Focus on Virus
RE: Virus Oct 19 2006 09:13PM
Quark IT - Hilton Travis (Hilton quarkit com au) (1 replies)
Re: Virus Oct 19 2006 09:55PM
brain5ide (brain5ide gmail com)
Hello,
I fully agree with you. Everything needs a configuration. You can't
install an OpenBSD with a default config though it's pretty secure. Or
you can't just say, you have a firewall if you haven't configured it
to block anything. My post was just not fully overthought before
posting it. Well, what can I say, thanks for marking my mistakes.

On 10/20/06, Quark IT - Hilton Travis <Hilton (at) quarkit.com (dot) au [email concealed]> wrote:
> Hi,
>
> Blindly saying "move to Linux, its more secure" is simply not a sensible answer for a number of really obvious reasons. Stating two of those, first if he has LOB applications that need Windows Server then you will be stopping his business from working, and second if he is clueless about Windows, can you imagine how much more difficulty he'll have in a Linux environment?
>
> A default Linux install is about as secure as a default Windows Server 2003 install - that is, neither are anywhere near secure. You have to do a reasonable amount of work to secure BOTH of them - and include *BSD in that too. We support Linux, BSD and Windows systems here and, honestly, there's not much different between securing them all, and definitely not that much difference in the time needed to secure them and then keep them secure.
>
> If he has a Windows machine OR a Linux machine he must do regular backups. Data protection by backup is not dependant on the OS running on the server. This is a misdirected statement in a really major way that you have made here. Also, not only should he not run unnecessary software on a Windows box, but that applies equally to a Linux (or BSD) box - all unnecessary software does is to increase the attack surface.
>
> Also, his anti-virus - Bit Defender - is OBVIOUSLY not doing the job. If it is removing viruses, then WHY did it let them into his system in the first place? The whole idea of an AV program is to stop viruses and other malware such as worms and Trojans from infecting your system in the first place. If it can't do that, then it is obviously time for another package (or a sysadmin who has a clue about configuring it).
>
> We use NOD32 here because for us and our clients, it has simply not missed a virus in the 5+ years that we have been using it. It has also been used to detect viruses that have been missed by McAfee, Trend, Symantec, AVG, Avast, Bit Defender, CA AntiVirus and more on client machines - and we have converted every single one of them to NOD32 on the spot.
>
> The OP obviously is not clued up to security. Your comments to him wouldn't help in the slightest. He needs a decent firewall, a better AV program, to ensure that all OS and application patches are made to his server and especially to his client PCs, and he needs to get someone in with a clue to show him how and why to do things properly. He also needs to flatten and rebuild most of his network, apparently, as an infected machine cannot be trusted. And when he does this, he needs to isolate the infected machines from the clean ones and never, ever have the two networks meet each other.
>
> Oh, and by the way, your English is more than acceptable for a non English-as-a-first-language speaker. It is a lot better than the English I've encountered from many a native English speaker!
>
> --
>
> Regards,
>
> Hilton Travis Phone: +61 (0)7 3344 3889
> (Brisbane, Australia) Phone: +61 (0)419 792 394
> Manager, Quark IT http://www.quarkit.com.au
> Quark AudioVisual http://www.quarkav.net
>
> http://www.threatcode.com/ <-- its now time to shame poor coders
> into writing code that is acceptable for use on today's networks
>
> War doesn't determine who is right. War determines who is left.
>
> This document and any attachments are for the intended recipient
> only. It may contain confidential, privileged or copyright
> material which must not be disclosed or distributed.
>
> Quark Group Pty. Ltd.
> T/A Quark Automation, Quark AudioVisual, Quark IT
>
> > -----Original Message-----
> > From: brain5ide [mailto:brain5ide (at) gmail (dot) com [email concealed]]
> > Sent: Friday, 20 October 2006 12:16 AM
> >
> > Hi,
> > excuse me, but could you tell me what was wrong in my last post
> > to this thread. Yeah, I'm a newbie, and I'm just interested in
> > this thread. That was the way I would do it. Could you link me
> > to a site or something else, that would help solving this or
> > similar problem the other way?
> >
> > Thanks in advance
> > On 10/19/06, Quark IT - Hilton Travis <Hilton (at) quarkit.com (dot) au [email concealed]> wrote:
> > > Hi Laz,
> > >
> > > He should really apologize for his poor grasp of security, not
> > > his English!
> > >
> > > --
> > >
> > > Regards,
> > >
> > > Hilton Travis Phone: +61 (0)7 3344 3889
> > > (Brisbane, Australia) Phone: +61 (0)419 792 394
> > > Manager, Quark IT http://www.quarkit.com.au
> > > Quark AudioVisual http://www.quarkav.net
> > >
> > > War doesn't determine who is right. War determines who is left.
> > >
> > > > -----Original Message-----
> > > > From: listbounce (at) securityfocus (dot) com [email concealed]
> > > > On Behalf Of brain5ide
> > > > Sent: Wednesday, 18 October 2006 4:31 AM
> > > >
> > > > Hi,
> > > > you didn't provide a lot information about your server. But
> > > > as I understand from what you have written, it's a Windows
> > > > server. You could improve security, not to a hundred per
> > > > cent of course, by just installing a *nix (yeah, yeah, i'm
> > > > a *nix freak). However, if you still want to have a windows
> > > > machine you MUST do regular backups, don't run any unknown
> > > > software. And also, have an antivirus, like you said - a
> > > > bitdefender. That's all you can do. There's no way to
> > > > actually prevent the attacks, but you can just drop them by
> > > > having you system as new as it can be.
> > > >
> > > > Sorry for my poor english.
> > > >
> > > > On 10/14/06, boonting <boontinglim (at) gmail (dot) com [email concealed]> wrote:
> > > > >
> > > > > Thanks for your information, Whoever reply my post and send
> > > > > email to me.
> > > > >
> > > > > However, i still don't know what wrong, i checked my server
> > > > > bit-defender report. Almost everyday got virus attacked my
> > > > > server. However, luckly bit-defender able to disinfect and
> > > > > delete the viruses.
> > > > >
> > > > > Any idea how to protect my server? Anyhow, really thanks
> > > > > for all the information provided.
> > > > > --
> > > > > View this message in context: http://www.nabble.com/Virus-
> > > > > tf2429074.html#a6806622
> > > > > Sent from the Security - Virus mailing list archive at
> > > > > Nabble.com.
> > > > >
> > > > >
> > > > > -----------------------------------------------------------------
> > > > >
> > > > > ALERT: "How a Hacker Launches a SQL Injection Attack!" - White
> > Paper
> > > > > It's as simple as placing additional SQL commands into a Web Form
> > > > input box giving hackers complete access to all your backend
> > systems!
> > > > >
> > > > >
> > > >
> > https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CZW
L
> > > > >
> > > > > -----------------------------------------------------------------
>

------------------------------------------------------------------------
----
ALERT: "How a Hacker Launches a SQL Injection Attack!" - White Paper
It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CZW
l
------------------------------------------------------------------------
----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus