|
Forum: Rants Topic: The Anti-Virus Software Lie started by: Jynx Posted by Jynx on Sep. 23 2001,20:16
I've spent the last three days dancing with that most devious of new virus creations, Nimda. It took our entire company's network down.During this most enjoyable of times, I've realized a certain truth: Anti-Virus programs are, by and large, useless for preventing attacks from new viruses. Let's think about it--McAfee, our company's choice, didn't have a correct definition set until fully 30 hours after our company's network was taken down because of this beast! That means that I could've been updating those freaking definitions every 2 hours, and I still wouldn't have been safe. It is my opinion that antivirus software provides a certain false sense of security for folks, and is really only good for preventing old viruses from infecting computers, most of which are dead. I am angry at the entire antivirus software community for fostering this false sense of security, instead of educating the Ignorant Masses on proper habits that impair virus spreading. Discussion, if anyone cares, is welcome. ------------------ I used to be a kleptomanicac, but I took something for it. Posted by Frosty on Sep. 23 2001,21:23
Wasn't this obvious? The problem is that all the ways to inhibit virus spreading nowadays mean hardcore disrupting the way you do things. Didn't this Nimda thing get onto the Microsoft web server and infect everyone who visited their site? You can't say "don't surf the net, you might get a virus." There really isn't much that can be done, at least not that I can think of. Ideas?
Posted by damien_s_lucifer on Sep. 23 2001,21:42
Symantec had a signature update for NAV a few hours after one of my machines got hit... not soon enough to keep me from getting chewed out by The Boss (who thinks ANY breach must be my fault), but soon enough to keep it from killing the whole campus network.And in light of all this B.S., I am slowly but surely moving ALL of my department's Web stuff to Apache. I can't handle IIS any more. hax0rs : 1, MS : 0 Posted by just_dave on Sep. 23 2001,21:49
It took out our webserver and out Anti-Virus Scanning server, yeah it scans email for virii before it hits the email server. The webserver got it IIS of course and it spread via the mapped drive to the AV Gateway... its norton they didnt have a fix until 22 hours I think I am not totally sure. I agree goes to show ya how stupid AV Software makes people appear.
Posted by Observer on Sep. 23 2001,22:20
Though usually by the time they hit most of the faculty computers here and start calling the helpdesk, there's an update available.But this Nimda worm has brought to light something I didn't think was allowed at a University. Who the fuck runs Win98 on a P-133 with 16MB of RAM and is ok with that? I hate the fact that people aren't more careful about opening their email. I hate the fact that they leave their systems wide open with sharing then yell about how critical it is we get over there to patch it all up! Tip to those in the field who may suddenly find the installed AV software can't be updated. < http://housecall.antivirus.com > Web-based scans can help a lot in a jam. edit: Something else I just thought over. What about those routines in the AV software that's supposed to detect unknown viruses? Has anyone actually seen them work? ------------------ This message has been edited by Observer on September 24, 2001 at 05:21 PM Posted by Wolfguard on Sep. 24 2001,10:28
quote: Yep, i may be one of the reasons that symantec had a patch out so quick. the bloodhound sniffed this little bugger out trying to plant itself into one of my servers and shot me a warning. I found the file in question and sent it to symantec. litte bastard spread quick but i was able keep a lid on things by closing a firewall i have between here and Corp HQ. Seams that i have my shit together more than they do. Nice little worm if i do say so myself. Like to find the guy that made it and set him on fire to show my thanks for it...asshole. ------------------ Posted by Dark Knight Bob on Sep. 24 2001,10:46
isn't the term for that process of finding unknown viruses heuristics or something?------------------ Posted by Greasemonk on Sep. 24 2001,11:50
Thank god we dont use Outlook Express or MS Exchange. We use Lotus Notes for just about everything. Its ok and gets the job done, we havent really had a bad virus problem since Funlove last fall.------------------ Posted by L33T_h4x0r_d00d on Sep. 24 2001,13:59
quote: Norton has an excellent heuristical scanner. 9 out of 10 times norton will pick up what mcaffee, fsecure, thunderbyte, pc-cillion, etc wont befor the patch. *edit* but you have to be actually running it to get the benefits. Damn you hybriss. DAMN YOU TO HELL. ------------------ This message has been edited by L33T_h4x0r_d00d on September 25, 2001 at 09:00 AM Posted by Observer on Sep. 24 2001,15:29
Hehe, Hybris. There's a guy who works at the helpdesk around here who would get his jollies asking people what was in the email that started that virus infection. Getting University people to read the sexual innuendo content of the Snow White email can be quite amusing, I suppose.------------------ Posted by masher on Sep. 25 2001,11:58
quote: The official email client at our uni (well, at least physics anyway...) is Outlook. For the staff at any rate. I don't like outlook. I use Eudora. ------------------ Posted by The_Stomper on Oct. 08 2001,03:37
Ah, good old OutHouse. The easiest email client to fux0r.I'm probably going to have an admin job starting January. I get to experience shithead end users on a whole new level. |