Encourage others to install and use antivirus software and other security programs.

Don't panic--Panic just spreads stuff like that damned "Good Times" hoax. If someone spreads stuff like that, point them both to a site like Data Fellows which has up-to-date listings of viruses--or, preferably, the alt.comp.virus WildList, pointed to in the ACV FAQ over at ftp.uu.net and your favourite Usenet FAQ archives--and to a site like Virus Myths which has a nice list of hoaxes, etc. (so does Data Fellows, but Kumite's a bit friendlier on that); this is probably the best defense against "meme viruses" like "Good Times" that you can get ;)