Viruses basics 3

[jpinto1167]

We have an static IP address (our network technician says thats why we are getting so many viruses), We also use Kaspersky anty virus and have a firewall. How could we protect better against viruses? What are the only ways to get inffected?

Thank you

 

[jimbopalmer]

(Note: the good advice below has a bias in presentation)

This can be your mantra: Microsoft equals Viruses; No Microsoft product, No viruses

You can use the Firefox browser and the Thunderbird mail client (sadly to get Windows updates, you need to keep IE, but you can delete Outlook entirely)

Any office product that are not by MS reduce your Macro Virus risks

If you take the big step of a non MS OS, that wipes out 99.9% of the available viruses.

Meanwhile, I reccommend Adaware SE, Spybot search and destroy, hijackthis, stinger, and use of what ever web site filters your ISP offers

I tried to remain child-like, all I acheived was childish.

 

[jrbarnett]

1) Firewall computer (if running an MS operating system) should not be part of the main domain. Requires a minimum of 2 NICs, one with public IP, another with an IP on the private LAN. This way, all external traffic has to run through the server.
2) Firewall shouldn't have trust relationships set between it and the main domain.
3) Antivirus software should be kept up to date on the firewall PC. If available, a fail safe mode should lock out all external access if anything is found.
4) Email server should also run antivirus software, scanning incoming and outgoing messages. Incoming messages with viruses or anything dodgy should be quarantined and should not be sent onto the individual's mailbox, but perhaps a notification "an email from whoever subject x date/time whenever has been quarantined" could be sent. Enquiries can then be made to ensure that this is legitimate or not.
5) Any reports of virus like behaviour need to be treated with respect by IT staff, not necessarily resulting in a slap on the wrist for the individual concerned.
It's better for 1 person to spend 1/2 hour sorting out a suspect infection that turns out to be non existent than everybody spending hours disinfecting a network.
6) There should be a defined procedure known by all helpdesk personnel for dealing with suspect virus/malware/spyware reports with staff trained in dealing with it.
7) IE can be locked down with group policies at the domain level to reduce exposure to anything dodgy - eg ActiveX controls, you can stop people downloading items, changing proxy server addresses etc.
8) If web access runs through a proxy server, this should also have an up to date virus checker on it.

If possible the virus checkers on the servers should be different to the one running on the clients - because this gives a second layer of defence - it has to be passed by 2 different engines before anybody gets to it.

John

 

[bfralia]

The two main ways that virii come in are via e-mail or point to point infection. If the security updates are kept up to date, then point to point should be less of a problem.

There are a few virus's that come across the Internet by visiting a website. These are relatively rare. Usually it's adware/spyware that are picked up from websites. These are more of a pesk than real harm. They do however tend to clog up a computer with extraneous programs and pop ups.

NOTE: Someone above mentioned Stinger. 1) It's a cleaner and not a preventer. 2) A new version is released for every major virus so be sure and check back for updates.

By all means, keep the A/V software up to date. There are more infections allowed by out of date virus definitions than faulty software.

If you have an e-mail server, make sure it has some sort of a/v software, preferably in front. A computer firewall as mentioned above could server that purpose.

 

[jpinto1167]

Our network technician recomended us to replace our Fix IP Address by a dynamic one because that may avoid us to get viruses. He said that there is a chance that someone had that address in the past and we are paying the consecuences. What are your toughts about this?

Thank you

 

[ricpinto]

Don't believe that technician, you can make the life of a hacker difficult by dynamic ip but you can't avoid virus. Follow the the recommendation above and you can avoid most of the virus, if not all. I got burn by not applying latest security patches, I thought with hardened firewall and uptodate A/V definition, I'm 100% safe. The culprit is somebody plugin an infected notebook in my network and my network went down. There's a packet flooding in some ports and so the Internet service is gone. I filter it and start applying patches for each of the PC. Right now I'm runnng a SUS server for workstation auto update, to avoid this from happenning again.

Anyway you need a fix IP if you gonna host your email server, webserver, ftp and also if you host your public DNS. Although there's some companies that provide dynamic DNS for Dynamic IP's, it will cost you money. ex.

http://www.dyndns.org/

 

[N0ktar]

A couple notes on the subject.
Do not concern yourself with IP address, it has nothing to do with your virus infections. Good email filter is what you need since email is the most common virus transport. You need to strip all email attachements ending with .pif.exe.scr - etc. You get the idea.
An antivirus software installed on your desktop, with current virus list, should complete your effort.