Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Central Repository for Virus Information?

Posted by Cliff on from the forewarned-is-forearmed dept.

four12 asks: "I've been doing more work lately with network security and tightening things up. My new employer has been pretty lax over the years with such things and has come to the realization that their luck has to be wearing thin. I have noticed an dissonance of information between the various virus information sites. McAfee will have a 'prolific' worm listed, but Symantec and Trend say nothing about it and vice versa. It makes me wonder first of all, is my anti-virus system catching things as fast as the other systems? Is there a place that I can go that digests the latest threats and information down in to a nice, clean webpage? I already have too many listserv subscriptions and don't want to wade through a dozen webpages trying to correlate what is out there."

26 comments

  1. CERT by setzman · · Score: 5, Informative

    They seem to have a lot of the current advisories and stuff here.

    --
    C:\>
  2. scary by Tumbleweed · · Score: 0, Funny

    I hope you don't work for a petroleum company - I hear that DaVinci virus is pretty nasty!

  3. An inflection point for Outlook? by gruntvald · · Score: 4, Interesting

    It seems to me that we are getting close to the inflection point for Outlook, where it's benefits are too adversely affected by it's security record. Following bugtraq, we are now at the point where even plaintext messages can trigger javascript. Absurd.

  4. Don't Rely Exclusivly on Anti-Virus! by zulux · · Score: 3, Informative

    The antivirus vendors can only release their updated file - AFTER the virus has started to spread, the receive a copy and patch and test. This could take *DAYS*.

    Some people think that a properly created worm/virus could spread over the entire available host populations in under 15 min from release.

    More Info Worhal Virus

    Add atachement mangeling, removal, and remove vunerable email client for example; Outlook with with it's own exploits and it's embeded HTML (Explorer) with it's own list of exploits are unacceptable for a networked computing environment.

    --

    Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.

    1. Re:Don't Rely Exclusivly on Anti-Virus! by a.koepke · · Score: 1

      I have used this strategy in my work environment. Things like scr, bat, exe, vbs, pif etc are all blocked without even bothering to scan them. If they pass the first level of checks they are then scanned using Sophos anti-virus before being delivered to the user. All the users that are on PC's have Outlook 2000 or XP and have the dangerous attachment blocking enabled and access emails in the restricted zone meaning no scripting will be ran. Each PC is then also installed with Sophos anti-virus. The mailserver has a specific email address setup on it that is subscribed to the Sophos Alerts system. When a new update is available due to a newly released virus it will download the update automatically meaning that it is the most up-to-date that it can be. As you can see we have 2 levels of Anti-virus and 2 levels of general attachment blocking and then script blocking too. Don't rely on just one level of protection.

      --


      (\(\
      (^.^)
      (")")
      *This is the cute bunny virus, please copy this into your sig so it can spread
  5. Windows Update by crow · · Score: 2, Insightful

    Almost all the virus problems are Windows-based, and a large majority of the problems occur after Microsoft has released patches. Hence, any comprehensive security plan should include some method of insuring that all critical security updates are applied throughout the company.

    Beyond that, it's a race between Microsoft patching bugs and the anti-virus companies detecting the exploits.

    1. Re:Windows Update by chemburn · · Score: 1

      The only reason this is, is because the mass majority of computer morons that are on the internet are using Windows. More software has been developed for windows, and the possibility for infection is better. Linux and other os's are not as popular, and usually have more advanced users using the systems. I personally haven't seen many viruses developed for linux, or advisories for them. There are quite a few exploits listed, but none have really been taken advantage of. The reason one write a virus is to make it communicable, and using the most popular platform for that communication means the biggest effect.

  6. One anti-virus? by spumoni_fettuccini · · Score: 1
    anti-virus system catching things as fast as the other systems?

    If you're getting into the security ballgame you may wind up looking at various sources as a matter of fact. Going with the multi-layered defense, I routinely go to two anti virus sites, one RAT/Trojan site, and a hoax site [www.vmyths.com]. We also block any executable at the gateway, that cuts the majority of your problem there [none of our users need those kinds of files].

    --
    -- Some days you're the dog; some days you're the hydrant.
  7. isnt that wat usenet and kazza are? by Unknown+Poltroon · · Score: 2, Funny

    I mean, thats where i get all my viri from.

    --
    All Troll + "offtopic" mods are meta moderated as "Unfair", because you abused the system.
  8. US Dept of Energy website by Kiaser+Zohsay · · Score: 3, Informative

    http://www.ciac.org/ciac/

    Pretty comprehensive across platforms, OSs, viruses, hoaxes, buffer overflows...

    Best of all, they're not trying to sell you something.

    --
    I am not your blowing wind, I am the lightning.
    1. Re:US Dept of Energy website by Anonymous Coward · · Score: 0

      Best of all, they're not trying to sell you something.

      They don't need to. You've already paid for it with their mandatory annual subscription plan, with payments due on April 15 of each year.

      It's a wonderful plan: your fees are driven (in part) by your resources. They charge you for the whole spiel, regardless of whether you use all, some or none of their features. And their EULA is the most complex and self-contradictory ever, having been developed over 200 years by many authors with disparate styles and agendas.

      We scoff at Macro$loth's new licensing scheme, but they're just taking cues from the true expert in the field.

      Why do they need to sell it to you, when you've already paid for it ahead of time, against your will, whether you use it or not?

  9. The simple answer by dlosey · · Score: 0, Redundant

    It makes me wonder first of all, is my anti-virus system catching things as fast as the other systems? Is there a place that I can go that digests the latest threats and information down in to a nice, clean webpage?

    Nope and Nope

    Humor, moderators, Humor.. okay some truth too.

  10. IntelliShield by ModernCelt · · Score: 2, Informative
    Is there a place that I can go that digests the latest threats and information down in to a nice, clean webpage?

    TruSecure IntelliShield is one such service, but it is not free. It pulls together information about a vulnerability from various vendors, mailing lists, and such, and puts it all under one issue. It also has alerts and a shared task list for managing your organization's response to a vulnerability. The alerts can be useful given the fast-spreading nature of recent worms. The task list is less useful since organizations large enough to benefit from it probably have something similar internally.

    I have no affiliation with TruSecure, yadda yadda yadda, I just previewed their service for a former employer.

  11. Yes, Its called Outlook by Anonymous Coward · · Score: 0

    Although M$ Outlook is commonly mistaken for a mail client, it is acually a distributed P2P virus database which is brilliantly designed to uniformly distribute samples of each possible new virus as rapidly and uniformly as possible. Another fine example of M$ Innovation!

  12. Re:The grammar of your post is annoying by four12 · · Score: 1

    Apparently punctuation and capitalization don't count, either.

  13. Ethically ironic isn't it: by eyepeepackets · · Score: 2, Insightful

    Ethically ironic isn't it:

    - MS's poorly designed and implemented product is the primary cause we have a virus problem (80,000 + viruses at last count);

    - first thing I see when I log onto /. are banner ads for MS product!

    Doh, I forgot: Raking in cash is better than taking the high ground and considering one'
    s actions and behavior in the context of ethical social behavior.

    Guess ./ forgot too, eh?

    --
    Everything in the Universe sucks: It's the law!
    1. Re:Ethically ironic isn't it: by Anonymous Coward · · Score: 0
      A business has to survive. If you would like to not see ads from Microsoft, Slashdot gives you the option to buy a subscription and not see any ads. This gives you two benefits: 1) No/fewer ads and, more importantly, 2) You can help support a great site!


      just my .02

    2. Re:Ethically ironic isn't it: by eyepeepackets · · Score: 1

      There ya go man, be as evasive as you can!

      Seriously though, justifying unethical behavior just because it's "business" is pure BS (that's bullshit, not to be confused with B.S. though many say there is a direct corelation between the two. :) )

      Thanks for the information about getting the subscription though, that was interesting and possibly useful provided I don't log in and see MicroShiite advertising for their latest attempt to cheat the fools and suckers of the world.

      As for the great site -- it was, could be again, but until they get rid of this "business first" attitude, their product will continue to be seriously compromised. I know full well how good /. was before they owners sold it to the "business" folks.

      Have a good one Mr. AC.

      --
      Everything in the Universe sucks: It's the law!
    3. Re:Ethically ironic isn't it: by pfleming · · Score: 1

      Welcome to the new paradigm, where businesses must actually have a plan. We will miss the days that one could justify burning millions because of the number of eyeballs.
      Now, the advertising revenue is smaller and real value has to be considered. Is it worth more to you to not have /. or to see an ad? Or is it worth more to buy a subscription and not see the ad at all? Now that the net has come out to the real world of valuations and investors aren't throwing goog money after bad, these guys at least need to break even to stay around.

  14. Take the weight off... by DoctorRad · · Score: 1
    Try Messagelabs or similar for pretty much 100% effective e-mail virus filtering. They use the top four anti-virus solutions to catch everything that's known about, followed by heuristic analysis to catch anything suspicious that's not been seen before.

    They recommend using a conventional anti-virus solution to catch the 2% of viruses coming into your establishment on portable media, but they'll keep your mail pretty damn clean.

    I don't work for them (my partner used to work for part of the same outfit), but I have been an end user of their solution. Good stuff, and they do anti-spam as well...

    Matt...

    --

    Save the Bottom Line
    1. Re:Take the weight off... by Ed+Almos · · Score: 2, Informative

      Too right

      A friend of mine used Messagelabs during his last job in the UK and he reckons that they are the best thing out there. Over eighteen months he had ZERO virus hits on a sixty-user site and this was during the Code Red / Nimda boom times.

      Speak to Messagelabs

      Ed Almos

      --
      The more corrupt the state, the more numerous the laws. - Tacitus, 56-120 A.D.
  15. or... by REBloomfield · · Score: 1
    Buy a product such as Sybari Antigen, which uses four different companies engines. That way, you should catch most stuff...

    When I went to speak to Sophos at a show, they actually took me to Sybari's stand :)

  16. Central Repository for Virus Information by Anonymous Coward · · Score: 0

    I'm sure that there's at least one in Iraq. Just we couldn't find it yet.