Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

MS Blaster 3

Status
Not open for further replies.
jad

jad

Programmer
Apr 7, 1999
1,195
0
0
GB
We have Unix servers at work, which are acting as a big firewall to the internet ...

we work behind the times as far as technology is concerned, and most of our machines still run Win95 some have Win98 ... but some of our latest lab machines were provided with a win2k computer.

now, we've had to purchase a few laptops recently ... mostly so that we could flatter some peoples egos, not for any real work reason.

but the b*st*rds take them home with them and one specific person uses NTL (btw ntl customers you need to patch any windows 2000 or windows XP machines against the DCOM attack) and got himself infected in 60 seconds (time it takes to boot).

he then brought the infected computer inside the building and plugged it onto our network ... and very luckily it didn't infect anything else.

we can't shoot the guy ... he controls our pay checks ... and i'll patch the machine up, no hassle ...

i was very close to using the 'Virus Protection' disks labelled 'Solaris' ... but he didn't seem to like the idea, something to do with accessing the accounts software ... hmmph :)

but the question is what changes do you think should be made, either inside the company or over the entire world ... :)
 
Sort by date Sort by votes
You know, we have security now that stands at the gate of the airport and removes weaponry from the passengers; why not assign some people from IS/IT to "guard the doors" and check any incoming portable devices for virus infection?
 
Upvote 0 Downvote
I read an IT article recently where the author (Dvorak?) suggested that perhaps PCs aren't for everyone. He was talking about Granny getting her email and such, but the same applies to a large number of people.

He was suggesting something on the order of a fixed-function device something like a terminal or a Web TV style device. Probably the idea could be broadened to include something like a super-stupid spreadsheet and a word processor on the level of WordPad or something, then fix the whole thing: OS, apps, and all into ROM with flash memory instead of disk for documents and email.

Maybe something like a pre-Palm type PDA in a laptop form-factor?

I'm working for an oufit with nearly 2000 IT folk, about 60% of whom are supposed to be supporting desktops and servers. Blaster still ran rampant through the shop this week, if you can believe that. What the hell are these people being paid for?

Shows you how little use the average box jockey really is.
 
Upvote 0 Downvote
I'd be more cocky if I hadn't spent an hour trying to figure out why the hell my machine kept rebooting and how to stop it on Monday night, but unfortunately I did ;)

We are currently tightening up on security here aswell, the plan is to use AVG across the 90 or so machines, and disable CD/Floppy drives unless required. We are also upgrading to 2000 which helps a lot, but like you have a lot of 98 machines.

I'm with dilettante and his quote regarding a PC not being for everyone. They are just so easy to break/do damage with.
 
Upvote 0 Downvote
This is a policy and corporate culture issue. Our policy is that no unapproved laptop can be attached to our network. And it is a dismissable offence to avoid this policy.
 
Upvote 0 Downvote
i wish ... we've do that with most computers, but in this case it's the accounts manager and the laptop was a sweetener to get him into the company ... and he has to be allowed to connect it to the internet at home ... he breaks the rules, but we have to allow it ... :)

he brought the laptop in yesterday saying it was doing bad things, we checked and it had the virus, we disconnected it immediately from the network ... we then cleaned it up and tried to do a windows update to get the patches ... however it's screwed windows update ... and we didn't then have the patches.

he took it home, and plugged in the USB modem before booting up, and in the time it took to boot up, NTL installed the virus on his machine so that it was a service during startup ...

My boss finds it incredibly funny, he 'loves' windows almost as much as me (i.e. not much :)
 
Upvote 0 Downvote
As I say, it is a corporate culture thing. If the company doesn't buy into the policy, and if you don't have support for it at the highest levels then it doesn't work. Been there, seen it, done it.
 
Upvote 0 Downvote
Or you can go into contract work.

The more people ignor company policy, the more time you spend on fixing systems, the more billable time you have.

For non contract people, you just prooved to those that pay you that your there for a reason. You proove your worth when your network does not get infected by the latest virus. And when you do get hit, your proove your worth by being the one there to fix it.

If users knew how to use their systems, we would not be worth as much to them. Securty flaws in Windows is really just a feature, a feature that keeps many IT departments employed. If MS came out with a solid, secure, stable OS, how many people here think they might just be unemployed?
 
Upvote 0 Downvote
Well I am not going to comment on MS as I am the worlds only MS fan I think!

Personally, I use NT environments. My network is Win2k and XP clients. No floppy drives, no CD-ROMs, AV updated three times daily, all machines self scan in the evening and all emails done by MessageLabs. By no means a guarenteed secuirty system but I'm looking for ways to improve.

As I use 2000 server, if a machine gets plugged into the network it won't work without me giving it a computer account. No access what so ever! Personally I would put any machines that get taken out of the company walls on NT for permissions.

Problem sorted. ;-)
 
Upvote 0 Downvote
unfortunately the latest bug doesn't need username/password access ... it needs an IP address, or some hook into the IP network ... and that is all.

there are a lot of other security holes that don't need you to log on as well ... unfortunately.

sounds like most of the biggies will be stopped by your approach though. :)
 
Upvote 0 Downvote
This is a policy and corporate culture issue. Our policy is that no unapproved laptop can be attached to our network. And it is a dismissable offence to avoid this policy.


In this case the laptop was company property. In your situation it would have had the same result if you'd not configured it to be safe from attack (as well as foolproof so the user couldn't disable the protection).

The only way to prevent infection and intrusion completely is to make sure the machines are never in any contact with any other machines.
This means no network, no internet, no diskdrives of any kind, no modems.
I'd go as far as to suggest you also remove parallel, serial and USB ports as people can string up a makeshift network using those as well.

What you're left with is a machine that's quite useless, as there is no way to provide for example printed copy of the work produced, nor share it any other way.
And even then the user might type in a virus using his keyboard (unlikely, and he'll only harm himself this way).

The best way is to educate users and have a good system of checking and updating the machines in place.
 
Upvote 0 Downvote

Well jad, since shooting stupid people isn't an option and would really just put us all out of a job, I guess the only thing you can really do is make sure that the machine is patched somewhat hardcore and then just hope for the best. [bigsmile]

Not sure what else you can do. Someone once wrote:

"Nothing can be made idiot proof because idiot's are quite clever" [ponder]

Cheers!

 
Upvote 0 Downvote
i've just handed out about 12 CD's with all the major windows patches (service packs) plus specific DCOM patches, and some disinfect code.

if they bring their machines in i'll happily set up unix on them for them, and if need be will install a fresh install of windows (from their media) and patch it over the net with ADSL speed.

the real problem in this case is that the financial director believes he is above us, and that is why we only got a look at his laptop after it went wrong; after all what are the IT guys for when the machines are working properly except to get in the way and do stuff to machines whilst you're working on spreadsheets which are 'vital' to the company ...

hmmph ...

i was all for doing the 'virus protection' (Solaris) on it straight away ... which would solve all our troubles.

was told by the boss that that wasn't an option for this guy.

what can you do for people that are so high up the food chain that they can avoid the rules?
 
Upvote 0 Downvote
Umm...am I reading this wrong?
This virus finds computers that have that hole and downloads the newest updates...meanwhile keeping an eye out for blaster?

Thats actually kinda humorous...kind of like a viral antibody....

[sub]01000111 01101111 01110100 00100000 01000011 01101111 01100110 01100110 01100101 01100101 00111111[/sub]
minilogo.gif alt=tiernok.com
The never-completed website
 
Upvote 0 Downvote
Yes, this is the way I've heard it works. As for the user with the infected laptop, I've found the easiest way to cure these infected laptops being used by people that don't know what there doing is by using the fdisk utility. (Then tell them it's not repairable, and they will need to buy another with there own money.)
Good luck.

Glen A. Johnson
Johnson Computer Consulting
MCP W2K
glen@johnsoncomputers.us

Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884

"Once the game is over, the king and the pawn return to the same box."
 
Upvote 0 Downvote
Diletante, I agree with you about computers not being for everyone. Even amongst those who get on with them quite well, if all you want to do is pick up your e-mail at home, you might not want to have to buy a complete system!

But you know what would happen: in order to make their gadget look more appealing than everyone else's, some manufacturer would start to add more functionality, and advertise their product as containing a Guava++ virtual machine, and before you know where you are, we're back to square one with a whole bunch of security issues and problems the user doesn't understand, and quite reasonably doesn't want to, but has to, because their basic e-mail-reading contraption is now an all-singing all-dancing network solution.

 
Upvote 0 Downvote
don't get me started on html emails ...
 
Upvote 0 Downvote
Jad, when senior managers think themselves immune from having to follow corporate IT procedures there's something wrong in the company.
Most likely you need a manager at their own level to give your department more clout with the suits.
For people like that manager of yours, a bit of glue in the CD and floppy drives go a long way towards cowing them (and maybe just maybe next time he tries to access the network he can't find it (just block his MAC address :)).

HTML email can be filtered at serverlevel, either by just bouncing or simply deleting it all (gets them annoyed for a while) or by parsing it into plain text (requires more work on your part).
Installing a virus scanner on the mailserver that screens all incoming traffic might be the easiest solution (and they'd never even notice you did it until someone sends them a virus when they'll be happy your actions caught it before doing damage).
 
Upvote 0 Downvote
i already scan the email and remove all executable attachments.

i even turned on the plain text 'option' in our emails ... problem was it was converting _all_ html attachments to plain text ...

that causes a few problems when you're trying to convince people to start transfering documents as html instead of word so that it's more portable :)

i had to allow html emails after that.

i can't destroy the laptop, it's one of the only new items of equipment we've bought ...

a big problem for us is that we're not necessarily the first to know. The bosses buy new machines with new PC's and then ask us to configure them to run on our network, without talking to us first ... we've managed to do it so far with vaxes, HPUX, Solaris, Linux, Windows (all varieties) ...

it's only after stuff happens that we get to clear up the mess ... we're good at it, but we do like to be consulted.

we at least have our way nowadays when we get a new building/property at some place in the country and get the place completely wired up as far as networking is concerned before anyone moves into it ... it's a lot easier than:
Boss: 'can you get this computer on the network'
Me: 'What computer?'
Boss: 'this computer to go with X Hp mass-spectrometer'
Me: 'you mean the new HP that you didn't tell me about that has it's own DHCP server to screw up my network if i don't configure it, that requires it's own network connection and is riddled with bugs that measn it will crash at night when you have loads of samples waiting to be run?'
Boss: 'yes that one.'
Me: 'Which Network?'
Boss: 'The usual one.'
Me: 'The one that involves wires, wires in the wall, wall sockets that you said you would only ever need in the West wall, and that you only gave enough money for the west wall, and the mass-spec is on the east wall about 10 meters away and across open space that people have to walk through ...'
Boss: 'yes thats the one.'
Me: sigh of disbeliefe ... 'Ok.' ... work miracles.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

sysadmin10
  • Locked
  • Question
Onboarding a new MSP customer
Replies
0
Views
96
sysadmin10
sysadmin10
audaxviator
  • Locked
  • Question
Is Microsoft burrying CIL/MSIL?
Replies
2
Views
157
audaxviator
audaxviator
robmazco
  • Locked
  • Question
MS/yahoo takeover
Replies
6
Views
25
mrdenny
mrdenny
jumpedintothefire
  • Locked
  • Question
What would you do if your boss is shafting MS? 2
2
Replies
20
Views
36
franklin97355
franklin97355
zepharoo
  • Locked
  • Question
Sun, Redhat, Suse, & MS. 3
2
Replies
32
Views
80
bytehd
bytehd

Part and Inventory Search

Sponsor

Back
Top