« Speed | Main | Post WWDC »

Virii

Dealing with Virii

With the introduction of the "ILOVEYOU" virus, once again, email virii, and methods of dealing with them are at the front of every network administrator's thoughts.

Admittedly, as an administrator with far more Unix and Mac boxes than Windows PCs, I'm not in the same state of utter panic as many of my associates are. But even if I was in a position of having no Windows PCs, I would still make sure that my protection procedures were current.

Now there are a lot of ways to deal with virii, from the blind panic method of banning all attachments, (more than one pundit is saying this), to the simpler "Just say no to Outlook" method.

The first one is just nonsensical. Attachments increase the usefulness of email by a hundredfold. The ability to easily get the same data to large numbers of people who need it on the cheap is not going to go away, nor should it. Yes, virus writers, spammers, and even everyday folks sometimes do bad, or silly things with attachments. But ban them? You may as well get rid of email in that case, for without attachments, email is not much more useful than a phone with a good voice mail system.

Other methods that fall more in the middle of extremes are things like user education, setting up a virus scanner on your email server, ensuring that all files are scanned when opened or saved, etc.
The user education one is the most critical. Antivirus programs are only as good as their last set of definitions. If the virus is new and fast-moving, such as ILOVEYOU, or Melissa, then there is going to be a delay in getting the newer antivirus definitions out. Obviously, the virus can spread unchecked during this delay. If your users are educated, and motivated to use that knowledge, then the chances of opening a strange attachment is much less.

One of the big problems with the ILOVEYOU virus was that because it used the Outlook address books, the email was coming from a legitimate source, and once people saw that, they assumed that the attachment was legitimate too.

This is where education is needed. Users need to know that a certain amount of discretion is needed in dealing with attachments, regardless of source. I think that, outside of Bill Gates, or Warren Buffet, there are not too many people who could expect to receive a legitimate email from Dow Jones with "ILOVEYOU" as the subject. In almost every case of really bad infections, this is what was happening. The sender was legitimate, so the users opened the email, and boom. Infections. In some cases, the same person opened multiple copies of the same email from different sources.

Again, no antivirus program can substitute for education, and the will to use that knowledge.

Another set of solutions is to ban Outlook, the Windows Scripting Host, Exchange, Windows itself, etc. Although at first glance these seem silly, I wonder if some of them may not have value.

Feelings about Outlook aside, it has been the best vehicle for spreading virii over the last year or so, and none of Microsoft's updates seem to be fixing this. Before I get the emails on how useful Outlook is, believe me, I understand this. But security procedures, and virus prevention is a part of this, require you to eliminate holes, and as it stands, Outlook, Exchange, and the Windows OS act as huge security holes all too often.

The fact is, there are a lot of ways to get Outlook's functionality without the risks. For one, consider using a Unix - based IMAP email server such as Netscape/Sun's, or Stalker's, instead of Exchange. (I know that AppleShareIP has IMAP features, but it has some hard limits that make it unsuitable for all but fairly low-end implementations.) IMAP gives you easy access to your email, regardless of location, computer, or operating system. IMAP is supported by almost every email client available, which gives your users more options.

Consider a separate calendar server, such as Meeting Maker, or CS&T's Calendar server. These give you advanced scheduling features beyond what Outlook and Exchange support, and run on non-Windows OS's, which can eliminate yet another entry point for Visual Basic virii.

A good news server can give you collaboration and discussion capabilities, and if you need real-time features, there are a number of standards-based video conferencing servers from companies such as White Pine.

The advantage to considering multiple products is that you can tailor your solution to your needs. As well, Exchange has a history of not supporting anything other than Windows terribly well, whereas these products have full featured clients for almost all OS's and platforms, including Palm.

The disadvantage is that these are multiple products, and you have to manage them as such. You don't get one client that deals with all of them from one spot, (although Netscape/iPlanet comes close). Your education and training costs go up, because you have to learn how to manage these different products correctly.

That has always been a large part of the draw for Microsoft Exchange, the fact that you can get 90% of what you need with one product, on a relatively easy to manage OS.

So you have to make the choice:

Is it better to use Exchange and Outlook, and understand that you will have to be extremely proactive about email security and virus prevention and protection, but gain the simplicity of only needing one product?

Or, is it better to have multiple servers, possibly on multiple platforms, that allow you to avoid Outlook/Exchange and it's associated risks, but will force you to deal with the problems that integrating multiple products entails?

Unfortunately, that's the choice that all network administrators face, and there is still no easy answer.

Categories:     Arcana, MacWeek.com
Posted by John C. Welch at 11:26 | Permalink

©2003-until I'm fucking dead and then some. you steal my shit, and I will fuck with you like you were a lonely shepherd's slowest sheep.


Comments

Warning for Notes users: The commenting system uses HTML.
I know this will be scary for some of you, especially Notes fans. However, open standards, rah-rah.
If you want to use less-than or greater-than signs, or other similar characters that HTML reserves,
you'll simply have to learn to do it the HTML way. Luckily, HTML is kind of popular, no matter what
your re-educators have told you, and you can easily find help on the intertubes.
digital.forest Where Internet solutions grow

There, a PayPal Button.

Bing
About the Author
How I do stuff on this site
Family
The Artwork of Melissa Findley
Diane Francis @ the National Post Eric Francis @ the Calgary Sun

BUY MY BOOK! BUY MY BOOK!
Non-DRM eBook PDF:
Get it direct from Peachpit!

Kindle Version:


Dead Tree Version:


Apple Amazon Links
Mac OS X Server 10.6 Snow Leopard

Mac OS X 10.6 Snow Leopard

Mac OS X 10.6 Snow Leopard Family Pack (5-User)

Amazon Book Links
Legacy of Ashes: The History of the CIA

The Donnas: Bitchin'

Wizards at War (The Young Wizards, Book 8)

The Demon's Sermon on the Martial Arts

The Collected Stories of Arthur C. Clarke

JavaScript and Ajax for the Web, Sixth Edition

Awakening Warrior: Revolution in the Ethics of Warfare

FOB Links

Mac Web Writers

Techie Links

Review Victims