280 likes | 289 Views
Life in a Dangerous World: Developing effective strategies against Virus, Worms and Other Threats. Marshall Breeding Vanderbilt University breeding@library.vanderbilt.edu http://www.library.vanderbilt.edu/libtech/breeding/. The Threat. Computers are under attach more than ever before
E N D
Life in a Dangerous World: Developing effective strategies against Virus, Worms and Other Threats Marshall Breeding Vanderbilt University breeding@library.vanderbilt.edu http://www.library.vanderbilt.edu/libtech/breeding/
The Threat • Computers are under attach more than ever before • As computer operating systems become more powerful, they also become more vulnerable • Original Viruses were transmitted by files and diskettes • Macro viruses are cross platform
The Threat ... • Most current viruses transmitted by e-mail • Mail attachments common vehicles • Some viruses live within message body • Scripting engines are vulnerable
What is a virus • Transmit • Replicate • Attack • Mutate
Major virus outbreaks • 1980’s: attacks begin on COM, EXE, boot sectors • Jerusalemz (Friday the 13th) • AIDS (trojan) • 1988: Internet worm • 1992: Michelangelo • 1994 Good Times hoax • 1996 Concept (Macro virus)
...Major Virus outbreaks • 1998: Chernobyl/CIH (activates 26th of April) • 1999: Melissa (Macro virus/propagates through Outlook) • 2000: ILOVEYOU, Stages (VBX) • 2000: Phage; Vapor: Palm Virus
Observations • Over 50,000 viruses and variants • Major outbreaks more frequent • Microsoft products targeted • Fast propagation through E-mail • Very complex to manage: e.g. Microsoft
Trends • Current generation requires active role by user • Emerging viruses: passive victim • Future/present concern for wireless devices • Wider range of targets: Computers, PDA, Cell Phones
Anti-virus solutions • User behavior • Technical
The #1 Anti-virus strategy involves human behavior • Be aware and cautious • Train computer users to be wary • Never access files from an unchecked disk • any removable media • Do not download software from untrusted sources • Know the true source of all software
Be careful with E-mail • Don’t open obviously suspicious messages • Don’t open attachments unless you know the sender and are expecting that specific attachment • Ensure that your mail client displays extensions of attachments • Avoid: VBX, EXE, • Never send attachments from listserves • Never open attachments from listserves
What users should do when a virus is found or suspected • Notify system administrator • Don’t panic • Don’t restart computer • Don’t send spam E-mail warnings
Implement a multi-layer approach • Desktop: dynamic inspection, regular scanning • Network Server • Mail scanning/interception
Anvi-virus Architecture File Server File Scanning INTERNET Mail Scanning Local Network Regular scanning of Disks Dynamic Scan-on-access Firewall Mail Server Current Virus Signatures Desktop Computers
Desktop layer • Inspect files on access • Regularly scan all permanent disks • Scan all removable media with each use • Regularly update virus signature database
Desktop Anti-virus software • Norton Anti Virus • McAfee ActiveShield • Command Anti-Virus (was Fprot) • Data Fellows F-Secure • Dr. Solomons Anti-Virus
Network Fileserver layer • Regularly scan all disk volumes • Shared folders easily missed by desktop scanning
E-Mail scanning • Inspect incoming messages • Inspect outgoing messages • Inspect messages from one local user to another within mail system
E-Mail Scanning software • Trend Micro Virus Wall • Sybari Antigen
Virus signature database • the key to the current generation of anti-virus software • must be current • can’t be current enough
Firewalls • Part of a general computer security plan, but also helpful with viruses • Institutional firewalls imperative • CheckPoint FireWall-1 • Consider personal/workstation-level firewalls • BlackIce • ZoneAlarm
What software should do when it detects a virus • clean file/message when possible • remove if it can’t be cleaned • warn system administrator • warn recipient • warn sender
Need to identify the signature of each virus • distinguish malicious items • Original products scanned after the fact • Scanning of files as they are accessed
Mitigate vulnerability • Avoid being logged in with workstation/network administrative rights • Minimize the number of network drives mapped at any given time • Web document directories • shared network drives • Turn off features not needed: • e.g. Windows Scripting Host from e-mail • Do we need support for VBX or JavaScript in e-mail?
Web-oriented vulnerabilities • Java applets • Active-X
More advanced anti-virus software • rely less on specific virus signatures • rely more on trapping unwanted behaviour
Future expectations • No end in sight • The world is becoming more dangerous • Enormous dependence on commercial anti-virus applications • Future computer OS will be designed to be less vulnerable...