A Central Repository for Virus Information?

four12 asks: "I've been doing more work lately with network security and tightening things up. My new employer has been pretty lax over the years with such things and has come to the realization that their luck has to be wearing thin. I have noticed an dissonance of information between the various virus information sites. McAfee will have a 'prolific' worm listed, but Symantec and Trend say nothing about it and vice versa. It makes me wonder first of all, is my anti-virus system catching things as fast as the other systems? Is there a place that I can go that digests the latest threats and information down in to a nice, clean webpage? I already have too many listserv subscriptions and don't want to wade through a dozen webpages trying to correlate what is out there."

CERT

[setzman]

They seem to have a lot of the current advisories and stuff here.

scary

[Tumbleweed]

I hope you don't work for a petroleum company - I hear that DaVinci virus is pretty nasty!

The grammar of your post is annoying

[aplank]

I thought slashdot didnt allow posts authored by people who cannot use english correctly.

Re:The grammar of your post is annoying

[scumbucket]

But what about those of us who don't know english, you insensitive clod!!!!

Re:The grammar of your post is annoying

[four12]

Apparently punctuation and capitalization don't count, either.

An inflection point for Outlook?

[gruntvald]

It seems to me that we are getting close to the inflection point for Outlook, where it's benefits are too adversely affected by it's security record. Following bugtraq, we are now at the point where even plaintext messages can trigger javascript. Absurd.

Citizens' Protection in Federal Databases Act

EFF, EPIC, CDT, ACLU and Free Congress have drafted a bill that's been introduced by Senator Wyden today, for a new law called "The Citizens' Protection in Federal Databases Act." This is a hell of a law. It finds that various species of spooks are making avid use of commercial and governmental databases, merging them and aggregating them, without transparency, accountability, or any real understanding of the danger to civil liberties involved in this practice. Accordingly, it requires any Fed agency using non-Fed databases to cut it out and make a full report to Congress on who they're buying database and database-services from, what they're doing to preserve privacy, why they're doing what they're doing, and whether they actually have a realistic chance of catching any bad guys. And it calls into account Feds who abuse their authority and limits the kind of doomsday hypotheticals that can be used to justify such abuse.

We've spent the two years since September 11th writing blank checks to anyone who's got a good story about preventing terrorism through the wholesale abridgement of civil liberties, trading off freedom for the perception of safety. It's time that we called our civil servants to account on these scores -- they've spent our money and our freedom, what did we get in return?

Each report shall include -
(A) a list of all contracts, memoranda of understanding, or other agreements entered into by the department or agency, or any other national security, intelligence, or law enforcement element under the jurisdiction of the department or agency for the use of, access to, or analysis of databases that were obtained from or remain under the control of a non-Federal entity, or that contain information that was acquired initially by another department or agency of the Federal Government for purposes other than national security, intelligence, or law enforcement;

(B) the duration and dollar amount of such contracts;

(C) the types of data contained in the databases referred to in subparagraph (A);

(D) the purposes for which such databases are used, analyzed, or accessed;

(E) the extent to which such databases are used, analyzed, or accessed;

(F) the extent to which information from such databases is retained by the department or agency, or any national security, intelligence, or law enforcement element under the jurisdiction of the department or agency, including how long the information is retained and for what purpose;

(G) a thorough description, in unclassified form, of any methodologies being used or developed by the department or agency, or any intelligence or law enforcement element under the jurisdiction of the department or agency, to search, access, or analyze such databases;

(H) an assessment of the likely efficacy of such methodologies in identifying or locating criminals, terrorists, or terrorist groups, and in providing practically valuable predictive assessments of the plans, intentions, or capabilities of criminals, terrorists, or terrorist groups;

Don't Rely Exclusivly on Anti-Virus!

[zulux]

The antivirus vendors can only release their updated file - AFTER the virus has started to spread, the receive a copy and patch and test. This could take *DAYS*.

Some people think that a properly created worm/virus could spread over the entire available host populations in under 15 min from release.

More Info Worhal Virus

Add atachement mangeling, removal, and remove vunerable email client for example; Outlook with with it's own exploits and it's embeded HTML (Explorer) with it's own list of exploits are unacceptable for a networked computing environment.

Re:Don't Rely Exclusivly on Anti-Virus!

[a.koepke]

I have used this strategy in my work environment. Things like scr, bat, exe, vbs, pif etc are all blocked without even bothering to scan them. If they pass the first level of checks they are then scanned using Sophos anti-virus before being delivered to the user. All the users that are on PC's have Outlook 2000 or XP and have the dangerous attachment blocking enabled and access emails in the restricted zone meaning no scripting will be ran. Each PC is then also installed with Sophos anti-virus. The mailserver has a specific email address setup on it that is subscribed to the Sophos Alerts system. When a new update is available due to a newly released virus it will download the update automatically meaning that it is the most up-to-date that it can be. As you can see we have 2 levels of Anti-virus and 2 levels of general attachment blocking and then script blocking too. Don't rely on just one level of protection.

Windows Update

[crow]

Almost all the virus problems are Windows-based, and a large majority of the problems occur after Microsoft has released patches. Hence, any comprehensive security plan should include some method of insuring that all critical security updates are applied throughout the company.

Beyond that, it's a race between Microsoft patching bugs and the anti-virus companies detecting the exploits.

Re:Windows Update

[chemburn]

The only reason this is, is because the mass majority of computer morons that are on the internet are using Windows. More software has been developed for windows, and the possibility for infection is better. Linux and other os's are not as popular, and usually have more advanced users using the systems. I personally haven't seen many viruses developed for linux, or advisories for them. There are quite a few exploits listed, but none have really been taken advantage of. The reason one write a virus is to make it communicable, and using the most popular platform for that communication means the biggest effect.

One anti-virus?

[spumoni_fettuccini]

anti-virus system catching things as fast as the other systems?

If you're getting into the security ballgame you may wind up looking at various sources as a matter of fact. Going with the multi-layered defense, I routinely go to two anti virus sites, one RAT/Trojan site, and a hoax site [www.vmyths.com]. We also block any executable at the gateway, that cuts the majority of your problem there [none of our users need those kinds of files].

isnt that wat usenet and kazza are?

[Unknown+Poltroon]

I mean, thats where i get all my viri from.

US Dept of Energy website

[Kiaser+Zohsay]

http://www.ciac.org/ciac/

Pretty comprehensive across platforms, OSs, viruses, hoaxes, buffer overflows...

Best of all, they're not trying to sell you something.

Re:US Dept of Energy website

Best of all, they're not trying to sell you something.

They don't need to. You've already paid for it with their mandatory annual subscription plan, with payments due on April 15 of each year.

It's a wonderful plan: your fees are driven (in part) by your resources. They charge you for the whole spiel, regardless of whether you use all, some or none of their features. And their EULA is the most complex and self-contradictory ever, having been developed over 200 years by many authors with disparate styles and agendas.

We scoff at Macro$loth's new licensing scheme, but they're just taking cues from the true expert in the field.

Why do they need to sell it to you, when you've already paid for it ahead of time, against your will, whether you use it or not?

The simple answer

[dlosey]

It makes me wonder first of all, is my anti-virus system catching things as fast as the other systems? Is there a place that I can go that digests the latest threats and information down in to a nice, clean webpage?

Nope and Nope

Humor, moderators, Humor.. okay some truth too.

IntelliShield

[ModernCelt]

Is there a place that I can go that digests the latest threats and information down in to a nice, clean webpage?

TruSecure IntelliShield is one such service, but it is not free. It pulls together information about a vulnerability from various vendors, mailing lists, and such, and puts it all under one issue. It also has alerts and a shared task list for managing your organization's response to a vulnerability. The alerts can be useful given the fast-spreading nature of recent worms. The task list is less useful since organizations large enough to benefit from it probably have something similar internally.

I have no affiliation with TruSecure, yadda yadda yadda, I just previewed their service for a former employer.

Yes, Its called Outlook

Although M$ Outlook is commonly mistaken for a mail client, it is acually a distributed P2P virus database which is brilliantly designed to uniformly distribute samples of each possible new virus as rapidly and uniformly as possible. Another fine example of M$ Innovation!

Ethically ironic isn't it:

[eyepeepackets]

Ethically ironic isn't it:

- MS's poorly designed and implemented product is the primary cause we have a virus problem (80,000 + viruses at last count);

- first thing I see when I log onto /. are banner ads for MS product!

Doh, I forgot: Raking in cash is better than taking the high ground and considering one'
s actions and behavior in the context of ethical social behavior.

Guess ./ forgot too, eh?

Re:Ethically ironic isn't it:

A business has to survive. If you would like to not see ads from Microsoft, Slashdot gives you the option to buy a subscription and not see any ads. This gives you two benefits: 1) No/fewer ads and, more importantly, 2) You can help support a great site!

just my .02

Re:Ethically ironic isn't it:

[eyepeepackets]

There ya go man, be as evasive as you can!

Seriously though, justifying unethical behavior just because it's "business" is pure BS (that's bullshit, not to be confused with B.S. though many say there is a direct corelation between the two. :) )

Thanks for the information about getting the subscription though, that was interesting and possibly useful provided I don't log in and see MicroShiite advertising for their latest attempt to cheat the fools and suckers of the world.

As for the great site -- it was, could be again, but until they get rid of this "business first" attitude, their product will continue to be seriously compromised. I know full well how good /. was before they owners sold it to the "business" folks.

Have a good one Mr. AC.

Re:Ethically ironic isn't it:

[pfleming]

Welcome to the new paradigm, where businesses must actually have a plan. We will miss the days that one could justify burning millions because of the number of eyeballs.
Now, the advertising revenue is smaller and real value has to be considered. Is it worth more to you to not have /. or to see an ad? Or is it worth more to buy a subscription and not see the ad at all? Now that the net has come out to the real world of valuations and investors aren't throwing goog money after bad, these guys at least need to break even to stay around.

Take the weight off...

[DoctorRad]

Try Messagelabs or similar for pretty much 100% effective e-mail virus filtering. They use the top four anti-virus solutions to catch everything that's known about, followed by heuristic analysis to catch anything suspicious that's not been seen before.

They recommend using a conventional anti-virus solution to catch the 2% of viruses coming into your establishment on portable media, but they'll keep your mail pretty damn clean.

I don't work for them (my partner used to work for part of the same outfit), but I have been an end user of their solution. Good stuff, and they do anti-spam as well...

Matt...

Re:Take the weight off...

[Ed+Almos]

Too right

A friend of mine used Messagelabs during his last job in the UK and he reckons that they are the best thing out there. Over eighteen months he had ZERO virus hits on a sixty-user site and this was during the Code Red / Nimda boom times.

Speak to Messagelabs

Ed Almos

or...

[REBloomfield]

Buy a product such as Sybari Antigen, which uses four different companies engines. That way, you should catch most stuff...

When I went to speak to Sophos at a show, they actually took me to Sybari's stand :)

Central Repository for Virus Information

I'm sure that there's at least one in Iraq. Just we couldn't find it yet.