Microsoft

[outlier_lynn]

I REALLY hate Microsoft products. The current object of hate is XP. There just isn't any good way to find out what is going on under the gui. I think the office machines are infected with some sort of virus or worm.

We did find one of the backdoor viruses yesterday. I consider that very, very bad news.

Stacey is busy installing and buying the latest anti-virus software. I don't hold out much hope of it being the "guard against intrusion" it is touted to be.

I have other things to do besides babysit Microsoft boxes.

Comments

[pir-anha.livejournal.com]

the trick with anti-virus software is to use more than one of the most reputable and speedy ones, and keep all their signature files scrupulously up to date. i run three different ones (all on demand because they do not play well with each other if running as background processes), and run those copies off CD (so you know they have not been infected themselves). i don't use outlook or IE. i don't execute a single program even from a trusted site without scanning it first.

and still, none of this prevented the virus i got several months ago. i found it quickly because i know my machine so well that if certain actions become sluggish i'll immediately start looking askance at my running processes. and i was lucky in that it wasn't particularly destructive, and had already been detected and defeated by somebody (not, unfortunately, one of the virus scanner companies whose products i was using, but that is rare).

the average windows user doesn't even know how to find their running processes, nevermind which of those cryptic names means what. also, it's not as easy to wing system administration on windows as on linux, because of the general lack of transparency of the OS. i hate microsoft with the burning intensity of a nuclear blast.

things to do in self-defense: linux firewall; nobody goes outside of the internal network except through this machine, nobody comes in except through this machine. nail it up tight; start out with letting nothing in and out, and then carefully add exception rules. become very very familiar with your firewall language; use one you're comfortable with to start with (i love firehol). disable all processes on internal machines that are not absolutely required for the running of said machines. establish prompt patch and update management for virus scanners and microsoft updates; do not trust people to do their own -- there are security risks inherent in that as well. run a vulnerability checker at regular intervals. give users the least necessary privileges (take away local admin privs and replace them with runas). set security settings in email and browsers to high whenever possible. restrict high-risk software use (such as p2p programs) to people who have clue. block file transfer for IMs at the firewall. consider an SMTP gateway scanner and a network intrusion detection system -- finetune the NID to give you useful alerts so you don't end up ignoring signal because you're flooded with noise (really common problem). establish a solid working protocol for handling an outbreak if it occurs despite precautions.

oh, and educate your users. such as that bringing a CD from home or a friend and plunking it into your work computer is not a safe thing to do! or that downloading active controls and software from websites is not safe. must always scan first.

yes, this is a fulltime job.

sysinternal's process manager (http://www.sysinternals.com/Utilities/ProcessExplorer.html) is helpful. also, free. :)

must read: http://www.us-cert.gov/current/current_activity.html -- syndicated here as uscert_current.