MS Blaster 3

[jad]

We have Unix servers at work, which are acting as a big firewall to the internet ...

we work behind the times as far as technology is concerned, and most of our machines still run Win95 some have Win98 ... but some of our latest lab machines were provided with a win2k computer.

now, we've had to purchase a few laptops recently ... mostly so that we could flatter some peoples egos, not for any real work reason.

but the b*st*rds take them home with them and one specific person uses NTL (btw ntl customers you need to patch any windows 2000 or windows XP machines against the DCOM attack) and got himself infected in 60 seconds (time it takes to boot).

he then brought the infected computer inside the building and plugged it onto our network ... and very luckily it didn't infect anything else.

we can't shoot the guy ... he controls our pay checks ... and i'll patch the machine up, no hassle ...

i was very close to using the 'Virus Protection' disks labelled 'Solaris' ... but he didn't seem to like the idea, something to do with accessing the accounts software ... hmmph

but the question is what changes do you think should be made, either inside the company or over the entire world ...

 

[cian]

Marc
i totally understand that..and certainly didn't mean to imply.
But I do believe part of the "certain peoples" jobs must be to fix some of these problems...it's either that or get a system where these problems won't occur

Sharon
last paragraph - totally agree and I should have put it that way.

These (necessary) tools can cause problems, and someone must be responsible for fixing these problems...but who?





- É -

http://www.ssi-developer.net/

 

[benlinkknilneb]

I guess it's still the techie's responsibility, because he/she is probably the only one who knows completely how to fix it.

Obviously some people will *need* some sort of access that puts them at risk; so giving them a stripped-down computer probably won't accomplish much of anything.

Perhaps a more proactive approach would be to require training sessions where you go over the basics (don't click "unsubscribe", don't open anything that says '.exe' unless you know EXACTLY what it does, take these steps 1-2-3 when the virus scanner says 'xyz'...) whenever you're giving out computers that have 'dangerous' components on them, and have them sign off at the end. People will probably whine and complain about having to go through it, but when they foul a system up, you have a record that shows what they should and should not have done... and if they shot themselves in the foot, at least you're not at fault. Plus, if you have a repeat offender, you have a paper trail to show to the boss...

Ben

"If thine enemy offend thee, give his child a drum." - Anonymous

 

[GlenJohnson]

"Perhaps a more proactive approach would be to require training sessions where you go over the basics (don't click "unsubscribe", don't open anything that says'.exe' unless you know EXACTLY what it does"
Yes, this comes back to education. I can't tell you the number of people who have told me that "Even though I hit unsubscribe, I still get e-mails from these people." Educate, educate, educate! This is the key in my lowly opinion.

Glen A. Johnson
Johnson Computer Consulting

http://www.johnsoncomputers.us

"I only know that I know nothing."
Socrates (47-399 BC); Greek philosopher

Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884

 

[dilettante]

I suppose one could consider computer use on the job from a perspective similar to that involved in issuing power tools, commercial kitchen appliances, heavy machinery, or even firearms to workers.

Reminds me of an old, old SNL skit, where the Halloween costume "Invisible Pedestrian" was clearly marked on the back "Not For Blind Kids."

Maybe this is an issue of employer liability.

 

[GlenJohnson]

Excerpt from Oxygen3

In practice, the best weapon for protecting computers is to implement several preventative measures including those recommended by the American Office of Personnel Management -OPM-, and that the Government Computer News(*) echoed. These recommendations are summarized below:

- Identify employees with significant security responsibilities and provide role-specific training.

- Make all employees and contractors who use IT study security awareness materials at least annually.

- Train executives in security basics as well as policy-level planning.

- Train program managers, CIOs and IT security personnel in security basics, planning, system security management, lifecycle and risk management, and contingency planning.

- Give new employees IT security guidance within 60 days.

Glen A. Johnson
Johnson Computer Consulting

http://www.johnsoncomputers.us

"I only know that I know nothing."
Socrates (47-399 BC); Greek philosopher

Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884

 

[jwenting]

60 days is far too long. New employees should be given those guidelines the moment they sign their contract and not be allowed on the network until passing an oral and/or written test to prove they have read and understood those guidelines.
The same should be done for people signing up for internet access with an ISP.

 

[GlenJohnson]

60 days is to long, but when in a manufacturing enviorment, people don't care about what IT should do. I think this is a good guideline for IT to handle manufacturing. In manufacturing, all they care about is production, and IT takes second fiddle. This is just a guidline.

Glen A. Johnson
Johnson Computer Consulting

http://www.johnsoncomputers.us

"I only know that I know nothing."
Socrates (47-399 BC); Greek philosopher

Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884

 

[oaklea2000]

stop bitching people, we all know that at some point all pc user's will get a problem, including us pro's - it's a question of how you respond to the problem.

User awareness or lack off is a shortcoming of a company's perspective regardless of the issue.